Automatica 42 (2006) 383 – 391 www.elsevier.com/locate/automatica Error detection and correction in switched linear controllers via periodic and non-concurrent checks  Shreyas Sundaram, Christoforos N. Hadjicostis ∗ Department of Electrical and Computer Engineering and Coordinated Science Laboratory, University of Illinois at Urbana-Champaign, Urbana, IL 61801-2307, USA Received 9 August 2004; received in revised form 3 April 2005; accepted 29 October 2005 Abstract Control systems that utilize switched linear controllers have proven to be useful (and, in some cases, essential) for accomplishing certain control objectives in particular classes of plants. These controllers are often digital in nature and, as such, are subject to internal hardware malfunctions (faults). In this paper, we present a systematic methodology for constructing embeddings to protect switched linear controllers against hardware faults that corrupt their internal state. Our methodology is based on replacing the original controller with a redundant (higher dimensional) controller that preserves the functionality of the original controller while enabling error detection and correction. More importantly, this methodology allows an external mechanism to detect and identify transient state-transition faults through non-concurrent (e.g. periodic) parity checks. The resulting error detection and correction procedures can then be performed periodically, thereby relaxing the reliability requirements and overhead associated with the checking mechanism.  2005 Elsevier Ltd. All rights reserved. Keywords: Fault detection and identification; Fault tolerance; Fault-tolerant control; Switched controller; Switching control design 1. Introduction The concept of switching in the design of control systems has recently been the subject of intensive research, partially due to its flexibility and applicability to a wide range of problems (Ishii & Francis, 2002; Liberzon, 2003; Zefran & Burdick, 1998). For instance, switched control is an attractive option for nonholonomic systems that cannot be asymptoti- cally stabilized through the use of a continuous feedback law (Liberzon, 2003). More generally, when facing modeling un- certainty, switching controllers provide performance that is not obtainable through a single controller. In these cases, the desired plant behavior is achieved by using logic-based deci- sions to dynamically switch between controllers in the control  This paper was not presented at any IFAC meeting. This paper was recommended for publication in revised form by Associate Editor Rene Boel under the direction of Editor Ian Petersen. ∗ Corresponding author. Tel.: +1 217 265 8259; fax: +1 217 244 1653. E-mail addresses: ssundarm@uiuc.edu (S. Sundaram), chadjic@uiuc.edu (C.N. Hadjicostis). 0005-1098/$ - see front matter  2005 Elsevier Ltd. All rights reserved. doi:10.1016/j.automatica.2005.10.011 loop (see Fig. 1). Such schemes have been studied extensively, aiming to ensure that desirable system properties such as sta- bility, reachability and controllability are maintained (Ezzine & Haddad, 1989; Ge, Sun, & Lee, 2001; Liberzon & Morse, 1999). The controllers and control strategies in these systems often arise in an inherently discrete-time setting, as in the case where micro-controllers are used to regulate continuous plants (Sangiovanni-Vincentelli, 1997). As switched controllers and their implementations become more complex, their ability to tolerate internal faults increases in importance (Blanke, Kinnaert, Lunze, & Staroswiecki, 2003; Hadjicostis, 2002; Vidyasagar & Viswanadham, 1985). For ex- ample, it has been demonstrated that harsh conditions, such as lightning and electromagnetic radiation, can be a source of up- sets in digital flight control systems (Gray, Gonzalez, & Dogan, 2000; Liu, 2002). Similarly, researchers have been interested in methods of estimating the state of systems in the presence of in- termittent sensor or measurement failures (Babaali, Egerstedt, & Kamen, 2003; Sinopoli et al., 2003; Smith & Seiler, 2003). In this paper, we examine the problem of protecting discrete-time switched control mechanisms against internal faults that cause