Designing control systems that maintain required stability and performance properties in the presence of sensor, actuator, or plant component faults.
Active FTC: (1) the FDI module monitors input and output signals and compares them against a nominal model, (2) the generated residual exceeds a threshold → fault detection, (3) isolation identifies the faulty component, (4) the reconfiguration mechanism selects a new controller (from a controller bank or via online adaptation) and/or reallocates control to healthy actuators. Passive FTC: a robust controller (e.g. H∞, sliding mode, μ-synthesis) is designed offline for the worst case within a defined fault set and requires no FDI.
Classical control systems designed under the assumption of full component health lose stability or performance when an actuator, sensor, or plant fault occurs. FTC provides systematic methods for designing controllers that tolerate a defined set of faults without requiring immediate system shutdown.
Fault detection and isolation (a necessary condition for Active FTC).
Module observing plant signals to detect, isolate, and identify a fault. Implemented via state observers, Kalman filters, parity equations, or data-driven classifiers.
Adapts the controller to new plant conditions following a fault.
Component that alters controller structure or parameters after a fault is detected. Can be controller switching from a bank (multiple model), online parameter adaptation, or control allocation reassignment.
Redistribution of control among functional actuators.
Mapping of desired forces/torques from a high-level controller onto individual actuator commands, accounting for their current availability and constraints. Critical in actuator-redundant systems (drones, redundant manipulators).
Tolerates minor faults without active reconfiguration.
Nominal controller designed with a robustness margin (H∞, μ-synthesis, sliding mode) tolerating a predefined small-fault set without reconfiguration. The sole component in Passive FTC.
Overly aggressive thresholds in the FDI module trigger unnecessary reconfigurations from measurement noise or disturbances, degrading control performance.
Apply appropriate residual filtering, hypothesis-based statistical tests (CUSUM, GLR), threshold hysteresis, and disturbance models.
A slow FDI can let the plant leave the new controller's region of attraction before reconfiguration, leading to instability.
Analysis of the Maximum Detection and Decision Time (MDDT), with baseline controller design incorporating additional robustness margin for the pre-reconfiguration period.
After actuator loss, the remaining actuators must take on larger control values and may persistently saturate, destabilizing the system.
Control allocation with explicit constraint handling (QP, weighted pseudoinverse), reference graceful degradation, anti-windup in the controller.
Sensor loss may render part of the state unobservable — observer-based controllers then stop working correctly.
Observability analysis across all fault scenarios, sensor redundancy, hybrid observers utilizing alternative measurements.
Beard – Failure Accommodation
breakthroughR. V. Beard publishes the MIT thesis "Failure Accommodation in Linear Systems Through Self-Reorganization" — regarded as the first formal work on fault-tolerant control.
SIFT and FTMP — fault-tolerant avionics systems
The SIFT (Software-Implemented Fault Tolerance) and FTMP (Fault-Tolerant Multiprocessor) architectures demonstrate fault tolerance in avionics — the foundation of later fly-by-wire systems.
Patton – "Fault-Tolerant Control Systems: The 1997 Situation"
breakthroughThe IFAC SAFEPROCESS survey by Patton consolidates terminology (Active vs Passive FTC, FDI vs FDD) and becomes the canonical reference of the field.
Blanke – "Diagnosis and Fault-Tolerant Control"
The monograph by Blanke, Kinnaert, Lunze, Staroswiecki becomes the standard academic textbook on FTC (subsequent editions 2006, 2016).
Zhang & Jiang bibliographic review
Y. Zhang and J. Jiang publish "Bibliographical review on reconfigurable fault-tolerant control systems" in Annual Reviews in Control — the most-cited review of the field.
FTC for quadrotors after motor loss
breakthroughM. W. Mueller and R. D'Andrea (ETH) demonstrate quadrotor flight after the loss of one, two, or three motors — a landmark experimental FTC work in aerial robotics.
Data-driven and learning-based FTC
Rise of machine-learning-based methods (deep learning, reinforcement learning, neural network observers) for fault detection and adaptive controller reconfiguration.
Most industrial FTC implementations run on real-time CPUs (Intel/ARM) with deterministic RT schedulers.
FPGAs are used in aviation and autonomous vehicles to run FDI with deterministic latency and hardware redundancy.
FTC algorithms are largely hardware-agnostic — what matters are timing determinism and redundancy, not the specific platform.
Fault Detection and Isolation (FDI), also called Fault Detection and Diagnosis (FDD), is a discipline of control engineering concerned with automatic detection, isolation, and characterisation of faults in dynamic systems. FDI comprises three phases: (1) detection — determining that a fault has occurred (by residual threshold crossing); (2) isolation — identifying the fault location (which sensor/actuator/component); (3) identification — characterising the fault (type, magnitude, time profile). Model-based methods include state observers (Luenberger, KF), parity equations, observer banks, Dedicated Observer Scheme (DOS), and Generalised Observer Scheme (GOS). Data-driven methods use ML classifiers (SVM, neural networks, autoencoders) trained on fault data. FDI is a prerequisite for Active FTC — without reliable diagnosis, controller reconfiguration cannot happen in time. Key FDI metrics: False Alarm Rate (FAR), Missed Detection Rate (MDR), detection time T_d, and isolation time T_i. Standards: IEC 61511 (SIS), ISO 13849 (machinery), DO-178C (aviation).
GO TO CONCEPT| Title | Publisher | Type |
|---|---|---|
| Bibliographical review on reconfigurable fault-tolerant control systems Y. Zhang, J. Jiang, 2008. The most cited survey in the FTC field. | Annual Reviews in Control (Elsevier) | scientific article |
| Diagnosis and Fault-Tolerant Control (3rd edition) M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki, 2016. Standard academic reference for FTC. | Springer | documentation |
| Stability and control of a quadrocopter despite the complete loss of one, two, or three propellers M. W. Mueller, R. D'Andrea, 2014. Experimental demonstration of FTC in aerial robotics. | IEEE ICRA | scientific article |
| Fault-Tolerant Control Systems: The 1997 Situation R. J. Patton, 1997. Canonical survey establishing FTC terminology. | IFAC SAFEPROCESS | scientific article |
| Google Scholar — fault-tolerant control robotics User-provided input query. | Google Scholar | other |
Y. Zhang, J. Jiang, 2008. The most cited survey in the FTC field.
M. Blanke, M. Kinnaert, J. Lunze, M. Staroswiecki, 2016. Standard academic reference for FTC.
M. W. Mueller, R. D'Andrea, 2014. Experimental demonstration of FTC in aerial robotics.
R. J. Patton, 1997. Canonical survey establishing FTC terminology.
