Sensor Redundancy for Robustness in Nonlinear State Estimation

A sensor fault-tolerant estimation methodology for a class of nonlinear systems is addressed in this paper. The main idea of existing sensor fault-tolerant observers in the literature is the detection and reconfiguration of observers by using available healthy sensors. However, based on that idea, a transient time is required for the observers to return to a normal state which may not be practical in many missions. The main contribution of the current study is to develop an estimation strategy such that the effect of faults in sensors is rejected without any abnormal transient behavior under some conditions based on the availability of healthy sensors. By developing a robust nonlinear observer exploiting the measurement of a sufficient set of redundant sensors, it is feasible to reject bounded faults in the sensors such that a desired performance for state estimation is achieved. Simulation results verify the accuracy of the proposed estimation methodology.


I. INTRODUCTION
In recent decades, fault-tolerant control and estimation strategies have been extensively developed to enhance the maintainability and reliability of dynamical systems, especially for safety-critical scenarios. The overall system stability is kept, and acceptable performance during and after the occurrence of some certain types of faults is guaranteed [1]- [4]. A proper fault-tolerant strategy mainly depends on the part of a system which is faulty and also depends on the application. One of the challenging problems in this area of research is the estimation of unmeasurable states of dynamical systems when sensors are subject to unknown faults. Indeed, a fault in a sensor is similar to change in the measured quantity by the sensor, and this issue may not be compensated by standard observers. Therefore, the problem of sensor fault-tolerant estimation has been the main topic of several studies [5], [6].
The main approach to sensor fault-tolerant estimation is using more sensors than strictly needed. In this condition, detection of faulty sensors and then reconfiguration of observers by using available healthy sensors are applicable. For instance, in [7] and [8], based on the detection of faulty sensors, fault-tolerant observers with application to satellites attitude estimation were developed. In [9], by comparing the performance of available sensors based on fault detection and isolation, measurements without faults were selected as the input of a reduced-order observer to estimate the states of a reconstructed system. In [6], detection, isolation, and reconfiguration of faulty sensor networks for wind turbines monitoring were studied. In [10] and [11], a fault-tolerant sensor reconciliation strategy using redundant sensors was proposed. In [5] and [12], based on the estimation of the quantities of faults in sensors, a switching sensor faulttolerant estimation strategy was proposed. Moreover, in [13], the compensation of the effect of faults in observers by estimating the quantities of the faults was considered.
Given the issues as mentioned above, the main idea of the sensor fault-tolerant estimation strategies existing in the literature is the reconfiguration of observers by using available healthy redundant sensors or estimation of the quantities of faults. Such strategies have some advantages such as active fault detection, considering unknown input observers, etc. However, they need a transient time for the detection or estimation and also a transient time for the estimated states to return to acceptable values after reconfiguration of the observer. Based on application, the transient divergence of observers may not be acceptable, especially in dynamical systems with fast behaviors such as vehicles. Therefore, developing an estimation strategy robust to the effect of faults in sensors is an open problem worthy of being investigated.
In this paper, a sensor fault-tolerant estimation strategy for a class of nonlinear systems is proposed. The main contribution of the proposed strategy is that without detection of faulty sensors or estimation of the quantities of faults, the consistent estimation of the system states in the presence of faults in sensors is guaranteed. By exploiting the redundancy of the sensors in the proposed observer, it is shown that if the number of healthy sensors is strictly larger than the number of faulty ones, the estimated states are insensitive to the faults, and the convergence of the estimation error vector to zero can be guaranteed. The obtained results are also extendable to the case when all the sensors are subject to measurement errors due to faults, biases, or noises. In such a case, the uniformly ultimate boundedness of the estimation error with the rejection of some possible faults with large magnitudes is guaranteed.
Throughout the paper, the following notations are considered. R is the set of real numbers. R >0 and R ≥0 denote the sets of positive and nonnegative real numbers, respectively. I n denotes an n × n identity matrix, and 0 n is an n × 1 zeros vector. · is the standard Euclidian norm. sgn(·) is the sign function. ceil(·) is the ceiling function where for x ∈ R, ceil(x) gives the smallest integer greater than or equal to x. λ min (·) denotes the minimum eigenvalue of a real symmetric matrix. s(t) is a step function. For a square matrix M , let M 0 or M 0 if it is symmetric positive definite or symmetric positive semi-definite, and diag(m 1 , m 2 , . . . , m n ) is a block diagonal matrix composed of the matrices m 1 , m 2 , . . . , m n .
The organization of this paper is as follows. In Section II, the motivation of the study is provided. The problem is formulated in Section III. The proposed estimation strategy is presented in Section IV. Simulation results are given in Section V. Finally, conclusions reside in Section VI.

II. MOTIVATION
Classical state observers such as Luenberger observers and Kalman filters suffer from sensitivity to various sources of uncertainties such as model uncertainties, faults, etc. To reject the effect of uncertainties in state estimation of dynamical systems, robust observers have been developed in the literature. For example, nonlinear robust observers are designed based on the worst case of the uncertainties (see the concept of sliding-mode observers in [14]- [18]). Accordingly, state estimation in the presence of uncertainties was guaranteed. However, the robustifying terms are functions of output measurement and only can reject uncertainties such as model uncertainties and external disturbances. In other words, under those approaches, the correct performance of the mentioned robust terms for uncertainties rejection relies on the accuracy of measurements, and any error in measurement degrades the performance of the estimator.
Based on the above-given arguments, the existing robust observers in the literature are typically sensitive to sensor faults. Thus, to tolerate the effect of sensor faults in state estimation, the idea of using redundant sensors and reconfiguration of the observers after occurrence of faults has been considered [5]- [12], [19]. Although such approaches are less conservative compared with robust estimation approaches, they need a transient time for reconfiguration and recovery of the observer after the occurrence of a fault, which limits the efficiency of those approaches in practice. Based on this motivation, developing an estimation strategy robust to faults in sensors is worth investigation and is the main topic of this preliminary paper.
In the next section, formulation of the studied nonlinear system and sensor faults with some related definitions and assumptions are presented.

III. PROBLEM STATEMENT
Consider a class of nonlinear systems in the forṁ where x(t) ∈ R n represents the state vector, u(t) ∈ R m is the input vector, and f (x) ∈ R n is a nonlinear function of the states. We assume that r packs of sensors as redundancy are utilized such that y i (t) ∈ R p denotes the ith pack of the measurement outputs (each pack individually contains necessary sensors guaranteeing the observability of the system).
The vector function δ i (t, y) : R ≥0 × R p → R p is unknown and denotes a generic uncertainty term in the ith pack of the outputs. Note that δ i (t, y) models any type of additive errors in the sensors such as noise, bias, and possible faults. Moreover, A ∈ R n×n , B ∈ R n×m , and C ∈ R p×n are the state matrix, input matrix, and output matrix, respectively. Assumption 1: The matrix A is constructed such that the pair (C, A) is observable.
Assumption 2: By decomposing the fault vector δ i (t, y), i ∈ {1, 2, . . . , r}, as each entry of δ i (t, y) is supposed to be unknown but bounded as where β k (t, y) ∈ R ≥0 is a known function.
Assumption 3: We assume that x belongs to a domain D, such that f (x) is locally Lipschitz as follows [20]- [22]: where γ ∈ R >0 . We consider two distinct models of faults for the available sensors defined as follows. First, let us give the following definitions.
Considering the two defined models for sensor faults, the objective is to exploit the output redundancy and design a robust nonlinear observer for the nonlinear system described in (1) such that 1) In the case of partially faulty sensors, the observer is insensitive to sensor faults and the estimated state vector converges to the real one as follows: 2) In the case of mostly faulty sensors, the estimation error is ultimately bounded such that as t → ∞, where ρ ∈ R >0 is the ultimate bound of the estimation error that depends on δ mk (t, y), k ∈ {1, 2, . . . , p}. The main results are presented in the next section.

IV. SENSOR FAULT-TOLERANT OBSERVER: DESIGN AND ANALYSIS
In this section, the proposed sensor fault tolerant observer for the nonlinear system (1) is presented. Based on (1), the proposed robust observer is given bẏ wherex(t) represents the estimated value of x(t), y 1 (t) is an arbitrary output choice from the r packs of outputs, and P ∈ R n×n 0. Moreover, K ∈ R p×p and χ ∈ R p×p are diagonal matrices: K = diag(K 1 , K 2 , . . . , K p ) and χ = diag(χ 1 , χ 2 , . . . , χ p ) which are designed later. The results are given in the following theorem.
Theorem 1: Consider the nonlinear system described in (1) and the observer given in (4), and assume that the set of the available sensors are partially faulty as defined in Definition 1. Then, the estimation error e(t) =x(t) − x(t) converges to zero if the gains χ i , i ∈ {1, 2, . . . , p}, are chosen as χ k ≥ β k (t, y), and for arbitrary scalars a and b ensuring ab = γ, there exist P and K satisfying the following linear matrix inequality (LMI): Proof: Considering the nonlinear system described in (1) and based on the observer design in (4), since y 1 (t) = Cx(t) + δ 1 (t, y), the differential equation describing e(t) =x(t) − x(t) can be written as follows: To analyze the evolution of e(t) along (6), we consider the following Lyapunov candidate: The time derivation of V (t) along (6) yieldṡ From (3) and since e(t) =x(t) − x(t), it follows that
By considering (8) and (9), it follows thaṫ Considering that K is a diagonal matrix, and since the sensors are partially faulty, it can be deduced that where α(t) ∈ R p×p is a diagonal matrix, given by in which because in the both sides of (10), the entries of the terms Kδ i (t, y), i ∈ {1, 2, . . . , r}, more than ceil r−1 2 times keep the sign of the entries of KCe(t). On the other hand, based on the Schur complement [23], the LMI (5) implies that A P + P A + 2C KC + a 2 I n + b 2 P 2 ≺ 0. Now, by defining Q ∈ R n×n 0 such that one getsV (t) ≤ − e(t) Qe(t) − 2(KCe(t)) δ 1 (t, y) + χα(t)sgn KCe(t) .
Therefore, from (15), it follows thatV (t) is negative definite, which indicates that e(t) converges to zero, which completes the proof.
Remark 1: It should be noted that the solvability of the LMI (5) is a condition on Theorem 1 to guarantee a successful state estimation. Depending on the domain D, if γ is not very large, since the pair (C, A) is observable, the LMI (5) has a solution for P and K (K can be chosen negative definite).
According to Theorem 1, if for all k ∈ {1, 2, . . . , p}, more than ceil r−1 2 number of {δ 1k (t, y), δ 2k (t, y), . . . , δ rk (t, y)} are strictly zero (the partially faulty case), the convergence of the estimation error to zero can be guaranteed. However, in practice, due to various sources of uncertainties, some small errors are not avoidable, and therefore that condition may not hold. The following theorem shows that the proposed observer in Theorem 1 guarantees the uniform ultimate boundedness of the estimation error depending on the magnitude of δ mk (t, y), k ∈ {1, 2, . . . , p}.
Theorem 2: Consider the nonlinear system described in (1) and the observer given in (4), and assume that the set of the available sensors are mostly faulty. Moreover, let the gains χ i , i ∈ {1, 2, . . . , p}, be chosen as χ k ≥ β k (t, y), and for arbitrary scalars a and b ensuring ab = γ, there exist P and K satisfying the LMI (5). Under these conditions, the estimation error e(t) is uniformly ultimately bounded, such that as t → ∞, in which Q is defined in (13) and where δ m (t, y) = δ m1 (t, y) δ m2 (t, y) . . . δ mp (t, y) .
Proof: A part of the proof which is similar to that of Theorem 1 is not repeated here. By considering a Lyapunov candidate the same as (7) and following a procedure similar to the proof of Theorem 1, one getṡ To analyze the sign of the second term of the right hand side of the inequality (17), let us decompose Ce(t) as follows: In this condition, since δ km (t, y) is the ceil( r 2 )th element ofδ k (t, y) (according to Definition 2), for the worst case |ξ k (t)| > δ km (t, y), k ∈ {1, 2, . . . , p}, one can conclude that r i=1 sgn(KCe(t) − Kδ i (t, y)) = α(t)sgn(KCe(t)), where α(t) is given in (11) and (12). Accordingly, since χ k ≥ β k (t, y), k ∈ {1, 2, . . . , p}, one gets there is a diagonal matrixᾱ(t) with nonnegative entries such that (17) can be rewritten as follows: where 2(KCe) ᾱ(t)sgn(KCe) ≥ 0.
Based on the above-mentioned issues, since −e(t) Qe(t) always is negative definite, as t → ∞, Therefore, from (18), and by using the definition of d(t) in (16), we haveV which indicates that e(t) is uniformly ultimately bounded such that, as t → ∞, one gets Therefore, the proof is completed. Remark 2: In the case of mostly faulty sensors, even though the proposed observer may be unable to ensure the estimation error convergence to zero, the estimation error is still ultimately bounded where the bound depends on the medium fault quantity, and for all k ∈ {1, 2, . . . , p}, all the faults larger than δ mk (t, y) will be rejected. For instance, if there are more than ceil( r−1 2 ) sensors suffering from fault with small quantity at any time instant, the robust observer is still capable of generating state estimates which are close to the real states. However, if the proposed robust strategy is not employed, due to possible large faults in sensors, the estimation error may diverge. This issue is explained in more details in the simulation results reported in the next section.
Remark 3: It is worth mentioning that the results of Theorems 1 and 2 are also applicable for linear systems when f (x) = 0 n . In this condition, since γ = 0, the LMI condition (5) should be modified as follows: which since the pair (C, A) is observable, it has a solution for P and K (2K can be chosen negative definite). Remark 4: It should be noted that although in the observer (4), the function sgn(·) is utilized, this function only leads to chattering inẋ(t), and sincex(t) will be obtained from the integration ofẋ(t), there is no chattering inx(t).
Remark 5: The observer adopts a robust approach tolerant to sensor faults such that the effect of the occurrence of faults in sensors is rejected without any transient behavior. However, this property relies on the redundancy of the sensors and the known bounds of the values of faults in the sensors.

V. SIMULATION RESULTS
In this section, the effectiveness of the proposed observer is verified in numerical examples of a ball-and-beam system in two cases. In Case A, the result of Theorem 1 is verified, and the result of Theorem 2 is evaluated in Case B.
We consider a ball-and-plane system which consists of a ball placed on a plane whose inclination can be adjusted via two motors from two perpendicular directions. The system model can be stated as [24] x where by defining x(t) = x 1 (t) x 2 (t) . . . x 8 (t) , x 1 (t) and x 5 (t) represent the position of the ball, x 2 (t) and x 6 (t) indicate the velocity accordingly, x 3 (t) and x 7 (t) represent the inclination of the plane, and x 4 (t) and x 8 (t) indicate the derivative of the inclination. Moreover, A, B, and f (x) are as where g = 9.8 represents the gravitational acceleration. By considering Assumption 3, the states are considered in a set such that γ = 1. We suppose that the position of the ball and the inclination of the plane are measurable. Therefore, by considering three packs of sensors, the output measurement can be stated as follows:

A. The Case of Sensors Being Partially Faulty
We assume that the set of the sensors are partially faulty such that δ 1 (t, y) = s(t − 0.5) sin(t) w 2 cos(y 1 ) 0.1w 1 where w 1 (t) is an 1 Hz square wave signal with amplitude 1 and 50% duty cycle, and w 2 (t) is a random signal whose magnitude is truncated from −2 to 2 whereas δ 2 (t, y) = δ 3 (t, y) = 0 (note that the index of the faulty sensor is unknown). The observer is established based on (4) where P and K are obtained from the solution of the LMI (5), and χ is set as 2.
Under these conditions, the observer estimation error is depicted in Fig. 1 verifying that the convergence of the estimation error to zero is guaranteed. It can be observed from the simulation result that the effect of the sensor fault is completely rejected without any transient abnormal behavior.

B. The Case of Sensors Being Mostly Faulty
The faults are assumed to occur after t = 1, and they are as The observer is established based on (4), and the corresponding P and K are obtained from the solution of the LMI (5), and χ is set as 2. The observer estimation error is depicted in Fig. 2 verifying that the entries of the estimation error vector are ultimately bounded. It should be noted that despite the case of partially faulty sensors, as mentioned in Remark 2, only the faults larger than δ mk (t, y), k ∈ {1, 2, . . . , p}, will be rejected. However, the proposed strategy still leads to significant robustness against sensor faults. For instance, we have repeated the mentioned estimation scenario by using only the first pack of the sensors and by employing the nonlinear estimation strategy introduced in [25] which is developed for Lipschitz nonlinear systems of the form (1) as well (without sensor redundancy). The simulation results depicted in Fig. 3 show that using only the first pack of the sensors cannot guarantee robustness against sensor faults.

VI. CONCLUSIONS AND FUTURE WORK
A robust observer design based on the redundancy of sensors was proposed in this paper. It was shown that if the number of the healthy sensors are larger than the number of the faulty ones, the proposed robust observer was able to tolerate the effect of faults occurred at the sensors to ensure that the estimation error converges to zero without any sensitivity to the occurrence of the fault. In a more general case when more sensors were faulty, it was shown that the estimation error was always ensured to have an ultimate bound whose range depended on the performance of the sensors with medium fault quantities. The extension of the design to the distributed systems with jointly observability characteristic is another open problem worthy of being investigated as future work.