Copyright (;> IFAC Fault Detection, Supervision and Safety of Technical Processes, Washington, D.C., USA, 2003 IFAC COt> Publications www.elsevier.comllocate/ifac Failure Detection, Identification and Reconfiguration System for a Redundant Actuator Assembly Jovan D. Boskovie and Raman K. Mehra Scientific Systems Company, Inc. 500 W. Cummings Park, Woburn, MA 01801, USA Abstract: In the paper a design of a Failure Detection, Identification and Recon- figuration (FDIR) System for a redundant actuator assembly is presented. The scheme assures that the output of the redundant actuator assembly is close to its desired value despite failures of individual actuators in the assembly. The re- configuration re-allocates the control signals to the healthy actuators locally to compensate for the failure. In the paper the modeling of a double-redundant ac- tuator assembly characterized by first-order dynamics of individual actuators is presented first. This is followed by the design of adaptive FDIR algorithms, and corresponding proofs of stability. The proposed approach is illustrated through computer simulations. Copyright © 2003IFAC Keywords: Failure Detection, Identification and Reconfiguration (FDIR); Local Reconfiguration; Redundant Actuators. 1. INTRODUCTION To increase reliability and safety of operation, air- craft systems are equipped by redundant flight control actuators and a suitable voting mechanism. In the case of failure of an actuator, the mechanism detects the fail- ure and switches to the healthy one. The redundancy can be double, triple or quadruple, depending on how critical a failure of a particular actuator is . In doubly-redundant systems, there are two physi- cal actuators and an actuator model. The FDIR sys- tem compares the outputs of the actuators with that of the model, and if the error between the output of an actuator and the model is large, the actuator is de- clared failed. By the same token, if the errors between the outputs of both actuators and the model are large, both actuators are declared failed. This is useful in the cases when there is total failure of one or both actua- tors. The actuator assembly then switches to a fail-safe mode, and becomes non-operational. One of the disadvantages of the voting mechanism is that , once an actuator has been shut down, it cannot recover even if the corresponding error falls below the threshold. Another disadvantage is that the actuator may be declared failed and get shut down even if it is partially operational. To address these disadvantages, an adaptive recon- figurable control scheme for Electro-Mechanical Actua- tors (EMA) for flight control applications is developed "To whom a.ll correspondence should be addressed 411 in the paper. The main idea behind the approach is to design fast and accurate FDIR observers for each ac- tuator, and estimate failure related parameters. These estimates are in turn used to generate the output signal from the assembly. That signal should be close to the output of the reference model assuring that the assem- bly output is close to the desired one. The FDIR schemes for EMA that have been previ· ously developed in the context of flight control can bE broadly divided into local and global. Local FDIR Schemes: In local schemes, the objec· tive is to assure that the output of the redundant actua· tor assembly is close to its desired value despite failure.! of individual actuators in the assembly. The reconfig uration re-allocates the control signals to the health) actuators locally to compensate for the failure. In thil way, the reconfiguration is carried out within the Ac tuator Management Systems (AMS) without the nee< for sending the information regarding the failure to th. flight control system. Hence the aircraft is controllec by a baseline flight controller for all time. Such scheme: are of importance in the case of an existing redundan' actuator assembly, i.e. when the actuation is fixed and we need to add a FDIR system. A Loca FDIR scheme is shown in Figure 1. Global FOm Schemes: In this case, the failure i such that the local FDffi scheme cannot achieve th, objective. For instance, this can happen in the cas, when all the actuators in the assembly fail. Hence th, entire assembly is non-functional, and the remaininl healthy actuator assemblys need to be reconfigured tl