Sage Journals: Discover world-class research

Abstract

A fault-tolerant control scheme (FTCS) was developed for a novel mechatronic track switch for the first time. The FTCS was first developed and tested on a simulation model of the system, before being applied to an experimental actuation system in the laboratory. Both the simulation and experimental results show that this FTCS works as expected and allows the switch to continue operating as desired under sensor failure, preventing damage to the switch.

Keywords

Mechatronic switch fault-tolerant control sensor fault detection REPOINT

Introduction

Track switches (or points in the UK) are usually a railway network’s only method of transferring rolling stock between routes. Little changed in their basic function since the inception of the railways nearly 200 years ago,¹ they are a disproportionately large maintenance burden in comparison to the track distance that they occupy.² They are also a key operational constraint on the network. The major concern with these switches is the large number of ways in which they can have single-aspect critical failures. These failures are currently prevented by costly over-design and burdensome maintenance regimes.²

There have been many attempts to address these fundamental issues³ with the support of UK and European rail industry initiatives,⁴ including the addition of a high-redundancy actuator (HRA) to a traditional switch to improve its reliability.⁵ One such effort has been the REPOINT (Redundantly Engineered Points) project that transferred safety-critical concepts from the nuclear-power and aerospace sectors,⁶ chiefly concepts about bi-mode failure and redundancy of actuation and sensing, to track switches. Work over a number of years culminated in both lab-scale demonstrators and a full-scale switch that was installed in a railway and could handle rolling-stock loads.⁷ At its core, the REPOINT concept uses multiple actuators to replace the single one present in most operational switches.⁸

With this arrangement, a more complicated control system is required to co-ordinate several feedback position-control systems, rather than the more traditional ‘single open-loop stall current’ detection control methods.⁹ This newer system includes several feedback signals, each with its own inherent failure mode, requiring robust fault detection, isolation and fault-tolerant control.

Previously, fault-tolerant control (FTC) with fault detection and identification (FDI) has been applied to railway traction machines¹⁰ and drives,^11,12 a permanent magnet assisted synchronous reluctance motor (PMA-SynRM),¹³ heavy-haul trains,¹⁴ an actively controlled railway wheelset¹⁵ and a magnetic levitation train.^16,17

Previous work by Boghani et al.³ focussed on methods to enable the design of these new mechatronic railway switches. Other work on these railway switches focussed only on closed-loop (not fault-tolerant) control⁵ and full-scale testing⁷ rather than fault tolerant and redundant actuation, which are the focus of this paper.

Outside of a railway context, FTC with Kalman filters has been applied to air-fuel ratio control of combustion engines,¹⁸ joints of a robotic manipulator¹⁹ and quadcopters.^20–22 However, these methods have never been applied to a mechatronic railway switch before.

This new actuation paradigm with its redundant actuators and multi-input multi-output nature requires a new FTC approach to ensure safety and actuation requirements are met. This work was motivated by this confluence of factors, and was driven by a desire to devise a FTC system (FTCS) for sensor faults within this unique mechatronic railway switch.

Therefore, the novelty in this paper is the application of online FDI to a mechatronic railway switch. This has not been attempted before, nor has it been implemented in practice to show that the FTCS works as modelled. This paper is formed of four main sections: The Sensor fault detection section covers the fault detection methodology and modelling; The Simulation section covers the simulation results; The Experimental system section demonstrates the experimental validation; with conclusions drawn in The final section.

Sensor fault detection

The mechatronic switch uses sensor feedback to operate the switch, rather than the simpler ‘bang-bang’ control based on limit switches and detection of ‘stall current’ at physical limits used in the control of traditional switches. This results in a reliance on the integrity of these sensors – if sensor faults occur, these could lead to erroneous control action or in extremis instability and catastrophic failure.

Figure 1 shows the proposed layout of the FTCS for the mechatronic switch. The main closed-loop control system is based upon rotary position feedback of the actuator cams in the embedded bearers, this is a cascaded-loop control system system with inner speed and current loops. Details of the sensors can be found in^9,23,24 and details of the controllers applied and tested can be found in.⁹ To ensure the integrity of the system in the presence of sensing faults, the additional algorithms required are: residual generation (using input and output measurements – discussed in a later subsection); residual evaluation (using the residuals and measured outputs); and fault accommodation (used to modify the controller format if faults are present).

Figure 1.

FTCS overview for mechatronic switch.

This paper focusses on faults in the velocity and position feedback signals. However, the approach is sufficiently general and has been extended to include motor current signals and one or more sensor faults, further details of which are given in.²⁵

Fault type definitions

Sensor faults, f_s(t), affect actual outputs, y_r(t), to produce measured outputs, y(t). The effects of sensor faults on the measured output can be characterised as either additive

y (t) = f_{s} (t) + y_{r} (t)

(1)

or multiplicative

y (t) = f_{s} (t) y_{r} (t)

(2)

depending on the type of fault.^26,27 This paper will discuss disconnect faults, which are multiplicative faults where f_s(t) = 0 for the duration of the fault, as a case study to prove the viability of the novel FTCS.

Residual generation fundamentals

The residuals r_y are defined here as the difference between a measured signal y and the value of an estimated synthetic signal, $\hat{y}$ .

r_{y} (t) = y (t) - \hat{y} (t)

(3)

If conditions are ideal, the residuals are nominally zero during normal operation and become non-zero in the event of faults, modelling errors or noise.²⁸ In this paper, a bank of Kalman-Bucy filters was used to estimate the outputs of the system, and these were compared to measured signals to give the residuals, which were used to determine the presence of a fault.

Kalman filter construction

The Kalman filters use state-space models to estimate the states of the switch

\dot{x} = A x + B u + G w

(4)

y = C x + v

(5)

where x is the vector of states, u is the system input, y is the system output, w and v are zero-mean uncorrelated Gaussian process and measurement noise, G is the process noise matrix and A, B and C are matrices defining the evolution of the system. In this case the states used are

x = {[i \dot{θ_{m}} x_{r}]}^{T}

(6)

where i is the motor current,

\dot{θ_{m}}

is the motor velocity and x_r is the rack position. The state transition and input matrices are defined as

A = [\begin{array}{c} - R_{a} / L_{a} & - K_{v} / L_{a} & 0 \\ K_{t} / J_{s u m} & D_{s u m} / J_{s u m} & 0 \\ 0 & R_{g} / n & 0 \end{array}], B = [\begin{array}{c} 1 / L_{a} \\ 0 \\ 0 \end{array}]

(7)

where R_a is the armature resistance, L_a is the armature inductance, K_v is the motor’s back emf constant, K_t is the motor’s torque constant, J_sum is the total rotational inertia of the system, D_sum is the total damping in the system, R_g is the radius of the gearhead and n is the gear ratio of the pinion. The output matrix, C will be defined later. The values for these parameters are given in Table 1.

Table 1.

Model parameter values.

Variable	Value
R _a	1.97 Ω
L _a	7.9 × 10⁻³ H
K _v	0.490 Vs/rad
K _t	0.8 Nm/A
J _sum	0.625 × 10⁻³kgm²
R _g	0.04 m
n	70
D _sum	1.4 × 10⁻³ Nms/rad

In an ideal case, where the noise characteristics are known, the process noise covariance, Q, and measurement noise covariance, R, are given by

Q = W [w w^{T}]

(8)

R = E [v v^{T}]

(9)

In this case, as the noise characteristics were not known, the Q and R weighting matrices were heuristically tuned. The values for these matrices were

Q = [\begin{array}{c} 111.11 \times 10^{3} & 0 & 0 \\ 0 & 0.005 & 0 \\ 0 & 0 & 180 \times 10^{3} \end{array}], R = 50

(10)

The Kalman gain, L, uses the known input u and the output measurements y to generate system output and state estimates $\hat{y}$ and $\hat{x}$ , described as

\hat{\dot{x}} = A \hat{x} + B u + L (y - \hat{y})

(11)

where the optimal estimate of the system outputs

\hat{y}

is given by

\hat{y} = C \hat{x}

(12)

and L is given by

L = P C^{T} R_{n}^{- 1}

(13)

where the covariance matrix P is the solution to an algebraic Ricatti equation.²⁹

The residuals were generated independently for each of the outputs: velocity, r_vel and position, r_pos, using a Kalman filter for each

\begin{array}{c} r_{v e l} & = & y_{v e l} - C_{v e l} \hat{x} \end{array}

(14)

\begin{array}{c} r_{p o s} & = & y_{p o s} - C_{p o s} \hat{x} \end{array}

(15)

where

C_{v e l} = [0 1 0]

and

C_{p o s} = [0 0 1]

Fault identification using residuals

Previous research has investigated residual evaluation for fault detection.^26,30,31 In this case, thresholding of the root-mean-square error (RMSE) was chosen to identify faults in a given signal. For each signal, the RMSE was generated for each signal as

r_{R M S E, j} (k) = \sqrt{\frac{\sum_{i = k - n}^{k} - r_{j}^{2} (i)}{n}}

(16)

where j is a sensor type (vel, pos) and r_j(k) is the value of that residual at sample time k. The residuals from each Kalman filter were fed into the thresholding logic for each measurement.

When a residual RMSE is above a given threshold, then a fault flag is raised. Two thresholds were used in this case – an adaptive threshold and a fixed threshold. The fixed threshold T_f is determined using the noise variance, σ², of the outputs when operating in steady state.

A second adaptive threshold, T_a first introduced in,³² is also used to reduce the occurrence of false resets of the fault flag. Choosing T_f requires compromise, as a threshold that is too low will increase the possibility of false faults being flagged due to noise. If it is too high, then legitimate faults may not be identified. The adaptive threshold is used to reset the fault flag when the system is changing state, in order to reduce the occurrence of false flags. Fault flag generation is based on the logic in Table 2.

Table 2.

Thresholding logic for RMSE evaluation.

Fault flag value	Criteria
1	r_RMSE ≥ T_f AND r_RMSE ≥ T_a
0	r_RMSE < T_f AND r_RMSE < T_a

Simulation

The techniques as outlined in the previous section were first applied in simulation to determine an ideal level of performance. More details of the dynamic model of the laboratory demonstrator system are given in^9,23,25 and a diagrammatic overview is given in Figure 2. The simulation results shown here focus on multiplicative disconnect faults affecting the position and velocity sensors, as discussed above.

Figure 2.

Schematic showing an overview of the system.

Position fault simulation results

The closed-loop system was set to follow a series of step inputs, moving the actuation system between two positions, repeating every 12s. A position sensor disconnect fault is injected at time t = 1s and the fault is removed at t = 8s, when the sensor is reconnected. The results of this test, without the FTCS active, are given in Figure 3. As a result of the fault, the peak position of the switch is 0.6 m, which is more than 5 times larger than the commanded position of 0.094 m. At t = 8s, the sensor is reconnected and the system quickly moves the rack into the desired position. The middle and lower plots in Figure 3 show that the sensor disconnect fault is quickly identified by the Kalman Filters and the threshold logic and is removed once the sensor is restored.

Figure 3.

Simulation results for position sensor disconnect fault – not accommodated.

Results from the same simulation, with FCTS activated are given in Figure 4. The FCTS detects a fault, due to the growing residual, within 1 ms and replaces the faulty signal with the position estimated by the Kalman filter to allow the switch to continue normal operation. After 8s the sensor is reconnected and the residual drops below the threshold value. Note the dip in the RMSE as the Kalman filter estimate of position crosses over the zero position input from the sensor. This is not low enough to clear the fault flag, and the system continues to use the Kalman filter estimate.

Figure 4.

Simulation results for position sensor disconnect – accommodated.

The centre plot in Figure 4 shows that the fault flag continues, and therefore the FTCS continues to use the Kalman estimate in place of the sensor signal, after the position estimate has been replaced with the now-reconnected sensor. An active control signal – a position change command – is required to disable the fault flag. This occurs at t = 12s when the system returns to a fault-free state and reverts to using the sensor signal.

Velocity fault simulation results

The simulations in the previous section were re-run, replacing the position sensor disconnect fault with a velocity sensor disconnect fault. The velocity sensor disconnect fault is injected from t = 7s to t = 15.5s. The results of these simulations with the FTCS turned off and turned on are shown in Figures 5 and 6, respectively.

Figure 5.

Simulation results for velocity sensor disconnect fault – not accommodated.

Figure 6.

Simulation results velocity sensor disconnect fault – accommodated.

With the FTCS turned off, large oscillations are present in the simulated velocity when the sensor is disconnected. This behaviour would be dangerous and damaging to the real system.

When the FTCS is turned on, the fault flag is raised within 1 ms of the sensor being disconnected as the RMSE exceeds the thresholds. When the flag is raised, the Kalman filter estimate of the velocity is used by the controller in place of the faulty velocity sensor signal. The RMSE drops below the fixed threshold at t = 9s as the true velocity of the system approaches the zero velocity being measured by the faulty sensor. However, the residual has not dropped below the adaptive threshold, and therefore the fault flag remains. Once the sensor has been reconnected and the residuals have dropped below both thresholds, the system clears the fault flag after the start of the next position change command.

The results given in Figures 3–6 show that the FTCS operates as intended and prevents damaging and possibly dangerous errors from occurring in the track switch.

Effects of parameters

At this point, some observations about the various parameters can be made. Firstly, it is clear that the values for the fixed and adaptive thresholds are important: if they are set too high, the residuals will not trigger the FTC mechanism or will trigger it late. If they are set too low, then small differences between the Kalman filter and the real-world device will lead to false triggering of the FTCS.

Secondly, the values for the Q and R matrices are important for determining the behaviour of the Kalman filters. If they do not reasonably approximate the true relationship between the process and measurement noise covariances then the results of the Kalman filters will be inaccurate and could cause the FTCS to become active unnecessarily.

Experimental system

The development of the experimental system is covered in detail in.²⁵ The main components of the system are: the computer interface running MATLAB and dSPACE control software; the dSPACE control board; associated motor drive cabinet; and the actuator bearer.

Details of the actuator bearer can be seen in Figure 7, highlighting the sensors and their positions.

Figure 7.

REPOINT bearer details.

Position fault experimental results

A position sensor disconnect fault (emulated via a switch) is shown in Figure 8. The fault is injected at 128s, the position fault flag is raised and the reconfigured position estimate replaces the faulty signal within the control loop. The fault flag is raised as expected in the presence of a fault and the fault is accommodated correctly.

Figure 8.

Experimental position sensor disconnect fault – accommodated.

Velocity fault experimental results

Faults on the velocity signals can be accommodated in a similar fashion. A disconnect fault is shown in Figure 9 and specific details of the response are highlighted in Figure 10. The velocity sensor signal is switched to zero at 90s and reconnected at 100s. The velocity fault flag is raised almost instantaneously at fault injection with the control system reconfiguring to accommodate this. Again the fault flag remains high until the position command changes polarity.

Figure 9.

Experimental velocity sensor disconnect fault – accommodated.

Figure 10.

Experimental velocity disconnect fault – accommodated, zoomed.

Comparison to modelling

It can be seen that the results for the constrained failure cases shown above closely follow those produced in simulation, and accommodate issues encountered with noise and modelling variation.

Conclusions

The application of a sensor-fault-tolerant control scheme is effective at mitigating faults or failures in a track switch caused by sensor faults.

Fault-tolerant control is critical for the REPOINT track switch system, due to the closed-loop nature of the control scheme and the safety-critical nature of the system, unlike traditionally actuated systems.

Through application of a residual scheme, the developed fault tolerant control system demonstrated a pragmatic solution that could be applied to a full-scale system. The modelling and demonstration system show good dynamic matching and the Kalman filter based method detects the faults well and provides the means to accommodate the fault by using estimates of the faulty states.

Footnotes

Declaration of conflicting interests

The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

Funding

The author(s) received no financial support for the research, authorship, and/or publication of this article.

ORCID iD

Will J Midgley

References

Counter

Cope

. Switch and crossing maintenance. Permanent Way Institution, 2019. ISBN 9780903489140.

Bemment

Goodall

Dixon

, et al. Improving the reliability and availability of railway track switching by analysing historical failure data and introducing functionally redundant subsystems. Proc Inst Mech Eng F J Rail Rapid Transit 2018; 232(5): 1407–1424. DOI: 10.1177/0954409717727879

Boghani

Ambur

Blumenfeld

, et al. Sensitivity enriched multi-criterion decision making process for novel railway switches and crossings - a case study. Eur Transp Res Rev 2021; 13(6): 1–14. DOI: 10.1186/s12544-020-00467-x

Shift2rail ., https://rail-research.europa.eu/, Accessed 5 July 2022.

Dutta

Dixon

et al. Fault tolerant actuation of a railway track switch: a simulation study. In 2022 UKACC 13th International Conference on Control (CONTROL). pp. 207–212. DOI:10.1109/Control55989.2022.9781361

Isermann

Fault-diagnosis applications: model-based condition monitoring: actuators, drives, machinery, plants, sensors, and fault-tolerant systems. Springer Berlin Heidelberg, 2011. ISBN 9783642127670.

Olaby

Dutta

Harrison

, et al. Realisation of a novel functionally redundant actuation system for a railway track-switch. Appl Sci (Basel) 2021; 11(702): 1–20. DOI: 10.3390/app11020702

Bemment

Dixon

Goodall

. Redundantly engineered points (REPOINT) for enhanced reliability and capacity of railway track switching. In The RRUKA Annual Conference 2012, volume 7. pp. 1–6.

Kaijuka

Dixon

Ward

, et al. Model-based controller design for a lift-and-drop railway track switch actuator. IEEE ASME Trans Mechatron 2019; 24(5): 2008–2018. DOI: 10.1109/TMECH.2019.2929961

10.

Bennett

Patton

Daley

. Sensor fault-tolerant control of a rail traction drive. Control Engineering Practice 1999; 7(2): 217–225. DOI: 10.1016/S0967-0661(98)00151-8

11.

Youssef

El Khil

Slama-Belkhodja

. State observer-based sensor fault detection and isolation, and fault tolerant control of a single-phase PWM rectifier for electric railway traction. IEEE Trans Power Electron 2013; 28(12): 5842–5853. DOI: 10.1109/TPEL.2013.2257862

12.

Xia

Guo

Dai

et al. Sensor fault tolerant control method for electric traction PWM rectifier using sliding mode observer. In 2016 19th International Conference on Electrical Machines and Systems (ICEMS). pp. 1–6.

13.

Zhao

Liu

Chen

, et al. Fault-tolerant control of a triple redundant PMA-SynRM driven under single-phase open-circuit by mono-inverter. IEEE Trans Power Electron 2021; 36(10): 11593–11605. DOI: 10.1109/TPEL.2021.3066797

14.

Zhuan

Xia

. Fault-tolerant control of heavy-haul trains. Vehicle System Dynamics 2010; 48(6): 705–735. DOI: 10.1080/00423110902974100

15.

Mirzapour

Mei

Hussain

. Assessment of fault tolerance for actively controlled railway wheelset. In Proceedings of 2012 UKACC International Conference on Control. pp. 631–636. DOI:10.1109/CONTROL.2012.6334703

16.

Zhai

Long

. Fault-tolerant control of magnetic levitation system based on state observer in high speed maglev train. IEEE Access 2019; 7: 31624–31633. DOI: 10.1109/ACCESS.2019.2898108

17.

Zhai

Long

. Fault-tolerant control strategy for the suspension module of EMS high-speed maglev train. In 2017 IEEE 2nd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). pp. 64–67. DOI:10.1109/ITNEC.2017.8284873

18.

Amin

Mahmood-ul-Hasan

. Hybrid fault tolerant control for air–fuel ratio control of internal combustion gasoline engine using kalman filters with advanced redundancy. Measurement and Control 2019; 52(5–6): 473–492. DOI: 10.1177/0020294019842593

19.

Hagh

Asl

Fekih

, et al. Active fault-tolerant control design for actuator fault mitigation in robotic manipulators. IEEE Access 2021; 9: 47912–47929. DOI: 10.1109/ACCESS.2021.3068448

20.

Patan

Caliskan

. Sensor fault–tolerant control of a quadrotor unmanned aerial vehicle. Proceedings of the Institution of Mechanical Engineers, Part G: Journal of Aerospace Engineering 2022; 236(2): 417–433. DOI: 10.1177/09544100211015587

21.

Doraiswami

Cheded

Brinkmann

. Kalman-filter-based accurate trajectory tracking and fault-tolerant control of quadrotor. In Proceedings of the 8th International Conference of Control Systems, and Robotics (CDSR’21). pp. 302–1–302–11. DOI:10.11159/cdsr21.302

22.

Unal

Integrated design of fault-tolerant control for flight control systems using observer and fuzzy logic. Aircraft Engineering and Aerospace Technology 2021; 93(4): 723–732. DOI: 10.1108/AEAT-12-2020-0293

23.

Kaijuka

Dixon

Ward

. Active fault tolerant control applied to REPOINT, a novel railway track switch10th IFAC Symposium on Fault Detection, Supervision and Safety for Technical Processes SAFEPROCESS 2018. IFAC-PapersOnLine 2018; 51(24): 529–535. DOI: 10.1016/j.ifacol.2018.09.627

24.

Kaijuka

Dixon

Ward

et al. LQR control applied to a novel track switch actuator. In 2018 UKACC 12th International Conference on Control (CONTROL). pp. 385–385. DOI:10.1109/CONTROL.2018.8516839

25.

Kaijuka

. Fault tolerant control (FTC) applied to an inherently redundant electromechanical railway track switch. PhD thesis. Loughborough University, 2020. DOI: 10.26174/thesis.lboro.12379655.v1

26.

Dixon

. Observer-based FDIA: application to an electromechanical positioning system. Control Engineering Practice 2004; 12(9): 1113–1125. DOI: 10.1016/j.conengprac.2003.11.013

27.

Heredia

Ollero

Bejar

, et al. Sensor and actuator fault detection in small autonomous helicopters. Mechatronics 2008; 18(2): 90–99. DOI: 10.1016/j.mechatronics.2007.09.007

28.

Isermann

Fault-diagnosis systems: an introduction from fault detection to fault tolerance. Springer Science & Business Media, 2005. DOI: 10.1007/3-540-30368-5

29.

Kalman

. A new approach to linear filtering and prediction problems. Journal of Basic Engineering 1960; 82(1): 35–45. DOI: 10.1115/1.3662552

30.

Bennett

Dixon

Pearson

. Comparing residual evaluation methods for leak detection on an aircraft fuel system test-rig. Systems Science 2008; 34(2): 63–74.

31.

Venkatasubramanian

Rengaswamy

Yin

, et al. A review of process fault detection and diagnosis: Part I: Quantitative model-based methods. Computers & Chemical Engineering 2003; 27(3): 293–311. DOI: 10.1016/S0098-1354(02)00160-6

32.

Patton

Frank

Clarke

. Fault diagnosis in dynamic systems: theory and application. Prentice-Hall, Inc, 1989. ISBN 978-0-13-308263-0.

Fault-tolerant control for sensor faults affecting an electromechanical railway track switch

Abstract

Keywords

Introduction

Sensor fault detection

Fault type definitions

Residual generation fundamentals

Kalman filter construction

Fault identification using residuals

Simulation

Position fault simulation results

Velocity fault simulation results

Effects of parameters

Experimental system

Position fault experimental results

Velocity fault experimental results

Comparison to modelling

Conclusions

Footnotes

Declaration of conflicting interests

Funding

ORCID iD

References