User Tools

Site Tools


vanbeek:thesis

Exception Handling in Control Systems

D.A. van Beek

This thesis deals with the required concepts and mechanisms for exception handling in control systems.

There is much confusion in the literature about the meaning of exceptions and the relationship of exceptions and errors. In this thesis, the most important terms relating to errors and exceptions are accurately defined, while retaining a high level of compatibility with the way these terms are used in the literature.

A treatment is presented of the most important concepts relating to the three stages of error handling: error detection, error diagnosis and confinement, and error recovery and fault repair. Only forward error recovery is covered in this thesis.

Several satisfactory and more or less similar exception handling mechanisms exist for the handling of internal exceptions. These mechanisms and a traditional mechanism are briefly evaluated. The resume response from an exception handler is rejected as being undesirable in both single and multi-process environments.

A literature search has yielded several proposals and existing mechanisms for exception handling in controlling systems or, more generally, in a multi-process environment. No publications, however, have been found which describe the essence of the required functionality of such mechanisms. Therefore, 'constraint of an operation' and 'constraint violation' have been introduced as new concepts. The constraint of an operation is that part of its precondition which is invariant over the operation: it has to be valid throughout the execution of the operation. A violation of an operation's constraint causes an exception occurrence in the process executing the operation and should result in the raising of an exception.

The concepts constraint and constraint violation have been used to describe the required functionality of mechanisms for the handling of exceptions in controlling systems. Several existing and proposed mechanisms have been evaluated using this functionality. The mechanisms have been evaluated as either offering a functionality which is too restricted for controlling systems, as offering an incorrect or undesirable functionality, or as inadequate in other ways.

A new mechanism for the handling of constraint violations has been introduced. The mechanism has been realized by means of constraint monitors which are used to specify and monitor constraints of operations independently of other operations, which is an important requirement for the creation of modular subprograms. A constraint monitor bound to a single operation can also be used to specify a constraint which is common to several operations.

A constraint monitor is bound to an operation, and consists of a constraint and an exception. The violation of the constraint which is monitored by a constraint monitor results in the creation of a pending exception. The exception is not immediately raised, since this can result in time-dependent run-time errors due to violations of the internal invariants of a process. Pending exceptions are raised at interaction points, which are natural places for internal invariants to hold, but they are not raised in exception handlers.

Several constraints can be violated at the same time by concurrently executing processes. This can result in more than one pending exception in a process. Some criteria for the selection of a pending exception have been evaluated. The pending exception that should be selected is the one belonging to the constraint monitor which was enabled first, and thus at the outermost level. The other pending exceptions can be discarded.

The only systems considered are systems that can be modeled as discrete event systems.

The new mechanism is independent of a particular programming language. The functionality of the mechanism therefore deals with the common requirements of languages for the control of industrial systems. Language-specific elements are not treated.

Constraint monitors have been successfully implemented in Process Calculus, which is a language for the specification, simulation and control of industrial systems. The simplicity and power of the new mechanism is illustrated with a case concerning the control of a transport system.

PhD thesis, Eindhoven University of Technology, The Netherlands, 1993.

pdf

vanbeek/thesis.txt · Last modified: Wednesday, 19 March 2008 : 15:56:32 (external edit)