FAULT-TOLERANT SUPERVISORY CONTROL OF DISCRETE EVENT SYSTEMS: FORMULATION AND EXISTENCE RESULTS

We introduce a framework for fault-tolerant supervisory control of discrete-event systems. Given a plant, possessing both faulty and nonfaulty behavior, and a submodel for just the nonfaulty part, the goal of fault-tolerant supervisory control is to enforce a certain specification for the nonfaulty plant and another (perhaps more liberal) specification for the overall plant, and further to ensure that the plant recovers from any fault within a bounded delay so that following the recovery the system state is equivalent to a nonfaulty state (as if no fault ever happened). We formulate this notion of fault-tolerant supervisory control and provide a necessary and sufficient condition for the existence of such a supervisor, which involves the notion of stability (besides controllability and observability). An example of a power system is provided to illustrate the framework.