Coordination and Control of Distributed Discrete Event Systems under Actuator and Sensor Faults

We investigate the coordination and control problems of distributed discrete event systems that are composed of multiple subsystems subject to potential actuator and/or sensor faults. We model actuator faults as local controllability loss of certain actuator events and sensor faults as observability failure of certain sensor readings, respectively. Starting from automata-theoretic models that characterize behaviors of the subsystems in the presence of faulty actuators and/or sensors, we establish necessary and sufficient conditions for the existence of actuator and sensor fault tolerant supervisors, respectively, and synthesize appropriate local post-fault supervisors to prevent the post-fault subsystems from jeopardizing local safety requirements. Furthermore, we apply an assume-guarantee coordination scheme to the controlled subsystems for both the nominal and faulty subsystems so as to achieve the desired specifications of the system. A multi-robot coordination example is used to illustrate the proposed coordination and control architecture.

💡 Research Summary

This paper addresses the coordination and control of distributed discrete‑event systems (DES) composed of multiple interacting subsystems that may suffer permanent actuator or sensor faults. Actuator faults are modeled as a loss of local controllability for specific actuator events, while sensor faults are modeled as a permanent loss of observability for particular sensor readings. Starting from deterministic finite‑automaton representations of each subsystem, the authors first derive necessary and sufficient conditions for the existence of fault‑tolerant supervisors that can enforce local safety specifications despite these faults.

For actuator faults, the paper introduces an “extended controllability” condition that accounts for events that become uncontrollable after a fault. If the condition holds, a post‑fault supervisor can be synthesized by either reconfiguring the nominal supervisor or constructing a new one that respects the reduced controllable set. For sensor faults, the authors redefine observability to incorporate the loss of certain observable events and propose a safe‑diagnosis mechanism that identifies faulty sensors online. Using the supremal controllable and observable sublanguage, a sensor‑fault‑tolerant supervisor is generated that guarantees the local safety language.

The work further considers the occurrence of multiple faults, possibly in different subsystems, by introducing a “switching DES” model. Each fault mode corresponds to a distinct automaton; when a new fault occurs, the system switches to the appropriate mode and the corresponding post‑fault supervisor is activated. This modular approach enables step‑wise safety preservation even as faults accumulate.

To achieve the global specification after faults, the authors adopt an assume‑guarantee compositional verification framework. Each subsystem, equipped with its post‑fault supervisor, declares a guarantee (the behaviors it will provide) and an assumption (the behaviors it expects from the rest of the system). By iteratively refining local supervisors to satisfy these contracts, the parallel composition of all subsystems is shown to meet the overall specification without incurring the state‑space explosion typical of monolithic synthesis.

A multi‑robot coordination scenario illustrates the methodology. Four robots cooperate to transport an object; during execution, one robot’s motion actuator fails and another robot’s distance sensor fails simultaneously. The synthesized post‑fault supervisors keep each robot within its local safety envelope (collision avoidance, path constraints) and, through assume‑guarantee coordination, the team still reaches the target location, thereby satisfying the global mission.

The paper’s contributions are threefold: (1) a formal modeling of actuator and sensor faults as controllability and observability losses within the DES framework; (2) rigorous necessary and sufficient conditions for local fault‑tolerant supervisor synthesis under both single and multiple fault scenarios; (3) a compositional assume‑guarantee coordination scheme that guarantees the global specification after faults. Compared with prior work that largely focuses on centralized or single‑plant fault tolerance, this study provides a comprehensive, scalable solution for distributed DES with permanent actuator and sensor faults, opening avenues for future research on fault recovery, probabilistic fault models, and large‑scale distributed synthesis.