Stability of digital control systems implemented in error-recoverable computers

Safety-critical, real-time applications make use of fault-tolerant digital control systems to achieve their performance goals. Even though these digital control systems are fault-tolerant, they are susceptible to errors induced by common-mode faults, since these errors cannot be masked by standard redundancy provisions. Such errors can be handled by special error correction mechanisms, which could require stopping the control law computations while the errors are removed. Thus, the effect of these special error recovery mechanisms on digital control systems needs to be understood. This paper presents a comprehensive study of the effect of three error recovery mechanisms-rollback, reset and cold restart-on the stability of digital closed-loop control systems. The effect of the faults, detected and handled by these error recovery mechanisms, on the digital control system is modelled by a set of interference maps. It is assumed that the arrival and departure of common-mode faults can be represented by a Markov process. The overall system behaviour is then described by a Markov jump linear model, whose stability is explored using standard techniques from the literature. The result of this analysis is a new metric, the minimum average interarrival spacing (MAIS), which is useful for comparing the performance of different error recovery mechanisms and for designing new fault-tolerant controllers. The theoretical results are illustrated via Monte Carlo simulations that show the effects of common-mode faults on the closed-loop stability of the longitudinal dynamics of an AFTI/F-16 aircraft.