Weakly Fault-Tolerant Supervisory Control of Discrete Event Systems

A framework for fault-tolerant supervisory control of discrete-event systems was introduced in (Q. Wen et al., 2007). Given a plant, possessing both faulty and nonfaulty behavior, and a submodel for just the nonfaulty part, the goal of fault-tolerant supervisory control is to enforce a certain specification for the nonfaulty plant and another (perhaps more liberal) specification for the overall plant, and further to ensure that the plant recovers from any fault within a bounded delay so that following the recovery the system state is equivalent to a nonfaulty state (as if no fault ever happened). In certain applications a weaker notion of fault-tolerance may suffice: Following any fault the system is guaranteed to reach a "recovery" state from where the subsequent behaviors are subsumed by those that are possible from a nonfaulty state. Thus following the recovery, the system satisfies those properties that are also satisfied by the behaviors starting from some nonfaulty state. We formulate this weaker notion of fault-tolerance and present a necessary and sufficient condition (involving the notion of language-stability) for the existence of a weakly fault-tolerant supervisor. An example of a power system is provided to illustrate the framework. We also introduce and analyze the notion of nonuniformly-bounded fault-tolerance and its weak version.