A new mechanism for exception handling in concurrent control systems.

The most difficult aspect of concurrent discrete-event control is the handling of errors. Most present day languages for concurrent control system specification do not provide adequate mechanisms for exception handling, which is a major limitation on their effectiveness. In this paper, a new mechanism for exception handling in concurrently executing discrete-event control processes is treated, which simplifies the complex task of robust control system specification. The mechanism is based on constraint monitors, and can be used in conjunction with known mechanisms for exception handling in sequential programs. Constraints and constraint monitors are new concepts which are essential for dealing with exceptions in control systems. The constraints of a statement are conditions which must be valid throughout the execution of the statement. Constraint monitors are used to specify the constraints of a statement in a structured way, leading to programs in which the code for normal operation is separated from the code for exception handling. During the execution of the statement, the specified constraints are monitored at all encountered interaction points. If a constraint violation is detected, an exception is raised. In this way, the invariants of a process remain valid, finalization obligations of statements are executed, deadlock in the case of exception occurrences is prevented, and exceptions are not raised in processes in which no constraints have been violated. Constraint monitors are explained using a CSP-like language to which exception handling constructs have been added. The constructs have been chosen in such a way, that the resulting syntax and semantics are simple and especially suitable for the specification of robust control systems. The mechanism is finally illustrated by an example of the specification of a control system.