Viability Under Degraded Control Authority

In this letter, we solve the problem of quantifying and mitigating control authority degradation in real time. Here, our target systems are controlled nonlinear affine-in-control evolution equations with finite control input and finite- or infinite-dimensional state. We consider two cases of control input degradation: finitely many affine maps acting on unknown disjoint subsets of the inputs and general Lipschitz continuous maps. These degradation modes are encountered in practice due to actuator wear and tear, hard locks on actuator ranges due to over-excitation, as well as more general changes in the control allocation dynamics. We derive sufficient conditions for identifiability of control authority degradation, and propose a novel real-time algorithm for identifying or approximating control degradation modes. We demonstrate our method on a nonlinear distributed parameter system, namely a one-dimensional heat equation with a velocity-controlled moveable heat source, motivated by autonomous energy-based surgery.


I. INTRODUCTION
In control systems, fault detection and mitigation is key in ensuring prolonged safe operation in safety-critical environments [1].Any physical system undergoes gradual degradation during its operational life cycle, for instance due to interactions with the environment or from within as a result of actuator wear and tear.Gradual degradation or impairment, as the name suggests, often reduces the performance of a system in cases when potential degradation modes were not taken into account during control synthesis.Fault tolerance is a key property of systems that are capable of mitigating or withstanding system faults, including gradual degradation.
A number of stochastic approaches to fault identification and mitigation have been developed in the past, with the main objective of estimating the remaining useful life (RUL) of a system, and how this metric is influenced by the controller.Mo and Xie [2] developed an approach to approximate the loss in effectiveness cause by actuator component degradation using a reliability value.Their method relies on frequency domain analysis using the Laplace transform, which is limited to linear systems; in turn, proposed reliability improvements hinge on the use of a PID controller strategy and rely on a particle swarm optimization routine, which is highly restrictive with regard to runtime constraints and convergence guarantees.A similar approach was developed by Si et al. [3], where reliability was assessed using an eventbased Monte Carlo simulation approach, wherein potential degradation modes are simulated en masse, further limiting the applicability of this method.This is due to the intractable number of potential failure modes that may be encountered in practice, which would demand a very large number of Monte Carlo simulations.
In the deterministic setting, Wang et al. [4] considered control input map degradation and actuator saturation in discrete-time linear systems, where a fault-tolerant control is developed by solving a constrained optimization problem.Given the discrete-time linear system setting, [4] uses efficient linear matrix inequality (LMI) techniques for controller synthesis.However, the class of actuator degradations considered in [4] is limited to linear diagonal control authority degradation with input saturation.In the context of switching systems, Niu et al. [5] considered the problem of active mode discrimination (AMD) with temporal logic-constrained switching, where a set of known switching modes was known a priori.The AMD problem rests on a nonlinear optimization routine, which depends directly on temporal logic constraints and known switching modes that are often not known in advance.
In the present work, we consider a class of faults, which we refer to as actuator degradation.The latter may arise as a result of wear and tear, software errors, or even adversarial intervention.Considering the following nonlinear control-affine dynamics ẋ() =  (()) + (())(), we define input degradation modes of the form ̇x() =  ( x()) + ( x()) (), where  and  are two unknown time-varying maps.We refer to  as a control authority degradation map (CDM), whereas  is referred to as a control effectiveness degradation map (CEM).Our focus in this work is on CDMs; a number of common CDMs are illustrated in Fig. 1.A CDM  effectively acts as a control input remapping, and can be thought of in the context of control systems with delegated control allocation, e.g., when an actuator with internal dynamics takes () and remaps it based on its internal state.Such a setting includes common degradation modes such as deadband or saturation, or any other nonlinear transformation due to effects such as friction.In more extreme cases, it is possible that  maps a control signal   () to another control signal   () due to incorrect wiring or software design.The types of control authority degradation maps that we allow for in this work go beyond linear maps applied to discrete-time finite-dimensional linear systems, which hitherto been the main focus in prior work.We develop an efficient passive algorithm for detection and identification of CDMs, with the quality of the reconstructed CDM monotonically increasing with system run time.Using this reconstruction of the CDM, we develop a novel method for viabilizing control signals, with tight approximation error bounds that decrease with system run time.
We note that we do not consider external disturbances or other unmodeled dynamics in this work; robustness results regarding the effects of disturbances will be the subject of future work.The results of this work allow for guaranteed approximation of arbitrary control degradation maps without the need for knowledge of possible degradation modes or handcrafted filters, addressing an open problem in the literature The natural next step of this work, outside of the scope of this letter, is to approximate unviable control signal with their closest viable counterpart, with robustness bounds on the maximum trajectory deviation.

A. Notation
We use ‖ ⋅ ‖ to denote the Euclidean norm.Given two sets ,  ⊆ ℝ  , we denote by + their Minkowski sum {+ ∶  ∈ ,  ∈ }; the Minkowski difference is defined similarly.By 2  we refer to the power set of , i.e., the family of all subsets of .We denote a closed ball centered around the origin with radius  > 0 as   .By (, ) we denote {}+  .We denote by (, ) the set of bounded linear operators, and by (, ) the set of closed linear operators between  and .We define ℝ + ∶= [0, ∞).For two points in a Banach space ℬ ∋ , , let [, ] denote the convex hull of  and , i.e., [, ] ∶= conv{, }.Given a point  ∈  and a set  ⊆ , we denote (, ) ∶= inf ∈ (, ).We define the distance between two sets ,  ⊆ ℝ  to be We denote the Hausdorff distance as  H (, ) ∶= max{(, ), (, )}, ( An alternative characterization of the Hausdorff distance reads: where  + denotes the -fattening of , i.e.,  + ∶= We denote by  the boundary of  in the topology induced by the Euclidean norm.For a function  ∶  → , we denote by  −1 the inverse of this function if an inverse exists and otherwise denoting the preimage.By dom() we refer to the domain of the function (in this case ).We denote by  † the Moore-Penrose pseudo-inverse of a linear function .We use the Iverson bracket notation ⋅ , where the value is 1 if the expression between the brackets is true, and 0 otherwise.
In this work, we shall consider star-shaped sets, which are defined as follows: Definition II.1 (Star-shaped Set and MGFs).We call a closed compact set  ⊆ ℬ star-shaped if there exist (i)  ∈ , and (ii) a unique function  ∶  1 → ℝ + , such that: where  1 denotes the unit ball in ℬ.We call  a Minkowski gauge function (MGF), and  the star center.

B. Problem Formulation
Consider a known nonlinear control-affine system of the form of where  ∈ ,  ∈  ⊆ ,  and  are Hilbert spaces, and  ∶  →  and  ∶  → (, ).In this work, we assume  = ℝ  .In addition, we assume that  is a starshaped subset of ℝ  such that span  = ℝ  .Finally, we assume that the full-state of the degraded system, is known without error.
In system (5), a control action degradation map  can model changes in the control allocation function , which may include actuator reconfiguration, such as a change in the trim angle on aircraft control surfaces, or misalignment of actuators due to manufacturing imperfections or wear and tear.Since  acts after , it does not directly remap the control signal (), but it changes the action of a control input on the system; we therefore talk about control effectiveness, as opposed to control authority in the case of  , which acts before .Changes in the drift dynamics  (()) will not be treated in this work.
In addition to identifying or approximating CDM  , we are interested in 'undoing' the effects of control authority degradation as much as possible.In particular, we are interested in the set of control signals ( 4) that can still be replicated in (5) when the CDM is acting; we call this the set of viable control inputs,  v .With knowledge of  , we develop in this work a method to obtain, for  cmd ∈  v ,  v such that   v =  cmd ; here,  cmd and  v are called commanded and viabilized control inputs, respectively.This approach is closely related to a technique known in the literature as fault hiding [8].Fault hiding is achieved by introducing an output observer based on the output of the degraded system, and augmenting the nominal system model by introducing so-called virtual actuators, which requires a nonlinear reconfiguration block that is strongly dependent on the underlying problem structure and failure modes [8, §3.6, p. 42].In the setting considered in this work, we show that we can adopt the fault hiding philosophy under much less stringent constraints for a general class of systems and degradation modes.
In this work, we are interested in modeling unknown degraded system dynamics (5) for a time-invariant control authority degradation map (CDM)  ∶  → Ū , and no control effectiveness degradation (i.e.,  = ).This amounts to reconstructing, or identifying,  : Problem 1 (Identifiability of Control Authority Degradation Maps).For a class of time-invariant CDMs  ∈  , if possible, identify  based on a finite number of full state, velocity, and control input observations ( x(), ̇x(), ()) of the degraded system.
Ideally, we would like to identify general nonlinear CDMs with known bounds on the approximation error.We illustrate the control authority degradation modes that are covered in this work in Fig. 1.
We now proceed by solving Problem 1 for an unknown multi-mode affine CDMs, which allows for approximating Lipschitz continuous nonlinear CDMs with bounded error.

III. IDENTIFIABILITY OF CONTROL AUTHORITY DEGRADATION MAPS
We now consider Problem 1.Let us assume that for  , the Minkowski gauge function  is known.Let  ∶  → Ū be an unknown control authority degradation map (CDM).We assume that Ū is also a star-shaped set, providing conditions on  and  under which this holds.It bears mentioning that star-shaped sets are more general than convex sets; most results presented in this work will apply to star-shaped sets, which include polytopes, polynomial zonotopes, and ellipsoids.
Before we provide any results on the identifiability of control authority degradation modes, we pose the following key assumption on the nominal system dynamics (4).We allow for an infinite-dimensional state-space , that is to say,  is a set of functions, but  = ℝ  is also captured: Assumption 1.For system (5), assume that i. () has closed range for all  ∈ ; ii.() is injective for all  ∈ , i.e., ker(()) = {0}; iii.ẋ is known at some  ∈  with  = 0. Remark 1.In the case of finite-dimensional systems, i.e.,  ⊆ ℝ  , the first two conditions of Assumption 1 can be stated as: i.The system is not overactuated, i.e.,  ≤ ; ii.() is of full-column rank for all  ∈ .
We shall consider the case of multiple control degradation modes acting throughout the space  .The simplest of the socalled conditional control authority degradation modes (c-CDMs) acts only on a compact subset of  ; we refer to these c-CDMs as partial control authority degradation modes (p-CDMs).Consider two compact star-shaped sets Ǔ , Û ⊆  , and two p-CDMs for some control degradation map  .Here,  Ǔ is an internally acting partial CDM (i.e., acting inside Ǔ ), whereas  Û is an externally acting partial CDM (acting outside Û ); when this distinction is immaterial, we use a combined hat and check symbol (e.g.,  ̂̌), where  ̂̌is simply called the affected set of control inputs.
In reconstructing an -mode c-CDM, we face the problem of discerning which control inputs belong to which conditional degradation mode.To make this problem tractable, we pose the following assumption: Assumption 2. Let the internally acting -mode c-CDM satisfy the following properties: i.The number of modes  is known; ii. is a family of convex sets; iii. is a family of affine maps denoted by   =   +   .iv.There exists a known  > 0, such that for all  ≠ ,  H ( ( Ǔ , P Ǔ ), ( Ǔ , P Ǔ ) ) ≥ .
We are also interested in obtaining outer-approximations of Ǔ and inner-approximations of Û for each degradation mode, as illustrated in Fig. 2, so that we can restrict control inputs to regions that are guaranteed to be unaffected.Since we only have access to a finite number of control input samples, we pose the following assumption regarding the regularity of the MGF associated with   ̂̌.Assumption 3. Assume that  ̂̌has star center  ̂̌= 0, and assume that the MGF  ̂̌associated with  ̂̌is Lipschitz continuous, i.e., there exists a known  ̂̌such that | ̂̌() ‖, for all ,  ′ ∈  1 .We now proceed to show that Assumption 3 holds for the image of Lipschitz star-shaped sets under affine maps.

Lemma 1. Given a star-shaped set 𝑈 characterized by a
Lipschitz MGF  and star center , the range of  under an affine map  ∶=  +   is also a star-shaped set with Lipschitz MGF.
We can now pose a key result on the guaranteed approximation of Lipschitz MGFs from a finite set of samples.Proposition 1. Assume that Assumption 3 holds for the unknown MGFs ρ and ρ.Then, for some given ǔ, ǔ′ ∈ Ǔ Fig. 2: Comparison between inner-and outer-approximations of Û and Ǔ respectively, based on Proposition 1 and Theorem 1 for a 1-mode c-CDM.The region with top-rightpointing hatching indicates the set in which the control input is unaffected; the red-colored region indicates the affected set.The respective approximations of  ̂̌allow one to find regions in which control inputs are guaranteed to be unaffected.In the left image, the set indicated by top-leftpointing hatching is an inner-approximation of Û , and in the right image this set is an outer-approximation of Ǔ .and û, û′ ∉ Û , we have for all  ∈ [0, 1]: and where  ̂̌∶=  ̂̌∕‖ ̂̌‖ and  ̂̌′ ∶=  ̂̌′ ∕‖ ̂̌′ ‖.Proof.This result follows directly from non-negativity of the MGF and the mean value theorem, given the Lipschitz continuity of  ̂̌as assumed in Assumption 3. □ The results given in Proposition 1 allow for direct innerapproximation of Û and outer-approximation of Ǔ ; these results will allow us to restrict closed-loop control inputs to a subset of  that is guaranteed to be unaffected by  as illustrated in provided in Fig. 2. The method for approximating  ̂̌will be rigorized in the next theorem.
We now pose the main result on the identifiability of -mode conditional control authority degradation modes (c-CDMs), where multiple affine CDMs act on disjoint subsets of  ; this will allow us to approximate of Lipschitz continuous CDMs as shown at the end of the next section.
In (11), since the inverse of    must be taken, we require both that  is a square matrix, and    is invertible.This is achieved by considering  ∈ ℝ × of full column rank, as guaranteed by the linear independence hypothesis.
To approximate the 'th affected set,  ̂̌ , we require a spanning set of basis vectors that lie within  ̂̌ , as provided for in the hypotheses.The unknown MGF associated with  ̂̌ can be obtained according to Proposition 1 using ( 8)- (9), where an inner-approximation is desired for internally acting p-CDMs, and outer-approximations for externally acting p-CDMs.These approximations are obtained through repeated convex combinations and the corresponding inequality given in ( 8)-( 9), for a total of  times; an explicit expansion of the resulting expression is omitted here for the sake of space.□ Remark 2. This result incorporates p-CDMs that map a set Ǔ to a constant, e.g.,   Ǔ = .To highlight the utility of this result, it should be noted that the hypotheses given here allow for commonly encountered degradation modes such as deadzones and saturation to be modeled (see Fig. 1(4)).
Additionally, Theorem 1 allows for discontinuous control authority degradation modes, a property that is rarely present in prior work.
We can now consider the case in which  is a Lipschitz continuous CDM.We consider an approximation of  by an -mode affine c-CDM P , for which we derive an explicit error bound given that the Lipschitz constant of  ,   , is known.

Theorem 2 (Approximating Lipschitz continuous CDMs by 𝑁-mode Affine c-CDMs). Let the hypotheses of Theorem 1 hold, with the exception that 𝑃 ∶= 𝑄  is now a Lipschitz continuous CDM with Lipschitz constant 𝐿 𝑃 and Assumption 2 is now dropped. If 𝑁 clusters that satisfy the linear independence requirements of Theorem 1 are identified, then the resulting 𝑁-mode affine c-CDM approximation P has the following error:
For all  ∈ Ǔ,inner and all  = 1, … , , where  , ∶= ‖   [] − P   []‖, and [, ] ∶=   [𝑗], where   is an array composed of all control inputs in the 'th cluster.
Proof.The proof is similar to that of Theorem 1, with the error bound (13) following an application of the triangle inequality in combination with the Lipschitz continuity of  , the properties of the affine maps P , and the known samples of (,  ).□ We can now pose a convergence result on the -mode affine c-CDM approximation P of a Lipschitz continuous CDM  .
Corollary 1. Error bound (13) is monotonically decreasing in the the number of samples  ′ and the number of c-CDM modes .In the limit of the  ′ ,  → ∞, error bound (13) converges to zero.
Proof.In (13),  , monotonically converges to zero, because the operator norm ‖ − P ‖ restricted to the 'th cluster converges monotonically to zero; this fact follows by considering that the diameter of each cluster converges to zero for a greater number of samples and clusters, similarly to the proof of Lemma 2, as well as the fact that  is Lipschitz continuous, meaning that the total variation of  on this restriction decreases monotonically as well.Another consequence of the diminishing cluster diameter is that ‖[, ] − ‖ converges monotonically to zero.□ Fig. 3: Comparison between inner-and outer-approximations of Û and Ǔ respectively, based on Proposition 1 and Theorem 1 for an increasing number of samples for a 1-mode c-CDM.Clearly, for a larger number of points of sufficiently dispersed points, increasingly tight approximations are obtained as formalized in Lemma 2.
In the results given above, we find that it is in general impossible to uniquely determine each  ̂̌from finitely many samples.Intuitively, given a greater number of distinct points inside  ̂̌and  ⧵  ̂̌, it should be possible to more tightly approximate  ̂̌.This idea is illustrated in Fig. 3.We now state a lemma on the convergence of inner-and outerapproximations of the affected set  ̂̌. ) is monotonically decreasing for decreasing , in the limit of  → 0, both sequences will converge to  ̂̌in the Hausdorff distance.This follows from the fact that the Hausdorff distance between the boundary of  ̂̌and the sampled points  decreases monotonically with decreasing , leading to tighter approximations of ρ and ρ as per Proposition 1. □ Remark 3. In Lemma 2, note that the -covering argument is required to ensure that the distinct points are sufficiently dispersed; simply considering  → ∞ does not ensure convergence of the Hausdorff distance between the inner-and outer-approximation to zero.This fact can also be observed when looking at Fig. 3.
Fig. 4: Illustration of the domain on which (14) acts.There are three regions of degradation, of which the burned and the vascularized region form two; the last region is not shown, but saturates the  1 to 5.

IV. APPLICATION
We consider an infinite-dimensional system based on a 3D model of tissue thermodynamics during electrosurgery [?]: where  ∈ [0, 10] × [0, 1].The unit heat source is modeled as () = 1   ∈ [0, ] , for some known  > 0. This model approximates a slab of tissue with the state representing the surface temperature;  1 denotes the input power and  2 denotes the needle depth.
For simplicity, we set the input power  1 = 1, and consider only the needle depth  2 as the free control input.We can express system (14) as affected by a CDM  as: We consider a CDM of the form   = We consider a sinusoidal control signal for the probe depth with a period of 0.3 seconds,  2 () = (1 − cos(20∕3))∕2, and a state-input sampling frequency of 20 Hz.We assume stochastic sampling periods, where the time is perturbed with a uniform 0.01 second error to model signal processing delays.The underlying goal of this application is to perform passive probing of the affected tissue layers and reconfigure the thermodynamics model to account for tissue damage, as is commonly encountered in electrosurgery.Fig. 5 shows on the left the Hausdorff distance between each affected region over time to show that approximations become tighter with time, according to the decreasing minimal covering radius  (right), as shown in Lemma 2. After three samples in each region, we uniquely identify the appropriate affine map, but the inner-approximation of the affected region is refined passively over time.

V. CONCLUSION
In this work, we have introduced the concept of a control authority degradation map (CDM).We have proved conditions on the identifiability of a broad class CDMs, including -mode affine CDMs and Lipschitz continuous CDMs, for a class of affine-in-control nonlinear systems.Based on the identifiability results, we have formulated a constructive method for reconstruction or approximating CDMs, with explicit bounds on the approximation error.Our CDM identification method is executable in real time, and is guaranteed to monotonically decrease in error as more fullstate observations become available.We apply our methods of CDM identification and viabilization of control signals to a controlled partial differential equation motivated by an electrosurgical process, showing how our guaranteed CDM reconstruction quality improves over time.

[
12 is the map to be identified.We are interested in a 3-mode piecewise linear CDM  12 , with Ǔ1 = [0, 0.25], Ǔ2 = [0.5, 0.75], and Ǔ3 = [0.75,1]; these regions are illustrated in Fig.4.Region 1 corresponds to a charred region at the top of the tissue where the needle does not fully contact the tissue.Region 2 is a layer of pristine tissue, where the original dynamics act.Region 3 is a layer of highly vascularized tissue, in which a large fraction of heat that is added to the system gets transported away.We consider a piecewise linear function  12  ∶= (0.25 + 3)  < 0.25 + 0.25 ≤  ≤ 0.75 + (2.5 − 2)  > 0.75 .

Fig. 5 :
Fig. 5: Hausdorff distance error for the inner approximations (left) and minimal covering radius (right) of the three affected regions on which the c-CDM of (14) acts as a function of time.
Hausdorff distance of at least  between each pair of clusters.If each cluster  contains at least  vectors []that are linearly independent, then   can be approximated as follows: ′ =1 obtained from system (5), with  ′ ≥ ( + 1).Let there also be a given array of undegraded state-input pairs [( * [],  * [])]  =1 , with  ≥ .Assume that there exist  state-input pairs indexed by  and  * , such that the arrays

Lemma 2 .
Consider  > 0, such that a given set of   ≥  distinct pairs (,   ̂̌) denoted by  , , satisfies Assumptions 1-3, where   ̂̌is (i) an -mode affine c-CDM, or (ii) a Lipschitz continuous CDM.Let   be such that for each   in  , , Since it is assumed that the pairs in  , are distinct, the approximations of ρ and ρ obtained in Theorem 1 will become increasingly tight for decreasing , since the expressions derived in Theorem 1 will rely increasingly less on the Lipschitz bound assumption.Since  H (