Experimental fault-tolerant control of a PMSM drive
advertisement
1134 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 47, NO. 5, OCTOBER 2000 Experimental Fault-Tolerant Control of a PMSM Drive Silverio Bolognani, Member, IEEE, Marco Zordan, and Mauro Zigliotto, Member, IEEE Abstract—The paper describes a study and an experimental verification of remedial strategies against failures occurring in the inverter power devices of a permanent-magnet synchronous motor drive. The basic idea of this design consists in incorporating a fourth inverter pole, with the same topology and capabilities of the other conventional three poles. This minimal redundant hardware, appropriately connected and controlled, allows the drive to face a variety of power device fault conditions while maintaining a smooth torque production. The achieved results also show the industrial feasibility of the proposed fault-tolerant control, that could fit many practical applications. Index Terms—Fault-tolerant control, permanent-magnet synchronous motor drives. NOMENCLATURE Motor phase currents. Zero-sequence and neutral currents. Transformed – currents. Transformed – currents. Phase-to-neutral voltages. Stator resistance. Stator direct, quadrature, and leakage inductance. Permanent-magnet flux linkage. Motor speed and position (electrical). I. INTRODUCTION S EVERAL failures can afflict electrical motor drives [1]–[7] and many different remedial techniques have been proposed [8]–[11]. So far, redundant or conservative design has been used in every application where continuity of operations is a key feature. Nevertheless, some applications accept short torque transients and even permanently reduced drive performance after fault, on condition that the drive still goes on running. This is the clear case of home and civil appliances, such as, for example, air conditioning/heat pumps, engine cooling fans, electric vehicles, laboratory stirrers, but also some industrial loads, such as pumping plants and winders/unwinders, well tolerate such drive behavior. While current regulation has greatly improved the torque response of ac drives, an emerging technology aims to exploit current Manuscript received January 22, 1999; revised May 16, 2000. Abstract published on the Internet July 1, 2000. This paper was presented at IEEE IECON’98, Aachen, Germany, August 31–September 4, 1998. The authors are with the Department of Electrical Engineering, University of Padova, 35131 Padova, Italy (e-mail: bolognan@dei.unipd.it; mauroz@dei.unipd.it). Publisher Item Identifier S 0278-0046(00)08845-6. control to mitigate the effects of a sudden inverter failure. A first effective example, applied to induction motors (IMs), can be found in [11]. The strategy consists in reformulating the current references so that the rotating MMF generated by the armature currents do not change, even if one phase is open circuited after a fault occurrence. For proper operation, the neutral point of the motor has to be connected to the midpoint of the dc voltage link, created by the use of two capacitors. The technique, in principle quite simple, gets involved by the need for preventing the capacitor midpoint voltage from drifting from the correct point. A valid alternative that does not require the availability of the dc midpoint voltage is proposed in [14], which deals with multiphase current-regulated IM drives. Other important aspects that heavily affect any remedial strategy are the number of additional components with respect to the standard drive, and the method used to isolate the faulty phase from the rest of the drive. Again, for IM drives, a solution can be found in [10], in which a pair of back-to-back-connected SCRs is used to switch off the faulty motor phase current. After the fault, a phase remains permanently connected to the midpoint of the dc voltage or, when insufficient voltage is available, the neutral is connected back to the midpoint, that has to be derived by using series-connected capacitors. Obviously, each SCR needs a proper gate circuit and must bear the rated phase current. Analogous research topics may be found for permanent-magnet synchronous motor (PMSM) drives [1], [2], [6], [7], which have an increasing market share due to their excellent dynamics and high torque-to-current and torque-to-volume ratios. Actually, the investigation of fault-tolerant control techniques for PMSM drives is arousing lively interest, to extend their use to applications where high reliability is a key feature, such as aircraft and automotive auxiliaries [8]. This paper is organized as follows. In Section II, there is a list of the power stage faults which can be tolerated by the proposed control scheme. The techniques suitable for the detection of each particular fault are also illustrated. In Section III, a survey of possible fault-tolerant drive schemes incorporating a four-leg inverter is discussed, pointing out advantages and drawbacks. In Section IV, a novel technique for isolating the faulty pole of the inverter is illustrated and experimental verifications are presented. In Section V, a new fault-tolerant torque control scheme is presented from a theoretical point of view. In Section VI, the practical implementation is illustrated and the experimental results are given. II. INVERTER FAULTS AND RECOGNITION TECHNIQUES The failures that may involve the inverter power stage can take place either in the switches of the inverter or in their gate 0278–0046/00$10.00 © 2000 IEEE BOLOGNANI et al.: FAULT-TOLERANT CONTROL OF A PMSM DRIVE Fig. 1. 1135 Fault-tolerant drive schemes. command circuitry. The following permanent faulty situations are considered in this paper: 1) open circuit of one power device; 2) open circuit of both power devices of an inverter leg; 3) short circuit of one power device; 4) short circuit of both power devices of an inverter leg. Indeed, the fourth fault needs a very rapid hardware intervention to avoid a destructive shoot-through fault. Even in this case (that usually triggers a complete drive stop) the technique presented in Section III manages the complete isolation of the faulty pole and the beginning of the remedial mode. Various fault-recognition techniques can be adopted. In [13], a sophisticated procedure is proposed. However, simpler and cost-effective solutions can be envisaged, avoiding any special transducers or dedicated devices. For example, a smart strategy compares the voltages at the device outputs and checks if they correctly follow the corresponding triggering signals. Another method takes advantage of the power devices desaturation voltages. Both strategies must carefully consider the unavoidable delays in the switching instants and the necessary electronics must be properly tuned according to the inverter performance in order to distinguish a device failure from an overload condition. In the analysis carried out in this paper, the remedial strategy has been tested considering a failure in phase ; of course, similar actions apply when failures affect phase or phase . III. FAULT-TOLERANT DRIVE SCHEMES As mentioned above, the proposed fault-tolerant drive presents a four-pole inverter with the capability of isolating one faulty pole, while activating (if not active yet) the fourth auxiliary pole. Of course, a fault in a power device has to be detected and fixed before it causes, in turn, other damage. In particular, it is supposed that power device faults do not damage the control system, which will still work properly. The general fault-tolerant drive scheme is drawn in Fig. 1(a). On the left-hand side is represented a conventional threephase inverter whose poles can be completely isolated from the dc bus in case of faults by the intervention of isolating devices, sketched as fuses in the figure. Details of the isolating technique will be given in the next section. Actually, the isolation devices could be put in the motor terminals at the inverter output, but the resulting structure would not bear the short circuit of both the power devices in the inverter leg (fault #4). Such a fault would put out of service the whole inverter. The right side of the figure shows the additional fourth leg. According to the motor winding configuration and the adopted remedial technique, different switching patterns can be generated for the fourth leg. Depending on the selected control strategy, the isolating devices ID and ID [Fig. 1(a)], and the connecting devices (CDs) [Fig. 1(b) and (c)] can be incorporated or not. Some possible remedial techniques are discussed hereafter. A. Three-Terminal Motor Winding This is the case of delta-connected or star-connected windings with isolated neutral stator windings [Fig. 1(b)]. With these configurations, a remedial strategy consists in replacing the faulty pole with the fourth one. As a consequence, only the three conventional inverter legs have to be equipped with the isolating devices. The faulty pole is isolated and replaced by the fourth one, turning on the related CD (e.g., a TRIAC or a pair of back-to-back thyristors). No modification of the digital control code is required, apart from the deviation of the switching commands from the faulty pole to the fourth one. For safety reasons, a null torque reference is delivered from 1136 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 47, NO. 5, OCTOBER 2000 TABLE I CHARACTERISTICS OF DIFFERENT REMEDIAL TECHNIQUES the rising edge of the fault detection signal, for the whole time duration of the faulty inverter pole replacement. B. Four-Terminal Motor Winding This is the case of star-connected windings with accessible neutral [Fig. 1(c)]. Two different operating conditions are possible with this motor windings configuration. 1) Fourth Pole Always Connected: Fourth pole inverters for three-phase loads have been already presented [13], [14] to get improved system performance. If such a configuration is adopted for the healthy drive, the fourth leg is permanently connected to the neutral. No CD is present in the drive. A fault in one of the inverter legs is simply remedied by isolating the leg itself. IDs are, therefore, incorporated also in the fourth pole. If the fault occurs in the fourth pole, after the remedial intervention the motor is supplied by a conventional three-leg inverter. Conversely, if the fault occurs in one of the inverter legs connected to the motor phases, then the motor has to be supplied as described in the following technique in Section III-B-2. Four digital pulsewidth modulation (PWM) outputs (Section III-B-2) are required for these drives. A proper modification of the digital control code has to be performed during the remedial intervention to adapt the control to the modified inverter configuration which applies after the fault. However, the time duration of the remedy intervention is limited by the faulty pole isolation only. 2) Fourth Pole Connected in Case Of Fault Only: In this case, the fourth pole is connected to the motor neutral through a CD activated together with the fourth pole itself at the fault occurrence. No ID is incorporated in the fourth pole. As illustrated in Section V, a slight modification of the digital control code is required and the fourth pole is driven by the PWM commands which were previously driving the faulty pole. Table I summarizes the characteristics of the above-discussed remedial techniques. The remedial solution in Section III-B-2 is considered and proposed in this paper. IV. FAULTY POLE ISOLATION As a first countermeasure after any fault detection, the proposed remedial strategy forces the damaged inverter pole to be electrically isolated from the dc bus in order to eliminate its influence over the drive behavior. The disconnection should be rapid, for a prompt start of the remedial algorithm and for a consequent limited torque transient. In addition, it has to be adequate to face either positive or negative faulty phase current, as well as to be able to interrupt unidirectional current, as can happen during some faults [6]. Such requirements make inadequate any electromagnetic switch or thyristor component, and Fig. 2. Topology for isolating a faulty inverter pole. Fig. 3. Fuse current and capacitor voltage during pole isolation. call for a proper fuse protection of each inverter leg. A scheme that can be profitably used is reported in Fig. 2. Once a failure indicating a short or an open circuit of a switch is sensed, the whole inverter pole is disconnected by firing the two SCRs, which, in turn, blow up the pole series-connected fuses. Capacitors avoid a dc path through the SCRs, allowing is chosen to have an energy their turn-off. The value of transfer from the main dc-link capacitor sufficient to blow the fuses within a very short time. The scheme of Fig. 2 has been realized and tested apart from the whole fault-tolerant drive. In Fig. 3, the current flowing through one of the fuses and the are represented. voltage across the series capacitor This test has been done for two purposes: • to size the capacitor; • to evaluate the current magnitude during phase disconnection. As concerns the first point, a minimum capacitor size is refuse characteristic. In fact, if quired in order to overcome the the capacitor is too small, the voltage across its terminals rises immediately to the dc-bus value. The current flows through the fuse for a very short time, and its thermal limits could not be BOLOGNANI et al.: FAULT-TOLERANT CONTROL OF A PMSM DRIVE 1137 in which is the rotor electrical angle. From (2), it is evident that, also, the components in the – plane have to remain unchanged after the fault. In this situation, the stator zero-sequence current component is found to be (3) as results substituting mation, given by (4). in the – – to – – transfor- (4) The new current references can be calculated by substituting (3) in (4), obtaining Fig. 4. Current vector loci in healthy and faulty drive. reached. In Fig. 3, equal to 470 F is used, while is 3300 F charged to 300 V. In order to reduce the capacitor cost, a greater capacitance with lower rated voltage may be used. For of 8800 F is charged up to 15 V only during the instance, a isolation process. The current peak gives the higher bound for the circuit sizing. Fig. 3 refers to an ultrafast 12.5-A fuse with 30 value. With respect to Fig. 3, a maximum current A s as the voltage of 180 V are assumed. For of 750 A and a residual this application, a 450-V capacitor has been used for the sake of safety. After the long pulse current which blows the fuse, an arc current remains for a short time, slightly increasing the voltage across . V. FAULT-TOLERANT TORQUE CONTROL From the point of view of the control strategy, the current references, expressed in a synchronous – rotating frame fixed to the rotor, do not have to be affected by the faulty condition, since they represent the torque and flux demanded by the speed loop. Therefore, it is easy to understand that, to preserve the drive performance after the disconnection of one motor phase (remedial strategy in Section III-B-2), the currents in the remaining two healthy phases have to produce the same – current components that were flowing before the fault and, thus, also the same – currents in the stationary reference frame. A zero-sequence component (1) of the stator current must arise, and the current vector trajectory in the faulty drive departs from the – plane, where it moves during healthy operation, to the – plane, as shown by the current loci in the three–dimensional (3-D) space of Fig. 4. This is an obvious consequence of the null phase current. To obtain the same performance, the current locus after a fault has to be an ellipse, whose projection on the – plane coincides with the healthy current circle. In fact, the produced torque and flux have to remain unchanged after the fault occurrence. The motor currents are linked to the reflux- and torque-related spective – components by (2) (5) and are the unchanged – and – current where references. The reference for the neutral current becomes (6) The neutral current (6) flows through a connection between the motor star center point and the fourth active inverter pole, as shown in the proposed fault-tolerant scheme of Fig. 5. The complete drive also includes outer proportional plus integral (PI) speed and – current loops, omitted in Fig. 5 for the sake of clarity. The current loops produce the voltage references and , that in healthy conditions are given as input to the algorithm that implements the space-vector modulation (SVM) technique [6]. Once the fault is sensed, the control algorithm isolates the damaged inverter pole and starts the active control of the fourth inverter pole connected to the motor star center. It can be is worth noting that the additional pole commands given by the microcontroller output first devoted to the faulty , provided that an appropriate external switch logic is pole arranged; the PWM algorithm remains exactly the same. Since the number of available PWM outputs is strictly related to the microcontroller, the mentioned possibility preserves it from the need of expensive and often unacceptable modifications to existing hardware. An important issue that is worth highlighting refers to the rise of sinusoidal components in the – reference frame during operation after fault. With the symbols defined in the Appendix, the steady-state – motor equations are (7) Neglecting the resistive terms, which are small compared to the inductive ones, and adopting first the inverse of transfor- 1138 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 47, NO. 5, OCTOBER 2000 Fig. 5. Proposed fault-tolerant drive scheme. mation (2) and then (4), the phase-to-neutral voltages and can be obtained of the current loop performance. In order to compensate for this undesired effect, a feedforward term is added, indicated by the “feedforward compensation” block in Fig. 5. The feedforward components are obtained from (9) as (10) where (11) (8) produced by After the fault, the reference voltage vector the inverter and applied to the healthy phases ( , and neutral) that was applied to the motor differs from the voltage vector before the fault. Essentially, the difference is phases , properly transformed in the – reference proportional to frame. Using the inverse of transformation (2) and the first of can be written as (8), the voltage vector (9) It is evident from (9) that, under faulty conditions, additional sinusoidal components appear in the – voltage references, at twice the frequency of the stator quantities. These quantities are normally produced by the current PI controllers, to the detriment The compensation causes the current loop to produce (Fig. 5) at steady state, constant voltage reference avoiding the tracking of the sinusoidal components, thus realizing the best PI controllers working conditions. Fig. 6 reports the PI outputs and the voltage references with the feedforward compensation at rated speed (coordinate scales are expressed in p.u. of rated quantities). VI. EXPERIMENTAL RESULTS A laboratory prototype has been realized for the full-digital implementation of the drive presented above. The control hardware is based on a Texas Instruments C31 floating-point digital signal processor (DSP) evaluation board, completed with software tools for program trace and debug. Control software has been mainly written in C language, with some low-level subroutines written directly in assembly language. The drive is completed with a 1-kW anisotropic PMSM with sinusoidal electromotive forces (EMFs), fed by a four-pole BOLOGNANI et al.: FAULT-TOLERANT CONTROL OF A PMSM DRIVE 1139 Fig. 9. Locus of the – currents during the fault occurrence. Fig. 6. PI outputs and voltage references. Fig. 7. Phase currents i occurrence. Fig. 8. ;i Fig. 10. Transformed d–q currents during the fault occurrence. Fig. 11. Transformed – voltages at steady state, after the fault. , and i and forth pole current i during the fault Transformed – currents during the fault occurrence. insulated gate bipolar transistor (IGBT) voltage inverter and an interface board. Figs. 7–10 show the first experimental results, measured on the prototype during the fault occurrence. During the tests, the fault occurrence was emulated by forcing the active state of a digital input. The same line, in the real case, should be driven by a proper fault detection circuit, which can be properly arranged. Fig. 7 reports the phase currents and and the current of the fourth inverter pole . After the fault, which occurs at the time , the faulty pole is promptly disconnected by the circuit shown in Fig. 2. Consequently, current suddenly drops to zero, while a neutral current begins to flow, with an amplitude equal to the sum of and . For and A, one can observe that the phase currents are sinusoidal with a phase displacement of 60 , and amplitude of 1.21 A, according to (5). Fig. 8, taken under the 1140 Fig. 12. Fig. 13. fault. IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 47, NO. 5, OCTOBER 2000 Transformed d–q voltages at steady state, after the fault. Healthy phase currents i and i and fourth pole current i , after the Fig. 15. Transformed d–q currents, after the fault. This is confirmed also by Fig. 9, in which the locus of the phase current vector is drawn in the – plane. One can recognize a circle with a radius of 0.7 A, sometimes disturbed by the electromagnetic noise that afflicts the current measurement. The good motor current control after the intervention of the remedial technique is pointed out also in Fig. 10, where the actual direct and quadrature motor currents are given as results by elaborating the actual phase currents. They remain constant and at the same level they had before the fault as requested by the current references, thus avoiding any long torque transient. The combination of balanced phase EMFs with the unbalanced voltage drops due to the phase currents cause unbalanced voltages to be applied to the motor phases. The transformed – components, at steady state and at 30% of the rated speed, are shown in Fig. 11. The unbalanced motor phase voltages reflect on the transformed – voltages that contain a sinusoidal component at twice the frequency of the phase current, as shown in Fig. 12. This agrees with the theoretical results given by (9). Figs. 13–15 show the steady-state time behavior of the currents at rated torque and higher speed, under fault conditions, confirming the results already discussed. VII. CONCLUSIONS This paper has proposed a hardware and software remedial strategy for PMSM drives affected by faults in the inverter power devices. Experimental validations were given for the faulty phase isolation technique and the torque control of the faulty drive. The achieved results show both the industrial feasibility of the proposed fault-tolerant control and the prompt recovery from a fault occurrence, which could fit many practical applications. Fig. 14. Transformed – currents, after the fault. same test conditions of Fig. 7, proves that the transformed – phase currents remain unchanged in spite of the asymmetrical feeding of the motor after the failure. This guarantees a smooth torque and a regular overall operation of the faulty drive. APPENDIX PMSM DATA Nominal torque peak torque nominal speed nominal current peak current pole pairs 1.25 N m; 3.75 N m; 3600 r/min; 2 A rms; 6.5 A rms; 4. BOLOGNANI et al.: FAULT-TOLERANT CONTROL OF A PMSM DRIVE REFERENCES [1] A. K. Wallace and R. Spee, “The simulation of brushless dc drive failures,” in Proc. IEEE PESC’88, 1988, pp. 199–205. [2] A. M. Oliveira, A. G. Badan Pahlares, A. H. Kumakura, G. Winnischofer, and A. Hoshino, “Analysis of brushless DC motor performance when faults occur,” in Proc. EPE Conf., 1991, pp. 3.445–3.450. [3] O. Ojo and I. Bhat, “Analysis of faulted induction motor fed with PWM inverter,” in Conf. Rec. IEEE-IAS Annu. Meeting, 1992, pp. 647–655. [4] G. Gentile, N. Rotondale, and M. Tursini, “Investigation of inverter-fed induction motors under fault conditions,” in Proc. IEEE PESC’92, 1992, pp. 127–132. [5] D. Kastha and B. K. Bose, “Investigation of fault modes of voltage-fed inverter system for induction motor drive,” IEEE Trans. Ind. Applicat., vol. 30, pp. 1028–1037, July/Aug. 1994. [6] N. Bianchi, S. Bolognani, and M. Zigliotto, “Analysis of PM synchronous motor drive failures during flux-weakening operation,” in Proc. IEEE PESC’96, 1996, pp. 1542–1548. [7] N. Bianchi, S. Bolognani, M. Zigliotto, and M. Zordan, “Influence of the current control strategy on the PMSM drive performance during failures,” in Proc. EPE Conf., 1997, pp. 1330–1335. [8] R. Spee and A. K. Wallace, “Remedial strategies for brushless DC drive failures,” IEEE Trans. Ind. Applicat., vol. 27, pp. 259–266, Mar./Apr. 1990. [9] D. Kastha and B. K. Bose, “Fault mode single-phase operation of a variable frequency induction motor drive and improvement of pulsating torque characteristics,” IEEE Trans. Ind. Electron., vol. 41, pp. 426–432, Aug. 1994. [10] J. R. Fu and T. A. Lipo, “A strategy to isolate the switching device fault of a current regulated motor drive,” in Conf. Rec. IEEE-IAS Annu. Meeting, 1993, pp. 1015–1020. [11] T. H. Liu, J. R. Fu, and T. A. Lipo, “A strategy for improving reliability of field-oriented controlled induction motor drives,” IEEE Trans. Ind. Applicat., vol. 29, pp. 910–917, Sept./Oct. 1993. [12] G. Gentile, N. Rotondale, M. Tursini, G. Franceschini, and C. Tassoni, “An approach to knowledge-base representation in electric drive fault diagnosis,” in Proc. ICEM’97, 1997, pp. 358–362. [13] R. Zhang, D. Boroyevich, V. H. Prasad, H. Mao, F. C. Lee, and S. Dubovsky, “A three-phase inverter with a neutral leg with space vector modulation,” in Proc. IEEE APEC’97, 1997, pp. 857–863. [14] J. R. Fu and T. A. Lipo, “Disturbance free operation of a multiphase current regulated motor drive with an opened phase,” in Conf. Rec. IEEE-IAS Annu. Meeting, 1993, pp. 637–644. Silverio Bolognani (M’98) is a native of Trento Province, Italy. He received the Laurea degree in electrical engineering from the University of Padova, Padova, Italy, in 1976. In 1976, he joined the Department of Electrical Engineering, University of Padova, where he was involved in the analysis and design of thyristor converters and synchronous motor drives. He also founded the Electrical Drives Laboratory and carried out research on brushless and induction motor drives. He is presently engaged in research on advanced control techniques for motor drives and motion control and on design of ac electrical motors for variable-speed applications. He has authored more than 80 papers on electrical machines and drives. His teaching activity was first devoted to electrical circuit and electromagnetic field theory and, later, to electrical drives and electrical machine design. He is currently a Full Professor of Electrical Drives. 1141 Marco Zordan was born in Padova, Italy, in 1970. He received the degree in electronic engineering and the Ph.D. degree from the University of Padova, Padova, Italy, in 1995 and 1999, respectively. For his electronic engineering thesis, he took part in an industrial research project in Cork, Ireland, working on motor drives control strategies. He also worked in the area of electronic design (hardware and software) on industrial motor drives and power electronics. In 1998, he joined the Department of Engineering, University of Aberdeen, Aberdeen, U.K., where he was a Research Fellow in the area of PM motor drives, DTC, and sensorless control. He is currently with the Department of Electrical Engineering, University of Padova. His research interests include advanced control techniques in the field of electric drives. Mauro Zigliotto (M’98) was born in Vicenza, Italy, in 1963. He received the degree in electronic engineering from the University of Padova, Padova, Italy, in 1988. He worked in the electrical engineering industry in research and development of microcontroller-based circuits for industrial drives. He is currently a Senior Research Assistant in the Electricral Drives Laboratory, Department of Electrical Engineering, University of Padova. His current area of interest is related to innovative control strategies for ac drives. Dr. Zigliotto is Secretary of the IEEE IAS–IES–PELS North Italy Joint Chapter.
