vanbeek:thesis
Differences
This shows you the differences between two versions of the page.
| — |
vanbeek:thesis [Wednesday, 19 March 2008 : 15:56:32] (current) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ===== Exception Handling in Control Systems ===== | ||
| + | //D.A. van Beek// | ||
| + | |||
| + | This thesis deals with the required concepts and | ||
| + | mechanisms for exception handling in control systems. | ||
| + | |||
| + | There is much confusion in the literature about | ||
| + | the meaning of exceptions and the relationship of exceptions and | ||
| + | errors. In this thesis, the most important terms relating to | ||
| + | errors and exceptions are accurately defined, while retaining a | ||
| + | high level of compatibility with the way these terms are used in | ||
| + | the literature. | ||
| + | |||
| + | A treatment is presented of the most important | ||
| + | concepts relating to the three stages of error handling: error | ||
| + | detection, error diagnosis and confinement, and error recovery | ||
| + | and fault repair. Only forward error recovery is covered in this | ||
| + | thesis. | ||
| + | |||
| + | Several satisfactory and more or less similar | ||
| + | exception handling mechanisms exist for the handling of internal | ||
| + | exceptions. These mechanisms and a traditional mechanism are | ||
| + | briefly evaluated. The resume response from an exception handler | ||
| + | is rejected as being undesirable in both single and multi-process | ||
| + | environments. | ||
| + | |||
| + | A literature search has yielded several proposals | ||
| + | and existing mechanisms for exception handling in controlling | ||
| + | systems or, more generally, in a multi-process environment. No | ||
| + | publications, however, have been found which describe the essence | ||
| + | of the required functionality of such mechanisms. Therefore, | ||
| + | 'constraint of an operation' and 'constraint violation' have been | ||
| + | introduced as new concepts. The constraint of an operation is | ||
| + | that part of its precondition which is invariant over the | ||
| + | operation: it has to be valid throughout the execution of the | ||
| + | operation. A violation of an operation's constraint causes an | ||
| + | exception occurrence in the process executing the operation and | ||
| + | should result in the raising of an exception. | ||
| + | |||
| + | The concepts constraint and constraint violation | ||
| + | have been used to describe the required functionality of | ||
| + | mechanisms for the handling of exceptions in controlling systems. | ||
| + | Several existing and proposed mechanisms have been evaluated | ||
| + | using this functionality. The mechanisms have been evaluated as | ||
| + | either offering a functionality which is too restricted for | ||
| + | controlling systems, as offering an incorrect or undesirable | ||
| + | functionality, or as inadequate in other ways. | ||
| + | |||
| + | A new mechanism for the handling of constraint | ||
| + | violations has been introduced. The mechanism has been realized | ||
| + | by means of constraint monitors which are used to specify and | ||
| + | monitor constraints of operations independently of other | ||
| + | operations, which is an important requirement for the creation of | ||
| + | modular subprograms. A constraint monitor bound to a single | ||
| + | operation can also be used to specify a constraint which is | ||
| + | common to several operations. | ||
| + | |||
| + | A constraint monitor is bound to an operation, | ||
| + | and consists of a constraint and an exception. The violation of | ||
| + | the constraint which is monitored by a constraint monitor results | ||
| + | in the creation of a pending exception. The exception is not | ||
| + | immediately raised, since this can result in time-dependent | ||
| + | run-time errors due to violations of the internal invariants of a | ||
| + | process. Pending exceptions are raised at interaction points, | ||
| + | which are natural places for internal invariants to hold, but | ||
| + | they are not raised in exception handlers. | ||
| + | |||
| + | Several constraints can be violated at the same | ||
| + | time by concurrently executing processes. This can result in more | ||
| + | than one pending exception in a process. Some criteria for the | ||
| + | selection of a pending exception have been evaluated. The pending | ||
| + | exception that should be selected is the one belonging to the | ||
| + | constraint monitor which was enabled first, and thus at the | ||
| + | outermost level. The other pending exceptions can be discarded. | ||
| + | |||
| + | The only systems considered are systems that can | ||
| + | be modeled as discrete event systems. | ||
| + | |||
| + | The new mechanism is independent of a particular | ||
| + | programming language. The functionality of the mechanism | ||
| + | therefore deals with the common requirements of languages for the | ||
| + | control of industrial systems. Language-specific elements are not | ||
| + | treated. | ||
| + | |||
| + | Constraint monitors have been successfully | ||
| + | implemented in Process Calculus, which is a language for the | ||
| + | specification, simulation and control of industrial systems. The | ||
| + | simplicity and power of the new mechanism is illustrated with a | ||
| + | case concerning the control of a transport system. | ||
| + | |||
| + | //PhD thesis//, Eindhoven University of Technology, The Netherlands, 1993. | ||
| + | |||
| + | {{thesis.pdf|pdf}} | ||
vanbeek/thesis.txt · Last modified: Wednesday, 19 March 2008 : 15:56:32 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
