In this paper the problem of Fault Tolerant Control (FTC) in the framework of Discrete Event Systems (DES) modeled as automata is considered. The approach we follow is the so-called active approach in which the supervisor actively reacts to the detection of a malfunctioning component in order to eventually meet degraded control specifications. Starting from an appropriate model of the system, we recall the notion of safe diagnosability as a necessary step in order to achieve fault tolerant supervision of DES. We then introduce two new notions: (i) "safe controllability", which represents the capability, after the occurrence of a fault, of steering the system away from forbidden zones and (ii) "active fault tolerant system", which is the property of safely continuing operation after faults. We show how it is possible to define a general control architecture to deal with the FTC problem by introducing a special kind of automaton, called a "diagnosing-controller".
A fault tolerant architecture for supervisory control of discrete event systems / A. Paoli; M. Sartini; S. Lafortune. - ELETTRONICO. - (2008), pp. 6542-6547. (Intervento presentato al convegno 17th IFAC World Congress 2008 tenutosi a Seoul, Corea del Sud nel 17th IFAC World Congress 2008).
A fault tolerant architecture for supervisory control of discrete event systems
PAOLI, ANDREA;SARTINI, MATTEO;
2008
Abstract
In this paper the problem of Fault Tolerant Control (FTC) in the framework of Discrete Event Systems (DES) modeled as automata is considered. The approach we follow is the so-called active approach in which the supervisor actively reacts to the detection of a malfunctioning component in order to eventually meet degraded control specifications. Starting from an appropriate model of the system, we recall the notion of safe diagnosability as a necessary step in order to achieve fault tolerant supervision of DES. We then introduce two new notions: (i) "safe controllability", which represents the capability, after the occurrence of a fault, of steering the system away from forbidden zones and (ii) "active fault tolerant system", which is the property of safely continuing operation after faults. We show how it is possible to define a general control architecture to deal with the FTC problem by introducing a special kind of automaton, called a "diagnosing-controller".I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
