Design of Hardware Fault Tolerant Control ...

3 downloads 0 Views 167KB Size Report
manages the suited triac connection and the redundant leg switching pattern according to the detected faulty leg. In healthy conditions, the six outputs of the ...
Design of Hardware Fault Tolerant Control Architecture for Wind Energy Conversion System with DFIG based on Reliability Analysis P. Weber°, P. Poure+, D. Theilliol° and S. Saadate* °Centre de Recherche en Automatique de Nancy, CRAN, Nancy-Université, CNRS +Laboratoire d’Instrumentation Electronique de Nancy, LIEN, EA 3440, Nancy-Université, *Groupe de Recherches en Electrotechnique et Electronique de Nancy, GREEN - UMR 7037, Nancy-Université, CNRS Faculté des Sciences et Techniques - BP 239 - 54506 Vandoeuvre Cedex France

Abstract: This paper presents a fault tolerant converter topology for grid connected Wind Energy Conversion System (WECS) with Double Fed Induction Generator (DFIG) based on hardware redundancy. This topology allows hardware compensation of one faulty semiconductor by using isolating and connecting devices. It is based on a unique redundant leg for both back to back converters. A reliability analysis integrating the semiconductor switching is presented with a modelling method based on Markov Chain model in order to determine off-line the efficiency of the fault tolerant topology against failures. Application results are presented on the WECS. I.

INTRODUCTION

The demand for continuously available electronic power systems is increasing. Power systems are mostly feeding loads requiring non-stop and fault tolerant operation. Wind Energy Conversion System (WECS) are typical application cases where the efficient production is directly linked to economic benefits [1]. The Doubly Fed Induction Generator (DFIG) used in the studied WECS is controlled by back-toback converters to provide active power to the grid. This WECS is highly sensitive to the faults occurring at the two back-to-back converters. A failure in one of the power switches decreases system performances and its effect leads to the system unavailability. Hence, to reduce the failure rate and to prevent unscheduled shutdown, a new fault tolerant converter topology associated to an efficient fault detection strategy is proposed. The fault mode behaviour of static converters, protection and fault tolerant control of voltage source inverter systems has been covered in a large number of papers. A systematic investigation of the voltage source inverter system for induction motor drives on various fault modes has been studied [2]. However, the authors do not propose any method to identify the faults. Another solution could consist in analysing the current-vector trajectory used to identify fault modes [3]. Mendes and Cardoso have suggested using the average motor currents Park’s vector monitoring, in order to diagnose voltage source inverter faults in AC drives. All the methods above take at least one fundamental period to detect the fault occurrence. Special methods have been also developed to minimize the time between fault’s occurrence

and detection. Different techniques were proposed for fault detection in voltage source asynchronous machine drive systems [4]. These techniques use extra sensors and the fault is detected in one fourth of the fundamental cycle time. Fault tolerant system is a recent research topic in control theory. Fault-tolerance methods generally use redundancy: one or more modules are connected, usually in parallel (Fig. 1). These hardware redundancies are either identical or diverse. In this paper, a fault tolerant power converter is studied. A reliability analysis of this WECS with DFIG is proposed to determine off-line the efficiency of the tolerant topology against failures.

FDI System

Reference Input

Controller

U

System

Y

f Redundancy switch

FTC System

Fig. 1: Global Fault Tolerant system architecture. The paper is organized as follows: Section II is dedicated to define the standard problem of Fault Tolerant System. Section III is devoted to the fault tolerant WECS topology. Section IV deals with the reliability computation method of passive redundancy or cold standby with imperfect switching. A simulation example is considered in Section V to compute the reliability and to compare to the initial system reliability. Finally, concluding remarks are given in the last section. II.

FAULT TOLERANT SYSTEM ARCHITECTURE

Let us define the control problem by the triplet < γ g , C , U > , in the spirit of Staroswiecki [5], where:

Qs

Ps

lg



rg

eg

DFIG

n

f1 Pr

f2

T1

T2

T3

D1

i1

Tr1

D1´

f3´ T3´

D3´ lf

D2´ 2' T5´

T4´

i1´

3' T6´

Vdc/2

D5 f5

f2´ T2´

3 T6

D4

1'

O

2 T5

f4

Vdc/2

D3

D2

1 T4

f1´ T1´

f3

D4´

D6

D5´

f4´

f6 T7

f5´

D6´ f6´

Tr1´ D7

Tr2 Tr3

Tr2´ Tr3´

T8 D8

Fig. 2: Fault tolerant converter topology for WECS with DFIG. • γ g Global objectives • C A set of constraints given by the structure of system Sm , and the parameters of closed-loop system θ • U A set of control laws In fault-free case, this problem could be solved by defining a control law u ∈ U , such that the controlled system achieves the global objectives γ g under constraints whose structure

Sm and parameters θ all sub-systems used references to achieve

are equivalent to design controllers of by the structure and to define their γ g . It is assumed that nominal global

objectives γ gnom are achieved under the nominal control law

u nom and the nominal structure S nom which uses some subsystems. The fault occurrence is supposed to modify the structure S nom for which the objectives can be or can not be achieved under a new structure Sm m = (1, K, M ) . The fault tolerant control problem is then defined by < γ g , C , U > , which has a solution that could achieve γ gnom by changing the structure, parameters and/or control law of the post-fault system. Fig. 1 presents the global architecture of a Fault Tolerant Control (FTC) system with ability of disconnection or replacement of faulty sub-systems. In the following, a fault tolerant WECS with DFIG is studied. The WECS control is not the goal of this paper and consequently, it is not detailed in the following of this paper. However, the detailed control strategy can be found in the paper [9]. Nevertheless, the present paper proposes a reliability analysis studied off-line of the Fault Tolerant

system with the architecture presented in Fig. 1. The system includes passive redundancy or cold standby with imperfect switching. III. FAULT TOLERANT WECS TOPOLOGY The studied WECS is based on a horizontal axis wind turbine and an indirect controlled DFIG stator side grid connected with Maximum Power Point Tracking and pitch control [9]. Fig. 2 shows the fault tolerant topology with redundancy. It is based on a back-to-back converter and a redundant leg composed of the switches T7 and T8. This leg replaces if necessary the faulty one of the other legs. When a fault has occurred in one of the semiconductors, the fault detection scheme detects the fault occurrence and isolates the faulty leg based on the Fault Detection and Isolation (FDI) proposed in [10]. If the fault is an opencircuit, the isolation is implemented by removing the gate signal from the switches of the faulty leg. In short-circuit case, the faulty leg is isolated by very fast acting fuses; consequently, the short-circuit fault becomes an open-circuit fault after isolation of the faulty leg by the two fuses. For these reasons, only open-circuit fault will be studied. The power semi-conductors fault detection is based on the comparison between measured and estimated pole voltages as illustrated in the following figure.

vk0es

ε k0

Second First comparator Integrator comparator │ε k0│ ε k0car intk │u│ > τf >h



vk0m

Fig. 3. Fault detection principle for the phase k.

fk

The estimated pole voltages can be expressed by:

vkOes = (2 × δ k − 1)

Vdc 2

(1)

Where δ k = {0, 1} is the switching pattern (opened or closed) for the top semi-conductor of the leg number k. The fault occurrence can be determined by analysing the voltage error obtained from the difference between the measured and estimated pole voltages. This voltage error is given by:

ε kO = vkOm − vkOes

(2)

Ideal switches are considered. With this supposition, in normal operation, the measured and estimated pole voltages are equal and thus their difference is zero. However, in real case, because of turn-off and turn-on propagation time and interlock dead time generated by the switches drivers, the voltage error is not null in “healthy” but constituted by pick during switching time. To avoid false detections due to power semi-conductors switching, the “voltage” error signal is transforming in a “time” error signal. Also, the time error signal intk(t) is achieved for each phase by first taking the absolute value of εkO (t), applying the result to a comparator with a value h and integrating the comparator output as presented in Fig. 3. The output of the first comparator is equal to zero if |εkO(t)| < h and equal to one if |εkO(t)| ≥ h where h is a constant threshold. Thus, the output of this comparator is a repetitive square waveform due to semi-conductors switching. The output of the integrator is equal to the time during which vkOm and vkOes are different, if integration is initialised to zero after each square waveform. Consequently, the fault occurrence is detected using a “time criterion” instead of “voltage criterion” based on the integration result signal and a second comparator with the value τf several times larger than switching time. By this way, false detections due to semiconductor switching are avoided and the faults are detected in less than 10 µs. The resulting signal fk from the fault detection scheme is used to isolate the faulty leg, to trigger the suited bidirectional switch Trk and to stop the fault detection. Fig. 4 shows the fault tolerant control principle for the fault tolerant WECS. In healthy conditions, the switching patterns for the back to back converter (Rotor Side Converter (RSC) and the Grid Side Converter (GSC)) are defined by vector control strategy, detailed in [9]. The fault detection and identification bloc generates the fk orders according the principle depicted in Fig. 3. The RSC or GSC switching pattern and the redundant leg connection control bloc manages the suited triac connection and the redundant leg switching pattern according to the detected faulty leg. In healthy conditions, the six outputs of the RSC or GSC control are directly applied to the RSC or GSC, whereas in fault case, only four of them are used for the RSC or GSC and the two others ones drive the redundant leg.

Then, in both cases, the reconfiguration scheme triggers the suited bidirectional switch Trk and Trk’, in order to connect the faulty phase to the midpoint of the redundant leg. Thus, in faulty case on the leg number k (k = 1, 2, 3, 1′, 2′, 3′) the compensation is achieved by the following steps: 1 Detection of the faulty leg; 2 Removed the switching orders of the two switching drivers of the faulty leg; 3 Triggered the suited bidirectional switch Trk; 4 Used the switching orders of the faulty leg for the redundant one; 5 Stop the fault detection scheme and alert that a critical structure is used. Ω

DFIG Electrical grid

3 Vdc

3

3 RSC

3 Triacs 6

0

Redundant leg

GSC

3 Triacs

3 RSC Vector Control

6

6 3

RSC switching pattern and redundant leg connection control

GSC switching pattern and redundant leg connection control

fk

6

GSC Vector Control

fk’ Sk

Fault detection and identification

vk0m

Sk’ vk’0m

Vdc

Fig. 4. Control of the Fault Tolerant WECS with DFIG (k = 1, 2, 3). In the following, the reliability of the Fault tolerant WECS topology presented in Fig. 2 is studied. This topology use connecting devices (triacs Trk) and fuses fi. They allow reconfiguring the WECS after fault detection in power switch failure case. The use of two capacitors Cdc/2 in this structure is mandatory to be able to measure the pole voltages necessary for the fault diagnosis method. After fault detection, the six bi-directional devices lead to six structures S1 to S6 allowing the tolerance of Ti faults. Then seven structures are available with this topology and three of them are presented in Fig.5. Only the components used in the structure are represented. The structure Snom is the normal “healthy” structure without redundancy devices activation. The structure S1 (resp. S 6 ), represent the faulty case where T1 (resp. T6’) is out of order and Tr1 (resp. Tr3’) is triggered.

a) Structure Snom

pij = p ( X k +1 = ηi | X k = η j )

(4)

= p ( X k + 2 = η i | X k +1 = η j )

In a homogeneous discrete-time MC, the transition matrix PMC between the states is defined from failure rate parameters. For instance, let us consider the passive redundancy system described in the following figure: A (System)

b) Structure S1 , T1 is out of order and Tr1 is triggered

C B (Redundancy) (Switch)

Fig. 6: Reliability bloc diagram of passive redundancy. The associated MC, composed of three states {1, 2, 3} is presented as follows: λA (1-ρ) ∆t

AB 2

λB ∆t

c) Structure S 6 , T6’ is out of order and Tr3’ is triggered Fig. 5 a.b.c) Three structures among seven. IV. RELIABILITY ANALYSIS Representing system failure in a probabilistic way is attractive because it naturally accounts the uncertainty. To make such representation, the process behaviour is considered as a random variable that takes its values from a finite state space corresponding to the possible process states. Then a discrete time stochastic process models the deteriorations. In the case of finite or countable state space, Markov processes are represented by a graphic called Markov Chain (MC) [11]. Markov models are used to estimate the system reliability under the assumption that sub-systems are defined through two states: intact (available) or failed (unavailable) [6], [7], [8]. Markov Chain models a sequence of random variables {X k , k = 0, 1, 2...} for which the Markovian property is held. Let {η1 ,...,η M } be a finite set of the possible mutually-

exclusive states of each X k . The probability distribution over these states is represented by the vector p(Xk ): p( X k ) = [ p( X k = η1 ),...p( X k = ηm ),..., p( X k = ηM )] M

with ∑ p( X k = ηm ) = 1

(3)

λA ρ ∆t

A Ba

AB 3

1

Fig.7: Markov Chain modelling deterioration of passive redundant system and imperfect switching. Then, the transition matrix is defined as:

1 − p12 + p13 p12 p13  PMC =  0 0 p23  (5)  0 0 0  where • p12 ≅ λ A ⋅ (1 − ρ ) ⋅ ∆t : λ A is a constant failure rate of the component A; ρ is the commutation failure rate and ∆t is the time interval. The probability p12 can be interpreted as the probability that the component A fails after the time ∆t and the commutation on the component B is successful. • p13 ≅ λA ⋅ ρ ⋅ ∆t is the probability that the component A fails after the time ∆t and the commutation on the component B is not successful. • p23 ≅ λ B ∆t : λ B is a constant failure rate of the component B. The probability p23 is the probability that the component B fails after the time ∆t .

m =1

In this paper, failure rates are assumed constants. Homogenous Markov chains are used for this case because of the stationarity of transition probabilities. In such model, transition probabilities are time invariant and depend only on values states:

Given an initial distribution over states p( X 0 ) , the probability distribution over states after k stage p( X k ) is obtained from the Chapman-Kolmogorov equation: K

p( X k ) = p( X 0 ) ∏ PMC i =0

(6)

Assuming that i ∈ {0...l } represents the functioning states, system reliability is defined as:

R (k ) =

∑ p(X k

i∈{0 ... l }

= si )

(7)

The reconfigured topology of the WECS are represented as Markov Chain models in Fig. 9 and the system with material redundancy is modeled in Fig. 10 (for simplicity ∆t is considered equal to 1 ). The state η1 corresponds to the faultfree state. If a failure occurs on capacitor or on Ti, the system is out of order which corresponds to the state η2 for the topology without redundancy (Fig. 9) or η3

for the

The use of classic MC to model deterioration in systems needs to enumerate all possible states that lead sometimes to a huge transition matrix. Aggregation of states is used to decrease the complexity of the model. Fig. 8 illustrates this simplification applied to the structure Snom presented in Fig. 5

reconfigured topologies. In Fig.10, the state η2 represents the state of the system for the reconfigured structures with the presence of a failure on Ti. It should be noted that Fig. 10 includes the commutation ability of the six triacs Trk and Trk’.

a), with the parameters: λTi the failure rate of the component

(1-ρ ) × 12 × λTi

Ti and λCdc/2 the failure rate of the component Cdc/2.

λTi ⋅ ∆t λTi ⋅ ∆t

λTi ⋅ ∆t

3

Markov Chain simplification

4

(2 × λCdc/ 2 + 12× λTi ) ⋅ ∆t 1

2

… λCdc / 2 ⋅ ∆t

14

λCdc / 2 ⋅ ∆t

15

Fig. 8: Markov Chain simplification of the WECS nominal topology without redundancy. V. RELIABILITY ANALYSIS: APPLICATION TO WECS The following table presents the value of the failure rate according to the voltage and the Mean Time To Failure (MTTF). It can be noted that the variable ρ represents the switched failure probability of the triacs Trk.

λTi λCdc/2

ρ

2 × λCdc/2

2 × λCdc/2

2

5

1

2

1

λTi ⋅ ∆t

Failure rates

MTTF (h)

1 e-05

100 000

0.67 e-05 12.5 e-05

150 000 8 000

+ ρ × 12 × λTi

+ 12 × λTi

3

Fig. 10: Markov Chain of the WECS topology with passive redundancy and imperfect switching. The reliability curves of the system are shown in the Fig. 11. With hardware redundancy, the reliability is greater than the initial topology. Other scalar criteria such as MTTF could be evaluated to compare the topologies. Thank to the Markov model, the MTTF is computed and equal to 7500 h for the nominal topology without redundancy, and 14 250 h for the WECS topology integrated redundancy. The analysis of the MTTF confirms the previous performances. Using the model presented in Fig. 10 the mean time before the failure after a reconfiguration is determined by initializing the Markov Chain in the state η2 . After a reconfiguration, the system is equivalent to a new system with no redundancy available (i.e. nominal topology without redundancy) and the MTTF is the same as computed in Fig. 9. The mean time before the failure after a reconfiguration is equal to 7500 h, this corresponds to the time available for the preparation of the maintenance intervention to repair the first failure. Reliability Analysis R(t)

without Redundancy

With Redundancy

1 0.9

Table 1: Failure rates and MTTF of the elementary components.

0.8 0.7 0.6 0.5

2 × λCdc / 2 + 12 × λTi

1

0.4

2

0.3 0.2 0.1

Fig. 9: Markov Chain modelling the system with the nominal topology without redundancy.

0 0

5000

10000

15000

20000

Time

Fig. 11: Reliability computation versus time in hours

The Markov model allows to compute the probability distribution over the system states. Therefore it is interesting to calculate the probability that the system solicits the redundant leg with success. In order to calculate this probability, the Markov model is modify as presented in the Fig. 12. The state η4 represents the failure of the system after commutation with success on the redundant leg. Based on this new Markov model, the computation leads to a probability equal to 0.9. As illustrated in Fig. 13, the state η3 represents the critical failure of the commutation or the capacitors with the probability equal to 0.1.

(1-ρ ) × 12 × λTi 2

1

2 × λCdc/2 + 12 × λTi

2 × λCdc/2 + ρ × 12 × λTi

3

4

Fig. 12 Markov Chain with redundant leg solicitation. Probability distribution over MC states η1

Probability

η2

η3

η4

1 0.9 0.8 0.7 0.6 0.5 0.4 0.3 0.2 0.1 0 0

10000

20000

30000

40000

50000

60000

Time

Fig. 13: Probability of commutation and failure in the WECS system computation.

VI. CONCLUSION A fault tolerant WECS with DFIG has been proposed. The topology can achieved continuous operation even if a complete loss of one of the converter legs has happened, providing the global objective i. e. feeding a nominal electric power to the grid. The power switch failure is compensated by the reconfigured converter topology using connecting bidirectional devices and fuses. The faulty leg is replaced by a redundant one. In faulty case, performances can be guaranteed for the topology with redundancy. The structure will guarantee an optimal performance of the reconfigured system according to the “highest” reliability in order to ensure

the dependability of the system. This topology allows preparing the maintenance intervention without stopping the Wind Energy Conversion System. This topology is particularly adapted to offshore platforms.

REFERENCES [1] Billinton R., Guang B., “Generating capacity adequacy associated with wind energy”, IEEE transactions on wind energy conversion, Volume 19, Issue 3, Sept. 2004, pp. 641 – 646. [2] Kastha D. and Bose B. K., “Investigation of fault modes of voltage-fed inverter system for induction motor drive”, IEEE Transactions on Industry Applications, 1994, vol. 30, pp. 1028-1038. [3] Mendes A.M. and Cardoso A., “Fault diagnosis in a rectifier –inverter system used in variable speed AC drive, by the average current Park’s vector approach”, European Power Electronics Conference, Lausanne, 1999, pp. 1-9. [4] Ribeiro R.L., Jacobina C.B., da Silva E.R.C., Lima A.M.N. “Fault detection in voltage-fed PWM motor drive systems”, IEEE IAS Annual Meet., 2000, vol. 1, pp.242247. [5] Staroswiecki, M. and A.L. Gehin (2001). “From control to supervision”. Annual Reviews in Control, vol. 25, pp.1-11 [6] Staroswiecki, M., G. Hoblos and A. Aitouche, “Sensor network design for fault tolerant estimation”, Int. J. Adapt. Control Signal Process, 2004, vol. 18, pp.55-72. [7] Wu, N.E., “Reliability of fault tolerant control systems”, Part I. IEEE Conference on Decision and Control, 2001, Orlando, Florida, USA. [8] Bobbio A., “Dependability analysis of fault-tolerant systems: a literature survey”, Microproces-sing and Microprogramming, 1990, vol. 29, pp. 1-13. [9] Boyette A., Poure P., Saadate S., “Direct and indirect control of a Doubly Fed Induction Generator wind turbine including a storage unit”, 32th Annual Conference of the IEEE Industrial Electronics Society, November, 2006, Paris, France. [10] H. El Brouji, P. Poure and S. Saadate, “A fast and reliable fault diagnosis method for fault tolerant shunt three-phase active filter”, 2006 IEEE International Symposium on Industrial Electronics ISIE’06, 9-13 July 2006, ETS-Downtown Montréal, Québec, Canada. [11] Ansell, J.I. and Phillips M.J., “Practical methods for reliability data analysis”, 1994, Oxford University Press Inc, ISBN 0 19 853664 X, New York.