查看文章

Dynamic reconfiguration is a core contributor to the flexibility and agility of future industrial control systems. Verification and validation can provide some confidence in the success of a reconfiguration, yet unexpected external events or bugs can always lead to the abortion of the reconfiguration process. This can threaten the real-time behavior and must be anticipated. In this paper, we extend existing real-time models of dynamic reconfiguration to incorporate safe rollback scenarios that allow a disruption-free reversal of the reconfiguration process, thus providing fault-tolerance. We introduce the concept of a point of no return, after which a rollback is no longer feasible. We demonstrate in two example systems how the ordering of operations can affect the length of the rollback sequence and optimize the ordering of operations in two stages to find a sequence that offers a maximal fault-tolerance, while minimizing the …