Skip to Main Content
This paper proposes an approach for providing tolerance against faults that may compromise the functionality of a given controller modeled by a Petri net. The method is based on embedding the given Petri net controller into a larger (redundant) Petri net controller that retains the original functionality and properties, and uses additional places, connections, and tokens to impose invariant conditions that allow the systematic detection and identification of faults via linear parity checks. In particular, this paper considers two types of redundant Petri net controllers: 1) nonseparate redundant Petri net controllers have the same functionality as the given Petri net controller and allow for fault detection and identification, but do not necessarily retain the given controller intact; and 2) separate redundant Petri net controllers are a special case of the nonseparate redundant controllers that retain the given Petri net controller intact but enhance it with additional places to enable fault detection and identification. The work in this paper obtains complete characterizations of both types of redundant controllers along with necessary and sufficient conditions for them to be bisimulation equivalent to the given original Petri net controller. In addition, this paper discusses how each type of redundant controllers can be designed to have desirable fault detection and identification capabilities. When the bisimulation equivalence requirement is not directly enforced, nonseparate redundant controllers can potentially have advantages over separate ones (e.g., they can use fewer connections to detect and identify the same number of faults). An example of a Petri net controller for a production cell and its fault tolerance capabilities using separate and nonseparate embeddings is used to illustrate the approach.