Fault-Accommodating Modelling of Sensors and Actuators

For the practical relevent case of systems that are available for control solely via sensors and actuators, we identify different fault-patterns that allow for the automated construction of the respective plant failure-behaviour.

We postulate that the impact of a fault is a changing in the sequence of nominal events. That is, the occurence of a fault changes the way in which some nominal events, which we call critical events Sigma_crit  Sigma_n, may occure in the plant-failure model. The concrete impact of a fault is in this context specified by so-called failure-patterns. In particular, for actuators we consider the failure-patterns

and for sensors, we have

respectively.

Given a nominal plant behaviour and some rules depending on the respective failure-pattern, we can construct the respective plant-failure behaviour.

FtcPermanentBreakdown

Construct plant-failure model for actuator failure-pattern "Permanent Breakdown"

Signature:

FtcPermanentBreakdown(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcPermanentBreakdown(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

If an actuator breaks down permanently the plant cannot generate successive events. The previous event sequence ends with the fault event instead of the respective critical event. After a fault F only continuations of the previous sequence that start with an alternative but non-critical event remain in the plant-failure model.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {ACT1}

Nominal plant

Fault Model Ld

Fault-Accommodating Plant Lf = LnLd

FtcPermanentOperation

Construct plant-failure model for failure-pattern "Permanent Operation"

Signature:

FtcPermanentOperation(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcPermanentOperation(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

If an actuator is permanently operational, the plant generates the respective critical event and, thereby, changes its state immediately.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {ACT1,ACT2}

Nominal plant

Fault Model Ld

Fault-Accommodating Plant Lf = LnLd

FtcRecurrentBreakdown

Construct plant-failure model for failure-pattern "Recurrent Breakdown"

Signature:

FtcRecurrentBreakdown(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcRecurrentBreakdown(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

If an actuator breaks down recurrently the plant may or may not generate successive events. We interpret this behaviour as an additionally eventuality property.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {ACT}

Nominal plant

Fault Model Ld

Fault-Accommodating Plant Lf = LnLd

FtcPermanentMute

Construct plant-failure model for failure-pattern "Permanent Mute"

Signature:

FtcPermanentMute(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcPermanentMute(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

If a sensor fails permanently to deliver information, the state of the system's is no longer exactly known. Technically we consider the respective critical event to turn unobservable and we compute the projection onto the remaining non-critical events.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {SNS1}

Nominal plant

Fault Model Ld

Fault-Accommodating Plant Lf = LnLd

FtcRecurrentMute

Construct plant-failure model for failure-pattern "Recurrent Mute"

Signature:

FtcRecurrentMute(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcRecurrentMute(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

If a sensors fails recurrently to deliver information, the system state may or may not be exactly known. Technically we add a transition with a relabelled event whenever a crucial event is allowed after a fault F has occurred. Next, we compute the projection onto the non-relabelled events.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {SNS1,SNS2}

Nominal Plant Ln
Fault Model Ld
Fault-Accommodating Plant Lf = LnLd

FtcRandomTrigger

Construct plant-failure model for failure-pattern "Random Trigger"

Signature:

FtcRandomTrigger(+In+ Generator gLn, +In+ Alphabet aCrit, +Out+ Generator gLd)

FtcRandomTrigger(+In+ Generator gLn, +In+ Alphabet aCrit, +In+ String sF, +Out+ Generator gLd)

Detailed description:

A sensor shows arbitrarily shows rising or falling edges. We respect this behaviour by inserting arbitrarily critical events in continuation of a fault-event F.

By default the fault-event is named "F". Additionally its name can be specified by the parameter sF.

Example:

Sigma_crit = {SNS}

Nominal Plant Ln
Fault Model Ld
Fault-Accommodating Plant Lf = LnLd

libFAUDES 2.32b --- 2024.03.01 --- with "synthesis-observer-observability-diagnosis-hiosys-iosystem-multitasking-coordinationcontrol-timed-simulator-iodevice-luabindings-hybrid-example-pybindings"