Constrained Active Fault Tolerant Control Based on Active Fault Diagnosis and Interpolation Optimization

A new active fault tolerant control scheme based on active fault diagnosis is proposed to address the component/actuator faults for systems with state and input constraints. Firstly, the active fault diagnosis is composed of diagnostic observers, constant auxiliary signals, and separation hyperplanes, all of which are designed offline. In online applications, only a single diagnostic observer is activated to achieve fault detection and isolation. Compared with the traditional multi-observer parallel diagnosis methods, such a design is beneficial to improve the diagnostic efficiency. Secondly, the active fault tolerant control is composed of outer fault tolerant control, inner fault tolerant control and a linear-programming-based interpolation control algorithm. The inner fault tolerant control is determined offline and satisfies the prescribed optimal control performance requirement. The outer fault tolerant control is used to enlarge the feasible region, and it needs to be determined online together with the interpolation optimization. In online applications, the updated state estimates trigger the adjustment of the interpolation algorithm, which in turn enables control reconfiguration by implicitly optimizing the dynamic convex combination of outer fault tolerant control and inner fault tolerant control. This control scheme contributes to further reducing the computational effort of traditional constrained predictive fault tolerant control methods. In addition, each pair of inner fault tolerant control and diagnostic observer is designed integratedly to suppress the robust interaction influences between estimation error and control error. The soft constraint method is further integrated to handle some cases that lead to constraint violations. The effectiveness of these designs is finally validated by a case study of a wastewater treatment plant model.


Introduction
Fault tolerance is already a common design property to be considered for most control systems. In terms of the system structure, faults can be classified as sensor faults, actuator faults, and component/parameter faults [1,2]. In general, the first two do not directly affect the intrinsic stability of the system, while the component faults tend to directly change the dynamic characteristics of the system. In the literature, the methods to handle these types of faults can be divided into active fault tolerant control (AFTC) and passive fault tolerant control (PFTC) [3]. PFTC draws on robust control theory to suppress the effects of faults, while AFTC uses fault information to adjust or reconfigure control actions to match the dynamics of the faulty system. Due to such matching adjustments, AFTC typically provides better reliability than PFTC. Many representative results can be found in the survey papers [4][5][6][7].
Recently, the design of optimal AFTC for systems with state/input constraints has been received a lot of attention. Unlike the design of unconstrained FTC, the design of constrained FTC has to take into account more requirements, including robust stability, feasibility, optimization efficiency, etc. Particularly, the faults occurring in constrained systems often cause constraint violations, and the unconstrained FTC designed without considering feasibility may result in an empty set of feasible solutions for a given control objective. This often further leads to the eventual loss of closed-loop stability. In the literature, some typical design methods for constrained FTC have been reported, such as Barrier Lyapunov function method [8], command governor [9,10], saturation control [11], model predictive control (MPC) [12], etc. Among these methods, the MPC-based FTC method is widely considered, since MPC has the inherent and flexible capacity to address constrained optimization problems. The representative studies include FTC based on min-max MPC [13], FTC based on explicit MPC [14], multi-actuator/sensor FTC based on set theoretic MPC [15][16][17][18], FTC based on dual model MPC [19,20], etc.
Most of the above mentioned MPC-based FTC designs are developed for actuator and sensor faults, whereas relatively few results are reported for component/parameter faults. Since the component faults often change the structural parameters of the system, determining the real-time operating mode of the system is a prerequisite for achieving fault tolerance. A common approach to this problem is to use multiple observers to first discriminate the fault modes, and then activate the corresponding control law of the isolated mode to achieve switching control reconfiguration [21]. Such an approach can be viewed as a passive fault diagnosis (PFD)-based AFTC scheme. Actually, due to the potential lack of diagnostically relevant information in the input-output data, the PFD method may fail to isolate a fault or may isolate a fault incorrectly. Moreover, for high-dimension systems, the multiple observers for parallel applications usually occupy a large amount of memory, and the involved modal discriminant optimization problem is generally computationally demanding. One promising way is to integrate the active fault diagnosis (AFD) methods into FTC, i.e., the AFD-based AFTC. The central idea in AFD is to design a small harmful test/auxiliary input signal that can ensure maximal or full separation among the model predictions corresponding to the different modes of operation [22]. According to different design methods of AFD, some representative results have been presented, such as AFTC based on Youla-Kucera parametrization [23], AFTC based on set detection and isolation [24], AFTC based on performance transformation [25], AFTC based on distributed fault isolation [26], etc.
The above studies have provided different ideas for the construction of AFD and AFTC. Inspired by these results, we find two more problems whose handling can be further improved: (i) In terms of the implementation of AFD in AFTC, the test inputs used for modal separation are usually optimized online. For the small-scale systems, such computational requirements can be satisfied. However, as the number of system dimensions increases, the computational burden tends to become heavier, which often results in much longer delays of correct fault mode isolation. Recently, an effective solution was proposed in [27], where an implicit expression of the residual limit set is adopted and a constant auxiliary signal and the associated separation hyperplane used to separate the potential system modes are constructed offline. After a fault is detected, only the constant test signal is injected into the system and the current diagnostic observer. Then, the true system mode can be isolated by discriminating the position of the generated residuals in relation to the previously computed separation hyperplane. Given its advantages, such as simple implementation and fast isolation, this approach can provide an effective perspective for the design of control reconfigurations. Therefore, this paper will first attempt to adapt this active fault isolation approach to be integrated into the framework of AFTC to provide critical modal update information for timely regulation of constrained systems. (ii) In terms of the design of constrained active reconfiguration FTC, most MPC-based methods need to solve computationally intensive optimization problems online. Generally, this often places stringent requirements on the system scale, sample interval, and hardware controller performance. As an alternative solution to constrained optimization, the interpolation control (IC) methods exhibit excellent features [28][29][30].
The main idea is to optimize an interpolation coefficient in real time based on the updated system states and use this coefficient to make a smooth convex combination of a outer controller and a inner controller. The outer controller is used to enlarge the controllable feasible domain, while the inner controller is used to satisfy the given control performance requirements. In general, the inner controller is optimally designed offline, while the outer controller is determined online simultaneously when the interpolation coefficient is optimized. This method of offline designing some parameters of the controller in advance helps to reduce the online calculation burden. Moreover, the optimized interpolation coefficient enables a smooth transition between the inner-outer controllers and ensures a fast convergence of the states to the set point under the constraints. In particular, the associated optimization problem belongs to standard linear programming (LP), which can be readily solved in the practical implementation. Given these characteristics, the IC-based optimization can provide a good compromise among computational load, feasible region size, performance, etc. Therefore, the development of the IC strategy to solve the constrained AFTC problem would be very promising. To the authors' knowledge, no relevant results have been reported.
Motivated by the above observation, we seek to further push the development of the field of constrained FTC for component/actuator faults by proposing a new AFD-based interpolating FTC synthesis scheme. The central ideas of the technical route are: (1) the passive fault detection (FD) is firstly designed by using a diagnostic observer in the current mode; (2) after a fault is detected, the active fault isolation (FI) and mode identification are then achieved by using a constant test signal and a separated hyperplane; and (3) after the actual mode is isolated, the constrained AFTC is finally determined by virtue of optimizing the interpolation coefficient to combine the inner FTC and outer FTC. How to comprehensively solve the problems involved in this technical route is the main research content of this paper.
Compared with the recent results on constrained AFTC studies (e.g., [13,16,20]), our main contributions can be reflected in the follows aspects: (i) A new and efficient AFDbased AFTC approach for component/actuator faults is proposed. In this work, only one observer is applied in real time to achieve FD and FI, while most of the existing studies use multiple observers for online parallel diagnosis; the fault mode separation is achieved by using auxiliary signals and separating hyperplanes designed offline, rather than by solving receding horizon optimizations and set membership discriminations online; the real-time control reconfiguration-based AFTC is achieved by solving simple LP problems instead of solving quadratic or semi-definite positive programming problems. (ii) When designing diagnostic observers and FTCs, the interaction influences between estimation error and control error is further handled based on integrated design and constraint tightening so as to improve the robust feasibility of AFTC optimization algorithm. (iii) The soft constraints IC-based AFTC strategy is also designed to address some infeasible scenarios, such as, the deviation of states from the maximum controllable invariant set after fault isolation, or the constraints violation caused by some unanticipated factors.
The remainder of this paper is structured as follows. Section 2 provides the problem formulation. In Section 3, the proposed AFD-based interpolating AFTC scheme is explained in detail and an integrated algorithm is also given to summarize the involved offline design and online application steps. In Section 4, the algorithm verification is given. Some conclusion and future work are discussed in Section 5. Notation 1. diag{X 1 , X 2 , X 3 } is a diagonal matrix with diagonal elements X 1 , X 2 , and X 3 . A T P( * ) = A T PA. 1 m is a m-dimensional column vector with all elements of 1, while I m is a m-dimensional unitary matrix. Let p ∈ P and q ∈ Q be two sets of R n . Then, P ⊕ Q = {p + q|p ∈ P, q ∈ Q} is the Minkowsi sum of two sets. For two sets satisfying Q ⊂ P, x ∈ P ∼ Q represents x ∈ P, but x / ∈ Q. A polyhedron is the intersection of a finite number of open and/or closed half-spaces, and a polytope is a closed and bounded polyhedron.

System Description and Problem Formulation
Consider the following uncertain discrete-time systems affected by unknown component faults, actuator faults and disturbances: where x k ∈ X ⊂ R n is the state vector; u k ∈ U ⊂ R n u is the actuator input vector; d k ∈ D ⊂ R n d is the unknown process disturbance vector; v k ∈ V ⊂ R n v is the unknown measurement disturbance vector; y k ∈ R n y is the measurement output vector. The matrices A l , B l and C are constant and have appropriate dimensions. The index l is associated with the configuration in which the system is actually operating, i.e., Without loss of generality, we assume that l = 0 corresponds to the healthy condition (A 0 , B 0 ) while any other l ≥ 1 corresponds to a faulty condition. In addition, X , U , D, V are defined as the bounded polyhedral constraint sets [30,31]: Remark 1. The model (1) can represent some uncertainties. Firstly, the changes in the configuration of the system (i.e., l ∈ [0, n f ]) due to the appearance or disappearance of faults are essentially a description of the uncertainty of the system [1]. Secondly, the disturbance terms (d k , v k ) included in the model can directly reflect the multiple uncertainties in the system. For instance, let A l = A 0 , d k = ∆ A x k + δ k with unknown but bounded term ∆ A , (1) can represent a class of additive parametric uncertainty models; let can represent a class of multiplicative parametric uncertainty models; let d k be a time-varying/time-invariant uncertainty term only, (1) can represent the uncertainty case for a class of mechanistic models with bounded offsets of modeling error, etc. All of these scenarios can be used to reflect a mismatch between the model and the reality.
Remark 2. The model (1) can represent both component and actuator faults [1]. For example, A l = A 0 + ∑ n i=1 A i θ i k with unknown faulty factor θ i k can represent some component/parameter faults; B l = B 0 diag{θ 1 k , θ 2 k , · · · , θ n u k } with θ i k ∈ [0, 1] can describe some actuator effectiveness loss faults.
For the sake of simplicity, the dynamics of the l-th system configuration can be rewritten as The following assumptions are given for systems (1) and (2). Assumption 1. The typical system configurations of concern can be modeled in advance, and these system configurations are controllable.

Remark 3.
We recognize that not all systems and faults can be tolerant by only one FTC method. Therefore, we make the above assumptions to explain the situations in which the proposed method can be applied.
Definition 1. Let S be a neighborhood of the origin. The closed-loop trajectory of (1) is said to be Uniformly Ultimately Bounded (UUB) in S, if ∀ x 0 , ∃T(x 0 ) > 0 such that x k ∈ S for k ≥ T(x 0 ).
The control objective is to construct an AFD-based robust and feasible AFTC strategy such that the states of the controlled system (1) can be steered inside a neighborhood of origin (i.e., UUB) in a way of minimizing the following optimization problem where U(x k , u k ) = x T k Ξx k + u T k Θu k , Ξ > 0, Θ > 0 is a utility function.

The Overall Scheme of the Proposed AFD-Based Interpolation AFTC Method
The overall scheme of the proposed AFD-based interpolation AFTC method is shown in Figure 1. In the subsequent analysis, we let that the index l ∈ [0, n f ] denotes the unknown actual system operating condition and the index i ∈ [0, n f ] denotes the recently identified system operating condition. Then, according to the flowchart in Figure 1, the AFTC method works as explained below. First, the I/O data of the practical system (i.e., the lth model) is collected by the ith estimator to give the state estimatesx i k and generate the residuals r i k . Second, the fault detection unit performs change detection based on the estimator outputs. When there is no change (i.e., l = i), the interpolation control algorithm currently in use continues to regulate the system. When a change/fault is detected (i.e., l = i), the fault isolation unit is activated, and in this case the pre-designed auxiliary test signal u i FI is injected into the system and the estimator to perform modal discrimination. Next, after the practical system condition is isolated (i.e., i = l), the decision results of the fault isolation unit will update the operating condition index of the estimator and the reconfiguration controller. Next, the suitable interpolation optimization should be selected according to the location of states in relation to the feasible set of controller (i.e., robust control invariant set). Namely, if the states belong to the feasible set of the isolated controller, the general interpolation control is applied; otherwise, the relaxed interpolation control should be activated. Finally, these control actions will adjust the system states to the desired operating region. The design of each unit in this flowchart is given in detail below.

Reconfigure the index of observer and controller
Estimator ( Figure 1. Scheme of AFD-based interpolation AFTC. The fault detection and active fault isolation constitute AFD, which will be designed in Section 3.2; AFTC consists of outer FTC, inner FTC and interpolation optimization, where outer FTC and interpolation optimization are designed in Section 3.4 and inner FTC with observer is designed in Section 3.3.

AFD: Fault/Mode Change Detection and Isolation
Without loss of generality, the following i-th observer is adopted to estimate states and generate residualsx wherex i k ∈ R n denotes the estimated state vector;ŷ i k ∈ R n y is the estimated output vector; r i k ∈ R n y is the generated residual signal that is used to provide key information of abnormal condition for achieving AFD. L i is the observer gain.

Assumption 2.
For the sake of discussion, we assume that the observer (4) for each i ∈ [0, n f ] has been designed in advance, and (A i + L i C) is Schur stable. The detailed design conditions of L i are given in Theorem 1.

Remark 4.
In a cycle of AFD, the FI is always triggered by the FD [22]. Moreover, when a fault is detected at time k d , the closed-loop FTC controller that is currently being used should preferably be put on standby to avoid that the feedback function hides the effect of the fault. In this setting, only the auxiliary input is used to stimulate the faulty system. In principle, the design of such an auxiliary input should (1) minimize the harmful influence to the currently matched system operation and (2) accurately identify and isolate the real system operating condition l.
In Figure 1, there are two cases about the generated residual signal r i k . One is that the ith observer currently in use is matched to the real system mode l, and the other is the opposite. In the sequel, we will discuss the characteristics of the corresponding residuals for each of these two cases.
(1) Case I (design of FD logic for i = l): First, based on Remark 4 and (1)-(4), the following estimation error system can be established: where Then, based on a series of finite set iterations along (5) using ∆ i,i e , an approximate maximal RPI set Ω i,i e (see Definition 2) can be computed and the limit set of residual r i can be directly obtained as R i,i FD = CΩ i,i e ⊕ V. According to Figure 1 and Remark 4, the detection of mode changes and the triggered action can be formulated as Remark 5. Considering the possibility of fault occurrence, transformation, or recovery, we uniformly use mode change in (6) to indicate any phenomenon that causes a change in the system behavior.
(2) Case II (design of FI logic for i = l): The case i = l implies that the real status of system has changed and it generally leads to r i k / ∈ R i,i FD . In this case, the fault/mode isolation should be activated. According to the analysis method in [27] and Remark 4, an auxiliary input u i FI will be used to replace the AFTC input u i C,k . A relevant augmentation representation is firstly constructed as where Then, given u i FI and based on Assumption 1, an approximate maximal RPI set Ω l,i χ for each pair (l, i), i = l, can be determined by finite set iterations along (7). Accordingly, the limit set that is used to achieve modal isolation can be obtained as R l,i A crucial condition for the existence of u i FI that discriminates between configurations ζ and η in finite time is According to [27], such discrimination can be achieved by checking whether the distance between the two sets is positive. Without loss of generality, the following distance metric is defined as (8) to determine a suitable auxiliary input u i FI such that the distance metric dis i ζ,η is positive. The distance metric (8) has the following properties. Lemma 1. [27] The distance metric function dis i ζ,η is convex and hence its maximum is reached on certain vertices of the input constraint set.
Based on Remark 4 and Lemma 1, the optimization design problem of auxiliary input signal u i FI , ∀i ∈ [0, n f ] can then be formulated as Once the problem in (9) is solved for each i, the corresponding separation hyperplane (denoted as Π i ζ,η ) that is used to isolate the new mode can be further calculated through FI are two points at minimum distance from Π i ζ,η , and they can be determined when solving (9). Then, these off-line designed separation hyperplanes will be used for real-time isolation. For simplicity, the isolation function is constructed as Then, for the residual signals generated in real time, the online FI logic can be designed as The current system mode can thus be discerned by making no more than n f comparisons using (11) and (12).

Integrated Design of Observer and Unconstrained Controller
When the practical system mode index l ∈ [0, n f ] is isolated, the control reconfiguration should be activated immediately, i.e., the control action u l C,k is reconfigured with the new isolated mode index l. Now we will design the control policy u l C,k . Here, we consider for now the case where the constraints (x ∈ X , u ∈ U ) are not triggered and u l C,k can then be designed only as an estimator-based robust feedback control policy u l C,k = K lxl k , ∀l ∈ [0, n f ]. Under such settings, the closed-loop system dynamics can be obtained as On the other hand, by defining a virtual output variable vector z l k = Then, the closed-loop virtual output by u l C,k can be deduced as According to [20,32], there may exist robustness interaction influences between estimation accuracy and unconstrained control performance, since the estimation error e x l ,k disturbs the closed-loop system (13) and (14) whilst the unmodeled dynamics d k usually containing states can affect the estimation system (5). Hence, an integrated design of composite closed-loop system (5), (13) and (14) must be adopted to obtain the satisfactory observer gain L l and control gain K l , ∀l ∈ [0, n f ]. The following composite closed-loop system is firstly established: The following theorem presents the integrated design conditions of observer gain and unconstrained feedback gain.

Theorem 1.
For each l ∈ [0, n f ], a robust observer (5) and associated robust feedback control policy u C,k = K lxl k can be integratedly determined, if some decision variables α > 0, β > 0, P l 1 = (P l 1 ) T > 0, P l 2 = (P l 2 ) T > 0, Y l 1 , Y l 2 ,K l ,L l exist as the solutions to the following optimization problem: Once the above optimization is solved, the parameters of observer and feedback gain can be calculated by K l =K l ((Y l 2 ) T ) −1 and L l = (Y l 1 ) −1Ll , respectively.
Proof. The proof of Theorem 1 is given in Appendix B.

Constrained AFTC: Reconfigured Interpolating Control
Based on the set-theoretic concepts in [28,31], several invariant sets are defined.

Definition 2.
Given the controller u l C,k = K lxl k , the set Ω l RPI ⊆ X is a robust positive invariant set (RPI-set) for closed-loop system (13) subject to constraint x l k ∈ X if for any x l 0 ∈ Ω l RPI we have x l k ∈ Ω l RPI for allB l e x l ,k + d k , k > 0. Moreover, Ω l MRPI is the maximal RPI-set if Ω l MRPI contains all the RPI-sets of constrained closed-loop system (13) in X . For simplicity, Ω l MRPI is represented in the polyhedral form of Ω l MRPI = {x l : F l I x l ≤ g l I }.
The following enlarged invariant set is further defined for some constrained allowable control inputs. Definition 3. Given the lth model of (2) and the constraints (X , U ), the set Ω l RCI ⊆ X is a robust control invariant set (RCI-set), if for any x l 0 ∈ Ω RCI there exists an admissible control input u l k ∈ U such that all the state updates satisfy x l k ∈ Ω RCI for all d k and e x l ,k , k > 0. Similarly, the maximal RCI-set Ω MRCI contains all robust RCI-sets.
Generally, the determination of Ω MRCI is computationally demanding, in particular for high-dimension systems. As an alternative, the M-step robust control invariant set can be used.

Definition 4. The set P l
M ⊆ X is defined as a M-step robust control invariant set for the lth model of (2) with respect to the constraints (X , U ), if there exists an admissible control sequence such that all states x l k ∈ P l M can be steered into Ω l MRPI in no more than M steps. For simplicity, P l M is described as P l M = {x l : F l M x l ≤ g l M }.
In general, two cases exist for the location of the states of system after the active FI is completed, namely x l k ∈ P l M and x l k / ∈ P l M . In the sequel, we will construct an interpolating FTC strategy for each of these two cases.
(1) Case I (x l k ∈ P l M after FI): Firstly, in order to get Ω l MRPI of (13), the bounded set ofB l e x l ,k + d k should be determined. By a series of finite set iterations along (5), the disturbance invariant set of e x l subject to v k ∈ V and d k ∈ D has been computed as Ω l,l e . Then, we haveB l e x l ,k + d k ∈ (B l Ω l,l e ⊕ D). Further, the Procedure 2.1 in [28] can be referred to calculate Ω l MRPI of (13). In order to describe the control actions that can regulate the state x l k from P l M back to Ω l MRPI in no more than M steps, an augmented control sequence U l M,k = (u l IC,k ) T (u l IC,k+1 ) T · · · (u l IC,k+M−1 ) T T is defined. In fact, these actions are expected to regulate the dynamic behavior of the system in the following manner: . .
Obviously, in (17) we can observe that the migration process of states can be approximately deduced by the current initial state x l k and a sequence of inputs U l M,k . Considering the constraints with Definition 4, we can further describe the maximal admissible control domain of the system (1) with respect to the corresponding control inputs in terms of the following half-space representation for the augmented state space Q l M = {x l , U l M }: Remark 6. Given the previously obtained Ω l MRPI and certain M, the augmented set Q l M can be calculated by following the algorithm in [28]. In addition, by comparing the definition in (18) and Definition 4, it can be seen that P l M is a projection of Q l M onto the state space.
Without loss of generality, any state vector x l k ∈ P l M can be decomposed as a convex combination form where x l I,k ∈ Ω l MRPI denotes an inner state vector while x l O,k ∈ P l M ∼ Ω l MRPI denotes an outer state vector. s l k ∈ [0, 1] is the so-called interpolation coefficient. Since x I,k has already inside Ω l MRPI , the previously designed unconstrained optimal control law by K l x l I,k can be directly adopted to achieve UUB regulation of x l I,k robustly. Thus, for x l k / ∈ Ω l MRPI , (19) means that the problem of finding U l M,k to regulate state x l k back to Ω l MRPI can be transformed into the problem of solving U l M,k to regulate state x l O,k back into Ω l MRPI . In line with the above state decomposition (19), the following interpolated FTC strategy for the lth model is constructed where u l I,k = K l x l I,k is the inner FTC law while u l IC,k is the outer FTC law to be determined. It should be noted that u l I,k is the optimal unconstrained terminal control law, and it generally presents high control performance. However, for x l O,k ∈ P l M ∼ Ω l MPRI , the constraints will be activated and the performance might be poor. Thus, in order to make the high-performance inner controller as dominant as possible and minimize the constraint activation influence simultaneously, it is desirable to set s l k as small as possible. This can be achieved by solving the following optimization problem: The first constraint in (21) is used to ensure x l I,k ∈ Ω l MRPI ; the second inequality is used to ensure that there exists U l M,k such that x l O,k ∈P l M ⊆ P l M and x l O,k+M ∈ Ω l MRPI ; the third equation guarantees a smooth convex interpolation between x l I,k and x l O,k and also achieves a smooth interpolation between the associated two control laws.

Remark 7.
In view of the influence of estimation error on the feasibility of optimization, we have contracted the constraint condition in (18), and obtained the second constraint condition in (21). Specifically, by setting u l IC, x l I,k ) + s l k c l k = K l x l k +c l k , wherec l k = s l k c l k . Then, following the augmentation analysis technique in dual-mode predictive control [20], we can calculate a disturbance invariant set of [x k ; U l M,k ] that is driven by e x l ,k and d k .
When the optimal solution of (22) is obtained, the reconfigured interpolation FTC can then be constructed as u l The soft constraint methods are employed to ensure that states outside P l M can also be steered into Ω l MRPI after the fault is isolated. Depending on the requirements of the actual system for state constraints and input constraints, there exist two general ways to design soft constraints [33,34]. The first is that the input constraints must not be violated while the boundaries of the state constraints can be relaxed appropriately. The other is that the boundaries of both constraints can be adjusted. In either case, the relaxation variable introduced by the soft constraints is non-zero only when the original constraints are violated. Once the original constraints are restored, the relaxation variable must be zero. For the sake of simplicity, the second strategy is adopted and we design the following soft constrained interpolating control algorithm. First of all, we suppose that the maximal admissible control domain (18) can be relaxed to contain states x l k / ∈ P l M as follows:Q where ς l k ≥ 0 is the relaxation variable and Λ can be a column vector of ones or an arithmetic progression vector with the first term 1 and common difference −κ ∈ [−1, 0]. Note that the soft constraints by (23) implicitly define an enlarged M−step robust control invariant setP l ς k ,M for systems (1) with relaxed constraints of states and inputs. Then, in a similar way to formulate (19) and (20), we can also update the interpolations of states and inputs for x l I,k ∈ Ω l MRPI and x l O,k ∈P l ς k ,M ∼ Ω l MRPI . Slightly different from the optimization objective of (21), here the slack variable ς k also needs to be minimized, i.e., the degree of constraint violation ofP l M should be minimized. To this point, we can further establish the following optimization problem through the same design of variables as (22): where ε 1 + ε 2 = 1. In order to highlight the function of soft constraint FTC, ε 1 is generally set to be larger than ε 2 .

The AFD-Based Reconfigured Interpolation FTC Algorithm
A binary parameter ε 3 is introduced to unify the optimization problems of (22) and (24): By setting ε 3 = 1, (25) reduces to (24), which is used to achieve soft constrained interpolating control for the case x l k / ∈P l M . By setting ε 3 = 0, (25) reduces to (22) and the standard interpolating control based FTC can then be achieved. All the above developments allow us to write down Algorithm 1.

System Model and Parameters
The purpose of a wastewater treatment plant is to purify the sewage and return clean water to the river. Activated sludge process (ASP) is a very important part of the cleaning procedure [35]. Generally, ASP systems usually consist of a bioreactor and a settler. Bioreactors mainly rely on suspended microorganisms for biodegradation of dissolved substrate. After that, the suspended micro-organisms are completely separated in the settler. Some of the degraded biomass will be recycled to the bioreactor for further purification, while the remaining biomass will be discharged to maintain the balance of limited organisms in the ASP system. The energy needed for the reaction is provided by the dissolved oxygen, and the resulting carbon dioxide is in turn released. In [36], a simplified state-space error model describing the mass balances in ASP systems is built around the equilibrium point (X P , U P ) = ([122.7342 49.4714 196.3750 6.8300] T , [0.06 1.35]). Here, to achieve the fault tolerant mass balance of ASP systems, some uncertain parameters along the model in [36] are additionally considered as follows: We assume that two types of faults can appear: . The former is identified as fault l = 1 (faulty mode 1) and the latter is identified as fault l = 2 (faulty mode 2). Clearly, the health condition l = 0 (healthy mode 0) is indicated when (∆ A = Γ A = ∆ B = Γ B = 0). The other parameters are:

Offline Design of AFD and AFTC According to Algorithm 1 and Relevant Validation
According to Algorithm 1, the following parameters of AFTC policy are designed. Firstly, by solving Theorem 1, the integrated parameters of observer L l and inner FTC gain matrix K l are obtained as Secondly, by using the disturbance set ∆ i,i e for 3-step set iteration along (5), the limit sets of residual for each i = 0, 1, 2 are approximately calculated, where the H-representations of R 0,0 FD , R 1,1 FD , and R 2,2 FD have 23, 38, and 47 inequalities, respectively. Due to the page limit, they are not listed here.
Thirdly, by solving optimization problem (9), some suitable choices of test input signals are determined as u 0 , respectively. Here, U .V(1) is used to denote the first vertex of the V-representation of set U . In order to clearly describe the relationship between the FD limit set and the FI separation line, we simulated the residual responses by injecting the above test input signal excitation in different modes of the system. As shown in Figure 2, the AFD can be successfully achieved as long as the residual value exceeds the relevant separation line. Here, the isolation can be accomplished in a maximum of six steps.
Next, the robust invariant sets Ω l MRPI and P l M are calculated for l = 0, 1, 2, respectively. In order to describe the relationship among the interpolating AFTC, the controlled states and the corresponding invariant set for each mode, the evolution of an arbitrary initial state x 0 = [−20 10 − 10 − 1.83] T is simulated. The results of the first three states are shown in Figure 3. It can be seen from Figure 3a,b that x 0 belongs to P l M ∼ Ω l MRPI , l = 0, 1. Therefore, as shown in sub- Figure 3d, the corresponding interpolation coefficients are not zero and x 0 is adjusted back to Ω l MRPI in 2-3 steps. Figure 3c illustrates that x 0 belongs to Ω 2 MRPI . Hence, the associated interpolation coefficient in Figure 3d is zero.

Simulation Results and Analysis of the above Designed AFD-Based AFTC Method
Based on the parameters obtained above, we next perform performance tests on the proposed AFD-based AFTC method. First, the following fault scenarios are considered: Fault scenarios: The system initially works in a healthy condition; when k ∈ [160 550), the first kind of fault occurs in the system. For k ≥ 550, the previous fault disappears and the second type of fault appears.
Then, the online AFTC strategy described in Algorithm 1 is implemented to deal with the above fault situations. The simulation results are collected and depicted in Figures 4-6, where the occurrence and duration of different faults have been marked using different color areas, i.e., green area for healthy condition (l = 0), yellow area for type I faults (l = 1) and gray area for type II faults (l = 2). As depicted in Figure 4, it takes some time after a fault occurs to achieve the state regulation to track the equilibrium point X P . The reason is that the fault detection, isolation, and control reconfiguration need to be completed during this time. Taking the fault-tolerant process for the first type of fault as an example, Figure 4 firstly depicts that the estimated values of the states can quickly deviate from their actual values in the moments after the fault occurs. Their estimation errors caused by the presence of the fault further generate large residual values, thus facilitating the timely triggering of FI. In fact, the interpolation coefficient in Figure 6 appears to increase rapidly at k > 160, which also indicates the occurrence of abnormal system conditions. The inputs of the corresponding constant value auxiliary test signals are further shown in Figure 5. It should be noted that both variables in Figure 6 are zero at this time. After a few steps, it can be seen in Figure 4 that the first three states have been accurately estimated, which indicates that the FI is completed. However, the estimation of the fourth state still deviates from the actual value. The reason is that the auxiliary signal injected during FI drives it to a large deviation (as shown in Figure 2). Hence, additional time is required to achieve its unbiased tracking.
After FI, the corresponding control reconfiguration is further activated. As shown in Figure 6, the soft constraint FTC (24) is triggered first, which also leads to a sharp increase of the control input in Figure 5. When the states are adjusted into P 1 M by the soft constraint FTC, the interpolation FTC (22) is activated timely. At the same time, as illustrated in Figure 5, the control inputs subsequently become smaller. The decreasing interpolation coefficient in Figure 6 also indicates that the system states are gradually tuned into Ω 1 MRPI . After that, the states are gradually regulated to track the equilibrium point.

Remark 8.
The above process constitutes a complete cycle of AFD and AFTC. Clearly, the decreasing interpolation coefficients and relaxation variables in Figure 6 fully illustrate the convergence of the proposed Algorithm 1. Correspondingly, the state and control variables in Figures 4 and 5 are also adjusted to the equilibrium point (X P , U P ), which further illustrates that the control system under the influence of the fault is stabilized and the tracking target is achieved.

Multi-Performance Comparison and Discussion of Active Fault-Tolerant Control Methods
Some qualitative comparisons with the recently reported AFTC methods are given in Table 1.  The involved comparisons in Table 1 are explained from the following aspects. Firstly, as shown in the second row of Table 1, both component faults and actuator faults are considered in this paper, while only actuator faults are considered in [13,16,20]. In general, the component faults can significantly affect the system dynamics. In this paper, an AFD method is embedded to identify the system operating mode in real time in order to achieve fault tolerance for component faults. Secondly, unlike the multiple-observers-based realtime diagnosis approach in [16], here only one observer needs to be employed at each moment to achieve fault mode identification. Theoretically, this facilitates the diagnosis efficiency and it is also another implicit advantage of using AFD.
In terms of the design and implementation of fault-tolerant methods (i.e., rows 5-7 in Table 1), the MPC optimization problems in [13] are constructed by relying on ellipsoidal constraint sets and LMI, which belongs to SDP and whose solution tends to be more time-consuming. In addition, approximating the feasible domain with ellipsoidal sets is generally more conservative than polyhedral sets. In [20], the dual-mode prediction mechanism is adopted to construct a predictive FTC, whose optimization problem belongs to QP and can be solved relatively efficiently. However, this FTC method is only used to handle actuator additive offset faults and is not suitable for addressing fault tolerance problems of multiplicative faults and component faults. Relatively, the receding horizon set theoretic FTC method in [16] is appealing. This method provides a way to perform the state figure using switching M-step controllable ellipsoidal sets under different fault conditions. However, it may be computationally demanding and takes up a large storage space because of the need to solve real-time QP when the states do not belong to the corresponding maximum allowable invariant set. In this paper, the interpolation methods are employed to combine M-step controllable polyhedral sets and inner feedback control laws to achieve the state figure, and the corresponding fault-tolerant optimization is formed as LP. Compared to the sets that need to be stored by the FTC method in [16], Algorithm 1 only needs to store the maximum M-step controllable polyhedral set for each operating condition, which helps to reduce the storage burden.
The penultimate row of Table 1 illustrates that the soft-constrained FTC method is further integrated into Algorithm 1 and used to deal with some unanticipated situations, such as uncertain fault amplitudes, system parameter drifts, disturbance overruns, etc. The last row of Table 1 implies that the design of the FTC method in [13] is more intuitive and better scalable than the FTC methods in Algorithm 1, [16,20]. It should be noted that the above comparisons are discussed mainly for the characteristics of the involved faulttolerant methods and not for the contents of the overall studies in [13,16,20]. Clearly, they have different system models and control objectives, and therefore different innovations.

Remark 9.
According to Remark 7, the FTC law based on dual-mode predictive control constructed in [20] can be considered as a special form of the interpolation AFTC developed in this paper. Hence, the interpolation-based AFTC theoretically has a higher degree of design freedom as well as a more efficient optimization capability. To verify this, a further numerical comparison was made. Let the system operate sequentially in two scenarios: scenario I (health l = 0) for 1 ≤ k < 160 and scenario II (fault l = 2) for 160 ≤ k ≤ 500. To be fair, the same active fault diagnosis and integration design were used. Table 2 gives the comparisons of these two methods in terms of interval cost function (3) and running time. It can be seen that the interpolation-based AFTC method runs faster and provides better tracking accuracy for scenario I. In scenario II, the developed interpolation-based AFTC remains feasible and continues to optimize the cost function, however the FTC method of [20] will no longer be feasible after k = 170. Based on the above numerical comparisons, the effectiveness of the method constructed in this paper can be further verified.

Conclusions
In this paper, a novel activate fault tolerant control scheme is proposed to address the component/actuator faults for the uncertain systems with state/input constraints. Its significant merits are that (1) it relies on only one diagnostic observer for online fault detection and isolation, which helps to reduce the internal memory consumption of the hardware controller; (2) the auxiliary inputs and separation hyperplanes for fault isolation are designed offline in advance, which helps to reduce the online computational burden and increase the freedom of fault isolation decisions; (3) the overall fault tolerant control is reconfigured by optimizing the interpolation coefficient to dynamically regulate the convex combination of inner and outer fault tolerant control laws, which can further reduce the online optimization effort; (4) the inner fault tolerant control and the diagnostic observer are designed offline in advance, and by such design the robust interaction influence on the feasibility of the reconfigured fault tolerant control algorithm can be reduced; (5) the soft constraint method is embedded to achieve a relaxed fault tolerance, which can handle some cases that lead to infeasible constrained optimization in an emergency. The simulation with detailed discussions is given to demonstrate the above benefits of the proposed method.
Some issues need to be further addressed in the future work. For instance, the application of semi-active fault diagnosis to enhance the design flexibility of auxiliary signals; the combination of soft constraint theory and period invariant sets to construct an outer fault tolerant control with flexible and adjustable feasible domains; the construction of parametrization method of interpolated coefficient to avoid solving linear programming problems, etc.  Acknowledgments: The authors are thankful to the reviewers for their comments and suggestions to improve the quality of the manuscript.

Conflicts of Interest:
The authors declare no conflict of interest.

Appendix A
The approximated calculation method of R l,i FI is given below. By [31], R l,i FI can be explicitly represented as R l,i FI = {C χ (I − A l,i χ ) −1 B l,i χ u i FI } ⊕ C χ O l,i χ,∞ ⊕ D χ E , where O l,i χ,∞ = {χ : ∑ ∞ j=0 (A l,i χ ) j E i χ σ k , σ k ∈ E }. Generally, O l,i χ,∞ is difficult to determine, especially for high-dimensional systems. In [27], an external approximation method is proposed to enable O l,i χ,∞ ⊆ (1 + µ T )O l,i χ,T , where O l,i χ,T = {χ : ∑ T j=0 (A l,i χ ) j E i χ σ k , σ k ∈ E } can be calculated in a finite time. Then, for given u i FI , the internal point of residual limit set R l,i FI can be parameterized as C χ (I − A l,i χ ) −1 B l,i χ u i FI + (1 + µ T ) ∑ T j=0 C χ (A l,i χ ) j E i χ σ 1,k + D χ σ 2,k , ∀σ 1,k , σ 2,k ∈ E .

Appendix B
The proof of Theorem 1 is given below.