摘要:In this paper the theory of supervisory control of discrete-event systems is used to develop command sequences for turning on and off a spacecraft propulsion subsystem. The subsystem considered is a simplified version of the Propulsion Module Subsystem of the Cassini spacecraft. The supervisor controls the system in such a way that the design specifications are satisfied in both normal and faulty modes of operation. The study shows that to meet the specifications of both modes, the supervisor has to be a “robust” supervisor, and that a conventional (non-robust) supervisor could lead to engine getting stuck in shutdown state.
关键词:Supervisory controlSpacecraft propulsionFault recoveryDiscrete-event systemsRobust control
