Control and diagnosis of real-time systems under finite-precision measurement of time

A discrete event system (DES) is an event-driven system that evolves according to abrupt occurrences of discrete changes (events). The domain of such systems encompasses aspects of many man-made systems such as manufacturing systems, telephone networks, communication protocols, traffic systems, embedded software, asynchronous hardware, robotics, etc. Supervisory control theory for DESs studies the existence and synthesis of the supervisory controllers, namely, supervisors that restrict the system behaviors by dynamically disabling certain controllable events so that the controlled close-loop system could behave as desired. Extensive work on supervisory control of untimed DESs exists and the extension to the timed setting has been reported in the literature. In this dissertation, we study the supervisory control of dense-time DESs in which the digital-clocks of finite-precision are employed to observe the event occurrence times, thereby relaxing the assumption of the prior works that time can be measured precisely. In our setting, the passing of time is measured using the number of ticks generated by a digital-clock and we allow the plant events and digital-clock ticks to occur concurrently. We formalize the notion of a control policy that issues the control actions based on the observations of events and their occurrence times as measured using a digital-clock, and show that such a control policy can be equivalently represented as a digitalized -automaton, namely, an untimed-automaton that evolves over the events (of the plant) and ticks (of the digital-clock). We introduce the notion of observability with respect to the partial observations of time resulting from the use of a digital-clock, and show that this property together with controllability serves as a necessary and sufficient condition for the existence of a supervisor to enforce a real-time specification on a dense-time discrete event plant. The observability condition presented in the dissertation is very different from the one arising due to a partial observation of events since a partial observation of time is in general nondeterministic (the number of ticks generated in any time interval can vary from execution to execution of a digital-clock). We also present a method to verify the proposed observability and controllability conditions, and an algorithm to compute a supervisor when such conditions are satisfied. Furthermore we examine the lattice structure of a class of timing-mask observable languages, and show that the proposed observability is not preserved under intersection but preserved under union. Fault diagnosis for DESs is to detect the occurrence of a fault so as to enable any corrective actions. It is crucial in automatic control of large complex man-made systems and has attracted considerable attention in the literature of reliability engineering, control and computer science. For the event-driven systems with timing-requirements such as manufacturing systems, communication networks, real-time scheduling and traffic systems, fault diagnosis involves detecting the timing-faults, besides the sequence-faults. This requires monitoring timing and sequence of events, both of which may only be partially observed in practice. In this dissertation, we extend the prior works on fault diagnosis of timed DESs by allowing time to be partially observed using a digital-clock which measures the advancement of time with finite precision by the number of ticks. For the diagnosis purposes, the set of nonfaulty timed-traces is specified as another timed-automaton that is deterministic. We show that the set of timed-traces observed using a digital-clock with finite precision is regular, i.e., can be represented using a finite (untimed) automaton. We also show that the verification of diagnosability (the ability to detect the execution of a faulty timed-trace within a bounded time delay) as well as the off-line synthesis of a diagnoser are decidable by reducing these problems to the untimed setting. The reduction to the untimed setting also suggests an effective method for the off-line computation of a diagnoser as well as its on-line implementation for diagnosis. The aforementioned results are further extended to the nondeterministic setting, i.e., diagnosis of dense-time DESs using digital-clocks under nondeterministic event observation mask. We introduce the notion of lifting (associating each event with each of its nondeterministic observations), and show that diagnosis of dense-time DESs employing digital-clocks to observe event occurrence times under nondeterministic event observation mask can be reduced to that of the deterministic setting, i.e., diagnosis of the lifted dense-time DESs under the deterministic lifted event observation mask, and hence can be further reduced to diagnosis of the untimed setting

Fault-tolerant supervisory control of discrete-event systems

In this dissertation, I introduce my study on fault-tolerant supervisory control of discrete event systems. Given a plant, possessing both faulty and nonfaulty behavior, and a submodel for just the nonfaulty part, the goal of fault-tolerant supervisory control is to enforce a certain specifcation for the nonfaulty plant and another (perhaps more liberal) specifcation for the overall plant, and further to ensure that the plant recovers from any fault within a bounded delay so that following the recovery the system state is equivalent to a nonfaulty state (as if no fault ever happened). My research includes the formulation of the notations and the problem, existence conditions, synthesizing algorithms, and applications

Introducing the STAMP method in road tunnel safety assessment

After the tremendous accidents in European road tunnels over the past decade, many risk assessment methods have been proposed worldwide, most of them based on Quantitative Risk Assessment (QRA). Although QRAs are helpful to address physical aspects and facilities of tunnels, current approaches in the road tunnel field have limitations to model organizational aspects, software behavior and the adaptation of the tunnel system over time. This paper reviews the aforementioned limitations and highlights the need to enhance the safety assessment process of these critical infrastructures with a complementary approach that links the organizational factors to the operational and technical issues, analyze software behavior and models the dynamics of the tunnel system. To achieve this objective, this paper examines the scope for introducing a safety assessment method which is based on the systems thinking paradigm and draws upon the STAMP model. The method proposed is demonstrated through a case study of a tunnel ventilation system and the results show that it has the potential to identify scenarios that encompass both the technical system and the organizational structure. However, since the method does not provide quantitative estimations of risk, it is recommended to be used as a complementary approach to the traditional risk assessments rather than as an alternative. (C) 2012 Elsevier Ltd. All rights reserved

Observability and observer design for switched linear systems

Hybrid vehicles, HVAC systems in new/old buildings, power networks, and the like require safe, robust control that includes switching the mode of operation to meet environmental and performance objectives. Such switched systems consist of a set of continuous-time dynamical behaviors whose sequence of operational modes is driven by an underlying decision process. This thesis investigates feasibility conditions and a methodology for state and mode reconstruction given input-output measurements (not including mode sequence). An application herein considers insulation failures in permanent magnet synchronous machines (PMSMs) used in heavy hybrid vehicles. Leveraging the feasibility literature for switched linear time-invariant systems, this thesis introduces two additional feasibility results: 1) detecting switches from safe modes into failure modes and 2) state and mode estimation for switched linear time-varying systems. This thesis also addresses the robust observability problem of computing the smallest structured perturbations to system matrices that causes observer infeasibility (with respect to the Frobenius norm). This robustness framework is sufficiently general to solve related robustness problems including controllability, stabilizability, and detectability. Having established feasibility, real-time observer reconstruction of the state and mode sequence becomes possible. We propose the embedded moving horizon observer (EMHO), which re-poses the reconstruction as an optimization using an embedded state model which relaxes the range of the mode sequence estimates into a continuous space. Optimal state and mode estimates minimize an L2-norm between the measured output and estimated output of the associated embedded state model. Necessary conditions for observer convergence are developed. The EMHO is adapted to solve the surface PMSM fault detection problem

Fault Detection in Surface PMSM with Applications to Heavy Hybrid Vehicles

This report explores detecting inter-turn short circuit (ITSC) faults in surface permanent magnet synchronous machines (SPMSM). ITSC faults are caused by electrical insulation failures in the stator windings and can lead to shorts to ground and even fires. This report proposes methods for detecting these faults using a moving horizon observer (MHO) to reduce the chance of electrical shocks and fires. Specifically, this report constructs a MHO for ITSC fault detection in SPMSM. ITSC fault tolerant control is investigated for a 2004 Toyota Prius hybrid vehicle having a traction SPMSM. Once the supervisory-level powertrain power flow control becomes aware of the presence of a fault and its degree from the MHO, the control (i) reduces the maximum possible vehicle speed to ensure SPMSM thermal constraints are not violated and (ii) switches to a traction motor input-output power efficiency appropriate for the degree of fault. These steps are taken during a fault rather than shutting down the traction motor to provide a “limp home” capability. The traction motor cannot simply be turned off because its rotation is not independent of drive wheel rotation. The control is demonstrated by simulating the Prius over a 40 s drive velocity profile with faults levels of 0.5%, 1%, 2%, and 5% detected at the midpoint of the profile. For comparison, the Prius is also simulated without a traction motor fault. Results show that the control reduced vehicle velocity upon detection of a fault to appropriate safe values. Further, the challenges of ITSC fault tolerant control for heavy hybrid vehicles are examined. This work is partially supported by the Department of Energy, Award No. DE-EE0005568. The authors would like to acknowledge the support of Greg Shaver and the Hoosier Heavy Hybrid Center of Excellence. S. Johnson, R. DeCarlo, and S. Pekarek are with the Department of Electrical and Computer Engineering at Purdue University, 610 Purdue Mall, West Lafayette, IN 47907 (email: [email protected], [email protected], [email protected]). R. Meyer is with the Department of Mechanical and Aerospace Engineering at Western Michigan University, 1903 West Michigan Avenue, Kalamazoo, MI 49008 (email: [email protected])

Application of supervisory control theory to theme park vehicles

Due to increasing system complexity, time-to-market and development costs reduction, new engineering processes are required. Model-based engineering processes are suitable candidates because they support system development by enabling the use of various model-based analysis techniques and tools. As a result, they are able to cope with complexity and have the potential to reduce time-to-market and development costs. Moreover, supervisory control synthesis can be integrated in this setting, which can further contribute to the development of control systems. To evaluate the applicability of recently developed supervisor synthesis techniques and to show how they can be integrated in an engineering process, a theme park vehicle is chosen as a case study. The supervisor synthesized for the theme park vehicle has successfully been implemented and integrated in the existing resource-control platform

Supervisory Control System Architecture for Advanced Small Modular Reactors

This technical report was generated as a product of the Supervisory Control for Multi-Modular SMR Plants project within the Instrumentation, Control and Human-Machine Interface technology area under the Advanced Small Modular Reactor (SMR) Research and Development Program of the U.S. Department of Energy. The report documents the definition of strategies, functional elements, and the structural architecture of a supervisory control system for multi-modular advanced SMR (AdvSMR) plants. This research activity advances the state-of-the art by incorporating decision making into the supervisory control system architectural layers through the introduction of a tiered-plant system approach. The report provides a brief history of hierarchical functional architectures and the current state-of-the-art, describes a reference AdvSMR to show the dependencies between systems, presents a hierarchical structure for supervisory control, indicates the importance of understanding trip setpoints, applies a new theoretic approach for comparing architectures, identifies cyber security controls that should be addressed early in system design, and describes ongoing work to develop system requirements and hardware/software configurations