MPC-Based Sensor Fault-Tolerant Control: Application to a Heat Exchanger with Measurement Noise

Abstract

The present paper addresses the design of a fault-tolerant control (FTC) system based on model predictive control (MPC) that aims to deal with sensor additive faults. The main contribution of this work lies in an FTC design for systems with measurement noise composed of a fault estimator, observers for fault reconfiguration, a reconfiguration unit, and an MPC. The proposed FTC uses a linearized plant model with measurement noise and sensor faults in the design procedure. Simulation results with constant and time-varying faults are presented to validate the performance of the FTC, considering a non-linear heat exchanger model.

1. Introduction

Nowadays, control systems are growing due to a significant increase in the complexity of dynamic systems. With this in mind, several challenges require new designs to deal with specific dynamical conditions, including those related to the possible faults occurring in the system instrumentation or, in some cases, the parameters defining the mathematical representation. In this sense, several approaches have been designed in the research community to face these faulty conditions and improve the safety and reliability of the control systems. As a result, fault-tolerant control (FTC) designs are considered because they are suitable for dealing with faulty conditions in real systems to ensure their safety, despite fault occurrences [1,2,3]. An FTC system, to achieve its objective, requires elements providing the information associated with the fault occurrence. In the case of faults in sensors or actuators, fault estimation observers are applied, giving rise to the use of unknown input observers (UIOs). Within the extensive information regarding UIOs, in [4], the authors present a novel UIO that simultaneously ensures asymptotic system state estimation and unknown input reconstruction via an interval observer for linear systems. The estimation could refer to sensors or actuator faults modeled as additive terms in the system dynamics. An extended UIO towards a distributed interval observer and a distributed unknown input observer can be found in [5], dealing with unknown inputs and measurement noise, able to provide their estimation. Regarding the FTC systems, it is known that a common issue related to system instrumentation refers to a condition derived from the quality of the operation of the elements in charge of providing the measurements of the variables. From this consideration, noise measurements are often associated with negative closed-loop performance when controlling a system. If the noisy outputs are considered part of the feedback loop, this could lead to problems in the actuators of the system. The previous process involves a control law feeding the system actuator with a noisy signal, rendering a possible system actuator overload operation and thus shortening its useful life. Consequently, the results presented in this paper are motivated by the problem of achieving fault tolerance against sensor fault occurrences, considering dynamical systems with measurement noise.

1.1. Related Work

1.1.1. Heat Exchanger

Addressing the heat exchanger case study, this system is utilized in various industrial applications, such as power generation, petroleum refineries, and coal plants, causing the need to generate information about this system. The study presented in [6] uses heat exchanger experimental data within a system identification framework to model it and to develop a Linear Quadratic Gaussian control to regulate the dynamics of the system. Reference [7], in turn, addresses an identification method to approximate a second-order plus time delay (SOPDT) model, with illustrative examples showing its efficiency using a proportional integral derivative (PID) controller. The study presented in [8], in turn, addresses schemes considering predictive and PID controllers. A feed-forward compensation is included to eliminate the influence of external disturbances on a heat exchanger system. Reference [9] presents the design of a fractional-order fuzzy PID controller applied to a tubular heat exchanger. Its advantages are highlighted in comparison with a conventional PID control scheme. Finally, in [10], the authors design a low-order dynamic model to predict the non-linear heat transfer in heat exchangers. The estimated parameters are tuned online using a Kalman filter to fit the model further to reality.

1.1.2. Fault-Tolerant Control Applied to Heat Exchangers

There is a large amount of research related to FTC systems, such as in [11], where the authors present general aspects of this particular control system through extensive research on various applications and schemes. The studies reported in [12,13], in turn, address FTCs applied to distillation columns considering sensor and actuator faults involving pressure swing adsorption processes. As for FTC systems applied to heat exchangers, the authors in [14] refer to an FTC based on a multi-input, multi-output MPC to keep a heat exchanger operating in the case of actuator faults. An adaptive observer performs the fault detection and isolation process. In [15], the authors design an FTC scheme against actuator faults. Its objective is to ensure the continuous operation of the double-pipe heat exchanger with a model-following controller in case of a faulty condition in the system’s actuators. The authors of [16] deal with fault detection and isolation (FDI) in sensors applied to a concentric pipe counter-flow heat exchanger. The proposal is based on analytical redundancy, implementing non-linear, high-gain observers used to generate residuals when a sensor fault occurs. In [17], a fault-tolerant scheme is presented based on fractional observers in a double-pipe countercurrent heat exchanger. This work aims to detect sensor faults and to provide a healthy signal to ensure the control objectives with a bank of high-gain fractional-order observers. Reference [18], in turn, addresses the design of an interval observer-based FTC system, including a backstepping-based control law. The proposed method is applied to an intensified heat exchanger/reactor to detect, isolate, and recover all possible dynamic faults. On the other hand, the authors in [19] address a virtual sensing (VS) method for an online fault diagnosis system validated using a set of run-to-failure tests on real heat exchangers. Finally, in [20], an active FTC (AFTC) system applied to an intensified heat exchanger/reactor is presented. The proposal includes an adaptive observer-based fault detection, isolation, and identification scheme with a control law redesign based on the backstepping approach.

1.1.3. MPC-Based Fault-Tolerant Control

Model predictive control (MPC) is an established control framework based on the solution of an optimization problem to determine the (optimal) control action at each discrete-time sample [21,22]. Regarding its consideration within FTC schemes and its application to heat exchangers, in [23], the authors describe a model-based control strategy for a countercurrent flow plate heat exchanger in a virtual environment. The results compare a controller based on the inverse model of the plant with an MPC. Reference [24], in turn, addresses modifying the conventional constraint involved within the MPC design, showing the result using a laboratory-scaled heat exchanger. In [25], the authors mention the MPC methodology as an efficient fault regulation method, summarizing the MPC-based FTC approaches. The study presented in [26], on the other hand, considers the non-linear model predictive controller (NMPC) and fault estimation method based on Kalman filters (EKFs) to design an FTC system, dealing with actuator and sensor fault occurrences. The proposed method corrects the controller–predictor model and compensates for actuator and sensor faults. In [27], the design of an AFTC system of a variable-speed wind turbine subject to actuator faults is presented. The authors address a model predictive control based on T-S fuzzy modeling, where the predictive controller compensates for the actuator fault occurrences. In [28], a robust fault-tolerant control (FTC) strategy is presented. A linear functional observer is used to estimate the size of the fault, combined with a predictive scheme to enhance robustness during the transient period of fault estimation. The proposed FTC strategy is tested on an exothermic Continuous Stirred-Tank Reactor (CSTR) case study. In turn, reference [29] presents a cooperative distributed fault-tolerant model predictive control (DFTMPC). It considers interconnected systems with fault-tolerant performance achieved in a global view, applying the distributed model predictive control methodology. In [30], in turn, an MPC FTC based on robust output feedback to guarantee the control performance of the discrete system in an unmeasurable state and with partial actuator failure is presented. Reference [31], on the other hand, shows a two-layer multiple-model structure FTC scheme, representing a non-linear system by a bank of local linear models and model banks for approaching faulty situations within its structure. In [32], the authors address an FTC with an MPC scheme using an adaptive updating mechanism to compensate for actuator and sensor faults simultaneously. The proposed method is applied to the cooperative tracking control of multiple unmanned aerial vehicles. An adaptive model predictive FTC based on sensitivity estimation and exponential forgetting-based recursive least squares (RLS) applied to four-wheel independent steering vehicles is presented in [33]. The MPC algorithm was designed according to the constraints of the physical system with an adaptive integral action. Finally, in [34], the authors introduce a data-driven approach to develop an FTC based on an MPC for non-linear systems. The proposed method leverages historical data from the system to construct a data-driven model that captures the non-linear and fault characteristics. Its efficacy is demonstrated through a case study, which results in its ability to mitigate faults and maintain the desired system behavior in the case of a faulty system.

1.2. Original Contributions

Although the MPC controller and exchanger are broadly addressed in FTC systems, the design still lacks measurement noise. The measurement noise is relevant because if introduced into the feedback loop, the control signal will be affected, compromising the system’s actuator performance. As a result, the problem of systems measured with noise and possible sensor faults that occur during a control process is worth addressing from the perspective of FTC theory. To provide the differences and advantages of the proposed method, it is essential to define them regarding references [26,28,34]. Reference [26] addresses an active FTC system considering an online fault estimation prediction. The proposed method utilizes the non-linear model predictive controller (NMPC) and fault estimation method based on extended Kalman filters (EKFs). The suggested approach estimates the deficiency of actuators and sensors. In [28], an MPC FTC of safety-critical processes based on a dynamic safe set is presented. This approach considers a set of initial process states that always meet safety constraints, called a dynamic safe set. A linear functional observer is used to estimate fault size, combined with a predictive scheme, to enhance robustness during the transient period of fault estimation. Finally, reference [34] introduces a novel data-driven approach to develop a fault-tolerant model predictive controller (MPC) for non-linear systems. By considering a Koopman operator-theoretic perspective, the proposed method leverages historical data from the system to construct a data-driven model that captures the non-linear behavior and fault characteristics. Although these works refer to MPC-based FTC systems, in the present paper, the motivation regards designing an FTC system involving elements in charge of handling measurement noise explicitly defined in the system model, unlike the referenced works. A functional fault estimation observer is designed to reconstruct sensor faults, which is used to trigger the fault reconfiguration and render the fault recovery in the system. This observer is designed so that the measurement noise is bounded. As for the observers for fault reconfiguration, their design comes from the model with the noise presented at the system outputs, rendering an estimation to minimize this system instrumentation condition. The provided estimations are included in the feedback loop to compute the control law, leading the system outputs to desired values with less noise than those presented at the system outputs. This is achieved by applying the MPC control methodology. As such, the main contribution of this paper is related to an FTC design considering the measurement noise and fault representations within the model applied to a counter-flow heat exchanger system with a linear description for design purposes. The linearized model is considered for the fault estimation and fault reconfiguration observer design, allowing the achievement of control objectives despite the occurrence of additive sensor faults. Finally, the overall FTC system is tested using the non-linear heat exchanger model, yielding the main result. The present paper is organized as follows: Section 2 addresses the fault-tolerant control description and design. Section 3 presents the counter-flow heat exchanger model. Finally, the main results are shown in Section 4 just before a brief conclusion is given in Section 6.

2. Fault-Tolerant Control

2.1. General Description

Figure 1 illustrates the proposed FTC system, which consists of four components. Their corresponding implications in the overall system are explained below.

• A model predictive control, tracking desired references for the output of the system.
• A fault estimation observer that includes a filter acting on the outputs with noise, providing the estimations for the faults at each sensor.
• A set of observers providing the faulty output reconstruction, driven by the fault-free output.
• A sensor fault reconfiguration unit, in charge of making decisions to provide fault-free outputs in the case of fault occurrence in the control system or, in the fault-free case, the filtered system outputs.

Notice that the FTC system depicted in Figure 1 includes the corresponding operation point involved in the linearization process within the schematics ($u_0$ and $x_0=y_0$ further addressed). From Figure 1, the FTC description in fault-free and faulty case scenarios will be explained as follows.

2.1.1. Fault-Free Case

This case is related to having the system measured with noise and no faults occurring. As such, this gives rise to the need to provide the MPC controller with outputs including a lower-magnitude measurement noise concerning the measurements generated by the system sensors, an objective achieved by a system output $y_l$ filtering process and giving rise to $y_{lf}$. The proposed FTC system depicted in Figure 1 includes this filter within the fault estimator to perform a measurement filtering to feed the outputs to the control system, thereby generating a control signal $u_{nl}$ with a lower noise magnitude with $y_{fc}=y_{lf}$. As such and as a concluding comment on Figure 1, the fault-free case lies in a control law generated using the filtered outputs instead of having the feedback loop with the non-filtered system output $y_l$.

2.1.2. Faulty System Case

In the faulty case, the sensor fault reconstruction unit receives the estimated faults provided by the fault estimator and the reconstructed outputs generated by an observer bank, which considers the fault-free outputs to estimate the failed ones. Internally, the sensor fault reconfiguration unit continuously verifies if the estimated fault vector exceeds a defined threshold, indicating fault occurrence, and conducts a switching process to generate fault-free outputs to feed the MPC controller. The switching process replaces the failed output with the corresponding reconstruction from the observer bank, depending on the fault occurrence in a defined output.

2.2. Fault-Tolerant Control Design

The present section addresses the proposed FTC design. In particular, this section presents the MPC controller, the sensor fault reconstruction unit, the fault estimator, and the observer for fault reconstruction designs. For this purpose, consider a linear representation of the non-linear system with a general description:

$$\begin{array}{cc}\hfill \dot{x}=& Ax+Bu,\hfill \\ \hfill y_l=& \hfill Cx+C_{fs}{f}_s+C_{ns}{n}_s,\hfill \end{array}$$

(1)

where $x\in {\mathbb{R}}^n$, $u\in {\mathbb{R}}^p$, and $y_l\in {\mathbb{R}}^q$ represent the system state and the system input and output, respectively; A, B, and C are the system matrices with compatible dimensions. In the linear system represented by Equation (1), $f_s\in {\mathbb{R}}^q$ and $n_s\in {\mathbb{R}}^q$ are grouping constant or time-varying functions representing sensor faults and measurement noise, with their compatible dimension distribution matrices being $C_{fs}$ and $C_{ns}$, respectively. The model represented by Equation (1) corresponds to a linear model around a specific operation point from the non-linear system dynamics, including the noise presented at its outputs and with the faulty sensor representation. This model is used to design the FTC components.

Remark 1.

The dynamical system (1) is assumed to fulfil the controllability condition. As for the observability conditions, the system is assumed to be observable. Notice that the lack of observability condition can be achieved in the case of a total loss of the corresponding output sensor, which in the present paper is not considered. The results of the present paper consider a healthy sensor operating when a fault occurs in the remaining sensor in the case of partial additive sensor faults. Also, the system dynamics do not consider outputs to be a linear combination of the system states. In practice, the system must be stopped to replace the faulty sensor before attempting to control the dynamical system. In a general sense, the observability conditions are ensured if $Cx\ne C_{fs}{f}_s+C_{ns}{n}_s$.

2.2.1. Fault Estimator Design

The fault estimation observer design considers a linear augmented system defined as follows:

$$\begin{array}{cc}\hfill {\dot{x}}_a=& \hfill A_a{x}_a+B_{a}u+C_{fsa}{f}_s+C_{nsa}{n}_s,\hfill \\ \hfill y_{l_f}=& C_a{x}_a,\hfill \end{array}$$

(2)

with

$$\begin{array}{c}{A}_a=\left[\begin{array}{cc}A& 0\\ C& -I\end{array}\right],B_a=\left[\begin{array}{c}B\\ 0\end{array}\right],C_{fsa}=\left[\begin{array}{c}0\\ C_{fs}\end{array}\right],\\ \\ C_{nsa}=\left[\begin{array}{c}0\\ C_{ns}\end{array}\right],C_a=\left[0I\right],\end{array}$$

(3)

where $x_a={\left[xz\right]}^{\top }\in {\mathbb{R}}^{n+q}$ and $y_{lf}\in {\mathbb{R}}^q$ with $\dot{z}=y_l-z$.

In Equation (2), $x_a$ is considered relevant to achieve two main objectives. The first refers to having a filter reducing the noise in measured outputs $y_l$ through z and generating the filtered outputs $y_{l_f}$ used to compute the control signal. The second corresponds to having the fault representation in the system state equation, making fault estimations possible. For these goals, we propose a fault estimation observer with the following general structure:

$$\begin{array}{cc}\hfill {\dot{\widehat{x}}}_a=& A_a{\widehat{x}}_a+B_{a}u+C_{fsa}{\widehat{f}}_s+K_{fe}(y_{l_f}-{\widehat{y}}_{l_f}),\hfill \\ \hfill {\dot{\widehat{f}}}_s=& L_{fe}(y_{l_f}-{\widehat{y}}_{l_f}),\hfill \\ \hfill {\widehat{y}}_{l_f}=& C_a{\widehat{x}}_a,\hfill \end{array}$$

(4)

with $K_{fe}\in {\mathbb{R}}^{(n+q)\times q}$ and $L_{fe}\in {\mathbb{R}}^{q\times q}$ as constant observer gains.

Remark 2.

In addressing the augmented system observability condition, notice that the system output in Equation (3) refers to a filter acting on the system (1) output. The observability of the augmented system is assumed to be fulfilled if it is in the original system presented in Equation (1).

The fault estimator observer design considers estimation errors as $e_e=x_a-{\widehat{x}}_a$ and $e_f=f_s-{\widehat{f}}_s$, with their dynamical evolution over time being

$$\begin{array}{ccc}\hfill {\dot{e}}_e& \hfill =\hfill & {\dot{x}}_a-{\dot{\widehat{x}}}_a,\hfill \\ \hfill & \hfill =\hfill & A_a{x}_a+B_{a}u+C_{fsa}{f}_s+C_{nsa}{n}_s-(A_a{\widehat{x}}_a+...\hfill \\ \hfill & \hfill \hfill & ...B_{a}u+C_{fsa}{\widehat{f}}_s+K_{fe}(y_{l_f}-{\widehat{y}}_{l_f})),\hfill \\ \hfill & \hfill =\hfill & A_a(x_a-{\widehat{x}}_a)+C_{fsa}(f_s-{\widehat{f}}_s)+C_{nsa}{n}_s-...\hfill \\ \hfill & \hfill \hfill & ...K_{fe}{C}_a(x_a-{\widehat{x}}_a),\hfill \\ \hfill & \hfill =\hfill & (A_a-K_{fe}{C}_a)e_e+C_{fsa}{e}_f+C_{nsa}{n}_s,\hfill \\ \hfill {\dot{e}}_f& \hfill =\hfill & {\dot{f}}_s-{\dot{\widehat{f}}}_s,\hfill \\ \hfill & \hfill =\hfill & {\dot{f}}_s-L_{fe}{C}_a(x_a-{\widehat{x}}_a),\hfill \\ \hfill & \hfill =\hfill & {\dot{f}}_s-L_{fe}{C}_a{e}_e,\hfill \end{array}$$

(5)

which can be represented in matrix form as follows:

$$\dot{e}=A_{e}e+D_e{f}_r,$$

(6)

with

$$\begin{array}{c}e=\left[\begin{array}{c}{e}_e\\ e_f\end{array}\right],A_e=\left[\begin{array}{cc}{A}_a-K_{fe}{C}_a& C_{fsa}\\ -L_{fe}{C}_a& 0\end{array}\right],\\ \\ D_e=\left[\begin{array}{cc}{C}_{nsa}& 0\\ 0& I\end{array}\right],f_r=\left[\begin{array}{c}{n}_s\\ {\dot{f}}_s\end{array}\right],\end{array}$$

(7)

considering I as a compatible dimension identity matrix. The $H_{\infty }$ methodology has been considered to ensure fault estimation and bounded measurement noise. From Equations (6) and (7), the following must be achieved [35]:

$$\begin{array}{ccc}\underset{t\to \infty }{lim}e=0& \forall & fr=0\\ {\left|\right|e\left|\right|}_{{\Delta }_e}\le {\sigma \left|\right|e\left|\right|}_{{\Delta }_{fr}}& \forall & fr\ne 0\end{array}$$

(8)

where $\sigma$ is the attenuation level. For this to be accomplished, finding a Lyapunov function $V\left(e\right)$ in charge of defining the following Theorem is sufficient.

Theorem 1.

Consider the augmented system and the fault estimation observer, represented by Equations (2) and (4). Defining a Lyapunov candidate function $V\left(e\right)=e^{\top }Pe$ with $P=P^{\top }\ge 0$, the estimation error in Equation (6) will tend to 0 as $t\to \infty$ when $f_r\ne 0$ if

$$\dot{V}\left(e\right)+e^{\top }{\Delta }_{e}e-{\sigma }^2{f}_r^{\top }{\Delta }_{f_r}{f}_r\le 0,$$

(9)

by considering ${\Delta }_e$, ${\Delta }_{f_r}$ matrix parameter design coefficients, the observer gain $\tilde{K}={\left[K_{fe}{L}_{fe}\right]}^{\top }=P^{-1}\overline{K}$, and a bounding factor $\sigma =\sqrt{\chi }$ acting on $f_r$.

To compute the fault estimator gain, as a result of Theorem 1 and the corresponding procedure shown in Appendix A, the following LMI must be fulfilled.

$$\left[\begin{array}{cc}P{\tilde{A}}_e-\overline{K}{\tilde{C}}_a+{\tilde{A}}_e^{\top }P-{\tilde{C}}_a^{\top }{\overline{K}}^{\top }+{\Delta }_e& P{D}_e\\ D_e^{\top }P& -\chi {\Delta }_{f_r}\end{array}\right]\le 0,$$

(10)

The achievement of the LMI (10) will ensure that both $e_e$ and $e_f$ will converge to zero as $t\to \infty$ with the observer gains $\tilde{K}=P^{-1}\overline{K}$ and a bounding factor $\sigma =\sqrt{\chi }$ under the conditions stated in Equation (8).

2.2.2. Observer Design for Fault Reconfiguration

The fault reconfiguration unit, as explained in Section 2, is integrated with an observer bank, where each observer works using a non-faulty output (see Figure 1). Their design considers the system with measurement noise, eliminating the fault representation in Equation (1):

$$\begin{array}{cc}\hfill {\dot{x}}_{ac}=& A{x}_{ac}+Bu,\hfill \\ \hfill y_{ac}=& C_{ac}{x}_{ac}+C_{ac}{n}_s,\hfill \end{array}$$

(11)

where $C_{ac}$ is a matrix that excludes the faulty output, giving rise to $y_{ac}$ with fault-free outputs only (depending on the faulty case). The general structure for the observer used to provide the faulty output estimation has the following form:

$$\begin{array}{cc}\hfill {\dot{\widehat{x}}}_{ac}=& A{\widehat{x}}_{ac}+Bu+L_{ac}(y_{ac}-{\widehat{y}}_{ac}),\hfill \\ \hfill {\widehat{y}}_{ac}=& C_{ac}{\widehat{x}}_{ac},\hfill \end{array}$$

(12)

with $L_{ac}$ as the observer gain. Please recall that the fault reconfiguration observer performs the estimation using the fault-free output with noise, giving rise to the necessity of considering the measurement noise in the observer design. Let us define the estimation error $e_{ac}=x_{as}-{\widehat{x}}_{ac}$ for the fault reconfiguration observer design, with the following dynamical evolution over time:

$$\begin{array}{cc}\hfill {\dot{e}}_{ac}=& {\dot{x}}_{as}-{\dot{\widehat{x}}}_{ac},\hfill \\ \hfill =& A{x}_{ac}+Bu-(A{\widehat{x}}_{ac}+Bu+L_{ac}(y_{ac}-{\widehat{y}}_{ac})),\hfill \\ \hfill =& A(x_{ac}-{\widehat{x}}_{ac})-L_{ac}{C}_{ac}(x_{ac}-{\widehat{x}}_{ac})-L_{ac}{C}_{ac}{n}_s,\hfill \\ \hfill =& (A-L_{ac}{C}_{ac})e_{ac}-L_{ac}{C}_{ac}{n}_s,\hfill \\ \hfill =& A_{ac}{e}_{ac}-D_{ac}{n}_s,\hfill \end{array}$$

(13)

with $A_{ac}=A-L_{ac}{C}_{ac}$ and $D_{ac}=L_{ac}{C}_{ac}$. Notice that Equation (13) is similar in structure to Equation (6), giving rise to the Theorem 2 definition for the fault reconfiguration observer. Please notice that the conditions in Equation (8) must be fulfilled as in the fault estimator design case, particularized for the observer for fault reconfiguration.

Theorem 2.

Consider the system (11) and the fault reconfiguration observer (12). Let us define a Lyapunov candidate function $V\left(e_{ac}\right)=e_{ac}^{\top }{P}_{ac}{e}_{ac}$ with $P_{ac}=P_{ac}^{\top }\ge 0$; the estimation error in Equation (13) will tend to 0 as $t\to \infty$ when $n_s\ne 0$ if

$$\dot{V}\left(e_{ac}\right)+e_{ac}^{\top }{\Delta }_{ac}{e}_{ac}-{\rho }^2{n}_s^{\top }{\Delta }_{ns}{n}_s\le 0,$$

(14)

by considering ${\Delta }_{ac}$, ${\Delta }_{ns}$ matrix parameter design coefficients, the observer gain $L_{ac}=P_{ac}^{-1}{\tilde{L}}_{ac}$, and a bounding factor $\rho =\sqrt{{\chi }_{ac}}$ acting on $n_s$.

Similarly to what was presented in the previous section, and in concordance with Theorem 2 and the procedure shown in Appendix A, the following LMI must be fulfilled to compute the observer gain.

$$\left[\begin{array}{cc}\mathrm{\Xi }+{\mathrm{\Xi }}^{\top }+{\Delta }_{ac}& -{\tilde{L}}_{ac}{C}_{ac}\\ -C_{ac}^{\top }{\tilde{L}}_{ac}^{\top }& -{\chi }_{ac}{\Delta }_{ns}\end{array}\right]\le 0,$$

(15)

with $\mathrm{\Xi }=P_{ac}{A}_{ac}-{\tilde{L}}_{ac}{C}_{ac}$, ${\chi }_{ac}={\rho }^2$ and the observer gain computed by $L_{ac}=P_{ac}^{-1}{\tilde{L}}_{ac}$.

2.2.3. MPC Control Design

The MPC design is based on the linear discrete state-space model, obtained from the linear continuous model represented by Equation (1), eliminating the sensor faults and measurement noise representations. The linear continuous model is discretized considering a specific sample time $T_s$, defined as follows:

$$\begin{array}{cc}\hfill x(k+1)& \hfill =A_{d}x\left(k\right)+B_{d}u\left(k\right),\hfill \\ \hfill y\left(k\right)& =C_{d}x\left(k\right),\hfill \end{array}$$

(16)

where $A_d$, $B_d$, and $C_d$ are matrices of the discrete-time system. The iterative state prediction equation, over a defined prediction horizon $n_y$, can be expressed as follows:

$$x(k+n_y|k)=A_{d}x(k+n_y-1|k)+B_{d}u(k+n_y-1|k).$$

(17)

Combining the output prediction equation from Equation (17) and the discrete output matrix $C_d$ yields

$$y(k+n_y|k)=C_{d}x(k+n_y|k).$$

(18)

The input prediction equation, over a control prediction horizon $n_c$ and considering the control increment $\Delta u\left(k\right|k)=u(k\left|k\right)-u(k-1)$, is defined as follows:

$$u(k+n_c|k)=\Delta u(k+n_c-1|k)+u(k-1),$$

(19)

considering that $u(k+i|k)=u(k+n_c-1|k)$ for $n_c\le i\le n_y-1$, with $n_c$ as the control horizon considered within the MPC control tuning process. From Equations (17)–(19), it is possible to obtain the output prediction equation over $n_y$. This output prediction equation has the following concentrated form:

$${\tilde{y}}_{n_y}=P(x\left(k\right),u(k-1))+F_{\Delta u}\Delta u_{n_c},$$

(20)

where ${\tilde{y}}_{n_y}={\left[\tilde{y}(k+1|k),\tilde{y}(k+2|k),\cdots ,\tilde{y}(k+n_y|k)\right]}^{\top }$ represents the output prediction vector and $\Delta u_{n_c}=\left[\Delta u\left(k\right|k),\right.{\left.\cdots ,\Delta u(k+n_c-1|k)\right]}^{\top }$ the input increment prediction vector. $P(x\left(k\right),u(k-1))=P_{x}x\left(k\right)+P_{u}u(k-1)$ is a matrix dependent on the state $x\left(k\right)$ and the last time control input $u(k-1)$, with

$$\begin{array}{c}\begin{array}{cc}{P}_x=\left[\begin{array}{c}{C}_d{A}_d\\ ⋮\\ C_d{A}_d^{n_c}\\ C_d{A}_d^{n_c+1}\\ ⋮\\ C_d{A}_d^{n_y}\end{array}\right],& P_u=\left[\begin{array}{c}{C}_d{B}_d\\ ⋮\\ \sum _{i=0}^{n_c-1}{C}_d{A}_d^i{B}_d\\ \sum _{i=0}^{n_c}{C}_d{A}_d^i{B}_d\\ ⋮\\ \sum _{i=0}^{n_y-1}{C}_d{A}_d^i{B}_d\end{array}\right],\end{array}\\ F_{\Delta u}=\left[\begin{array}{ccc}{C}_d{B}_d& \dots & 0\\ ⋮& ⋮& ⋮\\ \sum _{i=0}^{n_c-1}{C}_d{A}_d^i{B}_d& \ddots & C_d{B}_d\\ \sum _{i=0}^{n_c}{C}_d{A}_d^i{B}_d& \dots & C_d{A}_d{B}_d+C_d{B}_d\\ ⋮& ⋮& ⋮\\ \sum _{i=0}^{n_y-1}{C}_d{A}_d^i{B}_d& \dots & \sum _{i=0}^{n_y-n_c}{C}_d{A}_d^i{B}_d\end{array}\right].\end{array}$$

(21)

The cost function used in the MPC design is set considering penalties on the output tracking error and the control effort as follows:

$$J=\sum _{i=0}^{n_y}{\left[w(k+i|k)-\tilde{y}(k+i|k)\right]}^2+\sum _{i=1}^{n_c}\lambda \left[\Delta u(k+i-1|k)\right],$$

(22)

where $w(k+i|k)=r(k+i)-\alpha \left[r\left(k\right)-y\left(k\right)\right]$ is the trajectory reference, and $r\left(k\right)$ is the desired system output with $0\le \alpha \le 1$. In (22), $\alpha$ within $w(k+i|k)$ represents the error tracking weight, while $\lambda$ corresponds to the input increment weight. The constraints are set to optimize the cost function represented by Equation (22). In this work, only control input and increment control input are considered, and these constraints have the form

$$\begin{array}{ccc}\hfill u_{min}\le & u\left(k\right)& \hfill \le u_{max},\hfill \\ \hfill \Delta u_{min}\le & \Delta u\left(k\right)& \hfill \le \Delta u_{max},\hfill \end{array}$$

(23)

with $u_{min}$ and $\Delta u_{min}$ as lower limits, and $u_{max}$ and $\Delta u_{max}$ as upper limits for the input and input increment constraints, respectively. Notice that a bounded control signal will ensure bounded states and, consequently, a bounded system output. After considering the constraints, the optimization problem can be formulated as a Quadratic Problem (QP). In this case, the QP optimization problem has the following form:

$$\begin{array}{c}\Delta u_{n_c}^{*}=\underset{\Delta u_{n_c}}{arg\mathrm{m}\mathrm{i}\mathrm{n}}{\displaystyle \frac{1}{2}}\Delta u_{n_c}^{\top }H\Delta u_{n_c}+f^{\top }\Delta u_{n_c}\\ \begin{array}{cc}\mathrm{s}.\mathrm{t}.& A_c\Delta u_{n_c}\le b,\end{array}\end{array}$$

(24)

with the matrices $H=2\left(F_{\Delta u}^{\top }{F}_{\Delta u}+\lambda I\right)$ and $f^{\top }=2{\left(P\left(x\right(k),u(k-1\left)\right)-w\right)}^{\top }{F}_{\Delta u}$ (with $F_{\Delta u}$ from Equation (21)) and $A_c$ and b defined as follows:

$$\begin{array}{cc}{A}_c=\left[\begin{array}{c}{I}_{n_c\times n_c}\\ -I_{n_c\times n_c}\\ I_d\\ -I_d\end{array}\right],& b=\left[\begin{array}{c}{I}_c\Delta u_{max}\\ I_c\Delta u_{min}\\ I_c\left(u_{max}-u(k-1)\right)\\ -I_c\left(u_{min}+u(k-1)\right)\end{array}\right],\end{array}$$

with

$$\begin{array}{cc}{I}_c=\left[\begin{array}{c}{I}_{p\times p}\\ I_{p\times p}\\ ⋮\\ I_{p\times p}\end{array}\right],& I_d=\left[\begin{array}{cccc}{I}_{p\times p}& 0& \dots & 0\\ I_{p\times p}& I_{p\times p}& \dots & ⋮\\ ⋮& ⋮& \ddots & 0\\ I_{p\times p}& \dots & I_{p\times p}& I_{p\times p}\end{array}\right].\end{array}$$

We invite the reader to consult the references [36,37] for more details about the MPC development. Finally, MPC controller tuning parameters will be addressed in a further section.

2.2.4. Sensor Fault Reconfiguration Unit

The fault reconfiguration unit makes decisions based on information from the fault estimation observer, triggering the corresponding alarm to indicate a fault in the corresponding output. In the case of a fault in a defined output, the decision unit will trigger an alarm indicator, and an observer of the observer bank driven by the non-faulty output(s) will compute its estimation for forming $y_{fc}$ to feed the MPC controller and generate a control signal free of faults. A similar interpretation can be expected when a fault occurs in a different output: an observer driven by the non-faulty output will compute the corresponding estimation to provide the controller with $y_{fc}$, with a different alarm indicator. Finally, if there are no faults in the system outputs, the filtered output $y_{lf}$ will compute the control law.

3. Case Study Description: Heat Exchanger Dynamics

The case study selected to test the performance of the proposed FTC system is a counter-flow heat exchanger-type system. The dynamic of the system is obtained using an energy balance rule, giving rise to the following non-linear model [38]:

$$\begin{array}{cc}\hfill {\dot{x}}_{nl1}=& \hfill {\displaystyle \frac{2}{V_c}}\left[u_{nl1}(T_{ci}-x_{nl1})+{\displaystyle \frac{UA}{c_{pc}{\rho }_c}}\Delta T\right],\hfill \\ \hfill {\dot{x}}_{nl2}=& \hfill {\displaystyle \frac{2}{V_h}}\left[u_{nl2}(T_{hi}-x_{nl2})-{\displaystyle \frac{UA}{c_{ph}{\rho }_h}}\Delta T\right],\hfill \end{array}$$

(25)

with

$$\Delta T={\displaystyle \frac{(x_{nl2}-T_{ci})-(T_{hi}-x_{nl1})}{ln\left(\frac{x_{nl2}-T_{ci}}{T_{hi}-x_{nl1}}\right)}},$$

(26)

where $x_{nl1}=T_{co}$ and $x_{nl2}=T_{ho}$ represent the outlet temperatures on the cold and hot side, respectively, considering that $x_{nl2}-T_{ci}\ne T_{hi}-x_{nl1}$. In the model (25), $u_{nl1}=v_c$ and $u_{nl2}=v_h$ represent the system inputs, which are considered as the cold and hot side flow rates, respectively. In turn, $x_{nl}={\left[x_{nl1}{x}_{nl2}\right]}^{\top }$ and $u_{nl}={\left[u_{nl1}{u}_{nl2}\right]}^{\top }$ define the non-linear system state and input vectors, respectively. Finally, the system outputs are $x_{nl1}$ and $x_{nl2}$ measured with noise, with the corresponding fault occurrence, defining the system outputs with sensor faults and noise as follows:

$$y_{nl}=x_{nl}+C_{fs}{f}_s+C_{ns}{n}_s.$$

(27)

Figure 2 shows a schematic of the case study to provide a visual regarding the variables defining its dynamics. Finally,

Table 1. Heat exchanger parameter description.

Parameter	Description	Value	Unit
$T_{ci}$	Inlet temperature on the cold side	298	K
$T_{hi}$	Inlet temperature on the hot side	338	K
U	Heat transfer coefficient	160	J/(m2K s)
A	Heat transfer surface area	$0.633$	m2
$c_{pc}$	Specific heat on the cold side	1910	J/(Kg K)
$c_{ph}$	Specific heat on the hot side	1519	J/(Kg K)
${\rho }_c$	Density of the cold side	1000	kg/m3
${\rho }_h$	Density of the hot side	1000	kg/m3
$V_c$	Volume on the cold side	$6.05\times {10}^{-3}$	m3
$V_h$	Volume on the hot side	$3.2\times {10}^{-3}$	m3

summarizes the remaining heat exchanger constant parameters.

4. Results

As stated in Section 3, the FTC system design begins from a linear approximation of the non-linear model shown in Equation (25). For the linear system, it is necessary to define an operating point; the operating point selected is $x_{0nl}={\left[x_{0nl1}{x}_{0nl2}\right]}^{\top }={\left[303.4327.3\right]}^{\top }$ for $T_{co}$ and $T_{ho}$, respectively, with inputs $v_c$ and $v_h$ taken as $u_{0nl}={\left[u_{0nl1}{u}_{0nl2}\right]}^{\top }={\left[3.151.9\right]}^{\top }\times {10}^{-4}$, respectively. With these, using the parameters presented in Table 1, the linear representation in Equation (1) around $x_{0nl}=y_{0nl}$ and $u_{0nl}$ is defined as follows:

$$\begin{array}{c}A=\left[\begin{array}{cc}-0.1172& 0.0146\\ 0.0298& -0.1520\end{array}\right],\\ B=\left[\begin{array}{cc}-1.7851& 0\\ 0& 6.6875\end{array}\right]\times {10}^3,\end{array}$$

(28)

with $C=C_{fs}=C_{ns}=I$, with I being a compatible dimension identity matrix. The linear system (1) considers the outputs with measurement noise through $C_{ns}$ and sensor faults through $C_{fs}$. In turn, implementing the MPC controller requires a heat exchanger linear discrete model. This model is obtained by discretising the system (1) with a sample time $Ts=0.1$ s without considering the measurement noise and the faults. The following discrete matrices are obtained after the discretization procedure:

$$\begin{array}{c}Ad=\left[\begin{array}{cc}0.09884& 0.0014\\ 0.0029& 0.9849\end{array}\right],\\ B_d=\left[\begin{array}{cc}-177.47& 0.4838\\ -0.2636& 663.69\end{array}\right],C_d=\left[\begin{array}{cc}1& 0\\ 0& 1\end{array}\right].\end{array}$$

(29)

Table 2. MPC controller tuning parameters.

Symbol	Parameter	Value
$n_y$	Prediction Horizon	50
$n_c$	Control Horizon	15
$\alpha$	Error Tracking Weight	$0.9I_{q\times q}$
$\lambda$	Input Increment Weight	$10I_{p\times p}$

presents the MPC tuning parameters employed in this study for the MPC controller design.

Finally, the constraints considered for the input increments are presented in Equation (30).

$$\begin{array}{ccc}\hfill \left[\begin{array}{c}-3.15\times {10}^{-5}\\ -1.9\times {10}^{-5}\end{array}\right]\le & \Delta u\left(k\right)& \hfill \le \left[\begin{array}{c}3.15\times {10}^{-5}\\ 1.9\times {10}^{-5}\end{array}\right],\hfill \\ \hfill \left[\begin{array}{c}-1.575\times {10}^{-4}\\ -9.5\times {10}^{-5}\end{array}\right]\le & u\left(k\right)& \hfill \le \left[\begin{array}{c}1.575\times {10}^{-4}\\ 9.5\times {10}^{-5}\end{array}\right].\hfill \end{array}$$

(30)

4.1. Fault-Free Case

In this case, the results will demonstrate the effect of the filter integrated into the fault estimator and its benefits when filtered measurements are used to compute the control signal, rather than unfiltered measurements. From initial conditions $T_{co}=303.45$ and $T_{ho}=327.25$ in the non-linear system, with a measurement noise $n_s=5\times {10}^{-4}$ and a fourth-order Runge–Kutta integration method, Figure 3 shows the simulation results for this case. This test is aimed at showing the MPC control performance by taking into account $r={\left[r_1{r}_2\right]}^{\top }$, referring to the desired values for $y_{nl1}$ and $y_{nl2}$, respectively. We define the following reference values:

$$\begin{array}{c}{r}_1=\left\{\begin{array}{c}\hfill 303.15,\forall 0\le t<50\mathrm{and}\forall 100\le t\le 150,\hfill \\ \hfill 303.65,\forall 50\le t<100\mathrm{and}\forall 150\le t\le 200,\hfill \end{array}\right.\\ r_2=\left\{\begin{array}{c}\hfill 327.55,\forall 0\le t<50\mathrm{and}\forall 100\le t\le 150,\hfill \\ \hfill 327.05,\forall 50\le t<100\mathrm{and}\forall 150\le t\le 200.\hfill \end{array}\right.\end{array}$$

(31)

In Figure 3a,b is possible to see the unfiltered system outputs $y_{nl1}$ and $y_{nl2}$ associated with $T_{co}$ and $T_{ho}$, respectively, reaching the desired values $r_1$ and $r_2$ defined in Equation (31). The filtered outputs, labeled as $y_{nlf1}$ and $y_{nlf2}$, can be seen in these figures, evolving to the desired reference values with different characteristics over time compared to the unfiltered outputs. Recall that the filter attenuates excessive noise amplitude and thus improves the system performance. Notice that $y_{nl}=y_l+y_0={\left[y_{nl1}{y}_{nl2}\right]}^{\top }$ and $y_{nlf}=y_{lf}+y_0={\left[y_{nlf1}{y}_{nlf2}\right]}^{\top }$ are defined as the sum of the linear unfiltered output and linear filtered output, respectively, with a constant output value in the operating point. Figure 3c,d present the input flow rate results obtained using the unfiltered and filtered outputs to feed the MPC controller defined in Section 2.2.3. These figures show that using the unfiltered outputs to feed the controller generates control signals ($u_{nl1}$ and $u_{nl2}$) with higher noise amplitudes compared to the case of using the filtered outputs. In other words, the control signals $u_{nlf1}$ and $u_{nlf2}$ constructed with the filtered outputs are less noisy than those in the previously mentioned case. Finally, Figure 3c,d illustrate that the constraints imposed by the MPC controller are satisfied (represented by the dotted black line) when tracking the desired reference values. It is worth mentioning that the lower limits of the constraints are not plotted to give a better visualization, since the control signals do not reach these amplitudes. As a final comment, this result shows that the fault-free case within the proposed FTC scheme works properly as expected and designed, giving rise to the following sensor fault case test.

4.2. Faulty Case

The first step to address the faulty case consists of computing the fault estimation observer gain and defining the matrix coefficients ${\Delta }_e$ and ${\Delta }_{fr}$ as $1\times {10}^{-2}I$ and $1\times {10}^{2}I$, respectively, where I is a compatible dimension matrix. Solving the LMI represented by Equation (A6) using Sedumi and Yalmip, we can find the numerical value of the fault estimator observer gain:

$$\tilde{K}=\left[\begin{array}{cc}0.449& -0.049\\ -0.078& 0.548\\ 1.835& -0.003\\ -0.002& 1.839\\ 3.288& 0.007\\ 0.038& 3.255\end{array}\right],$$

(32)

from which, by comparison

$$K_{fe}=\left[\begin{array}{cc}0.449& -0.049\\ -0.078& 0.548\\ 1.835& -0.003\\ -0.002& 1.839\end{array}\right],L_{fe}=\left[\begin{array}{cc}3.288& 0.007\\ 0.038& 3.255\end{array}\right],$$

(33)

with a bounding factor $\rho =0.0664$. The observers in charge of generating the fault reconfiguration through the faulty output estimation (included within the observer bank shown in Figure 1, i.e., $O_1$ and $O_2$) are presented in

Table 3. Fault reconfiguration observer parameters.

Observer	Parameter Design	Observer Gain	${\mathit{\chi }}_{\mathbf{ac}}$
$O_1$	${\Delta }_{eac}=1\times {10}^{-1}I$ ${\Delta }_{ns}=1\times {10}^{2}I$	$L_1=\left[\begin{array}{c}0.1057\\ 1.2894\end{array}\right]$	${\chi }_{ac1}=0.0965$
$O_2$	${\Delta }_{eac}=1\times {10}^{-1}I$ ${\Delta }_{ns}=1\times {10}^{2}I$	$L_2=\left[\begin{array}{c}1.2106\\ 0.0465\end{array}\right]$	${\chi }_{ac2}=0.0957$

. It includes the design parameters for computing their gains by considering Equation (A11).

Table 4. Operation of the sensor fault reconfiguration unit.

Alarm	Meaning	Observer	To Compute	${\mathit{y}}_{\mathbf{fc}}$ for Control
0	Fault-free	-	-	=$y_{lf}$
1	Fault in $y_{lf1}$	$O_1$ with $y_{lf2}$	${\widehat{y}}_{lf1}$	=${\left[{\widehat{y}}_{lf1}{y}_{lf2}\right]}^{\top }$
2	Fault in $y_{lf2}$	$O_2$ with $y_{lf1}$	${\widehat{y}}_{lf2}$	=${\left[y_{lf1}{\widehat{y}}_{lf2}\right]}^{\top }$

presents general information regarding the fault reconfiguration unit process during the faulty heat exchanger condition. In the fault-free case, the filtered output $y_{lf}$ feeds the MPC controller to compute the control signal, and the alarm is set to 0. In the case of a fault in the output $y_{lf1}$, the alarm equals 1, and the observer $O_1$ generates the estimated output ${\widehat{y}}_{lf1}$ using the output $y_{lf2}$. After this process, the control signal is generated with ${\widehat{y}}_{lf1}$ and $y_{lf2}$. When a fault occurs in output $y_{lf2}$, the alarm is set to 2 to give a difference compared to the previous case, and the observer $O_2$ generates the estimated output ${\widehat{y}}_{lf2}$ using $y_{lf1}$ to compute the control signal with $y_{lf1}$ and ${\widehat{y}}_{lf2}$.

To evaluate the fault estimator performance, a test is conducted that considers constant and time-varying faults in the non-linear system outputs. The faults $f_{s1}$ and $f_{s2}$ are defined to have an evolution over time as follows:

$$f_{s1}=\left\{\begin{array}{c}0,\forall 0\le t<30,\hfill \\ 50,\forall 30\le t<95,\hfill \\ 0,\forall 95\le t<280,\hfill \\ 25sin\left(0.05t\right)+40,\forall 280\le t<400,\hfill \\ 0,\forall 400\le t\le 510,\hfill \end{array}\right.$$

(34)

$$f_{s2}=\left\{\begin{array}{c}0,\forall 0\le t<125,\hfill \\ -30,\forall 125\le t<180,\hfill \\ -t+175,\forall 180\le t<240,\hfill \\ 0,\forall 240\le t\le 440,\hfill \\ 60,\forall 440\le t<510,\hfill \end{array}\right.$$

(35)

recalling that $f_s={\left[f_{s1}{f}_{s2}\right]}^{\top }$. For this test, a $510\mathrm{s}$ simulation time has been considered to show the proposed FTC results. With the FTC scheme shown in Figure 1 and the fault estimator observer, the observers for fault reconfiguration, the decision unit, the MPC controller, and the faults defined in Equations (34) and (35), Figure 4 presents the fault estimator performance as a first result.

Figure 4a,b show the fault estimations ${\widehat{f}}_{s1}$ and ${\widehat{f}}_{s2}$ correctly reaching the fault values of $f_{s1}$ and $f_{s2}$, respectively. Depending on the faulty output, the corresponding fault alarm indicator is activated (see Figure 4c). Notice that in the case of a fault in $y_{nl1}$, the alarm indicator is set to 1, while in the case of a faulty condition in $y_{nl2}$, the corresponding value is set to 2. Recall that this indicator is activated when the fault exceeds the defined threshold $t_h=2$. It is worth mentioning that the threshold must be defined so that the fault estimations, which remain noisy, do not cause false fault alarms, resulting in an unnecessary fault reconfiguration process. It is important to note that the faults occur in terms of temperature to accurately show a sensor’s faulty condition. A positive value in a defined fault is interpreted as a measurement beyond the real value (BIAS), while the loss of effectiveness involves a measurement below the real value. This is an essential issue to consider while analyzing the results presented throughout this paper. As a concluding comment, the results in Figure 4 prove that the fault estimator and the fault alarm indicator perform their tasks correctly, allowing the fault reconfiguration process in the FTC. In turn, Figure 5 and Figure 6 present the simulation results for the system outputs.

Figure 5a shows the case of a fault in $y_{nl1}$, which is applied at 30 s $\le t<95$ s and 280 s $\le t<400$ s. The condition sets the alarm with magnitude 1 if $|{\widehat{f}}_{s1}|>t_h$, as depicted in Figure 5c. When the alarm is triggered, the fault reconfiguration system constructs the output for control purposes $y_{fc}={\left[{\widehat{y}}_{lf1}{y}_{lf2}\right]}^{\top }$, as stated in Table 4. Notice that the observer reconfigures the faulty output, allowing the achievement of the control objectives, as shown in Figure 5b. When the $y_{nl1}$ sensor is in a faulty condition and the reconfiguration process is not performed, the system output presents a deviation from the desired value $r_1$ with a similar evolution over time to $f_{s1}$. In the case of a fault with a time-varying evolution occurring at 280 s $\le t<400$ s (sine wave), in turn, the output presents an offset that follows the fault dynamic (see Figure 5a). A zoom in on the graph at one of the transitions is included at the time of the fault occurrence to give the reader a clearer perspective of the fault reconfiguration process. A similar condition can be seen in the case of a fault in $y_{nl2}$, as shown in Figure 6.

The alarm magnitude is set to 2 when the fault occurs, as shown in Figure 6c. The result related to the FTC performance is presented in Figure 6b. If the reconfiguration process is performed, the system output does not exhibit any offset from the desired reference value $r_2$. Notice that an overshoot can be seen when the fault occurs, related to the time between the fault occurrence and the reconfiguration process, or, in other words, the time elapsed from the fault occurrence to the condition of $|{\widehat{f}}_{s2}|>t_h$. On the other hand, suppose the reconfiguration process is not performed, as shown in Figure 6a. In this case, the output has an offset, causing poor performance of the MPC controller and thus a lack of achievement of control objectives.

Finally, Figure 7 depicts the control signals in the faulty case. In Figure 7, the light grey graphs represent the system output when fault reconfiguration is not performed, while the rest of the graphs refer to the operation of the proposed FTC system. Figure 7a presents the results for fault occurrence in $y_{nl1}$, focusing specifically on 30 s $\le t<95$ s and 280 s $\le t<400$ s. Notice that the control law $u_{nl1}$ generated when fault reconfiguration is not performed shows saturation in its magnitude due to the constraints set in the MPC design. Otherwise, if fault reconfiguration is performed, the control signal evolves as in the fault-free case with a transient during the reconfiguration process. Figure 7b shows the corresponding result for the fault occurrence in $y_{nl2}$. The control signal, $u_{nlf2}$, provides the correct tracking reference despite the occurrence of the fault due to the fault reconfiguration process. However, if the fault reconfiguration process is not performed, the control input $u_{nl2}$ also presents saturation due to the constraints set in the MPC controller design. Finally, the corresponding alarms are presented in Figure 7c,d.

As a second test, the following addresses the faults in the worst case that the proposed FTC scheme can deal with. For this, constant references $r1=302.9$ and $r2=327.8$ in t ≥ 2s ($r1=x_{nl1}$ and $r2=x_{nl2}$$\forall 0\le t\le 2$) were considered by maintaining the observer for fault estimation, the observer for fault reconfiguration, and the sensor fault reconfiguration unit as in the previous test. The applied faults were defined as follows:

$$f_{s1}=\left\{\begin{array}{c}0,\forall 0\le t<30,\hfill \\ 100,\forall 30\le t<100,\hfill \\ 0,\forall 100\le t<150,\hfill \\ -100,\forall 150\le t<220,\hfill \\ 0,\forall 220\le t\le 510,\hfill \end{array}\right.$$

(36)

$$f_{s2}=\left\{\begin{array}{c}0,\forall 0\le t<250,\hfill \\ -100,\forall 250\le t<320,\hfill \\ 0,\forall 320\le t<370,\hfill \\ 100,\forall 370\le t\le 440,\hfill \\ 0,\forall 440\le t<510.\hfill \end{array}\right.$$

(37)

It is important to note that the fault magnitudes considered for this test represent approximately 30% of BIAS or loss of effectiveness concerning the operating point $x_{0nl}$ involved in the linearization process. Figure 8 shows the performance of the fault estimator for this test. From Figure 8, the correct fault estimation is observed, showing in Figure 8a,b the applied faults and their estimations. Figure 8c, in turn, depicts the corresponding fault alarm. Let us point out that although the fault estimator is designed for the linearized system, it can estimate the occurred fault correctly.

As for the system outputs, in turn, Figure 9 and Figure 10 present their corresponding results. Recalling that in this test the faults are considered in a steady-state condition for the system with constant references, Figure 9a shows the output $y_{nl}$. Its magnitude follows the applied fault, increasing or decreasing its value according to the faulty condition defined in Equation (36). In turn, Figure 9b depicts the FTC operation, giving rise to the reconfigured output $y_{nlf1}$. From the zoom presented in the figure, the control objective achievement can be seen due to the condition $y_{nlf1}=r_1\forall t\ge 2$ s. The FTC works properly despite the fault magnitude. The alarm generated in this case is depicted in Figure 9c, changing its value depending on the faulty sensor. Finally, Figure 10 shows the result of addressing the remaining output. A similar interpretation must be considered for analyzing Figure 10. The faulty output $y_{nl2}$, the corresponding reconstruction $y_{nlf2}$, and the alarm can be seen in Figure 10a, Figure 10b and Figure 10c, respectively.

Regarding the control signal involved in the present faulty case, Figure 11 shows the input flow rate results obtained using the unfiltered and filtered outputs to feed the MPC controller defined in Section 2.2.3. Figure 11a,b depict the control signals $u_{nl1}$ and $u_{nl2}$, presenting a saturation in faulty conditions as a consequence of the MPC design. The control signals $u_{nlf1}$ and $u_{nlf2}$, constructed with the filtered outputs, are less noisy with respect to $u_{nl1}$ and $u_{nl2}$ and can achieve the control objectives despite the fault occurrence. Finally, from the results presented within the faulty case condition in the non-linear system, a correct operation of the proposed FTC system can be defined.

5. Discussion

The present results show that the FTC proposed in this paper operates properly, achieving the control objectives for the case study. However, some aspects are worth discussing to address limitations and enhance the contribution and future works related to the presented proposal.

• Regarding the measured noise in the proposed FTC scheme, it is important to note that the FTC considers its representation in the system dynamics analytically, giving rise to the FTC element design. The proposed FTC scheme includes these elements to deal with the measurement noise, defining the main contribution of the present paper.
• In addressing the proposed FTC scheme for the control law, it is relevant to note that the MPC controller cannot attenuate the sensor fault effect, which makes the proposed FTC scheme suitable. Besides this condition, let us point out that its design, from the results shown throughout this paper, presents the achievement of the boundary conditions correctly, included within its analytical design. In this sense, note that the system outputs exhibit a saturation evolution over time in the faulty case, from which the correct controller performance can be defined. As a concluding comment, let us mention that the designer can choose the design parameters to reach specific transient responses and boundary conditions, depending on the addressed dynamical system.
• Regarding the observer for fault estimation and observers for fault reconfiguration, it is essential to point out that they contribute to mitigating/reducing the effect of the measurement noise on their corresponding estimations. These elements include specific terms in charge of having this effect on their results, which in the present paper refers to the control law computation aiming at achieving the control objectives with a noise reduction within the closed-loop system dynamics.
• Let us focus on the faulty case. It is important to note that under faulty sensor operation, physically, the corresponding element will continue providing a measurement that does not accurately reflect the real variable value. However, the output of the system will remain at the desired values due to the FTC system operation as a consequence of the fault reconfiguration process. The real value for the output will be provided by the observer (virtual sensor), which does not consider the faulty output for its estimation.
• On the other hand, an important issue is related to the threshold $th$ involved in triggering the fault alarm. Note that its value depends on how fast the fault must be detected and isolated. In the present paper, this condition refers to the $th$ selection considering the remaining noise presented in the fault estimations. A threshold defined close to the remaining noise in the fault estimation could lead to an unnecessary reconfiguration process and thus to an unnecessary switching behavior between the observers for fault reconfiguration. As a result, its selection depends on the measurement noise presented in the system, from which the fault occurrence is defined.
• Following with the threshold $t_h$ and aiming at explicitly mentioning its importance, in the present paper, the selected value is defined in such a way that the result of the proposed method can be generated. The authors consider that further analysis is necessary in real scenarios to ensure the optimal value, possibly an optimization process from data provided by the real system instrumentation. This condition will generate more accurate results when handling real systems.
• It is worth mentioning the motivation behind this paper in contrast with existing methods handling the measurement noise within dynamical systems. Although several works have been reported regarding sensor noise, as an example, those presented in [39,40], the results presented in this paper consider functional observers to provide fault recovery in the case of faulty conditions in the system outputs. The authors mention that future research directions could utilize more complex schemes regarding the elements in charge of providing fault and state reconstruction, dealing with measurement noise, in the context of FCT systems.
• In addressing the second result shown in the corresponding section, it is essential to mention that faults with values $\pm 100$ are considered the worst case that the proposed FTC scheme can deal with. In the simulation, the authors applied fault magnitudes beyond this value, making the system unsolvable. Notice that despite this fact, the proposed FTC deals with BIAS or loss of effectiveness in the sensor around 30% regarding the operating point considered in the linearization process for FTC design. Along with this consideration, the observer for fault estimation and the MPC controller can provide information for the operation of the reconfiguration unit, giving accurate results. Note that the MPC controller bounds the control signals. As long as the solution to the optimization problem is feasible, the system maintains stability by having the inputs bounded under defined fault conditions. These issues can define that linear approaches can be considered for dealing with non-linear systems.
• Regarding the heat exchanger’s non-linear dynamics, the condition related to $\Delta T$ is worth mentioning. Notice that this condition involves the quotient between the difference of temperatures and a natural logarithm. It is well known that this function is not defined in 0, giving rise to an undefined $\Delta T$ and, consequently, unsolvable dynamics. This consideration is a limitation and a challenging problem when dealing with the heat exchanger approximated by the model addressed in this paper.
• As a concluding comment, the present study allows us to define extensions of FTC towards linear systems by considering possible actuator faults or simultaneous sensor and actuator faults in a dynamical system affected by measurement noise. Also, different controllers can be implemented within this FTC scheme to ensure defined control objectives, allowing, as a result, the proposed FTC control system extension. These issues are future research directions regarding FTC in dynamical systems with outputs measured with noise.

6. Conclusions

This paper presents and applies an FTC system design to a counter-flow heat exchanger. The proposed FTC design considers measurement noise, which gives closer results to real-time systems. Its design refers analytical procedures to deal with the noise presented at the system outputs, including elements coping with this condition to compute a control law with less measurement noise concerning the real outputs. The results demonstrate that the proposed FTC operates effectively in a faulty case when sensor faults with both constant and time-varying dynamical evolution occur. The FTC includes an MPC controller to establish control objectives over the system outputs, achieving fault tolerance for sensor faults.