Fault-Tolerant Model Predictive Control for a Z ( T N )-Observable Linear Switching Systems

Abstract—This work considers the control and the state observation of a linear switched systems with actuators faults. A particular problem is studied: the occurrence of non-observable subsystem in the switching sequence. Hence, the accuracy of the state estimations will decrease affecting the observer-based fault detection algorithms. In this paper, we propose a solution based on a constrained switching control in a predictive scheme. An extension to fault-tolerant control is derived, using several hybrid observers for estimation and fault detection and a reconfigurable finite control set model-predictive controller. The paper includes experimental results applied to a multicellular converter to demonstrate the efficiency of the method.


I. INTRODUCTION
Hybrid dynamic systems (HDS) represent a particular type of supersystems that contain both continuous and discrete subsystems.A linear switching system (LSS) is a class of HDS in which the interaction between its linear subsystems follows a discrete switching law [1].The first proposed classical approaches are based on pulse width modulation (PWM) as an open loop control.Its drawback is the presence of several oscillations around the set points.Others approaches can be found in the litterature with additional purposes like in [2], the author proposes a binary Lyapunov-based control with a commutation limiting constraint to extend switching components durability.Also, finite control set predictive control (FCS-PC) are presented in [3].
Continuous and descrete state estimation need the LSS observability, which led the researchers to find solutions to different problems caused by its switching behavior.Some of those problems suppose that the continuous and discrete states are unknoun and were treated using a sliding mode observer [4].The other problems consider only the estimation of discrete states where some of the proposed solutions use either a sliding mode input reconstruction [5] or Petri networks [6].These approaches use output measurements and the estimated continuous state to determine the operating discrete state of the LSS.In a different context, Luenberger-based observer structures for HDS are researched in [7].All these works assume that all LSS subsystems are observable.In the general case, this is not always true.Some LSS contain unobservable subsystems.Consequently, an extension of the observability property for HDS called Z(T N )-observability is investigated in [8] to allow observer design with partial observability of the targeted LSS.
A particular domain of interest in the HDS control research topic is the fault tolerant control (FTC).Faults are symptoms of noncritical abnormal behaviors of the system.However, if a fault persists it may lead to a failure (critical anomaly) that may destroy the system.The dynamic of HDS may involve high commutation frequencies, reducing switching component lifespan and causing occasional malfunctions.The switch is stuck open or stuck closed, reducing the ability to control the HDS.Solutions are needed to minimize faults impact, to prevent failures and to ensure acceptable performance level of the faulty HDS.
Two major approaches investigate FTC for HDS, passive and active.Passive schemes are based on robust control schemes with limited need to observers, but active schemes involve some kind of fault detection isolation and estimation (FDIE) algorithm to ensure appropriate fault compensation by the FTC module.The isolation and estimation parts require the observability of the HDS.Partial observability or unobservability of some HDS subsystem will hinder the ability of FTC design using classical controller design approaches.In some cases, only fault detection (FD) or fault isolation (FDI) are possible.Z(T N )-observability comes handy in this case, allowing performant active FTC designs if favourable control sequences are ensured.
Getting back to the FDIE step, a popular solution is to design a bank of residual generators.Residual generators are particular observers designed to react only to a specified subset of faults and ignoring the remaining ones.Fault detection is ensured if the residual signals react and converge to a pattern called fault signature, and fault isolation is possible if multiple distinct patterns exist, with a one-to-one ratio with the faults to detect.Fault estimation is achieved if some laws exist linking residual amplitudes with fault severity.Observer based FDIE are model-based, requiring knowledge of the targeted system.One should note that some authors address the FDIE problem in a more general fault detection and diagnosis (FDD) context.Rigorously speaking, diagnosis is performed after system failures and involve artificial intelligence approaches to reconstruct failure causes, while FDIE and FTC are running in real-time and should (hopefully) avoid failures with appropriate actions.
The HDS FTC is complex, since different model types are involved.HDS FTC designs are usually hybrid also.In [9], an observation technique with a higher order sliding mode is used to estimate the residual vector.Additionally, the system is modeled as a discrete automaton and a diagnoser (event-based fault reconstructor [10]) is designed to detect continuous faults.
It can be said, considering the previous works on the topic that an observability ensuring constraint of the switching sequence can lead to a guaranteed performance of the FTC for HDS.Finite control set predictive control (FCS-PC) is a suitable framework to deal with multiple constraints on the control and will be the basis of the proposed contribution.
In this paper, a predictive active FTC scheme for LSS is used to limit the impact of faults and to maintain an acceptable accuracy of the supporting FDI module.Several predictive control algorithms associated with each expected fault are designed.The suitable controller is selected upon the evaluation of the residual vector obtained from the residual generators bank designed according to [11].The strategy adopted in this article is multilayered and covers several areas: FDI, observation and control of LSS.The main motivation is to propose an FTC solution for partially observable LSS.In the predictive scheme, a constraint is maintained in the algorithm to ensure Z(T N )-observability and to increase the FDIE convergence rate.
The rest of the paper is organized as: Section 2 presents the proposed FTC strategy.Section 3 presents the Finite control set predictive control algorithm.Section 4 discusses the observability aspect and contains a background for Z(T N )observability.Section 5 presents FDI procedure.Section 6 includes the experimental results and validates the proposed strategy.Finally, conclusions are given in Section 7.

II. FAULT TOLERANT CONTROL SCHEME
Consider a linear continuous switched system described by: Where, x(t) = [x 1 (t), x 2 (t), ..., x n (t)] the state vector, y(t) ∈ R l is the measured output vector, u(t) = [u 1 (t), u 2 (t), ..., u m (t)] with u i = {0, 1} is a discrete input.C is 1 × n matrix and A(u), B(u) are respectively n× n, n× 1 matrices that change for every new set of the vector u(t).
From (1) and (2) it is possible to deduce another state representation of the switched system described by the following subsystem: Where, s = {0, 1, ..., N − 1 = 2 m − 1} is a discrete state or a configuration mode corresponding to a set of u(t) and A s , B s are respectively n× n, n× 1 constant matrices.
In general, the failures that may happen when dealing with the switched systems are of two types.Failures with effects on the continuous states of the system and failures that affect the hybrid behavior or the discrete states which are treated in this work.
When a fault occurs on a discrete input, a change may appear in the transition to a configuration mode that should not be used by the system under normal circumstances.Also, some of the subsystems may be unobservable and the fault may alter the switching sequences that make the continuous states observable and consequently, the state estimation becomes inaccurate.
In this paper, we focus on failures affecting the discrete states of a switching system.The procedure followed here is to detect the failure in a first step, then to use an input sequence enabling its isolation in a second step and finally to reconfigure the controller to take into account the changes in the system behavior.The isolation sequence is needed because the failure may affect the controller that may choose some sequences making the system non observable.Therefore, after fault detection, a different control sequence must be used to satisfy the Z(T N )-observability until the fault is isolated.
The fault tolerant control strategy adopted here is based on two major blocs as presented in Fig. 1 the controller bloc and the fault detection bloc.The controller bloc is based on several predictive algorithms where each one is related to a predetermined fault model of the process.Whereas, the fault detection bloc is constituted of several hybrid observers Obs M D i where i = 0, 1, ..., m is the i th actuator fault, with a detection and isolation bloc.Each observer is associated with a faulty model of the process (Obs M D 0 is associated to the healthy system), and generates two outputs: the estimated state vector x and a residual estimate r i .The fault detection and isolation procedure is used to detect and identify the fault based on the estimated residual given by all the observers and delivers to the controller bloc the estimated states and the fault if any.The latter reconfigures the control algorithm after receiving the information about the nature of the fault, otherwise the bloc uses the healthy system control algorithm.In order to obtain good results with the proposed FTC scheme, the process must present some redundancies that enable the controller to find solutions to compensate the fault.Further informations about each bloc of the FTC strategy are given in the following sections.

III. FINITE CONTROL SET PREDICTIVE CONTROL FOR SWITCHED SYSTEMS
Generally, the predictive control algorithm is based on a discrete model.In the case of hybrid systems it is possible to use several discrete models where each one corresponds to a different configuration mode of the system.Suppose that the system states are accessible, the discrete sub-models can be obtained from the next approximation for one step horizon: www.ijacsa.thesai.org Where, X(k + 1, s k+1 ) denotes the predicted state over an horizon H p = 1 for a future active mode s k+1 and T e is the sampling time.
After replacing the subsystem (2) into (3) and having x(t) = X(k) when t = kT e , one can obtain the following approximated discrete subsystems: Where, I ∈ R n×n is the identity matrix.Note that for N subsystems, one has N future possibilities.When H p = 2, there will be others N future possibilities for every mode in the previous horizon (H p = 1).So, in total there will be N 2 future possibilities to be selected by the controller leading to N 2 discrete models to be computed.If one expand even more the prediction horizon, it will lead to N Hp discrete models to be computed.That will increase the complexity of the algorithm without having a major improvement [3].In the following, H p will be equal to 1 to avoid complexity in the control algorithm.If the LSS system is controllable, then a cost function for every subsystem is needed to ensure a minimal difference between the outputs and its references.Its expression has the following form: Where, X ref is a vector containing the reference output and Q ∈ R n×n is a weighting matrix.The results are N cost functions for every future mode s = 0, 1, ..., N − 1.The configuration associated to the minimal cost function will be selected by the controller and will be applied on the process each sample time following the next steps: Stability analysis and proof can be found in [12] and experimental control results with measured continuous state are presented in [13] to attest the efficacy of the predictive algorithm.As reported previously, this paper considers the case where the continuous states are estimated and the LSS is subject to actuator fault.Therefore, feedback control with measured states is not the objective here.

IV. OBSERVER DESIGN FOR HYBRID SYSTEMS
Matrices A(u) and B(u) in (1) can be expressed as follows: Where, A j=1,...,m are n× n constant matrices and B j=1,...,m are n× 1 constant matrices.
Then, the switched system (1) can be rewritten as follows [14]: Let consider that for some values of the vector u(t), the state vector is not fully observable, meaning that some of its elements are not observable.Moreover, some elements are observable for another combination of u(t).
The system is then said to be Z(T N )-observable, and verifies the following conditions [15]: (1) Each element of the state vector is observable within at least one time interval.
(2) The components of the state vector that are not observable in a time interval where another one is observable must remain constant during that time.
(3) A time trajectory T N including time intervals verifying conditions 1 and 2 is used in a way that all the components of the state vector are observable within it.
Remark 4.1: In the case of system (8) the first condition is met if each element of the vector state x(t) is observable for at least one value of u(t).Then the second condition is verified if for the same input u(t) the elements that are unobservable are constant.Finally, the third condition is verified if the sequence of inputs used to control the system contains all the combinations that meet the two previous conditions for all the elements of x(t).The system ( 8) is said to be Z(T N ) observable.
The observers used in our predictive strategy are based on a hybrid observer proposed in [16]: Where, K j are the correction matrix gains.
From the above equations the dynamics of the error e = x(t) − x(t) are: With Ãj = A j − K j C for all j = 0, 1...m.
The Lyapunov function is given by: V (x(t)) = e(t) T He(t) where H is a positive-definite matrix i.e (H > 0, H T = H).
The dynamic of the Lyapunov function is given by: It can be seen from equation (11), that if we manage to find H and K j that verifies V < 0, we can achieve error convergence of the observer.

Remark 4.2:
It can be noted that the decreasing rate of the estimation error depends not only on the parameter of the observer but also on the chosen configuration sequences, because of the Z(T N )-observability of the system.Indeed, the difference x j − xj decreases rapidly if the combinations of u(t) for which x j is observable are used more often.Otherwise, the difference decreases more slowly.When using estimated values as feedback in a closed loop predictive control strategy, if the Z(T N )-observability is not taken into account through a convenient sequence of control, then estimation and control results will be affected negatively.A modification to the control algorithm is needed to use adequate control sequence in order to improve the state estimation.

V. FAULT DETECTION AND ISOLATION
The fault detection and isolation procedure is based on the following equation: With R i (0) = r i (0), λ a forgetting factor, r i = y − ŷi is the residual given by the observer associated to the i th fault and ŷi is the estimated measured output given by the same observer (i = 0 corresponds to a no fault status).
Remark 5.1: • When a fault i occurs, it sets the value of u i of the switched system to a permanent value.
• An observer associated to a fault i is based on equation (9) with its input u i equal to the value set by the fault.
Remark 5.2 : The observer associated to the healthy system is not affected by the fault occurrence, its input u i remains connected to the controller.

Assumption 5.1:
• The discrete fault i is detectable, meaning that its occurrence causes a change in the dynamic behavior of the system.
• The occurrence of the discrete fault i improves the estimated states given by the observer related to the fault i.
Theorem 5.1: Assuming that each observer is well defined, if there is not a fault occurrence then there is a real positive value ε 0 such that: Given assumption 5.1, the occurrence of a fault i leads to: Proof: In the case of a healthy system when the fault i = 0, then remark 4.2 is verified leading to: So, there exists a real value r max such that: Also, (??) can be expanded to become: Since 0 < λ < 1, so lim k→+∞ λ k = 0, then: Where, R 0max is a maximum real value containing the weighted sum of the r 0 new values (the residual values that are close to the instant (k + 1) which proves (??).Following remark 5.1, in the case of a fault occurrence, the same reasoning can be followed to prove (??) because the input u i of the faulty system and that of the observer associated to the fault i are equal, which leads to: Where, r imax and R imax are real values.
Also, following Remark 5.2, for every control input u i different from the value set by the fault the observer related to the healthy system does not take it into account leading to: Which proves (??) That also can be said about the other observers that have an input u j =i set permanently to a fixed value, see Remark 5.1, but their other inputs are connected to the controller.So, for every control input value u j different from the value of u j of the j th observer, the latter does not take it into account leading to: Where, r jmax and R jmax are real values, which prove equation (16).
From Theorem 5.1, let consider Ri as a threshold value of R i used to generate a localization signature of the i th fault as follows: Where, sg i = 1 corresponds to the appearance of the i th fault and sg i = 0 means that the corresponding fault did not occur.
The choice of λ in (12) affects the sensibility of the detection.Indeed, a small value attenuates the contribution of the residual's old values and increases the variation speed of R i , which let appear several peaks that can alter the detection of the fault.In the contrary, a bigger value attenuates the peaks and slow down the variation speed of R i .Thus, the time taken in the procedure of detection and isolation of the fault is slower but the accuracy is better.

VI. APPLICATION TO A THREE CELLULAR CONVERTER
The FTC developed above is applied on a real three cellular converter located in LAMIH (Laboratory of Industrial and Human Automation Control, Mechanical Engineering and Computer Science), Valenciennes, France.Multicellular converters are typical examples of hybrid systems, constituted of the association of several cells separated by capacitors.Each cell is formed by two complementary switches where each one has a binary value (0 if open and 1 if closed), which results in a hybrid behavior of the process.Its main objective is to decrease the power supply to a sustainable level for the load when the power source is so elevated.The converter distributes the elevated power between several cells which limits the constraint voltages on the semiconductor components.Moreover, it is possible to control the output current if the semiconductors are manipulated using a suitable control technique.A three cell converter, Fig. 2, has two capacitors, eight operating modes for every combination value of its switches, see Table I, and four output voltage levels.The process is described by the following equation: Where, u i ∈ {0, 1} with i = 1, 2, 3 are binary input variables, X = [V c1 V c2 I] T is the state vector containing the capacity voltages and the output current, E is the the supply voltage, C 1 , C 2 are the capacity values and R − L represents the load.
In general, industrials use an open loop control when dealing with the multicellular converters to reduce the cost of the capacitor voltage sensors.The drawback is the appearance of several oscillations in the output responses with a slow dynamic before attaining the output references.Therefore, an alternative solution would be using closed loop controller with state observers to estimate the capacitor voltages.But, it can be deduced from (??) that the system is not observable for any combination input, as the rank of the observability matrix is inferior to 3. Fortunately, the three cell converter presents several transition modes that meet Z(T N )-observability [17].That will be exploited by the FCS-PC algorithm in order to achieve a proper estimation and acceptable reference tracking.As discussed in Remark 5.2, as long as the sequences insure the Z(T N )observability of the process, the estimation error decreases resulting in an improvement of the real output responses.But, in our case the predictive controller may choose some input combinations that will slow down the convergence rate like mode 0 and mode 7, because they do not satisfy the first condition of Z(T N ) observability mentioned in Section 4. Also, the transitions between mode 1 and mode 6 and between mode 3 and mode 4 do not satisfy the third condition of the Z(T N ) observability.Because in the first transition, both mode 1 and mode 6 have Vc2 = 0, and in the second transition, mode 3 and mode 4 have both Vc1 = 0 as can be seen in (??).Moreover, the convergence is greatly affected by the switches commutation frequencies.Indeed, for a high frequency the observer cannot lose its minimum dwell time in the estimation.Two step are needed to overcome this problem: the first one is to remove mode 0 and mode 7 from the control algorithm.The controller will rely on the input redundancy of the converter to find alternative solutions to attain its objective.The second one is to use a restriction in the same algorithm to prevent transition between the modes having the commutation of two or three switches simultaneously which will decreases the commutation frequency and in the same time will prohibit the transitions not satisfying the Z(T N )-observability.The resulting switching sequences that will be used by the controller is given in Fig. 3.One can find in [3], the modifications in the control algorithm that can be made to allow or to prohibit transitions between operating modes.

A. Materials and methods
The process used to validate the presented FTC approach is constituted of three legs connected to a R-L load (R = 200Ω, L = 1H).We used a three-cell converter, located in the first leg, see Fig. 4. The value of the capacitors between A Matlab program file containing the FTC algorithm was compiled and run by a DSPACE card DS1103.The latter will be used to control the switch gates via its binary outputs after receiving the measurements of the current.

B. Experimental results
1) Predictive control for three-cell converter: Hereafter, the experimental results obtained after using control sequences that meet the conditions of the converter Z(T N )-observability, see Fig. 5 that shows a zoomed view of the inputs switching.Fig. 6 shows, respectively, the capacity voltages V c1 , V c2 and the current load I where the output references are V c 1ref = 10 V, V c 2ref = 20 V, I ref = 0.08 A. The sampling period used is T e = 7 10 −4 s.
The parameters of the observer (9) are obtained by pole placement [16] as follows: The matrices A 0 , A 1 , A 2 , A 3 , B 1 , B 2 and B 3 for three cell converter can be found in [16].The error estimation of V c1 and 0,2 0,4 0,6 0,8  V c2 displayed in Fig. 7 are acceptable and in the same time, the real outputs values in Fig. 5 follow closely enough their references.However, the imposed restrictions on the control algorithm do not come without drawbacks, as it can be seen in the current I response where the fluctuation rate around its reference is significant but remains acceptable.2) Fault tolerant predictive control: Hereafter, the results of the proposed fault tolerant control strategy are shown.As discussed previously, the study focuses on the discrete failure that may happen to the multicellular converter when one or several switches fail to open or to close when needed.
In the literature, very few works cover the problem.In fact, some studies are only restricted to the fault identification without considering the control of the system.One of the reasons can be related to how we can use the remaining operating modes after the appearance of the fault.That issue was solved here using several predictive control algorithms, hence the contribution made in this paper.
The application is restricted to the case where one cell is stuck closed (stuck open, respectively) with a different cell each time to cover all the potential cases.To that end, 7 observers were used, where three are affected respectively to the failure stuck closed of u 1 , u 2 and u 3 , three to the failure stuck open and the last one affected to the non faulty converter.All the observers are based on (??), where the faulty input u i={1,2,3} of every observer is equal to 1 if stuck closed or 0 if stuck open and the non faulty inputs are driven by the controller.All the potential failures and their consequences on the system states are described by Table II.Note that the current I always flows in one direction because of the load.Considering that, one can see that in some cases it is possible to control at least two states of the system.For example, when u 3 is stuck close, V c2 can increase or remain invariable but cannot decrease.However, V c1 is not affected by the failure of u 3 , as can be seen from equation ( 24), so it is controllable and the same can be said for the current since it depends on V c1 .Also, when u 1 is stuck close, V c1 cannot increase and V c2 is not affected by the failure, so it is controllable along with the output current.
There are other cases where it is not possible to control any of the outputs of the converter.For example, when u 2 is stuck closed (respectively stuck open), we can see that V c1 cannot decrease and V c2 cannot increase (respectively V c1 cannot increase and V c2 cannot decrease) and consequently the current I is not controllable.
When u 3 is stuck open, the current source is disconnected and the current I provided by the capacities will obviously decrease until disappearing.When u 1 is stuck open, V c2 is not affected, so we can suppose that it is controllable unlike V c1 .But, in reality that is not true because the path enabling the discharge of the capacities are cut off, so V c2 cannot decrease.Further explanation on that case will be given after displaying the states responses of the converter.
The detection and isolation of the fault in this experimentation is based on Table III where R0 and sg 0 are associated to the healthy mode, R1 , R2 , R3 and sg 1 , sg 2 , sg 3 are respectively associated to u 1 , u 2 , u 3 stuck closed and R4 , R5 , R6 and sg 4 , sg 5 , sg 6 are respectively associated to FAULT DETECTION AND LOCALIZATION prioritize the signature of the healthy system over the others signatures.So, when sg 0 = 1 all the other signatures are ignored and the current fault f is 0 meaning that the converter operates properly.When sg 0 pass from 1 to 0 that means the appearance of a fault.In that case, sg 0 will hold to its value and an isolation input sequence will replace the control sequence for a time delay corresponding to the minimum dwell time for the stabilization of R i related to all the observer.After that, the faulty cell and its type is identified The application will proceed as follows: initially, the three cell converter will operate without fault.After 4 seconds u i={1,2,3} is stuck close (open respectively).When the signature sg 0 pass from 1 to 0, a PWM (pulse wave modulation) input sequence is triggered to isolate the faulty cell, and when that happens the controller will be reconfigured to an appropriate control algorithm.The PWM signal was chosen with a duty cycle qual to 0.5 because the input sequence in that case does not use mode 0 or mode 7 [17].That choice will improve the estimation since it will reduce the use of sequence unfavourable to Z(T N )-observability.Also, a switching frequency f s = 5hz of the PWM sequence was chosen to offer the time needed for the convergence of the observer associated to the failure and the divergence of the others.
The detection and localization results of some fault cases are displayed in Fig. 8, 9 and 10 when u 1 is stuck closed and in Fig. 11, 12 and 13 when u 3 is stuck closed.We can see that some signatures commute to 1 even when there is no fault or there is a different fault.For example, Fig. 11 where we have sg 2 equal to 1 when the converter operates correctly.That is because R 2 increases until reaching its threshold value, see Fig. 13, which is caused by the controller setting u 2 to 1.In that case the observer of the converter and the one related to the fault are similar since they use the same (??) with the same input u 2 = 1.When the controller set u 2 to 0, R 2 will increase because its corresponding observer has u 2 equal to 1, sg 2 changes to 0 when the controller maintains u 2 = 0 for enough time until R 2 increases over its threshold.
The fault localization was set to 3.1 seconds after the fault detection (i.e., when sg 0 = 0) to identify accurately the fault.The reason is related to the slow variation of R i=0,...,6 because the value of λ in equation (12) was taken big enough to filtrate the measurement noises that can tamper the results.However, some faults can be isolated after only 2.1 seconds, like when u 1 or u 3 are stuck closed.Indeed, each fault changes the input sequences favourable to Z(T N )-observability, so the isolation time is not the same for each different fault.
When a fault occurs, some transitions will be discarded which compels the system to use a very reduced number of configuration modes.Table II includes the remaining configuration modes to use for each fault case.
When the failure is identified, the control algorithm will consider only those modes and removes the others when computing the minimal value of the cost function.That will prevent the use of wrong sequences that target a healthy process and use only the sequences that aim to control the corresponding faulty process.Also, in order to improve the control results, the one commutation restriction on the switches used when the converter operates correctly was removed from the algorithm.
The input control and the outputs of the converter are shown in Fig. 15 to 24.It can be seen the change in the shape of the switching commutation after the appearance of the fault, then the PWM sequence is used, and finally the switching sequence to control the faulty system.
The output results when u 1 is stuck closed are presented in  Fig. 14 where it can be seen after the appearance of the fault that the responses move away from their references for 3.1 seconds where only R 1 is under its threshold value, in that instant the information is given to the controller to modify its algorithm taking into account the fault as can be seen in Fig. 15.The FTC is able then to return V c2 and I to their reference values but was not able to do the same to V c1 .The latter cannot increase because it is connected permanently to the load so when u 2 = 0 the capacity C 1 discharges and when u 2 = 1 it will not charge because the current heads to the load without passing through C 1 .Fig. 16 describes the evolution of the system states when u 2 is stuck closed.It can be seen in Fig. 17 that there is not a single input combination able to control V c1 and V c2 as explained previously in Table II, but we can also see that there is one combination for which the current increases very fast, that is when all the superiors switches are closed.So, the voltage output commutes between 0V olt and E and so I commute between 0 A and E/R.The output results when u 3 is stuck closed are presented by Fig. 18.It can be seen after the appearance of the failure that the responses lose their tracks and remain that way until R 3 pass under its threshold value and the others are above their threshold values.At that time, the information is given to the controller to modify its algorithm taking into account the fault as can be seen in Fig. 19.The FTC is able then to return V c1 and I to their reference values but was not able to do the same to V c2 because the latter cannot decrease.That makes sense since the capacity C 2 is connected permanently to the source E because of the failure.Fig. 20 shows the evolution of the system states without a possibility to be controlled after the appearance of the fault as can be seen in Fig. 21.Indeed, even if V c2 can increase or decrease (see Table II) which is not the case with V c1 since it can only increase leading at some point to V c1 ≥ V c2 .At that instant, the current I stops flowing from C 2 to C 1 so it becomes equal to zero and V c2 becomes invariable.The analysis in the case of u 2 is stuck open in Fig. 22 and 23 is analog to that when u 2 is stuck closed the two capacity voltages are not be controllable C 1 and C 2 .The first cannot decrease and the second cannot increase.Thus, the current can not controllable.In the case where u 3 is stuck open, see Fig. 24 and 25, the source power is disconnected so V c2 decreases and the current that remains in the capacities will gradually decrease until reaching zero.
As can be seen, after the appearance of the fault, the proposed FTC strategy is able to control some of the system's states when they are controllable.But in the other cases, the system states are not controllable, either because of the disconnection of the power source, or because of the path allowing the discharge of the capacities are cut off.A solution can be found with a modification in the structure of the converter similar to the solution suggested in [18].For example it is possible to incorporate alternative switchers for used when u 1 is stuck open to allow the discharge of the capacities and another one is used when u 3 is stuck open to prevent the disconnection of the power source.In that case, the converter will operate with two cells leading to another new configuration that did not exist before the fault.
Nevertheless, the results in the controllable fault cases are acceptable, the load current along with the remaining controllable capacitor voltage is well maintained around their references.

VII. CONCLUSION
The presented work covers multiple areas: control, observation, fault detection and isolation of hybrid systems.The main objective is to build an FTC strategy based on a predictive controller having a finite control set to apply on a linear switching system.This paper focuses on a certain class having non-observable subsystems, hence the contribution made in this work.A solution can be found when using the Z(T N )-observability approach in order to identify the fault.However, controlling the system after that is another difficult problem.In fact, the fault compel the controller to use a very reduced number of operating modes.Consequently, the objective was partially reached because of the non controllability of the system's states in some fault cases.A part from that, the proposed method is able to control the hybrid system despite its Z(T N )observability nature before and after the appearance of a failure as shown by the experimental results.Future works can focus on reducing the detection and isolation time and search a FTC strategy based on a different control technique than the predictive algorithm.

Fig. 2 .
Fig. 2. Structure of a three cell converter with RL load.

Fig. 3 .
Fig. 3. Transitions allowed to use from a current mode to a future mode.

Fig. 4 .
Fig. 4. Photography of the experimental setup.the cells are C 1 = C 2 = 720µF .The switches are bipolar transistors (IGBTs) model SKM100GB12V.The current and the voltage measurements are obtained from voltage sensors and current transduction.The source voltage of the converter is E = 30V supplied by a rectifier.

Fig. 6 .
Fig. 6.Experimental results of the capacitor voltages and the output current; (blue line) measured values and (red line) estimated values.

1 Fig. 15 .
Fig.15.Experimental results for inputs control applied to the converter when u 1 is stuck closed.

1 Fig. 17
Fig.17.Inputs control applied to the converter when u 2 is stuck closed.
Fig.17.Inputs control applied to the converter when u 2 is stuck closed.

1 Fig. 19 .
Fig. 19.Inputs control applied to the converter when u 3 is stuck closed.

1 Fig. 21 .
Fig. 21.Inputs control applied to the converter when u 1 is stuck open.

FaultFig. 22 .
Fig. 22. Experimental results using the proposed FTC when u 2 is stuck open.

1 Fig. 23 .
Fig. 23.Inputs control applied to the converter when u 2 is stuck open.

FaultFig. 24 .
Fig. 24.Experimental results using the proposed FTC when u 3 is stuck open.

1 Fig. 25 .
Fig. 25.Inputs control applied to the converter when u 3 is stuck open.