Fault-Tolerant Safety-Critical Control for Nonlinear Affine System by Using High-Order Control Barrier Function

Abstract

A class of fault-tolerant safety-critical controller design methods based on high-order control barrier function (HOCBF) is proposed to address the problem of safety and stability of system affected by actuator faults in safety-constrained nonlinear affine system. Firstly, the fault information is incorporated into the conventional HOCBF to obtain a new type of HOCBF with faults. Secondly, in the case of a strictly required range of control inputs, a sufficient condition is proposed to satisfy the existing constraints, where the control inputs are always within the restricted range and the sufficient condition is expressed as feasibility constraints. Next, based on the quadratic programming (QP) method, the control Lyapunov function, fault HOCBF, and feasibility constraints are incorporated together to ensure that the overall feasibility, stabilization, and safety are guaranteed of the considered closed-loop system. Finally, the adaptive cruise control system is taken as an example to verify the effectiveness of the proposed method.

1. Introduction

In recent years, the control barrier function (CBF) has been used to design safety control laws for nonlinear affine safety-critical system [1], which is gradually becoming a widely used method in nonlinear system control, such as adaptive cruise control [2], lane keeping [3], and so on. It ensures that the system state is within a safe region by introducing a constraint function that prevents the system from entering a hazardous state [4]. The CBF method focuses on the distance of the system state from the safety boundary and uses the value of this distance as a guidance signal for the controller to keep the system within the safety constraint [5]. The advantage of CBF is that it provides a formalized method to ensure that the system meets stringent safety requirements while performing the control task, providing an effective means of controlling and protecting complex systems [6].

Higher order control barrier function (HOCBF) is an extension of CBF for designing safe and high performance control system [7]. Compared with the traditional CBF, HOCBF not only considers the distance between the system state and the safety boundary, but also incorporates the higher order derivative information of the system state, which makes the control more accurate [8,9]. This makes HOCBF outstanding in areas such as handling higher-order nonlinear system, robot path planning, and autonomous driving, such as ship trajectory tracking and heading control [10], robotic arm obstacle avoidance [11], robot control [12], and aircraft control [13], etc. The forward-looking nature of HOCBF makes it a powerful tool to meet the challenges of complex system, ensuring stable operation and meeting stringent safety constraints.

Safety-critical system has difficulty in continuing to meet the safety requirements of the system in the event of a fault [14]. The introduction of fault-tolerant control can improve the system’s ability to cope with disturbances caused by faults [15,16,17], so it is extremely necessary to consider fault-tolerant control for safety-critical system. For general nonlinear affine system, the construction of HOCBF constraints to ensure system safety has been proposed in [18]. Recently, we have found that when the system has partial actuator failures, the solution of Quadratic Programming (QP) cannot keep the faulty system state-safe using the HOCBF constraints of the fault-free system [19]. In addition, when the inputs are limited to a certain range, it increases the probability of mutual conflicts between the safety constraints, resulting in an infeasible optimal control problem for the faulty system. Therefore, it is important to study the feasibility of the optimal control problem for faulty system when both input bounds and safety constraints exist.

In this paper, firstly, the HOCBF constraints are redesigned based on the fault information of the system, and a class of fault-tolerant controller design methods based on HOCBF and CLF are proposed to re-enable the faulty system to satisfy the safety requirements. Secondly, a sufficient condition is proposed to satisfy the existing constraints, where the control inputs are always within the restricted range and the sufficient condition is expressed as feasibility constraints. These feasibility constraints will be incorporated into the solution of the QP problem to ensure the safety of the faulty system and the feasibility of the solution of the QP problem together with the existing safety constraints of the system.

2. Preliminaries

Definition 1

(Class $\mathcal{K}$ function [12]). A Lipschitz continuous function $\alpha :[0,\tau )\to [0,\infty ),\tau >0$ is said to belong to class $\mathcal{K}$ function if it is strictly increasing and $\alpha \left(0\right)=0$.

The system model can be expressed in terms of a general nonlinear affine system as:

$$\dot{x}=f\left(x\right)+g\left(x\right)u$$

(1)

where $x\in X\in {\mathbb{R}}^n$ is the state of the system, $f,g$ are known locally as the Lipschitz function, $u\in U\in {\mathbb{R}}^m$ is the control input to the system, and $u_{max},u_{min}$ are the maximum and minimum values of the control input; thus, the control input can be expressed as:

$$U:=\{u\in {\mathbb{R}}^m:u_{min}⩽u⩽u_{max}\}$$

(2)

Definition 2

(CLF [2]). There exists a continuously differentiable function $V\left(x\right):X\to \mathbb{R}$ which is a globally and exponentially stabilizing CLF for system (1) if there exist constants $c_1,c_2,c_3>0$ such that, for all system statuses, $x\in X\in {\mathbb{R}}^n$

$$c_1{\Vert x\Vert }^2⩽V\left(x\right)⩽c_2{\Vert x\Vert }^2$$

$$\underset{u\in U}{inf}[L_{f}V\left(x\right)+L_{g}V\left(x\right)u+c_{3}V\left(x\right)]⩽0$$

where $L_{f}V\left(x\right)=\frac{\partial V}{\partial x}f\left(x\right),L_{g}V\left(x\right)=\frac{\partial V}{\partial x}g\left(x\right)$ are the first order Lie derivatives of the system (1).

Definition 3

(Set Invariance [20]). A set $C\in {\mathbb{R}}^n$ is forward invariant for the nonlinear affine system (1) if, and only if, every initial state $x\left(0\right)\in C$ of its solution satisfies $x\left(t\right)\in C$ for all $t⩾0$.

Definition 4

(Relative degree [21]). The relative degree of a continuously differentiable function $h:{\mathbb{R}}^n\to \mathbb{R}$ with respect to system (1) is the number of times we need to differentiate it along the dynamics of system (1) until the control input u explicitly shows.

For a constraint function $h\left(x\right)⩾0,h:{\mathbb{R}}^n\to \mathbb{R}$ with relative degree r, we define a series of functions ${\psi }_i:{\mathbb{R}}^n\to \mathbb{R}$:

$$\begin{array}{c}\begin{array}{c}{\psi }_0\left(x\right):=h\left(x\right),\hfill \\ {\psi }_i\left(x\right):={\dot{\psi }}_{i-1}\left(x\right)+{\alpha }_i\left({\psi }_{i-1}\left(x\right)\right),i\in \{1,\dots ,r-1\},\hfill \\ {\psi }_i(x,u):={\dot{\psi }}_{i-1}(x,u)+{\alpha }_i\left({\psi }_{i-1}\left(x\right)\right),i=r.\hfill \end{array}\end{array}$$

(3)

where ${\alpha }_i(·),i\in \{1,\dots ,r\}$ denote ${(r-i)}^{th}$ the order differentiable class $\mathrm{K}$ function. We further define a sequence of sets $C_i,i\in \{1,\dots ,r\}$ associated with (3) in the form:

$$\begin{array}{c}\begin{array}{c}{C}_1:=\{x\in {\mathbb{R}}^n:{\psi }_0\left(x\right)⩾0\}\hfill \\ C_2:=\{x\in {\mathbb{R}}^n:{\psi }_1\left(x\right)⩾0\}\hfill \\ ⋮\hfill \\ C_r:=\{x\in {\mathbb{R}}^n:{\psi }_{r-1}\left(x\right)⩾0\}\hfill \end{array}\end{array}$$

(4)

Definition 5

(HOCBF [13]). Let $C_i,i\in \{1,\dots ,r\}$ be defined by (4) and ${\psi }_i,i\in \{1,\dots ,r\}$ be defined by (3). A continuously differentiable function $h:{\mathbb{R}}^n\to \mathbb{R}$ is a high order control barrier function of relative degree r with respect to system (1) if there exists a collection of differentiable class $\mathrm{K}$ function ${\alpha }_i(·),i\in \{1,\dots ,r\}$ such that

$$\underset{u\in U}{sup}[L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)]⩾0$$

(5)

where $O\left(h\left(x\right)\right)={\displaystyle \sum _{i=1}^{r-1}}{L}_f^i({\alpha }_{r-i}\circ {\psi }_{r-i-1}\left(x\right))$ denotes the remaining Lie derivatives along f with a relative degree less than r.

Definition 6

([5]). From Definition 5, give a function $h\left(x\right)$ that is associated with a sequence of sets $C_i,i\in \{1,\dots ,r\}$, defined by (4), and if $x\left(t_0\right)\in C_1\left(t_0\right)\cap C_2\left(t_0\right)\cap \dots \cap C_r\left(t_0\right)$, then any Lipschitz continuous controller $u\in U$ that satisfies (5) renders the set $C=C_1\cap C_2\cap \dots \cap C_r$ as forward invariant for system (1).

3. Fault High-Order Control Barrier Function

For a general nonlinear affine system (1), given the set c defined by Definition 6 and the associated CLF and HOCBF, they can be combined into a single Lipschitz continuous controller by means of QP [22]:

$$\underset{\mathrm{u}={\left[u\delta \right]}^T}{{\mathrm{u}}^{*}=argmin}\frac{1}{2}{\mathrm{u}}^{T}H\left(x\right)\mathrm{u}+F{\left(x\right)}^T\mathrm{u}$$

(6)

$$s.t.L_{f}V\left(x\right)+L_{g}V\left(x\right)u+c_{3}V\left(x\right)-\delta ⩽0$$

(7)

$$L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾0$$

(8)

where $H\left(x\right)\in {\mathbb{R}}^{(m+1)\times (m+1)}$ is a positive definite matrix, $F\left(x\right)\in {\mathbb{R}}^{(m+1)}$, and $\delta$ is the slack variable.

Considering the existence of partial actuator failures of a general nonlinear affine system, then the faulty system model of system (1) can be represented as:

$$\dot{x}=f\left(x\right)+g\left(x\right)\rho u$$

(9)

where $\rho$ is the failure coefficient that satisfies $\rho \in [\underline{\rho },\overline{\rho }]$, $0<\underline{\rho }⩽\rho ⩽\overline{\rho }⩽1$, $\underline{\rho },\overline{\rho }$, which are the lower and upper boundaries, respectively.

To easily illustrate the reconstruction of the control barrier function, system (9) can be represented as:

$$\dot{x}=f\left(x\right)+\overline{g}\left(x\right)u$$

(10)

where $\overline{g}\left(x\right)=g\left(x\right)-g\left(x\right)\tilde{\rho }$, $\tilde{\rho }=1-\rho$.

For the faulty system (10), a reconstruction of the HOCBF constraint (8) is required to ensure the forward invariance of the safety set C. That is, inequality (8) should contain terms that eliminate the effects of partial actuator failures.

Definition 7

(FHOCBF). Let $C_i,i\in \{1,\dots ,r\}$ be defined by (4) and ${\psi }_i,i\in \{1,\dots ,r\}$ be defined by (3). A continuously differentiable function $h:{\mathbb{R}}^n\to \mathbb{R}$ is a fault high order control barrier function (FHOCBF) of relative degree r with respect to system (10) if there exists a collection of differentiable class $\mathrm{K}$ function ${\alpha }_i(·),i\in \{1,\dots ,r\}$ such that

$$\begin{array}{c}\hfill \begin{array}{c}\hfill {\psi }_r\left(x\right)=L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+P\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾0\end{array}\end{array}$$

(11)

For all $x\in C$ and $\rho \in [\underline{\rho },\overline{\rho }]$, where $P\left(x\right)$ is a function of x and $\rho$. Since (11) needs to be satisfied for all $\rho \in [\underline{\rho },\overline{\rho }]$, the constraints can be rewritten as:

$$L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾F_p\left(x\right)$$

(12)

where $F_p\left(x\right)=\underset{\rho \in [\underline{\rho },\overline{\rho }]}{max}(-P\left(x\right))$.

Remark 1.

A function $h:{\mathbb{R}}^n\to \mathbb{R}$ that is continuously differentiable is said to have a relative degree r with respect to system (1) if (a) for all $1⩽i⩽r-1$, $L_g{L}_f^{i-1}h\left(x\right)\equiv 0$; and (b) $L_g{L}_f^{r-1}h\left(x\right)\ne 0$ for all $x\in X\in {\mathbb{R}}^n$. $L_f,L_g$ indicate the Lie derivatives along f and g, respectively, and $L_f^r$ indicates the Lie derivatives along f r times [19].

According to (10), we can get the $P\left(x\right)=-L_g{L}_f^{r-1}h\left(x\right)\tilde{\rho }u$, where $F_p\left(x\right)=\underset{\rho \in [\underline{\rho },\overline{\rho }]}{max}(-P\left(x\right))$ is a linear program. Otherwise $P\left(x\right)=-L_g{L}_f^{r-1}h\left(x\right)\tilde{\rho }u$ is a nonlinear function of $\rho$ in general, and the solution to the nonlinear program $F_p\left(x\right)=\underset{\rho \in [\underline{\rho },\overline{\rho }]}{max}(-P\left(x\right))$ can be used to find the set of control inputs that satisfy inequality (12):

$$\begin{array}{c}\hfill \begin{array}{c}\hfill K_{fhocbf}\left(x\right)=\{u\in {\mathbb{R}}^m:L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾F_p\left(x\right)\}\end{array}\end{array}$$

(13)

Theorem 1.

Given a FHOCBF $h:{\mathbb{R}}^n\to \mathbb{R}$ by Definition 7, any Lipschitz continuous control input $u\in K_{fhocbf}\left(x\right)$ renders the set $C=C_1\cap C_2\cap \dots \cap C_r$ as forward invariant for system (10).

Proof of Theorem 1.

Any Lipschitz continuous controller $u\in K_{fhocbf}\left(x\right)$ enforces ${\psi }_r\left(x\right)⩾0$ or equivalently ${\dot{\psi }}_{r-1}\left(x\right)⩾-m_r{\psi }_{r-1}\left(x\right)$ regardless of the value of $\rho \in [\underline{\rho },\overline{\rho }]$. On the assumption that $x\left(0\right)\in C=C_1\cap C_2\cap \dots \cap C_r$, in that case $x\left(0\right)\in C_r$, we can go further than that ${\psi }_{r-1}\left(x\left(0\right)\right)⩾0$ which, based on Definition 3, this will make ${\psi }_{r-1}\left(x\right)⩾0(x\in C_r)$ or ${\dot{\psi }}_{r-2}\left(x\right)⩾-m_{r-1}{\psi }_{r-2}\left(x\right)$, again, since $x\left(0\right)\in C_{r-1}$, this results in ${\psi }_{r-2}\left(x\right)\ge 0(x\in C_{r-1})$. Continuing this reasoning, we can prove that $C=C_1\cap C_2\cap \dots \cap C_r$ is forward invariant for system (10). □

At this point, the QP problem (6) and the corresponding constraints (7) and (8) will be rewritten as:

$$\underset{\mathrm{u}={\left[u\delta \right]}^T}{{\mathrm{u}}^{*}=argmin}\frac{1}{2}{\mathrm{u}}^{T}H\left(x\right)\mathrm{u}+F{\left(x\right)}^T\mathrm{u}$$

(14)

$$s.t.L_{f}V\left(x\right)+L_{g}V\left(x\right)u+c_{3}V\left(x\right)-\delta ⩽0$$

(15)

$$L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾0$$

(16)

4. Feasibility of Optimal Control Problem by Using FHOCBF

The amount of input to the system cannot be unlimited, so it is necessary to consider that the system can still operate safely and stably under input constraints, which is more in line with practical scenarios. In other words, the continued safe and stable operation of system (10) requires the fulfillment of at least two of these conditions:

(a) Always meet one or more of the following forms of safety requirements:

$$h\left(x\right(t\left)\right)⩾0,x\in X,\forall t\in [0,T]$$

(17)

(b) Since the input is finite, it is necessary that the control input always satisfies control input bound (2) at time period $t\in [0,T]$.

If these two conditions are always satisfied, then we claim that the control strategy of system (10) is feasible.

Consider the case of limited control inputs, where the QP problem (14) and the corresponding constraints (15) and (16) will be rewritten as:

$$\underset{\mathrm{u}={\left[u\delta \right]}^T}{{\mathrm{u}}^{*}=argmin}\frac{1}{2}{\mathrm{u}}^{T}H\left(x\right)\mathrm{u}+F{\left(x\right)}^T\mathrm{u}$$

(18)

$$s.t.u_{min}⩽u⩽u_{max}$$

(19)

$$L_{f}V\left(x\right)+L_{g}V\left(x\right)u+c_{3}V\left(x\right)-\delta ⩽0$$

(20)

$$L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾0$$

(21)

For (18), solving the optimal control problem with decision variable u and $\delta$, we divide the time period $t\in [0,T]$ into a finite number of intervals $[t_k,t{}_{k+1}),k=0,1,2\dots ,t_0=0$. The QP is solved point by point, where this computationally efficient but short-sighted approach can easily lead to infeasibility in the QP solution process, especially under tight control input constraints. With that said, the FHOCBF constraint can conflict with the control bounds, which will cause the QP solution process for the next time interval to be infeasible. Therefore, to address this occurrence, in this paper, we introduce a feasibility constraint.

Definition 8

(Feasibility Constraint [22]). Suppose that QP problem (18), with state $x\left(\tau \right),\tau \in [0,T)$ at the current moment, is feasible under constraints (19)–(21), and that a continuously differentiable function, $h_f:{\mathbb{R}}^n\to \mathbb{R},h_f⩾0$, is a feasibility constraint if it ensures that the QP problem (18), corresponding to the next time interval, is still feasible under constraints (19)–(21).

After finding the feasibility constraint, we can use it as an additional constraint on the QP problem (18) to ensure the feasibility of the QP solution process for the next time interval. It is introduced that the feasibility constraint needs to satisfy two conditions: (a) It is conflict-free (the intersection of the sets formed by multiple constraints is not empty) with constraints (19) and (21). (b) It reduces the occurrence of conflicts between constraints (19) and (21). In the following, we derive how to find suitable feasibility constraints.

A continuously differentiable function $h:{\mathbb{R}}^n\to \mathbb{R}$ is a FHOCBF of relative degree r with respect to system (10); according to (11), the control input $u\in U$ always needs to satisfy the following inequality:

$$-L_g{L}_f^{r-1}h\left(x\right)u⩽L_f^{r}h\left(x\right)+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)$$

(22)

Further, we define the set of all control inputs satisfying (22):

$$\begin{array}{c}\hfill K_p\left(x\right)=\{u\in {\mathbb{R}}^m:-L_g{L}_f^{r-1}h\left(x\right)u⩽L_f^{r}h\left(x\right)+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)\}\end{array}$$

(23)

The analysis of the feasibility constraints in the following section depends on the vector sign of $-L_g{L}_f^{r-1}h\left(x\right)$ changing in time period $t\in [0,T]$.

To begin with, we assume that all components in $-L_g{L}_f^{r-1}h\left(x\right)$ do not change sign. Assume $-L_g{L}_f^{r-1}h\left(x\right)⩾0$. By multiplying each component of $-L_g{L}_f^{r-1}h\left(x\right)$ by the control input bound (19) and adding them together, it yields the following inequality for all system statuses, so that (19) is able to be rewritten using relaxation as:

$$-L_g{L}_f^{r-1}h\left(x\right)u_{min}⩽-L_g{L}_f^{r-1}h\left(x\right)u⩽-L_g{L}_f^{r-1}h\left(x\right)u_{max}$$

(24)

Further, we define the set of all control input u satisfying (24):

$$\begin{array}{c}\hfill K_e\left(x\right)=\{u\in {\mathbb{R}}^m:-L_g{L}_f^{r-1}h\left(x\right)u_{min}⩽-L_g{L}_f^{r-1}h\left(x\right)u⩽-L_g{L}_f^{r-1}h\left(x\right)u_{max}\}\end{array}$$

(25)

The control input bound (19) is conflict-free with constraint (22) if the control input is such that (24) is conflict-free with constraint (22) for all $x\in X$, i.e., $K_p\left(x\right)\cap K_e\left(x\right)\ne \varnothing$.

Therefore, whether there is a conflict between constraints (22) and bound (19) only needs to be considered when (24) and (22) are conflict-free. Since (24) consists of two parts, it can be discussed in two cases: (a) $-L_g{L}_f^{r-1}h\left(x\right)u⩽-L_g{L}_f^{r-1}h\left(x\right)u_{max}$ and (22); (b) $-L_g{L}_f^{r-1}h\left(x\right)u_{min}⩽-L_g{L}_f^{r-1}h\left(x\right)$ and (22).

It can be concluded that for all states $x\in X$ of the system, there always exists a control input u such that the two inequalities of case (a) are satisfied simultaneously, but the inequalities of case (b) may conflict. Therefore, in order to solve the problem that QP is infeasible in a certain time interval due to the formation of a conflict between the FHOCBF constraints (22) and (24), the QP problem (18) should also satisfy the following inequality, subject to conditions (19)–(21):

$$\begin{array}{c}\hfill -L_g{L}_f^{r-1}h\left(x\right)u_{min}⩽L_f^{r}h\left(x\right)+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)\end{array}$$

(26)

This is a feasibility constraint constructed to avoid a conflict in the inequalities of Case (2) that leads to the QP problem (18), which is infeasible while satisfying conditions (19)–(21).

Due to the presence of $h\left(x\right)$, the relative degree of the feasibility constraint is relative to the system dynamics (10). In order to find the control input that always satisfies the feasibility (26), it is further defined as:

$$\begin{array}{c}\hfill h_f\left(x\right)=L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u_{min}+O\left(h\left(x\right)\right)-F_p\left(x\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)⩾0\end{array}$$

(27)

By Definition 7, making $h_f\left(x\right)$ as a FHOCBF guarantees that (24) and constraint (22) are conflict-free such that constraint (22) and bound (19) are conflict-free. It is worth noting that the relative degree of $h_f\left(x\right)$ with respect to the dynamics of system (10) is only one because of the presence of ${\psi }_{r-1}\left(x\right)$, so the set of control inputs that satisfy (27) is as follows:

$$K_f\left(x\right)=\{u\in {\mathbb{R}}^m:L_f{h}_f\left(x\right)+L_g{h}_f\left(x\right)u+{\alpha }_f\left(h_f\left(x\right)\right)⩾0\}$$

(28)

where ${\alpha }_f(·)$ is a Class $\mathcal{K}$ function.

Theorem 2.

The control input $u\in K_f\left(x\right)$ guarantees the feasibility of the QP problem (18) at the next moment under constraints (19)–(21) if the QP problem (18) is feasible at the current moment and the FHOCBF corresponding to constraint (27) in set (28) is conflict-free with the control bound (19) and constraint (22) at the same moment.

Proof of Theorem 2.

If the QP problem (18) is feasible at the current moment, the FHOCBF constraint (22) is conflict-free with the control input bound (19) and (24) at the current moment because control input u is a subset of $K_e\left(x\right)$ defined in (25). Via Theorem 1, we can obtain $h_f\left(x\left(t\right)\right)⩾0,\forall t⩾0$, where the FHOCBF constraint (22) is conflict-free with (24) for all $t⩾0$. Then, the FHOCBF constraint (22) is conflict-free with the control input bound (19) either. Finally, the feasibility of the QP problem (18) is guaranteed by assuming that the FHOCBF constraint corresponding to (26) in (28) is conflict-free with the control input bound (19) and the FHOCBF constraint (22) at the same moment. □

Rewriting the inequality in (28) into the form of (5) gives:

$$L_f^{r}h\left(x\right)+L_g{L}_f^{r-1}h\left(x\right)u+O\left(h\left(x\right)\right)+{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)+\xi \left(x\right)⩾0$$

(29)

Contrasting (29) and (28), $\xi \left(x\right)$ can be chosen as:

$$\begin{array}{c}\hfill \xi \left(x\right)=L_f{h}_f\left(x\right)+L_g{h}_f\left(x\right)u+{\alpha }_f\left(h_f\left(x\right)\right)-L_f^{r}h\left(x\right)-L_g{L}_f^{r-1}h\left(x\right)u-O\left(h\left(x\right)\right)-{\alpha }_r\left({\psi }_{r-1}\left(x\right)\right)\end{array}$$

(30)

To facilitate the feasibility of solving the QP problem (18), $\xi \left(x\right)$ needs to be considered as a constraint in the constraints of the QP problem (18). The determination of reasonable $\xi \left(x\right)$ reduces the likelihood of conflict with the control input bound (19) as well as the FHOCBF (21). The relative degree of $\xi \left(x\right)$ should not be too high, as this would make the constraints complex and conflict with each other, making the QP problem (18) infeasible. Therefore, a discussion of the relative degree of $\xi \left(x\right)$ as zero or one follows.

If the relative degree of $\xi \left(x\right)$ is zero, that is say, the control input u appears directly in the function $\xi \left(x\right)$. At this point, $\xi \left(x\right)$ needs to satisfy $\xi \left(x\right)⩾0$. If the FHOCBF constraint (22) is satisfied, combining $\xi \left(x\right)⩾0$ and constraint (22), it follows that (29) is satisfied. This means that Theorem 1 satisfies (26), where the FHOCBF constraint (22) and control input bound (19) will be conflict-free. If $\xi \left(x\right)⩾0$ is conflict-free with the control input bound (19) and the FHOCBF constraint (22) at the same moment, then the feasibility of the QP problem (18) can be guaranteed.

If the relative degree of $\xi \left(x\right)$ is one, a set can be defined as follows:

$$\begin{array}{c}\hfill K_{\xi }\left(x\right)=\{u\in {\mathbb{R}}^m:L_f\xi \left(x\right)+L_g\xi \left(x\right)u+{\alpha }_{\xi }\left(\xi \left(x\right)\right)⩾0\}\end{array}$$

(31)

where ${\alpha }_{\xi }(·)$ is a Class $\mathcal{K}$ function.

Remark 2.

The determination of $\xi \left(x\right)$ requires HOCBF constraints and control input bounds, which need to be based on the system model parameters and system safety conditions.

Theorem 3.

Any control input $u\in K_{\xi }\left(x\right)$ can guarantee the feasibility of the QP problem (18), if $\xi \left(x\right)$ can satisfy $\xi \left(x\right(0\left)\right)⩾0$, $L_f\xi \left(x\right)⩾0$ and $L_g\xi \left(x\right)=\lambda L_g{L}_f^{r-1}h\left(x\right),\lambda ⩾0$.

Proof of Theorem 3.

If $\xi \left(x\right(0\left)\right)⩾0$ and $u\in K_{\xi }\left(x\right)$, we can get $\xi \left(x\right(t\left)\right)⩾0,\forall t⩾0$. If the FHOCBF constraint (22) is satisfied, combining $\xi \left(x\right(t\left)\right)⩾0,\forall t⩾0$ and constraint (22), it follows that (29) is satisfied. This means that Theorem 1 satisfies (26), the FHOCBF constraint (22) and control input bound (19) will be conflict-free, $U\cap K_p\left(x\right)\ne \varnothing$. If $L_f\xi \left(x\right)⩾0$, we can get $0\in K_{\xi }\left(x\right)$, $U\cap K_{\xi }\left(x\right)\ne \varnothing$. If $L_g\xi \left(x\right)=\lambda L_g{L}_f^{r-1}h\left(x\right),\lambda ⩾0$, $K_p\left(x\right)\cap K_{\xi }\left(x\right)$ is $K_p\left(x\right)$ or $K_{\xi }\left(x\right)$. So $K_p\left(x\right)\cap K_{\xi }\left(x\right)\cap U$ is $U\cap K_p\left(x\right)\ne \varnothing$ or $U\cap K_{\xi }\left(x\right)\ne \varnothing$. Thus, if the control input bound (19) and the FHOCBF constraint (22) is conflict-free at the same moment, then the feasibility of the QP problem (18) can be guaranteed. □

Recall from above that the analysis of the case where the sign of the components of the vector $-L_g{L}_f^{r-1}h\left(x\right)$ does not change is complete. If $-L_{gi}{L}_f^{r-1}h\left(x\right)⩾0$, let $u=(u_1,u_2,\dots ,u_m)$, $u_{min}=(u_{1,min},u_{2,min},\dots ,u_{m,min})$, and $u_{max}=(u_{1,max},u_{2,max},\dots ,u_{m,max})$, then there is

$$\begin{array}{c}\hfill \begin{array}{c}\hfill -L_{gi}{L}_f^{r-1}h\left(x\right)u_{i,min}⩽-L_{gi}{L}_f^{r-1}h\left(x\right)u_i⩽-L_{gi}{L}_f^{r-1}h\left(x\right)u_{i,max}\end{array}\end{array}$$

(32)

If the sign of some components of the vector $-L_g{L}_f^{r-1}h\left(x\right)$ changes, then the sign of (32) reverses as the sign of $-L_{gi}{L}_f^{r-1}h\left(x\right),i\in \{1,2,\dots ,m\}$ changes in $t\in [0,T]$. If $-u_{i,min}=u_{i,max}$, the result of the inversion still satisfies (32). If $-u_{i,min}\ne u_{i,max}$, let $u_{i,tem}:=min\left\{\right|u_{i,min}|,u_{i,max}\}$, $-u_{i,tem}⩽u_i⩽u_{i,tem}$, i.e., $u_{i,min}⩽u_i⩽u_{i,max}$, so we can get $L_{gi}{L}_f^{r-1}h\left(x\right)u_{i,tem}⩽-L_{gi}{L}_f^{r-1}h\left(x\right)u_i⩽-L_{gi}{L}_f^{r-1}h\left(x\right)u_{i,tem}$, i.e., the result of the $-u_{i,min}\ne u_{i,max}$ still satisfies (32). In a word, inequality (26) is not affected by cases such as changes in the sign of $-L_{gi}{L}_f^{r-1}h\left(x\right),i\in \{1,2,\dots ,m\}$ and the asymmetry of the control input u, which implies that the feasibility constraint $\xi \left(x\right)$ is constructed in the same steps as mentioned above.

At this point, Theorem 3 is a sufficient condition for the feasibility of FHOCBF based on QP when the control inputs are limited but have been found. Therefore, following the conditions in Theorem 3, choosing a reasonable $\xi \left(x\right)$ is the key to improving the feasibility of the QP problem (18), subject to (19)–(21).

5. Simulation and Results

Adaptive cruise control (ACC) is a kind of system that adds the function of maintaining a safe distance control from the vehicle in front to the system that performs cruise control at a set speed [23].

5.1. ACC System Model

In this paper, only the intelligent vehicle is considered to complete the cruising task in a faster time under the premise of ensuring a safe distance. Therefore, complex situations such as overtaking, lane changing, obstacle avoidance, etc., are not considered, so the dynamics model of vehicle $j,j\in \{1,2,\dots ,n\}$ is expressed as [24]:

$$\begin{array}{c}\hfill \left\{\begin{array}{c}{\dot{p}}_j\left(t\right)=v_j\left(t\right)\hfill \\ m_j\frac{d{v}_j\left(t\right)}{dt}=u_j\left(t\right)-Fr\left(v_j\left(t\right)\right)\hfill \end{array}\right.\end{array}$$

(33)

where $u_j\left(t\right)$ is the control input of vehicle j at time t, which is the force applied to the wheels; $m_j$ is the mass of vehicle j; $v_j\left(t\right)$ is the speed of vehicle j at time t; $p_j\left(t\right)$ is the position of vehicle j at time t; and $Fr\left(v_j\left(t\right)\right)$ is the sum of all external resistances of vehicle j at time t while it is moving forward, which can further be expressed as:

$$\begin{array}{c}\hfill Fr\left(v_j\left(t\right)\right)=f_{0}sgn\left(v_j\left(t\right)\right)+f_1{v}_j\left(t\right)+f_2{v}_j{\left(t\right)}^2\end{array}$$

(34)

where $f_0>0, f_1>0, f_2>0$ are all known constants, and $sgn$ is a sign function.

In combining (9), the system state variable $x_j\left(t\right)={[p_j\left(t\right),v_j\left(t\right)]}^T$ can be further defined and the dynamics model of each actuator failure vehicle participating in the ACC system can be rewritten as:

$$\begin{array}{c}\hfill \begin{array}{cc}\hfill {\dot{x}}_j\left(t\right)& =f\left(x_j\left(t\right)\right)+g\left(x_j\left(t\right)\right){\rho }_j\left(t\right)u_j\left(t\right)\hfill \\ & =\left[\begin{array}{c}{v}_j\left(t\right)\\ -\frac{1}{m_j}Fr(v_j\left(t\right))\end{array}\right]+\left[\begin{array}{c}0\\ \frac{1}{m_j}\end{array}\right]{\rho }_j\left(t\right)u_j\left(t\right)\hfill \end{array}\end{array}$$

(35)

5.2. Multiple Constraints Formation

QP-based ACC problems need to focus on two constraints of QP: soft and hard constraints. The soft constraint is the stability objective of the system and is a speed constraint, i.e., the cruising vehicle is expected to reach the desired speed. The hard constraint is the safety objective of the system and is the safe distance constraint, i.e., the distance between the cruising vehicle and the cruising target vehicle cannot be less than the minimum safe distance [23].

After the above analysis, the vehicle j can be made to accelerate so that the speed $v_j\left(t\right)$ is close to the desired speed $v_{jd}$ set by the system, i.e., $\underset{t\to \infty }{lim}{v}_j\left(t\right)=v_{jd}$, to the extent of shortening the time used for cruising by selecting a suitable CLF as a soft constraint while ensuring a safe distance from the vehicle in front.

Such that $y_j\left(t\right)=v_j\left(t\right)-v_{jd}$ and the resulting selection of the candidate CLF is:

$$\begin{array}{c}\hfill V_j\left(y_j\left(t\right)\right)=y_j^2\left(t\right)={(v_j\left(t\right)-v_{jd})}^2\end{array}$$

(36)

so ${\dot{V}}_j\left(y_j\left(t\right)\right)=2y_j\left(t\right){\dot{y}}_j\left(t\right)=2y_j\left(t\right)\mu$; thus, when $\mu =-\frac{\epsilon }{2}{y}_j\left(t\right)$, then we have $\dot{V}\left(y_j\left(t\right)\right)=-\epsilon V\left(y_j\left(t\right)\right)$. It can be concluded that Definition 2 is satisfied when $c_1=c_2=1,c_3=\epsilon$. This leads to the control input that makes the system satisfy exponential stabilization to zero dynamics, where the inequality is expressed as:

$$\begin{array}{c}\hfill L_f{V}_j\left(y_j\left(t\right)\right)+L_g{V}_j\left(y_j\left(t\right)\right)u_j\left(t\right)+c_3{V}_j\left(y_j\left(t\right)\right)-{\delta }_j⩽0\end{array}$$

(37)

where $L_g{V}_j\left(y_j\left(t\right)\right)=\frac{2}{m_j}(v_j\left(t\right)-v_{jd})$, $L_f{V}_j\left(y_j\left(t\right)\right)=-\frac{2}{m_j}Fr\left(v_j\left(t\right)\right)(v_j\left(t\right)-v_{jd})$.

Maintaining a certain safety distance between vehicles is a necessary condition for the ACC system to maintain the safety requirements. In order to make the system maintain a safe distance, FHOCBF will be introduced to constrain the control input $u_j\left(t\right)$ of the system. According to (17), $d_j\left(t\right)⩾d_p,\forall t\in [0,T]$ can be chosen, where $d_j\left(t\right)$ is the distance between vehicle j and the neighboring front vehicle at time t, $d_p$ is the minimum safe distance that should be maintained between vehicle j and the neighboring front vehicle, i.e., ${\dot{d}}_j\left(t\right)=v_{jf}\left(t\right)-v_j\left(t\right)$, and $v_{jf}$ is the speed of the neighboring front vehicle of vehicle j at time t. Therefore, the safe distance function for vehicle j is expressed as:

$$\begin{array}{c}\hfill h_j\left(x\left(t\right)\right)=d_j\left(t\right)-d_p,\forall t\in [0,T]\end{array}$$

(38)

According to Definition 4, the relative degree of (38) with respect to system (35) is $r=2$. According to Definition 7, by combining (4), (10), and (38), we can choose ${\psi }_{j,0}\left(x\left(t\right)\right)=h_j\left(x\left(t\right)\right)$, ${\alpha }_1\left({\psi }_{j,0}\left(x\left(t\right)\right)\right)=z_1{\psi }_{j,0}\left(x\left(t\right)\right)$, ${\alpha }_2\left({\psi }_{j,1}\left(x\left(t\right)\right)\right)=z_2{\psi }_{j,1}\left(x\left(t\right)\right)$, where ${\psi }_{j,i}\left(x\left(t\right)\right),j\in \{1,2,\dots ,n\},i\in \{0,1,2\}$ denote the function ${\psi }_i$ of the vehicle j, $z_1>0,z_2>0$, and control input $u_j\left(t\right)$ should satisfy the following inequality:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill L_f^2{h}_j\left(x\left(t\right)\right)+L_g{L}_f{h}_j\left(x\left(t\right)\right)u_j\left(t\right)+O\left(h_j\left(x\left(t\right)\right)\right)-F_{j,p}\left(x\right)+{\alpha }_2\left({\psi }_{j,1}\left(x\left(t\right)\right)\right)⩾0\end{array}\end{array}$$

(39)

where $L_g{L}_f{h}_j\left(x\left(t\right)\right)=\frac{1}{m_j},O\left(h_j\left(x\left(t\right)\right)\right)=z_1(v_{jf}\left(t\right)-v_j\left(t\right)),L_f^2{h}_j\left(x\left(t\right)\right)=\frac{Fr(v_j\left(t\right))}{m_j}$, ${\alpha }_2\left({\psi }_{j,1}\left(x\left(t\right)\right)\right)=z_1{z}_2(d_j\left(t\right)-d_p)+z_2(v_{jf}\left(t\right)-v_j\left(t\right)),F_{j,p}\left(x\right)=\underset{{\rho }_j\in [\underline{\rho },\overline{\rho }]}{max}\left(L_g{L}_f{h}_j\left(x\right){\tilde{\rho }}_j{u}_j\right)$.

In practice, the output of the vehicle system controller cannot be arbitrarily large, i.e., the forces acting on the wheels are not infinite, so finally, it is necessary to consider that the control inputs are limited to a certain range [25], which can be expressed as follows:

$$\begin{array}{c}\hfill -a_l{m}_{j}g⩽u_j\left(t\right)⩽a_h{m}_{j}g\end{array}$$

(40)

where g is the gravity acceleration constant, and $a_l$ and $a_h$ are the maximum deceleration and maximum acceleration coefficients of g, respectively.

In order to determine the feasibility constraint, according to (26), in combination with (39) and (40), the feasibility constraint for vehicle j can be chosen as:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill h_{j,f}\left(x\left(t\right)\right)=\frac{Fr\left(v_j\left(t\right)\right)}{m_j}+(z_1+z_2)(v_{jf}\left(t\right)-v_j\left(t\right))+z_1{z}_2(d_j\left(t\right)-d_p)+a_{l}g-F_{j,p}\left(x\right)\end{array}\end{array}$$

(41)

Since $\frac{Fr(v_j\left(t\right))}{m_j}⩾0,\forall t⩾0$, one can simplify (41) as follows:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill {\tilde{h}}_{j,f}\left(x\left(t\right)\right)=(z_1+z_2)(v_{jf}\left(t\right)-v_j\left(t\right))+z_1{z}_2(d_j\left(t\right)-d_p)+a_{l}g-F_{j,p}\left(x\right)\end{array}\end{array}$$

(42)

where ${\tilde{h}}_{j,f}\left(x\left(t\right)\right)⩾0$ implies $h_{j,f}\left(x\left(t\right)\right)⩾0$. According to Definition 4, the relative degree of ${\tilde{h}}_{j,f}\left(x\left(t\right)\right)$ is $r=1$. Combined with (28) and (42), this can be derived as:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \frac{u_j\left(t\right)}{m_j}⩽\frac{Fr(v_j\left(t\right))}{m_j}+(\frac{z_1{z}_2}{z_1+z_2}+k)(v_{jf}\left(t\right)-v_j\left(t\right))+\frac{k{z}_1{z}_2}{z_1+z_2}(d_j\left(t\right)-d_p)+\frac{k{a}_{l}g}{z_1+z_2}-\frac{k{F}_p\left(x\right)}{z_1+z_2}\end{array}\end{array}$$

(43)

Combining (29) and (43), it can be obtained that when $k=z_1+z_2$, (43) can be rewritten as:

$$\begin{array}{c}\hfill \begin{array}{c}\hfill \frac{u_j\left(t\right)}{m_j}⩽\frac{Fr(v_j\left(t\right))}{m_j}+(z_1+z_2)(v_{jf}\left(t\right)-v_j\left(t\right))+z_1{z}_2(d_j\left(t\right)-d_p)+{\xi }_j\left(x\left(t\right)\right)\end{array}\end{array}$$

(44)

where ${\xi }_j\left(x\left(t\right)\right)=\frac{z_1{z}_2}{z_1+z_2}(v_{jf}\left(t\right)-v_j\left(t\right))+a_{l}g-F_{j,p}\left(x\right)$.

According to Definition 4, the relative degree of ${\xi }_j\left(x\left(t\right)\right)$ is $r=1$. $L_f{\xi }_j\left(x\left(t\right)\right)=\frac{z_1{z}_2}{z_1+z_2}\frac{Fr(v_j\left(t\right))}{m_j}⩾0$, $L_g{\xi }_j\left(x\left(t\right)\right)=\frac{z_1{z}_2}{z_1+z_2}{L}_g{L}_f^{r-1}{h}_j\left(x\left(t\right)\right)$. So when $\xi \left(x\right(0\left)\right)⩾0$, the speed of vehicle j should satisfy the following inequality, which implies that Theorem 3 is satisfied

$$v_j\left(t\right)⩽v_{jf}\left(t\right)+\frac{z_1+z_2}{z_1{z}_2}(a_{l}g-F_{j,p}(x))$$

(45)

Up to this point, we have found $\xi \left(x\right)$ satisfies the feasibility constraint, which will be incorporated into the QP problem (18) as an additional constraint to ensure that (18) is always feasible. By combining (35) and (18) to (21), they are rewritten as:

$$\underset{{\mathrm{u}}_j={\left[u_j{\delta }_j\right]}^T}{{\mathrm{u}}_j^{*}=argmin}\frac{1}{2}{{\mathrm{u}}_j}^T{H}_j\left(x\right){\mathrm{u}}_j+F_j{\left(x\right)}^T{\mathrm{u}}_j$$

(46)

$$\begin{array}{c}\hfill s.t.u_{j,min}⩽u_j⩽u_{j,max}\end{array}$$

(47)

$$\begin{array}{c}\hfill L_f{V}_j\left(x\right)+L_g{V}_j\left(x\right)u_j+c_3{V}_j\left(x\right)-{\delta }_j⩽0\end{array}$$

(48)

$$\begin{array}{c}\hfill L_f{\xi }_j\left(x\right)+L_g{\xi }_j\left(x\right)u_j+{\alpha }_{\xi }\left({\xi }_j\left(x\right)\right)⩾0\end{array}$$

(49)

$$\begin{array}{c}\hfill \begin{array}{c}\hfill 0⩽L_f^2{h}_j\left(x\right)+L_g{L}_f{h}_j\left(x\right)u_j+O\left(h_j\left(x\right)\right)-F_{j,p}\left(x\right)+{\alpha }_2\left({\psi }_{j,1}\left(x\right)\right)\end{array}\end{array}$$

(50)

where $u_{j,min}=-a_l{m}_{j}g,u_{j,max}=a_h{m}_{j}g$.

In all the above formulas, the value of the relevant $F_{j,p}\left(x\right)$ can be determined via deflation. By combining $P\left(x\right)=-L_g{L}_f^{r-1}h\left(x\right)\tilde{\rho }u$ and $F_p\left(x\right)=\underset{\rho \in [\underline{\rho },\overline{\rho }]}{max}(-P\left(x\right))$, we can obtain $F_{j,p}\left(x\right)=max\left(\frac{{\tilde{\rho }}_j{u}_j}{m_j}\right)=\frac{{\tilde{\rho }}_{j,max}{u}_{j,max}}{m_j}$.

It is proposed in [2] that the objective function in (46) is based on the realization of the CLF constraints, the purpose of the speed constraints, i.e., it is desired that the cruising vehicle reaches the set desired speed, but during the reaching of the desired speed, the slack variables have to be balanced to ensure the feasibility of the ACC-QP. The construction of the CLF constraints starts by partially linearizing the system through $u_j\left(t\right)=Fr\left(v_j\left(t\right)\right)+m_j{\mu }_j\left(t\right)$. The objective function in (46) is the same as that in (47), but with the exception of the speed constraints, which are based on the ACC-QP. Ultimately, the objective function associated with the control inputs can be chosen to be ${\mu }_i{\left(t\right)}^T{\mu }_i\left(t\right)$, denoted as:

$${\mu }_j{\left(t\right)}^T{\mu }_j\left(t\right)=\frac{u_j{\left(t\right)}^T{u}_j\left(t\right)-2u_j{\left(t\right)}^{T}Fr\left(v_j\left(t\right)\right)+F{r}^2(v_j\left(t\right))}{{m_j}^2}$$

This determines the QP objective function in which $H_j\left(x\right),F_j\left(x\right)$, i.e.,

$$H_j\left(x\right)=\left[\begin{array}{cc}2/{m_j}^2& 0\\ 0& 2{\delta }_{js}\end{array}\right],F_j\left(x\right)=-\left[\begin{array}{c}2Fr\left(v_j\left(t\right)\right)/{m_j}^2\\ 0\end{array}\right]$$

where ${\delta }_{js}$ is the weight coefficient of the slack variable ${\delta }_j$.

5.3. Analysis of Simulation Results

In this section, the ACC system is simulated to verify the validity of the methodology proposed in the paper and we focus on the need to verify the validity of the FHOCBF and the feasibility constraints on the faulty system that can always ensure the safety of the system. We carry out the simulation in the presence of faults on two controlled vehicles respectively; meanwhile, in this paper, we aim at solving the impact caused by the occurrence of vehicle faults on themselves, but the propagation of faults is not considered in this paper, i.e., the cruise target vehicle j does not affect the state safety of the cruise vehicle $j+1$ in the event of faults, so a representative three-vehicle participation of the ACC system can be selected for the simulation and verification. The simulation parameters are given in

Table 1. Simulation parameters.

Param.	Value	Units	Param.	Value	Units
m	1650	kg	g	9.81	m/s${}^2$
$f_0$	0.1	N	$f_1$	5	Ns/m
$f_2$	0.25	Ns${}^2$/m	$d_p$	10	m
$d_2\left(0\right)$	100	m	$d_3\left(0\right)$	200	m
$v_1\left(t\right)$	14	m/s	$v_2\left(0\right)$	20	m/s
$v_3\left(0\right)$	15	m/s	$v_{2,d}$	24	m/s
$v_{3,d}$	30	m/s	$\epsilon$	5	Unitless
$a_l$	0.4	Unitless	$a_h$	0.4	Unitless

[2].

Combining (9) and (35), it may be useful to choose the failure rate of actuator partial failure faults for vehicle two and vehicle three as $\underline{\rho }=0.2, \overline{\rho }=0.8$. At this point, if no changes are made to the HOCBF constraints of the system, vehicle two will not always be safe, vehicle three will not always be safe, and at the same time, the control input optimal problem (46) for vehicle three will no longer be feasible within the tight control input bound (47). Specific simulation results are analyzed below:

Firstly, by combining Figure 1 and Figure 2, it can be obtained that when there exists a partial failure of the actuator and no change is made to the HOCBF constraints, according to (4) and Definition 6, $h_2\left(x\left(t\right)\right)⩾0,{\psi }_{2,1}\left(x\left(t\right)\right)⩾0$ and $h_3\left(x\left(t\right)\right)⩾0,{\psi }_{3,1}\left(x\left(t\right)\right)⩾0$ cannot always be satisfied, which means that an unsafe state of the system for both vehicle 2 and vehicle 3 will occur. Meanwhile, Figure 3 shows that in the case that $u_3\left(t\right)<u_{min}\left(t\right)$ occurs, it implies that the optimal control problem QP is not feasible for vehicle 3.

In order to address the impact of faults on the safety of the system, using the methods mentioned in the article, we use FHOCBF for cruising vehicle 2 and for cruising vehicle 3 and incorporate the feasibility constraint into the optimal control problem solving process. The specific analyses are as follows:

Firstly, by combining Figure 4 and Figure 5, it can be obtained that $h_2\left(x\left(t\right)\right)⩾0,{\psi }_{2,1}\left(x\left(t\right)\right)⩾0$ and $h_3\left(x\left(t\right)\right)⩾0,{\psi }_{3,1}\left(x\left(t\right)\right)⩾0$ can always be satisfied using the FHOCBF constraint when there is a partial failure of the actuator; according to Theorem 1, this implies that the system is always safe for vehicle 2 and vehicle 3. Meanwhile, Figure 6 shows that by considering the feasibility constraint in [22], $u_3\left(t\right)<u_{min}\left(t\right)$ occurs, which implies that the optimal control problem QP is still infeasible for vehicle 3 by using the method in [22]. In the case of considering the feasibility constraint by using our method, $u_{min}\left(t\right)⩽u_3\left(t\right)⩽u_{max}\left(t\right)$ is always satisfied, which means that the optimal control problem QP is always feasible for vehicle 3. From Figure 7, it can be seen that in the case of considering the feasibility constraint, the speed of vehicle 3 will be limited in accordance with (45).

6. Conclusions

In this paper, a fault-tolerant controller design methodology for a safety-critical system when FHOCBF is used as constraints is investigated. When the nonlinear affine system has actuator partial failure faults, the focus is on redesigning the HOCBF in the constraints, where FHOCBF defines the constraints on the control inputs that can be used in the optimal control problem to find the control inputs that keep the faulty system safe. In addition, the feasibility constraints constructed using the feasibility sufficiency condition ensure that the control inputs are always feasible for the solution of the optimal control problem while all the original constraints can be satisfied with strictly limited bounds. The combined use of the proposed methods effectively solves the problem that the system state cannot always be maintained within the safe set when the system has actuator partial failure faults. Finally, the effectiveness of the proposed method is verified via experimental simulation of the ACC system.