A fault tolerant architecture for supervisory control of discrete event systems

In this paper the problem of Fault Tolerant Control (FTC) in the framework of Discrete Event Systems (DES) modeled as automata is considered. The approach we follow is the so-called active approach in which the supervisor actively reacts to the detection of a malfunctioning component in order to eventually meet degraded control specifications. Starting from an appropriate model of the system, we recall the notion of safe diagnosability as a necessary step in order to achieve fault tolerant supervision of DES. We then introduce two new notions: (i) "safe controllability", which represents the capability, after the occurrence of a fault, of steering the system away from forbidden zones and (ii) "active fault tolerant system", which is the property of safely continuing operation after faults. We show how it is possible to define a general control architecture to deal with the FTC problem by introducing a special kind of automaton, called a "diagnosing-controller".