A study of failure models in feedback control systems

Feedback control systems have a peculiar behavior that allows them to compensate for disturbances in the controlled application. This paper investigates whether this resilience also extends to disturbances originating from faults in the controller itself. The question of what kind of failure model is more effective in this type of system is addressed, with three different models being studied: arbitrary failure, fail-silent, and fail-bounded. The study is conducted essentially by experimental fault injection in the controller of one of the best known and most demanding of the benchmarks used in the control systems area: an inverted pendulum. The considered failure models are compared according to criteria based on the quality of the control action. Other insights gained from the experiments made are described, for instance on how to significantly increase dependability at a very low cost in the feedback controllers, and on the need for a different kind of real-time scheduling algorithm.

[1]  Henrique Madeira,et al.  Experimental evaluation of the fail-silent behaviour in programs with consistency checks , 1996, Proceedings of Annual Symposium on Fault Tolerant Computing.

[2]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[3]  Ram Chillarege,et al.  Understanding large system failures-a fault injection experiment , 1989, [1989] The Nineteenth International Symposium on Fault-Tolerant Computing. Digest of Papers.

[4]  Algirdas Avižienis,et al.  Building dependable systems: how to keep up with complexity , 1995 .

[5]  Lui Sha Dependable system upgrade , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[6]  Hermann Kopetz,et al.  Dependability: Basic Concepts and Terminology , 1992 .

[7]  D. Powell,et al.  The Delta-4 Approach to Dependability in Open Distributed Computing Systems , 1995, Twenty-Fifth International Symposium on Fault-Tolerant Computing, 1995, ' Highlights from Twenty-Five Years'..

[8]  Henrique Madeira,et al.  Xception: Software Fault Injection and Monitoring in Processor Functional Units1 , 1995 .

[9]  Martin Hiller,et al.  Executable assertions for detecting data errors in embedded control systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[10]  Jerome H. Saltzer,et al.  End-to-end arguments in system design , 1984, TOCS.

[11]  Mário Zenha Rela,et al.  Can Software Implemented Fault-Injection Be Used on Real-Time Systems? , 1999, EDCC.

[12]  Henrique Madeira,et al.  Practical issues in the use of ABFT and a new failure model , 1998, Digest of Papers. Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing (Cat. No.98CB36224).