A nonlinear model predictive control scheme for sensor fault tolerance in observation processes

This article addresses the problem of designing a sensor fault‐tolerant controller for an observation process where a primary, controlled system observes, through a set of measurements, an exogenous system to estimate the state of this system. We consider sensor faults captured by a change in a set of sensor parameters affecting the measurements. Using this parametrization, we present a nonlinear model predictive control (NMPC) scheme to control the observation process and actively detect and estimate possible sensor faults, with adaptive controller reconfiguration to optimize the use of the remaining sensing capabilities. A key feature of the proposed scheme is the design of observability indices for the NMPC stage cost to improve the observability of both the state of the exogenous system and the sensor fault parameters. The effectiveness of the proposed scheme is illustrated through numerical simulations.

Since the addressed problem lies at the intersection of controlled observations for state estimation and active fault detection and accommodation, it is worth mentioning some approaches in the specific fields. The problem of controlling an observation process concerns exploiting the degrees of freedom in an information-gathering system to increase the quality of the collected information or measurements of some exogenous system. To this end, common approaches can generally be categorized either as physical control of the sensors, 5,13,17,18 or by active selection among a set of available sensors at mobile or fixed locations. 4,19 The problem addressed in this article belongs to the first class, that is, with physical control of the sensors providing measurements of the observed system. Note that this class of observation processes are fundamentally different from the type of observation processes where the observed exogenous system or some subsystem can somehow be perturbed by the controlled system to improve the state estimation, for instance, systems with interconnected chemical reactors. Numerous information-optimization-based approaches have been proposed to optimize the observation process, 5,12,15,17,20,21 however, often resulting in linear approximations or some greedy heuristic for solving the resulting optimization problems.
Sensor fault management involves detecting, isolating, and estimating the magnitude of a fault. This problem is most often approached by a layered control structure, 22 where a fault-diagnosis unit operates at a supervisory level whose objective is to detect and isolate a fault, either by (i) a passive approach 22,23 or by (ii) an active approach involving probing by the controller. [24][25][26] The latter approach is closely related to optimal experiment design and active learning. 27 Passive approaches attempt to diagnose faults by evaluating available historical data from the process. These approaches may face the lack of sufficiently informative data for the fault diagnosis, causing difficulties in detecting certain types of faults and thus slow diagnosis. 28 Active approaches may enhance fault detectability and reduce the overall fault-diagnosis time. However, continuous probing or excitations for detecting faults may severely deteriorate the controller performance. For most applications, it is therefore desirable to balance excitations for improving the fault diagnosis with the primary control objective by proper tuning of the controller.
This article builds upon and extends, 29 and proposes a nonlinear model predictive control (NMPC) scheme for active control of an observation process in order to estimate the state of an exogenous system while, at the same time, actively detect, isolate and estimate possible sensor faults with adaptive controller reconfiguration to optimize the use of the remaining sensing capability. We consider a class of systems where either or both of the controlled and exogenous systems are nonlinear, and we impose a parametrization of the type of faults considered. A scalar index is designed to capture the observability properties of such parameters combined with the state of the exogenous system. Then, an NMPC scheme is designed to minimize this performance index and thereby drive the primary system to maintain the observability of both the state of the exogenous system and the fault parameters.
Our approach is reminiscent of fault-tolerant MPC, [30][31][32][33][34] yet the majority of sensor-fault tolerant NMPC formulations are based on switching to a set of healthy sensors upon detection of a fault, and to a large extent limited to linear systems. 35,36 By contrast, we propose a nonlinear fault-tolerant NMPC (FTNMPC) approach with adaptive reconfiguration, seeking to retain fault tolerance through the use of remaining sensing capabilities and not relying on mode switching or a set of back-up, redundant sensors. Our main contribution is the design of an NMPC controller for simultaneously controlling an observation process to monitor an exogenous system, while providing excitations of the controlled system to actively detect and diagnose sensor faults. We propose a parameter estimation scheme for fault diagnosis that, through the sensor fault-parametrization, enables the fault estimation to be added upon any existing, tailored state estimation scheme for the exogenous system. A contribution is thus also the joint design of both a fault-tolerant controller and a fault detection and estimation scheme.
The remainder of the article is structured as followed. In Section 2, we define the problem considered. Section 3 provides background on nonlinear observability and on design aspects of NMPC for controlled observation processes. Section 4 presents the proposed NMPC scheme and the control architecture, with Section 4.4 describing the estimation scheme for the fault parameters. Section 5 presents analysis of the closed-loop trajectories of the proposed scheme together with underlying assumptions for performance guarantees. In Section 6, we then illustrate the proposed scheme on an example with a single moving object. Concluding remarks in Section 7 ends the article.

PROBLEM STATEMENT
This section introduces the controlled observation process and the control objective. We consider dynamic observation processes consisting of a primary, controlled system that observes, through a set of measurements, an exogenous system to estimate the state of this system. The primary system is described by a continuous-time model where the input vector u(t) ∈ R m is constrained as follows where the set-valued map  ∶ R ⇉ R m denotes the time-varying input constraint set, and t 0 and x 0 =x(t 0 ) are initial time and the initial state vector, respectively. Furthermore, leṫ denote the model of the observed, exogenous system with state vector x e (t) ∈ R n e and initial condition x e,0 ∈ R n e , and where w(t) ∈ R n w denotes a disturbance vector. The state vectors of the primary and exogenous systems are constrained as follows where the set-valued map  ∶ R → R n denotes the time-varying state constraint set. State constraints for the primary system (1) in an observation process may typically be related to physical barriers, obstacles, or areas in which the system cannot enter, while input constraints are due to limitations in the available control actuation.
The primary system observes the exogenous system through the nominal observation model where y e (t) ∈ R n y denotes the observations corrupted by noise v(t) ∈ R n v .

Assumption 1.
Either or both of the functions g (t, x e (t), w(t)) in (3) and h n (t, x e (t), x(t), v(t)) in (5) are nonlinear.
Note that as y e (t) depends on both the state of the primary system and the exogenous system, the primary system may shape the quality of the measurements y e (t) ∈ R n y by controlling its own state evolution.

Assumption 2.
The state of the exogenous system is estimated with a given, available observeṙ where x o (t) ∈ R n o denotes the internal state of the observer, with initial condition x o,0 ∈ R n o , andx e (t) ∈ R n e is the estimate of the state of the exogenous system.

Assumption 3.
The state x(t) of the primary system (1) is available for all t≥t 0 .
Our objective is to design a control scheme that (i) favors closed-loop state and input trajectories for the primary system (1) rendering the exogenous state x e (t) observable, (ii) sufficiently excites the primary system for sensor fault detection, and (iii) adaptively reconfigures the controller upon a sensor fault in order to maintain high-quality estimatesx e (t) of the exogenous system.

BACKGROUND
In order to address the control problem presented in the previous section, we use an observability-based NMPC approach where the system is steered to maintain a specific set of states and parameters observable when using a varying observation model. Toward this goal, this section recalls some results from the literature on observability and NMPC.

Nonlinear observability
The property of observability concerns the capability of distinguishing different states of a system using known input and output signals. 37 A key property that will be exploited in the design of the proposed scheme is that the state observability of a generic nonlinear system and observation model may depend on the current state and input of the system, and thus by suitably controlling the system, it is possible to influence the observability of the state. Consider a general systemẑ with z(t) ∈ R n z and y(t) ∈ R n y . The following algebraic test defines an observability rank condition for nonlinear systems. [37][38][39] Definition 1 (Observability rank condition). Let the r-length observation map of (7) be defined as is the ith order Lie derivative, with  0 denote the rn y ×n z observability matrix of (7) given the input u(t). The observability rank condition for system (7) is said to hold at a point (z 0 ;u 0 ) if rank(O(z 0 ; u 0 )) = n z .
A system (7) satisfying the observability rank condition (11) at (z 0 ;u 0 ), is said to be locally weakly observable at this specific state. 37,40 Essentially, this implies that knowing the input and output signals of the system, it is possible to instantaneously distinguish z 0 from all other points z in a neighborhood of z 0 . The observability rank condition is only a sufficient but not a necessary condition for local weak observability. 37 Moreover, for nonlinear systems there is no universal law for choosing the number of derivatives r−1 in the definition of Φ(t,z(t),u(t)) in (8). Therefore, a common approach is to increase r until the matrix O(z;u) retains full rank for some considered values of (z,u).

NMPC formulation
To design a sensor-fault tolerant NMPC scheme for controlled observation processes, we apply a multiobjective type NMPC formulation. 41 We consider a continuous-time framework, as it allows a compact derivation of an observability stage cost, which will be made clear in the remainder of the article. By using NMPC to control the primary system (1), we seek to exploit the predicted trajectory of the exogenous system by means of the model (3) and thereby optimally control the primary system subject to the constraints (2) and (4). In the sampled-data NMPC approach, we solve at each sampling instant t i ∈  ∶= {t 0 , t 1 , …} the finite horizon optimal-control problem (t i , x(t i ),x e (t i )) defined as follows: with In (12), J T (⋅) is the finite horizon cost, corresponding to the performance index of the NMPC controller, composed by the stage cost l ∶ R ≥t 0 × R n × R n e × R m → R and the terminal cost m ∶ R ≥t 0 × R n × R n e → R, which is defined over the time-varying terminal set where the functions l s ∶ R ≥t 0 × R n × R n e × R m ⇉ R and l O ∶ R ≥t 0 × R n × R n e × R m → R denote a stabilizing stage cost and an observability index or observability cost function, respectively. The bar over the input and state variables is imposed to distinguish these internal NMPC controller variables from the real system variables. The stage cost l s (⋅) in (14) may be any stabilizing stage cost, 42 while a typical choice for observation processes is a tracking objective ||x( ) − x e ( )|| Q for some positive definite matrix Q. Separation of the NMPC stage cost (14) into a stabilizing term and a term for improving observability may be associated with dual regulatory and economic NMPC, 43,44 that is, an observability index may be regarded as an economic-type stage cost.
Corresponding to the conventional receding horizon control policy, the solutionū * (⋅; x(t i ),x e (t i )) to the optimal control problem (12) is applied to the system from time t i up until the next sampling instant t i + , defining the implicit NMPC feedback control law where is the sampling time which we assume constant. Observe that at the generic sample time t i , the finite horizon optimization problem is (12) build using the estimatex e (t i ) provided by the observer (6), resulting in an output feedback NMPC controller. The terminal cost m(⋅) and terminal set  T (t) in (12) are important for the performance and the properties of NMPC controllers. 42 We address the design and required properties of these features in the closed-loop analysis in Section 5. In Section 4, we hence focus on the design of the stage cost (14) and in particular the design of the observability index l O (⋅).

Improved observability with NMPC
Our NMPC design-objective described in Section 2 involves an extended observation problem: observability of the exogenous system and sufficient excitations for fault detection. Yet, these problems are closely related and seek to choose as next data point the one that maximizes an information quality measure of the observations. Several works have studied the design of NMPC controllers for ensuring observable trajectories or minimizing some uncertainty measure of either the state vector or a set of unknown parameters. Hovd and Bitmead 45 augmented the quadratic stage cost with a covariance-based cost term by adding the Riccati equation as constraints and linearizing the system along the prediction horizon. Böhm et al. 46 imposed a lower bound on the determinant of the observability matrix to enforce a minimum level of observability, while 17,29,47 formulated a stage cost that includes a scalar measure of the observability matrix. Larsson et al. 48 and Telen et al. 49 included a cost term based on the Fisher information matrix of a set of unknown parameters, while Heirung et al. 50 proposed a dual adaptive NMPC scheme combining probing of the system to minimize the expected output error with controlling the nominal system. Marafioti et al. 51 constructed a discrete-time constraint formulation with state-feedback that guarantees closed-loop persistently exciting (PE) inputs with respect to the estimation of unknown parameters, while Chen et al. 52 formulated an approximate PE-NMPC by ensuring an increase of the lowest eigenvalue of the parameter estimate information matrix. Houska et al. 53 proposed an NMPC formulation incorporating an economic optimal experiment design criteria that minimizes the predicted loss of control performance in the presence of measurement noise. To the best of our knowledge, designing an NMPC scheme that actively excites the system both for ensuring state and parameter observability has not been addressed.

AN NMPC SCHEME FOR FAULT TOLERANCE IN OBSERVATION PROCESSES
In this section, we exploit the formulation of the NMPC scheme in Section 3.2 for our controller design-objective, whereby we exploit the stage cost l O (⋅) in (14) as a means of incorporating a measure of observability of the exogenous state and for active fault detection. Toward this design, we need a representation of the sensor faults considered.

Fault representation
Sensor faults may appear and evolve in many different forms, 28 challenging the way faults are represented for control and estimation purposes. As in general system identification, faults may be represented by a parametric 54 or a nonparametric approach. 55 Extending an existing observation model with parameters to represent faults is relatively straight forward. In addition, parametric representations of faults often yields models that are linear or affine in the parameters for which there are well-established (recursive) estimation techniques. Consequently, we apply for our proposed NMPC scheme a parametric fault representation. Equation (5) denotes the observation model in the absence of sensor faults. Parametric fault modeling requires, in general, one to represent the faults either as additive, bias, drifting-type faults, or as multiplicative faults. 28,56 We confine the design of an FTNMPC scheme to multiplicative sensor faults, and define a time-varying diagonal matrix Ψ(⋅) as with (t) ∶= [ 1 (t) , 2 (t) … n y (t)] ′ ∈ R n y and the resulting output model The nominal, fault-free case hence corresponds to (t) ∶= [1 , 1 … , 1] ′ ∈ R n y . Sensor faults differ in how difficult they are to detect. 57 Complete sensor faults, that is, j (t)=0, that results from loss of contact, broken wires, physical barriers or other lockouts of the observations, may be fairly easy to detect. Partial sensor faults may originate from, for instance, partially interrupted measurements, stuck outputs, incoherent measurement sequences, and partial camera blockages. The challenging detection problem with combinations of these types of faults, that is, faults that evolve both as abrupt and incipient faults, may be alleviated by an active detection scheme.

Indices of observability
Our objective is to design a controller that favors closed-loop state and input trajectories that make the exogenous state x e (t) observable and sufficiently excites the primary system for sensor fault detection. For this purpose, we use the NMPC design described in Section 3.2, with a deterministic measure of observability based on the observability rank condition in Definition 1. This section addresses the design of such measure of observability.

Design of the nonlinear observability matrix
Depending on the system under consideration, the computation and resulting algebraic expressions of an observability matrix that satisfies the observability rank condition in Definition 1, whenever it exists, may be highly complex. This is due to a possible high value of the r−1 number of output time derivatives required to meet the rank condition. To retain numerical tractability of the NMPC formulation, it is hence desirable to choose a design approach that requires as few as possible output time derivatives. This section compares two approaches for computation of the observability matrices together with associated lower bounds on the value of r that are required to meet the associated observability rank condition. Specifically, we consider the following two approaches: An augmented system approach, where the design of the observability matrix is carried out considering an augmented vector of the exogenous state and sensor fault parameters, and a cascaded state and sensor-fault parametric system constructed by considering estimation of x e (t) and (t) by means of sequential estimation. 39,58,59 A particular motivation for considering the latter is that the parametrization for multiplicative sensor faults appears linearly in (16b).

Proposition 1 (Augmented system). Consider the augmented system
with z(t) = [x e (t) (t)] ′ ∈ R n e +n y and Ψ ( (t)) defined in (16a). To satisfy the observability rank condition (11) for (17) at a point (z 0 ;x 0 ,u 0 ) during d ∈ N ∶ 1 ≤ d < n y complete faults in the outputs (17b), the r−1 number of derivatives in the output Proof. The observability matrix for the augmented system (17) has the block structure where diag denotes a diagonal matrix with the Lie derivative of h n in the direction of g. A single, complete fault in a sensor j, that is, j (t)≡0, will cause each row j+kn y ,k=0,1,… ,r, to be linearly dependent, since each of these rows will have zero elements only except for the element in column n e +j. This reduces the maximum row rank of (18) with r−1. During d ∈ N complete sensor faults such that 1≤d<n y , the maximum row rank of (18) will be rn y −d(r−1). To retain rank(O z (x e (t), (t);x(t),u(t))=n y +n e when evaluated at a point (z 0 ;x 0 ,u 0 ) at time t 0 during d ∈ N complete sensor faults, we must have and hence choose r such that witĥ0 =̂(t 0 ) being a parametric input, and the linear systeṁ =u 0 evaluated at the current state and input of the primary system and at a given estimate of the exogenous system. Moreover, consider the case with d ∈ N number of complete sensor faults in the outputs (20b), with 1≤d<n y . To satisfy the observability rank condition (11) at a point (x e,0 ; x 0 , u 0 ,̂0) for (20) and at a point ( ;x e,0 , x 0 , u 0 ) for (21), respectively, the r−1 number of derivatives in the output map (8) must be chosen such that for the system (20), and 2. r=1 for the system (21).
Proof. During d ∈ N complete sensor faults, rd number of rows of the rn y ×n e observability matrix O x e (x e (t); x(t), u(t),̂0) of the system (20) witĥ0 =̂(t 0 ) as parametric input will have all elements equal to zero due to the multiplication witĥ 0 for each row, leaving at most r(n y −d) independent rows. In order for O x e (x e (t); x(t), u(t),̂0) to have full rank when evaluated at a point (x e,0 ; x 0 ,̂0), there must be at least as many independent rows as columns, hence there must be at least r(n y −d)≥n e rows. This proves the lower bound (i).
The bound in (ii) follows immediately from the observability matrix of linear systems witḣ= A with A≡0, thereby yielding O ( (t);x e,0 , x 0 ) =Ĉ 0 as an n y ×n y matrix. ▪ (21) is well known to be equivalent with the standard, multivariable PE condition. 60 Cascaded system considerations are common in design of adaptive observers, requiring observability of the nominal system together with some PE requirement for the time-varying parameters. 39,[61][62][63] However, formulating a criteria for active fault detection based on the persistency of excitations condition is more involved compared with using the rank observability criteria of (21). 51 Even though the matrix O (⋅) of the linear (parameter) system (21) will in general be nonlinear, its simple square form without requiring computation of Lie derivatives provides an easier and more tractable way of active fault detection with NMPC compared with a PE criteria.

Observability of a linear, time-invariant system
It is worth noticing that Proposition 1 and 2 provide only lower bounds on the number of output time derivatives required to meet the observability rank condition. Comparing Proposition 1 and 2, formulating an observability index based on the rn y ×(n y +n e ) observability matrix for (17) opposed to formulating separate observability indices based on the rn y ×n e observability matrix for (20) and the n y ×n y matrix for (21), generally increases the complexity of the algebraic expressions due to the higher number of required output derivatives. This may cause a significant increase in numerical complexity of the observability index and hence of the resulting optimization problems, particularly for systems with a high-dimensional exogenous state x e (t). Because of this, we focus in the remainder of the article on the approach with the cascaded system (20) and (21) as described in Proposition 2.

Design of observability index
This section presents a design of the observability index l O (⋅) in (14) based on the cascaded state and sensor-fault parametric system formulated in Proposition 2. Specifically, the observability index in the NMPC stage cost (14) is decomposed in two observability indices, one for x e (t) and one for (t), as follows We denote by O x e (x e (t); x(t), u(t),̂0) the observability matrix for the exogenous system (3) with the output model (16), and define the observability index for x e (t) as with k x e ≥ 0, and where 1 >0 is a small nonnegative smoothing parameter added for numerical robustness. an inverse barrier function. 64 However, contrary to conventional inverse barrier functions, we do not seek solutions at the boundary of the feasible region. Consequently, the gain k x e can be fixed at a tuned value, and not iteratively reduced to zero. Similarly, as observability index for the linear system (21) with the output model (16) representing the sensor fault-parameters, we use with as defined for (21), resulting in a diagonal matrix observability equal toĈ 0 as defined in Proposition 2. k ≥0 is a tunable gain, and 2 >0 a smoothing parameter. Observe that although O ( x( ), x e ( ),ū( ) ) is quadratic and hence allows direct determinant evaluation, its determinant may be indefinite along the predicted trajectory. Imposing the index (24)  We comment that there exist several alternative measures of observability, including the minimum singular value or condition number of O(⋅), the trace of O(⋅) ′ O(⋅) and empirical local observability Gramians. 66,67 The proposed criteria, however, is generally easier to compute algebraically than the minimum singular value and the condition number. Furthermore, log barrier functions or exact penalty functions may be considered for alternatives to the inverse barrier type costs (23) and (24), see, for example, Boyd and Vandenberghe 64.
Remark 1. Even though additive faults can be considered from the formulation of the observability index (24), and indeed would yield an observable linear system {̇= 0, y(t) = C 0 + (t)} instead of (21), the corresponding observability matrix O in (24) would hence be a constant and not affect the optimal control-inputsū * (⋅; x(t i ),x e (t i )) . Remark 2. In Section 4.1, we proposed a linear representation of the sensor faults, which is most commonly used for fault parameters. 28 The observability index (24), however, allows for nonlinear representations of sensor faults, though increasing the complexity. Moreover, nonlinear fault representation changes the set of suitable parameter estimation techniques.
Remark 3. The stabilizing cost l s (⋅) may for some systems be considered as an implicit part of the particular observation model of the exogenous system. Examples of the latter include systems with locally rather than globally supported measuring devices, 5 systems where the signal-to-noise ratio increases with a distance metric between the primary and exogenous system, 2 or systems where an exact globally defined observation model is unobtainable.

Sensor fault detection and estimation
Section 4.1 introduced a fault parametrization which was used in Section 4.2 to define an index of observability designed to enhance the observability property of both the state of the exogenous system and the fault parameters. This section proposes a method to augment an existing observer to estimate changes in the fault parameters. Specifically, using the fault parametrization introduced in (16), this section discusses means of modifying the observer (6) to handle and account for possible sensor faults and, as such perform state and parameter estimation [ 58, Ch. 9]. As stated in Assumption 2, we assume that some observer scheme (6) is already available and implemented for estimation of x e (t), whose form depends on the particular system (3) and the application. Consequently, we seek to construct a fault-detection and estimation scheme that can be added to the already existing state estimation scheme. There exist numerous techniques for fault diagnosis, 28,68,69 with state estimation, parameter estimation and combinations thereof as commonly applied methods. A goal for the control problem we consider is to handle complex evolving sensor faults. To this end, we seek to detect, isolate and estimate the magnitude of both abrupt, step-wise faults, slowly varying incipient faults, and combinations of these two. Irrespective of which estimation technique that is applied, the fault parametrization should account for time variations of (t) due to the occurrence of faults. To this end, the dynamics of (t) is often modeled aṡ( for some unknown signal w (t) that determines the occurrence of the fault. A common approach to estimate the unknown evolution of (t) is to impose w (t) as zero-mean Gaussian noise with covariance Q , thereby modeling (t) as a random walk. 58,69,70 One possible approach for estimating (t) is to augment the state x e (t) with (t) as in (17) with the model (26), and apply the chosen nonlinear estimation scheme for simultaneous state and parameter estimation. For the commonly applied extended Kalman filter (EKF), this amounts to an augmented Kalman filter which is known to have convergence issues particularly if the noise covariances are unknown. [71][72][73] Dedicated observer schemes with a bank of observers may also be applied. 74 An alternative approach is to impose the estimation of the exogenous state and the sensor fault parameters by means of an adaptive estimation approach. This can be obtained by modifying, if possible, an existing observer scheme (6) with an appropriate parameter adaption law, 39,62,75,76 or by separate parameter estimation and application of a sequential or dual state and parameter estimation scheme. 58,[77][78][79] Parameter estimation techniques are particularly suited for estimating multiplicative faults [ 28,Ch. 11],. 68,80 The parametrization (16b) also facilitates linear parameter estimation, in particular recursive least squares (RLS) estimation, with the associated benefit of exponential convergence if the regressor is PE. 58 Consequently, to enable a simple addition of a sensor fault diagnosis scheme to an existing observer (6), as well as to align with and benefit from the structure (22) for excitations with respect to the fault parameters, we implement an RLS scheme for estimation of (t) that interacts with the observer (6) and the system as indicated in Figure 1

Covariance-resetting mechanism
While the added white noise (26) ensures that the covariance matrix P of the (t) fault parameters is bounded away from zero and thereby improves diagnosis of slowly developing faults, we modify the RLS scheme to improve its ability F I G U R E 1 Illustration of proposed FTNMPC scheme. to detect and estimate the magnitude of abrupt faults. To this end, we implement a covariance-resetting mechanism, 81 in which we reset P to some multiple times the initial covariance, that is, P =k d P (0) with k d ∈ N, if and for each time one the estimateŝj(t k ), j ∈  , satisfies the inequality where ,j is the standard deviation of the artificial noise in (26). With (27) as a type of abrupt-fault detection mechanism, we implement a logical structure to ensure a delay in succeeding reset of P .
Observe that the proposed scheme with sequential, interconnected estimation of (t) and x e (t) is closely related to (recursive) prediction error methods and approximate expectation maximization algorithms, see, for example, References 82 and [ 78,Ch. 11]. Moreover, note that we may extend the proposed fault-diagnosis scheme with parallel running filters and additional parameters in (16) to detect and estimate additive (bias) in addition to multiplicative sensor faults, see [ 28,Ch. 11].  (23) and (24), respectively. 4. Transfer the symbolic algebraic expressions of l O x e (⋅) and l (⋅) to the chosen software for solving the optimal-control problem (12), and impose as terms in the objective function (13).

Notes on numerical implementation
The symbolic computations of l O (⋅) are all performed offline and prior to online implementation of the proposed FTNMPC scheme. Symbolic computation of the Lie derivatives and the observability measure, either the proposed determinant-based measure or other observability measures, is generally limited to relatively low-dimensional systems. This includes, for instance, exogenous systems consisting of one or a few moving objects and a primary system with a limited number of independent measurement devices observing the moving objects.
Upon derivation of l O (⋅) as described above, the solution to (12) of the proposed FTNMPC scheme can be obtained by methods and associated software for solving standard constrained optimal-control problems, for example, by means of a collocation method or multiple shooting, and solution of the corresponding nonlinear programming (NLP) problems by use of some suitable NLP solver. The final algebraic expressions for the observability measures (23) and (24) may be strongly nonlinear and complex, thereby impeding efficient numerical solution of the NMPC optimization problem. Some care and initial numerical experiments should therefore be performed during implementation of (12) to analyze whether simpler algebraic expressions or extended constraint formulations may be imposed to alleviate the computations. The type and size of the exogenous system as well as the observation model (5) may impact the choice of a suitable numerical method for solving the optimal-control problem (12), see Nicholson et al. 83 for an overview of available methods and software. For scenarios where solving to optimality the resulting NLP upon discretization of (12) is computationally prohibitive, additional measures to reduce the computation time are early termination of the NLP solver, applying a heuristic optimization method, 20 and using an improved computational platform.

CLOSED-LOOP ANALYSIS
The control scheme proposed in this article exploits an optimization-based controller to favor highly observable closed-loop trajectories, despite possible sensor faults. We adopt a penalty approach to address the problem of loss of or reduced observability of the exogenous system (3), and show the effectiveness of the proposed approach via numerical simulation in Section 6. Below, a formal proof is introduced to guarantee existence and boundedness of the closed-loop trajectory under certain assumptions, as well as recursive feasibility of the proposed NMPC scheme. To this end, this section introduces some standard assumptions from the MPC literature and recalls an input-to-state-stability property of NMPC controllers. 44 In addition, we address the combination of the observability problem with the control problem of stabilization. Let ∈ R n denote a variable of the system that we wish to keep bounded, with the associated dynamical model where 0 = (t 0 ) is the initial-state vector. The selection of can vary depending to the application. As an example, we may choose (t)=x(t) if we seek boundedness of the entire state of the primary system (1). Alternatively, may be chosen as a subset of x if, for instance, the primary system consists of several subsystems observing the exogenous system and we seek boundedness only on some of the states of the primary system. Depending on the selection of the vector , the state constraint set (t) and the terminal constraint set  T (t) result in constraints on the vector as follows Next, we state some standard assumptions from MPC literature. 44 Assumption 4. The function f (⋅), introduced in (28), is locally Lipschitz continuous in , piecewise continuous in u and t in the region of interest, and without loss of generality, f (t,0,0)=0, for all t≥t 0 . Moreover, f (⋅) is bounded for bounded states, that is, the set is bounded for any bounded set ⊂  n .
(i) The state constraint set (t) and the terminal set 0 ∈  T (t) ⊆ (t) are closed, connected, and contain the origin for all t≥t 0 . The input constraint set  (t) is such that 0 ∈  (t) for all t≥t 0 . (ii) The stabilizing stage cost satisfies l s (t,0,0)=0 and there is a class- ∞ function ∶ R ≥0 → R ≥0 such that l s (t,x,x e ,u)≥ (|| ||) for all (t, x, x e , u) ∈ R ≥t 0 × R n × R n e × R m . (iii) The function m(⋅) is positive semidefinite.
(iv) For any given tuple (x, x e , u) ∈ R n × R n e × R m the functions l(t,x,x e ,u) and m(t,x,x e ,u) are uniformly bounded over time. (v) There exists a feasible auxiliary control law k aux ∶ R ≥t 0 × R n → R m , defined over the terminal set  T (⋅), such that, for the closed-loop system (28) with u(t)=k aux (t, ), with initial time and state pair (t,̂) ∈ R ≥t 0 +T ×  T (t), the state and input vectors satisfy (t) ∈  T (t) and u(t) ∈  (t) , respectively, and the condition holds for any >0.
Assumption 7 (Stabilizability). Consider the constrained system (28), (2), (4) and the open-loop MPC problem (12). For all (t,x,x e ) ∈ R ≥t 0 × R n × R n e with (t,x,x e ) feasible, there exists a control law u f (t) such that the closed-loop system (28) with u(t)=u f (t), t 0 =t, and 0 =̃has feasible state and input trajectories, that is, satisfying (2) and (4), and the inequality Assumption 3 on state feedback of x(t) makes it possible to choose (t)=x(t), in which the design requirements given in Assumption 6 ensure recursive feasibility of the open-loop MPC problem (12).

Proposition 3 (Recursive feasibility). Let (t)=x(t), and hence  T (t) =  T (t) and (t) = (t). Suppose that Assumption 3 to 6 hold. Then
Proof. Assumption 6 ensures that the terminal set  T (t) is positively invariant for the control law u(t)=k aux (t,x) for all x ∈  T (t). 84 State constraints and the terminal set in the open-loop MPC problem (12) are only enforced for the primary system's state x( ). Consequently, any estimation error ofx e (t) and̂(t) will not affect the feasibility of (12). Moreover, the observability indices (23) and (24) in l O (⋅) are formulated such that the optimal cost J * T (⋅) in (12) is finite due to 1 , 2 >0, irrespective of any possible loss of observability due to sensor faults, and by the input sequence {ū * ( )} =t+T =t being bounded by the input constraints  ( ). Feasibility of (t 0 , x(t 0 ),x e (t 0 )) hence implies feasibility of (t i , x(t i ),x e (t i )) for all i≥1. 42,84 ▪ Next, we state the main result of this section. (14), is input-to-state stable (ISS) with respect to the observability stage cost, that is, there exists a class- function (⋅) and a class- function (⋅) such that for any initial state (t 0 ) ∈ (t 0 ) and any bounded B defined as
Proof. The proof follows from the fact that a system in closed-loop with an stabilizing MPC controller is ISS with respect to a bounded additive performance index, 44 in this case represented by the observability stage cost (22). Notice that the fact that 1 , 2 >0, in the definitions (23) and (24), guarantees that the observability stage cost is always bounded. Thus, a value B<+∞ always exists. ▪ Theorem 1 has two main implications. For the case where the only purpose of the control scheme is to drive the system through highly observable trajectories, the latter theorem provides a set of sufficient conditions to guarantee that the closed-loop trajectory of (28) with the proposed NMPC scheme exists, is feasible, and bounded. This can be achieved with a suitable design of a terminal set, terminal cost, and (an arbitrarily small) stabilizing stage cost. In particular, a terminal set  T (t) that satisfies Assumption 6 can be designed by the approaches described in Alessandretti et al. 44,85 , or other approaches such as those described in Amrit et al. 86 and Maree and Imsland 43 may be adopted.
In addition, Theorem 1 provides a qualitative analysis of the behavior of the closed-loop system when combining the observability control problem and the stabilization control problem. Imposing a significant weight to the stabilizing stage cost, the proposed scheme renders closed-loop trajectories that seamlessly balance the observability objective with the stabilization objective. In practice, the state trajectory will converge to a bounded region around of the desired state, where the size of such region increases with the magnitude of the observability stage cost and is used to improve the observability properties of the closed-loop trajectories.
Remark 4. If, for some observation process, it is desirable to impose joint state constraints on x(t) and x e (t), this can be implemented in (12) by modifying the constraints sets (t) and  T (t). Recursive feasibility is in general lost in such cases unless soft-constraints are applied, or additional assumptions and requirements on the primary and exogenous systems, the NMPC controller and the speed of the observer (6) are imposed. See Findeisen et al. 87 and Kögel and Findeisen 88 for further directions.
Remark 5. The proposed penalty approach is designed to drive the primary system to undertake information-rich trajectories of the exogenous system and for sensor fault detection. Provided that there exists a trajectory x o (t; x(t i ), u(t)) of the primary system (1) that renders the exogenous system (20) and the sensor fault parameters in (21) observable, and that the ratios k x e ∕ 1 in l O x e (⋅) and k / 2 in l (⋅) are set sufficiently high such that the optimal cost J * T (⋅) along x o (t; x(t i ), u(t)) , t ≥ t 0 is strictly less than the cost along any unobservable trajectory x u (t; x(t i ), u(t)) , t ≥ t 0 , the proposed scheme will seek to steer the primary system along x o (t; x(t i ), u(t)). Hence, observability is preserved by optimality of the solution to (12), provided that such a trajectory exists. This, in contrast to conventional stabilizing output feedback NMPC for which there is no mechanism that prevents the controller to steer the system through unobservable or poorly observable states.

NUMERICAL SIMULATIONS
This section illustrates the effectiveness of the proposed scheme via numerical simulations. We consider the problem of estimating the position of a moving object or target by controlling a mobile vehicle with remote, relative sensing capabilities. The primary system is the mobile vehicle, which is modeled as a nonholonomic unicycle-type vehiclė where p(t)=[p x (t),p y (t)] ′ is the position and (t) the heading of the mobile vehicle, and where v(t) and (t) are the linear and angular velocities, respectively. The control inputs u(t) are the velocities v(t) and (t) bounded by the box constraints State constraints are not present in the current example, but could, for instance, be one or several physical obstacles that the mobile vehicle must circumvent. The dynamics of the exogenous system (moving object) is described by the double integratorṗ where p e (t)=[p ex (t), p ey (t)] ′ is position and u e =[u ex (t), u ey (t)] ′ the velocities of the moving object, and w e (t) is a disturbance vector with zero-mean Gaussian noise. We add w v (t) as a zero-mean Gaussian signal to represent slow-varying changes in the velocity vector. The nominal observation model measures the relative position of the moving object in the frame of the mobile vehicle using the combination of range and direction measurements. These observations y(t)=[y b (t),y r (t)] ′ are composed of bearing measurements and range measurements where v(t)=[v b (t) ′ ,v r (t)] ′ denotes measurement noise and (t)=[ 1 (t), 2 (t)] ′ the sensor fault parameters. We assume that the mobile vehicle has noise-free access to its own state.
For the stabilizing and terminal cost, as well as the terminal set in the NMPC formulation (12), we adopt the controller design described in Alessandretti et al. 85 with prediction horizon T=0.7 s and sampling time 0.1 s. We implement a continuous-discrete EKF for the observer (6) to estimate the state of the moving object, see, for example, Simon, 89 and the RLS scheme outlined in Section 4.4 to estimate the sensor fault parameters (t) in (36). We set the covariance matrix Q in (26) to be diagonal with variance 2 = 0.01. The variance of the measurement noise v(t) in (36) is set to 0.05. As described in Section 4.5, we use MATLAB symbolic toolbox to compute the algebraic expressions for l O x e (⋅) and l (⋅), with r=2 for computation of O x e . Furthermore, we use the ACADO toolbox 90 in MATLAB to solve the optimal-control problem (12) in the NMPC scheme. All computation are performed on an Intel Core i7-4600 processor with 16 GB of RAM.
To illustrate the proposed scheme's ability to detect and compensate for sensor faults, we simulate the following fault scenario: After t=7 s, the bearing measurement starts to slowly degrade in a Sigmoidal fashion with 1 (t) evolving as with a=−0.2 and t a =29, causing a sudden steep drop ending in a complete sensor fault after t=13 s. At t=19 s, the bearing measurement becomes again healthy, while at the same time the range measurement starts to degrade with a pattern similar to (37) with a=−0.9 and t a =29, that is, with a slower degradation in performance than during the fault in the bearing measurement. The range measurement fault stabilizes at a partial fault with value 2 =0.15. The velocities of the moving object, unknown to the mobile vehicle (primary system), is set to u ex (t)=0 and u ey (t) = 0.01 sin(0.02t).
In Figure 2, we show simulations with the gain k in the observability index l O (⋅) set to k =1 and k =0, respectively, and the gain k x e = 10 3 in both simulations for the index l x e (⋅). For both simulations, the primary system (mobile vehicle) switches between orbiting around the moving object and exhibiting small excitations around its current path at a distant from the object. For k =1 in Figure 2A, the mobile vehicle is seen to exhibit a more unstructured or changing motion compared with the motion of the mobile vehicle for k =0 in Figure 2B. This is a result of the nonzero observability index l O (⋅) that excites the mobile vehicle to improve detection of sensor faults, in addition to the preservation of observability of the moving object by means of the index l x e (⋅). The orbiting motion of the mobile vehicle is a characteristic that has been observed for similar systems. 29,85,91 To compare these results of the proposed scheme, we show in Figure 3 the case with no observability indices in the objective function (13), and hence only the stabilizing stage cost l s (⋅) that seeks to keep the mobile vehicle sufficiently close to the moving object for the observation process. Upon onset of the slowly developing fault in the bearing measurement after t=7 s, the primary system quickly loses its ability to estimate the position of the moving object as seen from Figure 3A. Furthermore, the system fails to identify the sensor faults displayed by the high j (t) estimation errors shown in Figure 3B. This demonstrates the importance of adapting the NMPC controller to reduced sensing capabilities caused by sensor faults in order to maintain the observation process. Average computation time of (12) for each iteration of the NMPC scheme was 0.18 s with the ACADO software implementation. Time series of the estimation errors | j (t) −̂j(t)| for j=1,2 are shown in Figure 4 and display a significant reduction in estimation error with the added observability index l O (⋅) for the sensor fault parameters. Comparing the parameter estimation errors for the simulations with k =1 and k =0, it can be observed that the simultaneous onset of healthy bearing and degrading range measurement at t=19 s is particularly challenging for the case with k =0, that is, with no active detection of the sensor faults. After t=20 s, the error of 2 (t) for k =1, cf. Figure 4b, increases again after being effectively reduced from the onset of the bearing measurement fault at t=19 s; This is caused by an additional resetting of the covariance P . For the displayed simulation with k =1, the mean square error (MSE) for the estimation of x e (t) is MSE x e = 1.02 × 10 −2 , and MSE =1.01×10 −2 for estimation of (t). Correspondingly, MSE x e = 1.67 × 10 −2 and MSE =5.90×10 −2 for the case with k =0, that is, with significantly larger estimation errors. Adding a small gain for the observability index l O (⋅) in the NMPC stage cost thereby leads to faster fault isolation and magnitude estimation in the example, and improves the primary system's ability to quickly adapt the controller to maintain the observation process.
The control performance of the proposed NMPC scheme depends on the relative difference in the gains k x e and k in the decomposed observability index (22). To elaborate on the impact of this gain tuning, we show in Table 1 estimation errors for simulations with increasing values of k , keeping k x e fixed at the nominal value 10 3 . Due to stochastic variables in the example, the MSE values in the Table are computed as average values of four simulations for each value of k . The MSE values are effectively reduced for small values of k , but eventually increases for higher gains. At higher values of k , the observability index l O (⋅) for the sensor fault parameters thus deteriorates the observation process of the exogenous system, causing too high excitations of the primary system for improving the fault detection capabilities. For the given example, a reasonable choice for the gain k would thus be a value between 0.1 and 1.
Finally, in Figure 5  simulation horizon. As a result, whether to add a small index l O (⋅) to improve detectability of sensor faults is eventually a control-design criterion, yielding improved sensing capabilities of the exogenous system while causing more exciting trajectories for the primary system.

CONCLUSIONS
This article has presented a NMPC scheme for controlled observation processes with active sensor fault-detection and estimation. The proposed scheme lends itself to adaptive FTNMPC and does not, compared with the majority of FTN-MPC configurations in the literature, rely on switched controller reconfiguration set externally by a fault diagnosis unit. Moreover, opposed to relying on a set of redundant healthy sensors that can be activated upon detection of a fault, the controller adaptively adjusts the control inputs to the primary system to the new fault-parameter estimate and seeks to maintain observability of the exogenous system by using the remaining sensing capabilities. Yet, the primary system's final ability to retain an effective observation process of the exogenous system upon loss of a sensor depends on the particular system structure as well as sufficient nominal sensing capabilities of the primary system. The decomposition of the observability index into separate terms for the state and fault parameters yields a tractable NMPC formulation that may be regarded as an approximate active learning strategy for jointly improving state and parameter estimates. In addition to fault detection, the proposed scheme may also account for a known or predicted loss of sensing, for instance, planned, time-limited drop-outs of a sensor due to physical barriers between the primary and exogenous systems. Finally, an interesting extension of the proposed scheme is to model sensor faults by a nonparametric approach such as Gaussian processes models.