Application of dynamic reconfiguration in the design of fault tolerant production systems

Fault tolerance is a very important feature for many control systems, particularly when it applies to failures of physical equipment. A fault-tolerant system continues to perform its function to the maximum of available capabilities despite individual device failures. We show how fault tolerance can be achieved in production systems with multiple identical devices using dynamic reconfiguration. Our method is based on the automated synchronization of independently designed components that makes them consistent with receptive safety properties. Automated synchronization allows us to design the components as independent controllers for individual devices and to integrate the system by combining the components and asserting their interaction constraints in the form of receptive safety properties. Receptive safety properties specify the interaction between the functional components and can become inactive when a failure of a referenced component occurs. Temporary deactivation of a safety rule removes the interaction constraints from the behaviour of the functioning components, allowing them to ignore those components that are in a failure state and to freely interact with other functional components. This design method is supported by the automated synchronization tool GenEx, which produces synchronized systems that satisfy specified sets of receptive safety properties