Automated control of dynamic processes, such as in manufacturing plants, generally involves use of a multiplicity of discrete-valued sensors and actuators. In conventional control systems, Boolean logic is normally used for controlling actuators as a function of the state of one or more sensors. The control logic can be encoded into a Relay Ladder Diagram in a Programmable Logic Controller (PLC). In a Boolean Logic Control (BLC) system, the PLC scans the state of the sensors, evaluates predetermined Boolean equations based on the sensor states, and drives the actuators accordingly. Boolean Logic Control, however, does not contain any process state information. As a result, there is no explicit information on the sequential behavior of the process or the timing between state transitions of sensors and actuators. Therefore, Boolean logic controllers cannot detect and diagnose incorrect operation of the sensors and actuators, which frequently malfunction due to transient errors and failures.
An example of a typical BLC system is illustrated by the following Boolean equation: EQU A.sub.1 =S.sub.1 .multidot.S.sub.2 .multidot.S.sub.3
where ".multidot." is the logical AND operator and A.sub.1 is an actuator whose state is a logical function of the states of sensor S.sub.1, S.sub.2, and S.sub.3. If S.sub.1 =1, S.sub.2 =0, and S.sub.3 =1, then the state of A.sub.1 is 0. If S.sub.2 incorrectly changes state from 0 to 1, then actuator A.sub.1 also changes state from 0 to 1 (erroneously). Because BLC does not contain an explicit model of the process, such erroneous state transitions are difficult to detect, and they propagate through the logic causing incorrect operation of the actuators. This problem can be serious in a decentralized or distributed control system that has a large number of processing nodes.
Control methods based on state-machine models of a factory are also known in the prior art. These methods include process and logic description by Sequential Functions Charts, State Diagrams, or Function Blocks. Although these methods are superior to Relay Ladder Logic with respect to fail-safe control and diagnosis, they are only able to detect certain hard failures. They cannot detect transient errors and erroneous events within a state, and diagnostic routines must be explicitly programmed. Because these control systems contain their own state machines, they may not contain sufficient information about the process state or its relationship to other state machines for effective monitoring and diagnosis of distributed control systems. Therefore, an efficient method of on-line monitoring, diagnosis, and fail-safe operation has been sought for decentralized factory control systems that require multiple discrete sensors and actuators.