1. Introduction
In recent years, the control barrier function (CBF) has been used to design safety control laws for nonlinear affine safety-critical system [
1], which is gradually becoming a widely used method in nonlinear system control, such as adaptive cruise control [
2], lane keeping [
3], and so on. It ensures that the system state is within a safe region by introducing a constraint function that prevents the system from entering a hazardous state [
4]. The CBF method focuses on the distance of the system state from the safety boundary and uses the value of this distance as a guidance signal for the controller to keep the system within the safety constraint [
5]. The advantage of CBF is that it provides a formalized method to ensure that the system meets stringent safety requirements while performing the control task, providing an effective means of controlling and protecting complex systems [
6].
Higher order control barrier function (HOCBF) is an extension of CBF for designing safe and high performance control system [
7]. Compared with the traditional CBF, HOCBF not only considers the distance between the system state and the safety boundary, but also incorporates the higher order derivative information of the system state, which makes the control more accurate [
8,
9]. This makes HOCBF outstanding in areas such as handling higher-order nonlinear system, robot path planning, and autonomous driving, such as ship trajectory tracking and heading control [
10], robotic arm obstacle avoidance [
11], robot control [
12], and aircraft control [
13], etc. The forward-looking nature of HOCBF makes it a powerful tool to meet the challenges of complex system, ensuring stable operation and meeting stringent safety constraints.
Safety-critical system has difficulty in continuing to meet the safety requirements of the system in the event of a fault [
14]. The introduction of fault-tolerant control can improve the system’s ability to cope with disturbances caused by faults [
15,
16,
17], so it is extremely necessary to consider fault-tolerant control for safety-critical system. For general nonlinear affine system, the construction of HOCBF constraints to ensure system safety has been proposed in [
18]. Recently, we have found that when the system has partial actuator failures, the solution of Quadratic Programming (QP) cannot keep the faulty system state-safe using the HOCBF constraints of the fault-free system [
19]. In addition, when the inputs are limited to a certain range, it increases the probability of mutual conflicts between the safety constraints, resulting in an infeasible optimal control problem for the faulty system. Therefore, it is important to study the feasibility of the optimal control problem for faulty system when both input bounds and safety constraints exist.
In this paper, firstly, the HOCBF constraints are redesigned based on the fault information of the system, and a class of fault-tolerant controller design methods based on HOCBF and CLF are proposed to re-enable the faulty system to satisfy the safety requirements. Secondly, a sufficient condition is proposed to satisfy the existing constraints, where the control inputs are always within the restricted range and the sufficient condition is expressed as feasibility constraints. These feasibility constraints will be incorporated into the solution of the QP problem to ensure the safety of the faulty system and the feasibility of the solution of the QP problem together with the existing safety constraints of the system.
3. Fault High-Order Control Barrier Function
For a general nonlinear affine system (1), given the set
c defined by Definition 6 and the associated CLF and HOCBF, they can be combined into a single Lipschitz continuous controller by means of QP [
22]:
where
is a positive definite matrix,
, and
is the slack variable.
Considering the existence of partial actuator failures of a general nonlinear affine system, then the faulty system model of system (1) can be represented as:
where
is the failure coefficient that satisfies
,
,
, which are the lower and upper boundaries, respectively.
To easily illustrate the reconstruction of the control barrier function, system (9) can be represented as:
where
,
.
For the faulty system (10), a reconstruction of the HOCBF constraint (8) is required to ensure the forward invariance of the safety set C. That is, inequality (8) should contain terms that eliminate the effects of partial actuator failures.
Definition 7 (FHOCBF)
. Let be defined by (4) and be defined by (3). A continuously differentiable function is a fault high order control barrier function (FHOCBF) of relative degree r with respect to system (10) if there exists a collection of differentiable class function such that For all
and
, where
is a function of
x and
. Since (11) needs to be satisfied for all
, the constraints can be rewritten as:
where
.
Remark 1. A function that is continuously differentiable is said to have a relative degree r with respect to system (1) if (a) for all , ; and (b) for all . indicate the Lie derivatives along f and g, respectively, and indicates the Lie derivatives along f r times [19]. According to (10), we can get the
, where
is a linear program. Otherwise
is a nonlinear function of
in general, and the solution to the nonlinear program
can be used to find the set of control inputs that satisfy inequality (12):
Theorem 1. Given a FHOCBF by Definition 7, any Lipschitz continuous control input renders the set as forward invariant for system (10).
Proof of Theorem 1. Any Lipschitz continuous controller enforces or equivalently regardless of the value of . On the assumption that , in that case , we can go further than that which, based on Definition 3, this will make or , again, since , this results in . Continuing this reasoning, we can prove that is forward invariant for system (10). □
At this point, the QP problem (6) and the corresponding constraints (7) and (8) will be rewritten as:
4. Feasibility of Optimal Control Problem by Using FHOCBF
The amount of input to the system cannot be unlimited, so it is necessary to consider that the system can still operate safely and stably under input constraints, which is more in line with practical scenarios. In other words, the continued safe and stable operation of system (10) requires the fulfillment of at least two of these conditions:
(a) Always meet one or more of the following forms of safety requirements:
(b) Since the input is finite, it is necessary that the control input always satisfies control input bound (2) at time period .
If these two conditions are always satisfied, then we claim that the control strategy of system (10) is feasible.
Consider the case of limited control inputs, where the QP problem (14) and the corresponding constraints (15) and (16) will be rewritten as:
For (18), solving the optimal control problem with decision variable u and , we divide the time period into a finite number of intervals . The QP is solved point by point, where this computationally efficient but short-sighted approach can easily lead to infeasibility in the QP solution process, especially under tight control input constraints. With that said, the FHOCBF constraint can conflict with the control bounds, which will cause the QP solution process for the next time interval to be infeasible. Therefore, to address this occurrence, in this paper, we introduce a feasibility constraint.
Definition 8 (Feasibility Constraint [
22])
. Suppose that QP problem (18), with state at the current moment, is feasible under constraints (19)–(21), and that a continuously differentiable function, , is a feasibility constraint if it ensures that the QP problem (18), corresponding to the next time interval, is still feasible under constraints (19)–(21). After finding the feasibility constraint, we can use it as an additional constraint on the QP problem (18) to ensure the feasibility of the QP solution process for the next time interval. It is introduced that the feasibility constraint needs to satisfy two conditions: (a) It is conflict-free (the intersection of the sets formed by multiple constraints is not empty) with constraints (19) and (21). (b) It reduces the occurrence of conflicts between constraints (19) and (21). In the following, we derive how to find suitable feasibility constraints.
A continuously differentiable function
is a FHOCBF of relative degree
r with respect to system (10); according to (11), the control input
always needs to satisfy the following inequality:
Further, we define the set of all control inputs satisfying (22):
The analysis of the feasibility constraints in the following section depends on the vector sign of changing in time period .
To begin with, we assume that all components in
do not change sign. Assume
. By multiplying each component of
by the control input bound (19) and adding them together, it yields the following inequality for all system statuses, so that (19) is able to be rewritten using relaxation as:
Further, we define the set of all control input
u satisfying (24):
The control input bound (19) is conflict-free with constraint (22) if the control input is such that (24) is conflict-free with constraint (22) for all , i.e., .
Therefore, whether there is a conflict between constraints (22) and bound (19) only needs to be considered when (24) and (22) are conflict-free. Since (24) consists of two parts, it can be discussed in two cases: (a) and (22); (b) and (22).
It can be concluded that for all states
of the system, there always exists a control input
u such that the two inequalities of case (a) are satisfied simultaneously, but the inequalities of case (b) may conflict. Therefore, in order to solve the problem that QP is infeasible in a certain time interval due to the formation of a conflict between the FHOCBF constraints (22) and (24), the QP problem (18) should also satisfy the following inequality, subject to conditions (19)–(21):
This is a feasibility constraint constructed to avoid a conflict in the inequalities of Case (2) that leads to the QP problem (18), which is infeasible while satisfying conditions (19)–(21).
Due to the presence of
, the relative degree of the feasibility constraint is relative to the system dynamics (10). In order to find the control input that always satisfies the feasibility (26), it is further defined as:
By Definition 7, making
as a FHOCBF guarantees that (24) and constraint (22) are conflict-free such that constraint (22) and bound (19) are conflict-free. It is worth noting that the relative degree of
with respect to the dynamics of system (10) is only one because of the presence of
, so the set of control inputs that satisfy (27) is as follows:
where
is a Class
function.
Theorem 2. The control input guarantees the feasibility of the QP problem (18) at the next moment under constraints (19)–(21) if the QP problem (18) is feasible at the current moment and the FHOCBF corresponding to constraint (27) in set (28) is conflict-free with the control bound (19) and constraint (22) at the same moment.
Proof of Theorem 2. If the QP problem (18) is feasible at the current moment, the FHOCBF constraint (22) is conflict-free with the control input bound (19) and (24) at the current moment because control input u is a subset of defined in (25). Via Theorem 1, we can obtain , where the FHOCBF constraint (22) is conflict-free with (24) for all . Then, the FHOCBF constraint (22) is conflict-free with the control input bound (19) either. Finally, the feasibility of the QP problem (18) is guaranteed by assuming that the FHOCBF constraint corresponding to (26) in (28) is conflict-free with the control input bound (19) and the FHOCBF constraint (22) at the same moment. □
Rewriting the inequality in (28) into the form of (5) gives:
Contrasting (29) and (28),
can be chosen as:
To facilitate the feasibility of solving the QP problem (18), needs to be considered as a constraint in the constraints of the QP problem (18). The determination of reasonable reduces the likelihood of conflict with the control input bound (19) as well as the FHOCBF (21). The relative degree of should not be too high, as this would make the constraints complex and conflict with each other, making the QP problem (18) infeasible. Therefore, a discussion of the relative degree of as zero or one follows.
If the relative degree of is zero, that is say, the control input u appears directly in the function . At this point, needs to satisfy . If the FHOCBF constraint (22) is satisfied, combining and constraint (22), it follows that (29) is satisfied. This means that Theorem 1 satisfies (26), where the FHOCBF constraint (22) and control input bound (19) will be conflict-free. If is conflict-free with the control input bound (19) and the FHOCBF constraint (22) at the same moment, then the feasibility of the QP problem (18) can be guaranteed.
If the relative degree of
is one, a set can be defined as follows:
where
is a Class
function.
Remark 2. The determination of requires HOCBF constraints and control input bounds, which need to be based on the system model parameters and system safety conditions.
Theorem 3. Any control input can guarantee the feasibility of the QP problem (18), if can satisfy , and .
Proof of Theorem 3. If and , we can get . If the FHOCBF constraint (22) is satisfied, combining and constraint (22), it follows that (29) is satisfied. This means that Theorem 1 satisfies (26), the FHOCBF constraint (22) and control input bound (19) will be conflict-free, . If , we can get , . If , is or . So is or . Thus, if the control input bound (19) and the FHOCBF constraint (22) is conflict-free at the same moment, then the feasibility of the QP problem (18) can be guaranteed. □
Recall from above that the analysis of the case where the sign of the components of the vector
does not change is complete. If
, let
,
, and
, then there is
If the sign of some components of the vector changes, then the sign of (32) reverses as the sign of changes in . If , the result of the inversion still satisfies (32). If , let , , i.e., , so we can get , i.e., the result of the still satisfies (32). In a word, inequality (26) is not affected by cases such as changes in the sign of and the asymmetry of the control input u, which implies that the feasibility constraint is constructed in the same steps as mentioned above.
At this point, Theorem 3 is a sufficient condition for the feasibility of FHOCBF based on QP when the control inputs are limited but have been found. Therefore, following the conditions in Theorem 3, choosing a reasonable is the key to improving the feasibility of the QP problem (18), subject to (19)–(21).