Control reconfiguration in the presence of software failures

In this paper, we discuss a special approach for software fault tolerance in control applications. A full-function, high-performance, but complex control system is complemented by an error-free implementation of a highly reliable control system of lower functionality. When the correctness of the high-performance controller is in doubt, the reliable control system takes over the execution of the task. An innovative feature of the approach is the disparity between the two control systems, which is used to exploit the relative advantages of the simple/reliable vs. complex/high-performance systems. Another innovative feature is the fault detection mechanism, which is based on measures of performance and of safety of the control system. The example of a ball and beam system is used to illustrate the concepts, and experimental results obtained on a laboratory set-up are presented.<<ETX>>