On the use of disaster prediction for failure-tolerance in feedback control systems

Feedback control algorithms are inherently designed to compensate for external disturbances that the controlled system may suffer. This resilience is also extensible to late or wrong control actions produced by a failed controller computer, providing a degree of fault tolerance without the use of any particular mechanism. However, some controller failures, due to their duration or value, may indeed collapse the system, and thus other recovery measures must be taken. This paper proposes the inclusion of an Oracle that calculates, in a timely manner, the controlled system behavior under a failed controller, and triggers recovery when the control algorithm is predictably no more able to compensate for a particular controller failure. The systems so built follow the Fail-Bounded model. The main contribution of this paper is to show how this model can be implemented in a practical way for the very important class of applications based on feedback control, thus turning that model into a technique that can be used effectively to build production systems. The method was validated experimentally through fault injection on the controller computer of an inverted pendulum, one of the most time-demanding control system benchmarks.