Osmić, Nedim

Planiranje gibanja bespilotne letjelice s obzirom na procjenu rizika od kvarnih stanja : doktorski rad / [mentor Ivan Petrović] - Zagreb : N. Osmić; Fakultet elektrotehnike i računarstva, 2020. - xii, iii, 155 str. : ilustr. u bojama ; 30 cm. + CD-ROM

Bibliografija str. 137-145.

U ovom radu istražen je problem planiranja gibanja višerotorskih bespilotnih letjelica na kojima tijekom izvršavanja misije može nastupiti kvarno stanje na pogonskim motorima letjelice. Kako bi se planiranje gibanja letjelice moglo obaviti, razvijen je opći model višerotorskog sustava s parnim brojem rotora postavljenim u planarnoj konfiguraciji. Za razvijeni je model višerotorske letjelice predložen jednostavan upravljački algoritam za praćenje referentne putanje koji je pokazao dobre performanse, ali je osjetljiv na mogući nastanak kvarnog stanja na pogonskim motorima. Zbog toga je, na temelju izvedenog općeg matematičkog modela višerotorske bespilotne letjelice, izvršena analiza utjecaja kvarnih stanja na upravljivost i stabilnost bespilotne letjelice. Analiza je izvršena na sustavu kvadkoptera, heksakoptera i oktokoptera. Na osnovi rezultata analize pokazano je da sustav kvadkoptera ne predstavlja pouzdanu strukturu čak i u slučaju nastanka jednostrukog kvara, za razliku od heksakoptera i oktokoptera. Također je pokazano da je u slučaju nastanka dvostrukog kvarnog stanja oktokopter pouzdanija struktura u odnosu na heksakopter. Nakon provedene analize, kako bi se mogao iskoristiti potencijal upravljivosti za nastavak misije na navedenim strukturama letjelice, razvijen je algoritam za lokalizaciju i identifikaciju kvara temeljen na metodi najmanjih kvadrata. Kako bi se informacija o nastanku kvarnog stanja mogla iskoristiti za poništavanje učinka kvarnog stanja, iskorištena je upravljačka alokacija temeljena na pseudo-inverziji s ciljem da se preostali ispravni pogonski motori iskoriste za generiranje neophodnog upravljanja za nesmetan nastavak misije. Za potrebe procjene potencijalne opasnosti zbog kvara pojedinih komponenata na sustav bespilotne letjelice razvijen je postupak provođenja analize utjecaja kvarnih stanja i njihovih utjecaja na bespilotnu letjelicu. Definirana je mjera pouzdanosti pomoću koje se može procjeniti izvjesnost završetka misije uz pretpostavku da su poznati: (i) korišteni tip letjelice, (ii) upravljanje primijenjeno na bespilotnoj letjelici, (iii) tip kvarnog stanja koje može nastupiti na letjelici i (iv) korišteni planer gibanja. Kako bi se informacije o provedenoj analizi utjecaja pojedinačnih komponenata iskoristile za povećanje pouzdanosti završetka misije, predložen je novi tip planera gibanja nazvan RSP planerom gibanja. Predloženi RSP planer gibanja uvažava ograničenja na upravljačku varijablu višerotorskog sustava koja su posljedica mogućeg kvarnog stanja na sustavu višerotorske letjelice te planira takvo gibanje letjelice da u slučaju nastanka kvarnog stanja nastavak misije bude omogućen uz minimalno smanjenje performance.
Ključne riječi : matematički model višerotorske letjelice, upravljanje otporno na kvarna ˇ
stanja, analiza utjecaja kvarnih stanja i njihovih utjecaja na letjelicu, analiza upravljivosti i
stabilnosti višerotorskih sustava, planiranje gibanja robotics research in academic and industrial communities alike due to the broad range of their potential applications. Those include various tasks like search and rescue missions in indoor and outdoor environments, aerial construction, precision agriculture, disaster management, power line and structural inspection, exploration and mapping of unknown environments, remote sensing, aerial transportation, monitoring and analysis of traffic, surveillance, swarming and use as educational platforms.
Nowadays, there exist different design solutions for MAVs from micro and mini MAVs to heavy MAVs with high endurance. MAVs have become the most popular type of unmanned aerial vehicles due to their characteristics such as small geometries, vertical takeoff (VTOL) and landing capabilities, low cost, simple construction, degrees of freedom, maneuverability, ability to perform tasks that are difficult for humans (i.e., tasks where the risk of injury is high). The most commonly used platform in research projects nowadays are quadcopters, which makes it the de facto standard aerial robotic research platform used by the scientific community. The popularity of quadcopters is a consequence of their simple design as four rotors are sufficient for complete controllability of the system concerning the available degrees of freedom for movement. There are many applications in which MAV is used, and the primary goal of each of these applications is for the MAV correctly and reliably perform the intended task. Also, regardless of the structural design type, various types of faults may occur on a MAV. The fault can affect actuators, sensors, controllers, or can be structural. If a failure occurs, the mission execution may be stopped.
Even minor failures, which were not considered during the mechanical construction phase, can lead to the complete failure of the mission. If the failure were to be considered in the phase of physical construction or in the design phase of the regulator, the loss of the MAV or the termination of its mission could be prevented. The main question is whether the MAV has the possibility of detecting and isolating the fault or adapting to the fault that occurs during the mission execution, thereby distinguishing two aspects of the adaptation. The first aspect represents the preservation of the stability of the MAV system, and the second aspect involves deciding on the continuing execution or termination of the mission that the MAV performs or if a re-planning of the initial mission is necessary. These considerations are not new and originate from the theory of Fault-tolerant control (from the 1960s when the stability aspect of industrial systems was considered). Consequently, there are many methods by which it is possible to control systems and detect the occurrence of failures. When the system is a faulty-free state, all system parameters are within the nominal ranges. In the event of a fault, some of the subsystems no longer operate within expectations, and deviation from the nominal system state can be propagated to other subsystems.
If a fault, on any of the subsystems, occurred such that it can lead to a failure of the whole system, then a "safety shutdown" could be performed. Namely, when some parameter, which is important for the state of the system, is outside of the normal range, it is necessary to perform a corresponding action to eliminate faulty-state. However, the faulty-state can be caused by the failure of the actuator and/or sensor and as such represents the most dangerous class of failures. In the aviation industry, the term "physical redundancy" was introduced, which represent the real-time measurement of a variable of interest (altitude, pressure, flight speed, aircraft inclination, rudder rotation state) with multiple sensors (usually three or four) with different technologies, to prevent the possibility of the occurrence of the same fault on the same type of sensor. All measured values are compared and, for significantly deviates between obtained values, that sensor is no longer taken into account. However, the probability of simultaneous failure of two or more sensors is less than the probability of failure of only one, so this type of decision-making is called "majority voting". Also, if all sensors give a value that is outside the normal range then, it is more likely, that it is a structural failure than that all sensors have failed at the same time. In addition to physical redundancy, there is the so-called analytical redundancy that does not require the installation of additional components but it calculates each parameter that is relevant to the functioning of the system analytically based on available measurements of the system. When the system is in normal mode (fault-free state), the parameters are measured and compared does it give similar values as analytically calculated system states. In the case when a failure occurs on one of the subsystems, the values obtained by measurement (using sensors) and those obtained analytically are different. Choosing appropriate analytical method and the state of the system to be measured, it is possible to distinguish the locations of the fault as well as to identify the fault, i.e. to determine whether the fault occurred on the sensor, actuator or structural failure. Physical redundancy can increase the reliability of the aircraft, but on the other hand, it requires higher costs and more complexity in the implementation of the desired system. Methods (physical or analytical) that can be performed to identify the occurrence of a fault in the system are part of the methods of fault detection.
For MAV, a different component of physical redundancies can be used, including redundancy in the propulsion system to increase the mission success rate. In its master thesis ("Fault-tolerant Multirotor Systems"), author Thomas Schneider shows that it is possible to control all degrees of freedom of the octocopter except the yaw angle for any potential double-rotor-fault scenario (the yaw controllability is preserved even in 89% of those scenarios). In similar lines of work (Quan et al., Yang et al., Lunze et al., Franchi et al., Mueller et al.), the authors addressed the possibility of preserving the controllability of a system for different rotor faults by increasing the number of rotors or using a rotor with tilt possibilities. Also, they have investigated a control strategy for a quadcopter in the case of losing a single, two opposing, or three propellers.
On the other hand, regardless of whether the configuration of a MAV is redundant, the control algorithm has a significant role in improving the fault-tolerance of the MAV system. If a control algorithm is fault-ignorant, having redundant components does not necessarily increase the reliability of the MAV system or the probability of completing the mission. The control algorithms that inherently possess a certain level of robustness to possible failures increase the reliability of the system. There is a large number of methods developed within the framework of fault-tolerant control for MAV including sliding mode control, adaptive fault-tolerant control, control allocation methods for MAVs, reconfigurable control, the backstepping method, model predictive control, control based on a linear quadratic regulator, fuzzy predictive control and many others.
Furthermore, except for carefully selected control algorithms, other aspects can be taken into account to adapt to the newly created state of the MAV after a failure occurs in the subsystems. An essential part is the path planning of the MAV as part of the mission planning. For most of the tasks performed by MAVs, the mission is generally clearly defined, and there are clear subtasks to perform. Each of these subtasks requires path planning for the MAV to accomplish those mission goals. When the MAV is operating in a nominal mode (failure-free case), the control system will guide the MAV along a pre-planned trajectory. In the case of failure occurrence, the MAV will operate with significantly altered characteristics, and it is very likely that the trajectory, which was planned at the beginning of the mission, will not be realizable. For such a scenario (failure occurrence), it is necessary to estimate the MAV state and make a decision to either terminate the mission execution or continue the planned mission. In the case of termination, it is necessary to decide if it is necessary to perform the safe landing immediately or if the MAV can be safely returned to the base. On the other hand, if the MAV is capable of carrying out a mission with degraded performance, it would be necessary to carry out mission re-planning. During re-planning, it is necessary to take into account the new faulty-state and, consequently, the resulting movement constrains (on generating the total thrust force and torques about x, y, z axes). This movement constraints stem from the fact that some of the motors/propellers are faulty so that some of the maneuvers, which were previously planned, cannot be performed. The consequences of the fault can be minimized through the stages of fault detection, fault isolation, selecting a suitable control algorithm that takes into account the fault that has occurred, and though the decision to continue or terminate the mission execution due to this faulty state. Also, if path planning takes into account the probability of failure, it is possible at the initial state of motion planning, to consider different scenarios for all possible failures, to plan different motion options depending on the current state of the MAV. It is a necessity to emphasize the importance of motion planning for MAVs. Namely, a MAV does not have absolute autonomy, but it instead relies on sensor equipment, computing power, and its propulsion system. If all aspects of a possible mission have been taken into account, and if motion planning has been carried out, that would include any faulty-state that may occur on the MAV, it can be guaranteed, with some probability, that the mission will be performed. Then, it is possible to define a measure of the reliability of the completion of the mission that would be used in the planning phase of the motion planning of the MAV. The motivation for defining a reliability measure of mission completion on MAV can be found in the following reasons. Prior inclusion of failure probabilities during the planning stage of the mission, it may be useful for the system to be more readily able to adapt to the occurrence of a fault and, consequently, to ensure the execution of the given mission with a higher probability than the existing control algorithms in which fault information is not taken into account, as well as with algorithms that use such information in the control algorithm only in the post-fault phase. The inclusion of probability and type of failure in the planning phase can be achieved through an appropriate optimization framework. Motion planning is carried out by taking into account the measure of the reliability of the completion of the mission as a function of the criteria that would depend on the geometry of the MAV, the used control scheme and the probability of occurrence of individual failures resulting from the reliability of individual elements of the MAV system itself. Using a suitable motion planner can ensure that the reliability of the planned mission may be improved. Considering the measure of the reliability of MAV, depending on the type of mission, a decision could be made on the selection of the MAV type that will ensure maximum reliability for the given probability and of planned mission faulty-state type.
The dissertation proposes a novel motion planning algorithm that takes into account potential rotor-failures of the MAV during the planning stage, named here as risk-sensitive planner (RSP). The RSP planner is much more prepared for rotor-faults during the mission execution than the planner ignorant to those potential faults, named here as risk-insensitive planner (RIP). Additionally, the proposed planner is much less conservative compared to the approach which plans the mission assuming the faults will occur during the execution, named as risk-conservative planner (RCP). To do so, we propose a procedure for (i) finding a reduced fault-dependent control admissible region, (ii) replacing that region with a set of inequality constraints, (iii) carefully selecting some of the inequality constraints based on fault-tolerant analysis of the given mission, and (iv) forming the final optimization framework which includes the selected constraints.
The first goal of the research was to develop a detailed mathematical model of an octocopter with an even number of rotors in a planar configuration, which was used to analyze the impact of fault-states and design control algorithms to achieve the maneuverability and stability of the MAV. The mathematical model, which was developed, for the case of the octocopter, was then extended to a generalized model of a multi-rotor system with an even number of motors in a planar configuration. From a generalized model of a multi-rotor system, has been derived the following models - quadcopter, hexacopter (with PNPNPN and PPNNPN configuration design, where P and N indicate clockwise (CW) and counter-clockwise (CCW) turning directions of a rotor) and octocopter (with PNPNPNPN and PPNNPPNN configuration design). The second goal was to investigate the influences of MAV geometry (such as the influence of the number of rotors and directions of rotation of a related DC motor) on the planned mission and maneuverability of the MAV. As a result of this goal, an optimization framework has been proposed to assess the potential of the MAV for a possible mission execution given a specific MAV type (quadcopter, hexacopter, octocopter or any multi-rotor system), knowing the actuation matrix (A) and the type of faulty-state that occurred on the MAV. The third goal was to investigate and propose a control algorithm that is capable, based on information on the occurrence of a faulty-state, to adjust the control so that the MAV is controlled in an optimal way after the occurrence of a faulty-state. As a result of this goal, the control algorithm was chosen based on a control allocation that uses pseudo-inversion to achieve the required control via the remaining motors of the MAV. Also, within this goal, an algorithm based on the least-squares method is proposed to identify and isolate the occurrence of the faulty-state. The proposed method for fault identification and isolation proved to be effective, which also led to the control based on the control allocation having good performance in the event of an execution of the mission, provided that it is not a faulty-state that leads to a complete loss of controllability. The fourth goal was to understand the possibility of a fault occurrence and the severity of fault consequences. For these purposes, Failure Mode and Effects Analysis (FMEA) has been performed of the MAV. As a result of this goal, a measure of the reliability of the execution of a planned mission is defined, which depends on the geometry of the MAV, the choice of control law, the type of a faulty-state, and the type of mission to be performed. The last, fifth, goal has been to develop a motion planner that would be based on the selected MAV type, possible faulty-state, and depending on the desired of the waypoints, create a motion plan that will increase the reliability of mission completion. As a result of this goal, a new type of motion planner named the RSP motion planner has been proposed, which takes into account the possible occurrence of failure on the MAV, and based on constraints on potentially admissible maneuvers, which could occur due to a faulty-state, calculates such movements so that the maneuvers’ feasibility and the given trajectory track is least endangered.
There are three basic scientic contributions of this research:
1. A general mathematical model of a MAV with an even number of motors in a planar configuration that allows a systematic study of the algorithms for motion planning of MAVs focusing the assessment of the risk of failures. For the application of the developed MAV model, it is necessary to determine an actuation matrix for the selected MAV, which gives the relationship between the number of motors, directions of rotation, aerodynamic and gyroscopic effect coefficient with generated thrust force T and torques around the axes x, y, and z . The obtained actuation matrix completely defines the model of the MAV and can then be used for simulation purposes.



2. A measure of the reliability of the execution of a planned mission that takes into account the geometry of the MAV, the possibility of occurred faulty-state, and the proposed control law. Based on the obtained measure, it is possible to recommend, for a particular mission, what type of MAV (quadcopter, hexacopter, or octocopter) should be selected for the given possibility for occurrence of a fault and the proposed control low, to increase the reliability of the mission execution.

3. A motion planning algorithm for MAV that increases the reliability of mission execution. The new type of motion planner named the RSP motion planner takes into account the constraints on the control variable that result from the type of selected MAV and the possible fault. Based on this, it calculates a type of maneuver that passes through the desired waypoint in such a way that if a fault occurred during the mission, it would have the least possible effect on the feasibility of route planning.
The dissertation is divided into eight main chapters. Chapters two, six and seven correspond to scientific contributions. Chapters in this dissertation are structured as follows:

Chapter 1. The first chapter gives a brief overview of the historical development of unmanned aerial vehicles, describes the motivation and goal of the research as well as a review of the scientific contributions of the dissertation.
Chapter 2. The derivation of a general mathematical model of a MAV with an even number of motors in a planar configuration is presented in the second chapter. The chapter presents the kinematic model and the dynamic models of the octocopter. Furthermore, the thrust forces and moments about x, y, z axes acting on the octocopter system are described. A dynamic model of a DC motor used to generate the thrust force, and torques of the MAV around the x, y, z axes are also presented. Finally, based on the obtained octocopter model, a general model for MAVs is derived with an even number of motors in a planar configuration.
Chapter 3. The third chapter describes the control architecture used to track the reference trajectories, which consists of a position controller, a speed controller, control allocation and a motor speed controller. Linearization of the octocopter dynamics around the hover configuration of a nonlinear mathematical model of a MAV in the environment of equilibrium is performed. Based on this, controllers are designed that allow for satisfactory tracking of reference trajectories.
Chapter 4. A fault-dependent controllability analysis for quadcopter, hexacopter, and octocopter considering the faults occurred is the topic of the fourth chapter. The performed analysis showed that the allowed set of values of the control variable depends on the type of selected MAV, the directions of motor rotation, and the possibility of the faulty-state occurrence. An optimization framework is defined that makes it possible to analyze the behavior of the MAV system at the hovering point during faulty-state, and which consequently allows the assessment of the maneuverability potential and the stability of the MAV at the hovering point concerning potential failures. Based on that analysis for a single-fault case or double-fault cases on the MAV, it is possible to assess the possibility of continuing the mission execution. Within the defined optimization framework, a controllability analysis has been performed for the quadcopter, hexacopter, and octocopter systems.
Chapter 5 provides a brief overview of the fault-tolerant control and then proposes an algorithm based on the least-squares method that can identify the faulty-state occurrence and isolate the motor on which the fault occurred. Finally, an extension of the control architecture from the third chapter is proposed to achieve fault-tolerant control. A pseudo-inversion-based control allocation method was used for fault-tolerant control.
Chapter 6. In the sixth chapter, an analysis of the impact of the potential fault and their effects on a MAV with DC motors was performed, to determine which fault is potentially dangerous for the MAV and which actions can be performed to avoid the corresponding fault. The main goal of the analysis was to understand the cause and severity of fault that can occur on a MAV. Finally, a measure was introduced to assess the reliability of the execution of the planned mission based on the type of selected MAV, the control used, the possible fault, and the used motion planner.
Chapter 7. In chapter seven, a new motion planning tool, called the RSP Motion Planner, is presented, based on an admissible set of thrust force and torques obtained by analyzing the impact of possible faults during mission execution. Taking into account possible faults, the motion planner generates maneuvers that ensure that the MAV trajectory tracks the reference trajectory. Such a motion planner ensures the execution of the mission, although it requires a little bit of mission planning time.
Chapter 8. In this chapter, conclusions are given about the conducted research and the achieved results as well as the possible directions of future research.
Conclusion: The central hypothesis of this thesis is that the reliability of the execution of a planned mission can be improved by including information on the probability of possible fault occurrences in the mission motion planning phase. All research was aimed at proving this hypothesis. In the second chapter, a detailed mathematical model of the octocopter was derived, from which a generalized model of a MAV with an even number of rotors set in a planar configuration was then derived.
The third chapter presented the synthesis of a simple PD controller that controls the MAV system by tracking the given reference position and orientation of the system. It has been shown that the MAV with the proposed PD controller can be operated satisfactorily with excellent tracking performance of the reference trajectories if all motors are available. However, in the event of a fault occurrence of the propulsion system, the system is not able to track the reference trajectory anymore.
To be sure that a particular type of MAV has the potential to continue the execution of the mission, regardless of the fault occurrence, in the fourth chapter, an optimization framework for fault-dependent controllability analysis is introduced. The optimization framework considers potential faults and their effects on MAV and its DC motors, depending on the type of selected MAV (quadcopter, hexacopter, or octocopter), the direction of rotation of the motor and the type of fault (single-fault or double-fault case). This analysis shows that a careful selection of the octocopter configuration may additionally influence the overall maneuverability and keep the MAV ready to execute the mission under a variety of faulty states. For instance, when the probability of a double rotor fault is high, we can increase mission reliability by choosing the PPNNPPNN configuration. However, the performed analysis can be generalized for a MAV with 2n pairs of DC motors constructed within a planar plane. Triple or quadruple faults can also be analyzed in the same fashion, which makes the proposed framework general. However, the probability of such occurrence is much lower than for single or double faults, so they are not considered in this thesis.
To exploit the results of the fault-dependent MAV maneuverability analysis and to provide a unique testbed for performance analysis of considered motion planners, a mechanism for failure detection and fault-tolerant tracking control is needed.
Additionally, it is necessary to design a control algorithm that can include information about faulty-states of DC motors into the actuation matrix and adjust the control so that the MAV is still optimally controlled during faults. The proposed algorithm for identifying and isolating the occurrence of failure is based on recursive least-squares. The fault identification information can be fed to the control allocation that can use this information so that the necessary control is still achieved by the leftover motors. For this purpose, pseudo-inversion was used as a control allocation mechanism. The described procedure was given in the fifth chapter.
Then, in the sixth chapter, the influence of faulty-state and their effects on the MAV and its DC motors is analyzed to assess the criticality of failure of individual components. This analysis can determine whether, in a particular case, one of the motors is critical, or if there is a possibility that it fails during the mission. If the analysis shows that there is a likelihood of a fault, then this information can be used during the mission planning phase for risk assessment.
In the conducted analysis as a starting point for the development of motion planners concerning fault risk assessment, two types of planners were considered. The first type of planner does not take into account the occurrence of a faulty-state (named the RIP motion planner), and the second type of planner takes into account the occurrence of a faulty-state (named the RCP motion planner). The RIP motion planner generates the fastest possible feasible trajectory given the capabilities of the MAV platform, but the feasibility of the resulting trajectory is sensitive to the occurrence of a fault. On the other hand, the RCP motion planner generates a path that requires execution times, and its disadvantage is that the generated trajectory contains conservative maneuvers and does not use the MAV in the optimal sense. A new type of planner (named RSP motion planner) is proposed in the motion planning analysis, which considers the specific mission to be performed, and based on the assessment of possible failure, generates a trajectory that is less sensitive to the possibility of failure occurrence. An optimization framework has been proposed that takes into account the admissible set of control variables, which can be changed depending on the type of MAV and the possible occurrence of a fault on motors. The proposed RSP motion planner showed better performance than the RIP and RCP planners. Knowing the type of mission and risk assessment of failures by applying the proposed RSP motion planner, it is possible to generate a trajectory that will increase the reliability of mission execution.

Središnja knjižnica Fakulteta elektrotehnike i računarstva, Unska 3, 10000 Zagreb
tel +385 1 6129 886 | fax +385 1 6129 888 | ferlib@fer.hr