Andrea Paoli

Implicit fault-tolerant control: application to induction motors

In this paper we propose an innovative way of dealing with the design of fault-tolerant control systems. We show how the nonlinear output regulation theory can be successfully adopted in order to design a regulator able to offset the effect of all possible faults which can occur and, in doing so, also to detect and isolate the occurred fault. The regulator is designed by embedding the (possible nonlinear) internal model of the fault. This idea is applied to the design of a fault-tolerant controller for induction motors in presence of both rotor and stator mechanical faults.

Fault-tolerant control of the ship propulsion system benchmark☆

The application of a new fault-tolerant control methodology to the benchmark proposed in Zamanabadi and Blanke (Control Engineering Practice 7(2) (1999)) is considered. The benchmark regards the model of a propulsion system for a marine vehicle developed by the Control Engineering Department of Aalborg University. After a brief description of the system, a fault analysis is carried out leading to a set of possible faults and remedial actions. Then the fault detection and identification method, and the reconfiguration algorithm are described. Simulations on the model illustrate the performance of the fault tolerant system for some selected fault scenarios.

A fault tolerant architecture for supervisory control of discrete event systems

Abstract In this paper the problem of Fault Tolerant Control (FTC) in the framework of Discrete Event Systems (DES) modeled as automata is considered. The approach we follow is the so-called active approach in which the supervisor actively reacts to the detection of a malfunctioning component in order to eventually meet degraded control specifications. Starting from an appropriate model of the system, we recall the notion of safe diagnosability as a necessary step in order to achieve fault tolerant supervision of DES. We then introduce two new notions: (i) “safe controllability”, which represents the capability, after the occurrence of a fault, of steering the system away from forbidden zones and (ii) “active fault tolerant system”, which is the property of safely continuing operation after faults. We show how it is possible to define a general control architecture to deal with the FTC problem by introducing a special kind of automaton, called a “diagnosing-controller”.

Diagnosability Analysis of a Class of Hierarchical State Machines

This paper addresses the problem of fault detection and isolation for a particular class of discrete event dynamical systems called hierarchical finite state machines (HFSMs). A new version of the property of diagnosability for discrete event systems tailored to HFSMs is introduced. This notion, called L1-diagnosability, captures the possibility of detecting an unobservable fault event using only high level observations of the behavior of an HFSM. Algorithms for testing L1-diagnosability are presented. In addition, new methodologies are presented for studying the diagnosability properties of HFSMs that are not L1-diagnosable. These methodologies avoid the complete expansion of an HFSM into its corresponding flat automaton by focusing the expansion on problematic indeterminate cycles only in the associated extended diagnoser.

Safe diagnosability of discrete event systems

The problem of safe failure diagnosis in discrete event systems is addressed. Starting from the standard definition of diagnosability of discrete event systems, which deals with the problem of detecting the occurrence of an unobservable event using the available observations on the system, the problem of performing the detection before the system executes a forbidden string is introduced. For example, this constraint could be required to prevent local faults from developing into failures that could cause safety hazards. This idea results in a new language property for discrete event systems called safe diagnosability. Necessary and sufficient conditions to test this language property are presented. Moreover, the problem of explicitly taking into account safe diagnosability as a requirement in system design is discussed.

Hierarchical control architectures in industrial automation: a design approach based on the generalized actuator concept

Abstract In this paper an effective design approach to the design of hierarchical control architectures for the automation industrial plants is presented. The main characteristic of the solution is the clear and structural separation between “policies” and “actions” deriving from the use of a novel abstract entity in modelling automation plants: the Generalized Actuator. Particular attention is paid to illustrate how to define generalized actuators starting from a “bare plant”. The potentialities of this method are emphasized by means of a case study.

A new protocol for the decentralized diagnosis of labeled Petri nets

Abstract In this paper we deal with the problem of failure diagnosis of discrete event systems with decentralized information. The decentralized architecture that we use is composed by a set of sites communicating their diagnosis information with a coordinator that is responsible of detecting the occurrence of failures in the system. In particular, first we present a protocol that defines the communication rules between the sites and the coordinator. Secondly, we prove that this protocol does not produce false alarms. Moreover, we give sufficient conditions for diagnosability based on the notion of failure ambiguous strings. Finally, we compare the protocol here presented with two other protocols that we presented in a previous work.

Decentralized opacity of discrete event systems

In this paper, we investigate opacity of discrete event systems in a decentralized framework with several agents, each of them performing its observation of the system. We consider two cases, one without coordination among agents and one with coordination. Both cases are useful because many systems used today are distributed over a network, some with agents coordinating among themselves and some without. We introduce general definitions of decentralized opacity for both cases. The definitions are based on languages. Therefore, they are flexible and can include other properties of discrete event systems as special cases. In particular, we show that co-observability used in supervisory control is a special case of decentralized opacity. We illustrate the usefulness of decentralized opacity by applying it in solving an interesting security problem in computer systems.

Decentralized diagnosis of Petri nets

In this paper we deal with the problem of failure diagnosis of discrete event systems with decentralized information. The decentralized architecture that we use is composed by a set of sites communicating their diagnosis information with a coordinator that is responsible of detecting the occurrence of failures in the system. In particular, we define two protocols that differ for the amount of information exchanged between the local sites and the coordinator, and the rules adopted by the coordinator to compute the global diagnosis states.

Decentralized Diagnosability Analysis of Discrete Event Systems using Petri Nets

Abstract In this paper we present a procedure to analyze the diagnosability of a Petri net system in a decentralized framework. We recall the definition of failure ambiguous strings, i.e., strings that can be both faulty or not in the decentralized case, while can be distinguished in a centralized framework. We first prove that the absence of such kind of strings guarantees that the system is diagnosable in a decentralized framework. Then, we give an efficient procedure to verify the absence of such kind of strings for both bounded and unbounded Petri net systems.