Active FTC: (1) the FDI module monitors input and output signals and compares them against a nominal model, (2) the generated residual exceeds a threshold → fault detection, (3) isolation identifies the faulty component, (4) the reconfiguration mechanism selects a new controller (from a controller bank or via online adaptation) and/or reallocates control to healthy actuators. Passive FTC: a robust controller (e.g. H∞, sliding mode, μ-synthesis) is designed offline for the worst case within a defined fault set and requires no FDI.
Classical control systems designed under the assumption of full component health lose stability or performance when an actuator, sensor, or plant fault occurs. FTC provides systematic methods for designing controllers that tolerate a defined set of faults without requiring immediate system shutdown.
Module observing plant signals to detect, isolate, and identify a fault. Implemented via state observers, Kalman filters, parity equations, or data-driven classifiers.
Official
Component that alters controller structure or parameters after a fault is detected. Can be controller switching from a bank (multiple model), online parameter adaptation, or control allocation reassignment.
Official
Mapping of desired forces/torques from a high-level controller onto individual actuator commands, accounting for their current availability and constraints. Critical in actuator-redundant systems (drones, redundant manipulators).
Official
Nominal controller designed with a robustness margin (H∞, μ-synthesis, sliding mode) tolerating a predefined small-fault set without reconfiguration. The sole component in Passive FTC.
Official
Overly aggressive thresholds in the FDI module trigger unnecessary reconfigurations from measurement noise or disturbances, degrading control performance.
A slow FDI can let the plant leave the new controller's region of attraction before reconfiguration, leading to instability.
After actuator loss, the remaining actuators must take on larger control values and may persistently saturate, destabilizing the system.
Sensor loss may render part of the state unobservable — observer-based controllers then stop working correctly.
R. V. Beard publishes the MIT thesis "Failure Accommodation in Linear Systems Through Self-Reorganization" — regarded as the first formal work on fault-tolerant control.
The SIFT (Software-Implemented Fault Tolerance) and FTMP (Fault-Tolerant Multiprocessor) architectures demonstrate fault tolerance in avionics — the foundation of later fly-by-wire systems.
The IFAC SAFEPROCESS survey by Patton consolidates terminology (Active vs Passive FTC, FDI vs FDD) and becomes the canonical reference of the field.
The monograph by Blanke, Kinnaert, Lunze, Staroswiecki becomes the standard academic textbook on FTC (subsequent editions 2006, 2016).
Y. Zhang and J. Jiang publish "Bibliographical review on reconfigurable fault-tolerant control systems" in Annual Reviews in Control — the most-cited review of the field.
M. W. Mueller and R. D'Andrea (ETH) demonstrate quadrotor flight after the loss of one, two, or three motors — a landmark experimental FTC work in aerial robotics.
Rise of machine-learning-based methods (deep learning, reinforcement learning, neural network observers) for fault detection and adaptive controller reconfiguration.
Most industrial FTC implementations run on real-time CPUs (Intel/ARM) with deterministic RT schedulers.
FPGAs are used in aviation and autonomous vehicles to run FDI with deterministic latency and hardware redundancy.
FTC algorithms are largely hardware-agnostic — what matters are timing determinism and redundancy, not the specific platform.
