Fault-Tolerant Control

This extension addresses the synthesis of fault-tolerant control for discrete-event systems, as proposed in [FTC1] and [FTC2]. More specifically, [FTC1] provides a framework to systematically accommodate faults to extend the scope of plant models and specifications. This apporoach effectively converts the problem of fault-tolerant controller design to the well studied situation of supervision under partial observation. In compliance with this general framework, [FTC2] addresses the additional requirement of keeping the nominal controller in the loop and to achieve fault tolerance by a dedicated reconfiguration unit. This approach is known as fault-hiding by reconfiguration and has the benefit of advertising fault-tolerance as an add-on product.

The remainder of this section is organised as follows:

Relevant algorithms implemented by this libFAUDES extension have been developed in a collaborative research project conducted by Siemens AG, IIA ATS 4, and the Lehrstuhl für Regelungstechnik, Friedrich-Alexander Universität.

Copyright (C) 2013, Thomas Wittmann and Thomas Moor
Revision 24th March, 2014

Two Approaches to Fault Tolerance

Due to the occurrence of a fault the system behaviour changes and, thus, the nominal control strategy is no longer expected to be appropriate. In fault-tolerant control, we aim for controllers that ensure admissible closed-loop behaviour regardless of fault-induced changes in the plant behaviour. A common approach is to reconfigure the controller in order to adapt it in the presence of a fault, perhaps by using different control inputs and outputs or by applying a different control strategy. In contrast to continuous control systems, discrete-event controllers may have an appropriate reconfiguration mechanism built-in. We refer to this situation of implicit reconfiguration as fault-tolerance by fault accommodation [FTC1]. Despite the methodological elegance, relevant applications may require explicit reconfiguration by a dedicated device. In this regard, we have developped a variant of fault-tolerance by fault hiding known from continuous fault-tolerant control [FTC2].

A fault-accommodating model [FTC1] is defined as the union composition of the nominal plant behaviour and a behaviour representing the possible occurrence and the effect of the fault. For relevant situations of systems that are subject to control exclusively via sensors and actuators, automated construction procedures are provided. Since a fault-accommodating model technically is a discrete-event system, the synthesis of fault-tolerant controllers can be addressed with well known procedures from supervisory control theory. Specifying the fault as an un-observable event, the resulting supervisor does not depend on a dedicated diagnosis facility but adapts its behaviour to the fault once it can conclude that it occurred. Rather than to be concerned whether or not a fault could be detected to late to initiate the appropriate reconfiguration, the common synthesis procedure will either guarantee that the closed-loop bahaviour meets the specifications or indicate that the problem at hand has no solution.

nominal plant

Fault-hiding control reconfiguration [FTC2] aims at achieving admissible closed-loop behaviour in the presence of faults, while the nominal controller remains in the closed-loop system. A reconfigurator is placed between the nominal controller Hv and the faulty plant Lf. Its purpose is to convert the nominal controller's commands to meaningful control inputs for the faulty plant and, vice versa, to transcript the outputs of the faulty plant to put nominal plant behaviour across to the nominal controller. Thereby, the occurrence of a fault is hidden from the nominal controller. The resulting closed-loop system is shown below. This scheeme is of a particular interest when a nominal controller exists and has been tuned by experts to gain superior performance. Here, one can introduce fault-tolerance as an add-on product and give a strict guarantee that unless the fault occurs the reconfigurator will remain passive.

nominal plant


[FTC1] Th. Wittmann, J. H. Richter, T. Moor: Fault-Tolerant Control of Discrete Event Systems based on Fault-Accommodating Models, Safeprocess, 2012.

[FTC2] Th. Wittmann, J. H. Richter, T. Moor: Fault-Hiding Control Reconfiguration for a Class of Discrete Event Systems, Workshop on Dependable Control of Discrete Systems, 2013.

[FTC3] T.Moor et. al.: On the computation of supremal sublanguages relevant to supervisory control, Workshop on Discrete Event Systems (WODES), 2012.

[FTC4] Blanke et. al.: Diagnosis and Fault-Tolerant Control, Springer Verlag, 2006.

libFAUDES 2.28b --- 2019.12.01 --- with "synthesis-observer-diagnosis-iosystem-hiosys-multitasking-coordinationcontrol-timed-iodevice-simulator-luabindings"