SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

arXiv:1401.6396v1 [math.OC] 24 Jan 2014

MAJID ZAMANI1 , MANUEL MAZO JR2 , AND ALESSANDRO ABATE3

Abstract. Networked control systems (NCS) are spatially-distributed systems in which communication between sensors, controllers, and actuators is supported by a shared communication network that is subject to variable communication delays, quantization errors, packet losses, limited bandwidth, and other practical non-idealities. This work investigates the problem of constructively deriving symbolic models of NCS by simultaneously considering the mentioned network non-idealities. One can employ the obtained abstracted models to synthesize symbolic controllers enforcing rich specifications over NCS. Examples of such specifications include properties expressed as formulae in linear temporal logic (LTL) or as automata on infinite strings.

1. Introduction Networked control systems (NCS) are spatially distributed systems in which sensors, controllers, and actuators communicate through shared communication channels. The analysis and synthesis of NCS have received significant attention in the last few years because they offer many advantages such as increasing architecture flexibility and reduced installation and maintenance costs. However, non-idealities of the network introduce new challenges for the analysis of the behavior of the plant (such as its stability) and the synthesis of control schemes. One can categorize the non-idealities of the network into: (i) quantization errors, (ii) packet dropouts, (iii) time-varying sampling/transmission intervals, (iv) time-varying communication delays, and (v) communication constraints (scheduling protocols). Recently, there have been many studies focused mostly on the stability properties of NCS: in [7] (iii)-(v) are simultaneously considered; in [11] (i), (ii), and (iv) are taken into account; [1] studies (ii) and (v); [5] focuses on (ii) and (iii); in [10, 22] (ii)-(iv) are considered; and in [18] (i), (iii), and (v). Despite all the progress on stability analysis of NCS, as reported in [7, 11, 1, 5, 10, 22, 18], there are no notable results in the literature dealing with more complex objectives, such as verification or (controller) synthesis for logical specifications. Examples of those specifications include linear temporal logic (LTL) formulae, or automata on infinite strings, which are not amenable to be dealt with existing approaches for NCS. A promising direction to investigate these complex properties is the use of symbolic models [21]. Symbolic models are abstract descriptions of the original dynamics, where each abstract state (or symbol) corresponds to an aggregate of states in the concrete system. When a finite symbolic model is obtained and is formally put in relationship with the original system, one can leverage algorithmic machinery for controller synthesis of symbolic systems [16] to automatically synthesize hybrid controllers for the original model [21]. To the best of our knowledge, the only results available in the literature on the construction of symbolic models for NCS are the ones in [9, 8]. The work in [9, 8] considers the network non-idealities (i), (ii), and (iv) simultaneously. However, the results in [9, 8] exhibit several possible shortcomings: they are limited to grid-based symbolic models, which severely suffer from the curse of dimensionality; they only consider static symbolic controllers (i.e. memoryless) whereas for general temporal logic specifications the symbolic controllers are often dynamic (i.e. with memory) [6]; the possibility of out-of-order packet arrivals is not considered; only specifications expressed in terms of some types of nondeterministic automata can be addressed; and, furthermore, the given specification needs to be reformulated in an extended state-space, in order to construct a more complex specification that is applicable to the obtained symbolic model. 1

2

M. ZAMANI, M. MAZO JR, AND A. ABATE

In this paper, we provide a construction of symbolic models for NCS using available symbolic models obtained exclusively for the plant. One can thus use existing results to provide symbolic models for the plant, such as the grid-based approaches in [14, 23] or formula-guided (non-grid-based) approaches [21] and construct the symbolic models for the NCS from those. As long as there exists some type of symbolic abstraction of the plant, one can always use the results provided in this paper to construct symbolic models for the NCS. We explicitly consider the network non-idealities (i), (ii), and (iv) simultaneously. Furthermore, relying on symbolic abstractions, one can easily incorporate scheduling constraints (v) as well. We also consider explicitly possible out-of-order packet arrivals and message rejection, i.e. the effect of older data being neglected because more recent data is available. Our work is not limited to problems where the controller needs to be static. As a result, we enable the study of larger classes of logic specifications such as those expressed as general LTL formulae or as automata on infinite strings, without requiring any additional reformulation. 2. Control Systems & (In)Stability Notions 2.1. Notation. The identity map on a set A is denoted by 1A . The symbols N, N0 , Z, R, R+ , and R+ 0 denote the set of natural, nonnegative integer, integer, real, positive, and nonnegative real numbers, respectively. Given a set A, define An+1 = A × An for any n ∈ N. Given a vector x ∈ Rn , we denote by xi the i–th element of x, and by kxk the infinity norm of x, namely, kxk = max{|x1 |, |x2 |, ..., |xn |}, where |xi | denotes the absolute value of xi . Given an interval [a, b] ⊆ R with a ≤ b, we denote by [a; b] the set [a, b] ∩ N. We denote by [Rn ]η = {a ∈ Rn | ai = ki η, ki ∈ Z, i = 1, . . . , n}. n Given a measurable function f : R+ 0 → R , the (essential) supremum of f is denoted by kf k∞ ; we recall that + kf k∞ := (ess)sup{kf (t)k, t ≥ 0}. A continuous function γ : R+ 0 → R0 , is said to belong to class K if it is strictly increasing and γ(0) = 0; γ is said to belong to class K∞ if γ ∈ K and γ(r) → ∞ as r → ∞. A continuous + + function β : R+ 0 × R0 → R0 is said to belong to class KL if, for each fixed s, the map β(r, s) belongs to class K∞ with respect to r and, for each fixed nonzero r, the map β(r, s) is decreasing with respect to s and β(r, s) → 0 as s → ∞. We identify a relation R ⊆ A × B with the map R : A → 2B defined by b ∈ R(a) iff (a, b) ∈ R. Given a relation R ⊆ A × B, R−1 denotes the inverse relation defined by R−1 = {(b, a) ∈ B × A : (a, b) ∈ R}. When R is an equivalence relation on a set A, we denote by [a] the equivalence class of a ∈ A, by A/R the set of all equivalence classes, and by πR : A → A/R the natural projection map taking a point a ∈ A to its equivalence class π(a) = [a] ∈ A/R.

2.2. Control systems. The class of control systems that we consider in this paper is formalized in the following definition. Definition 2.1. A control system is a tuple Σ = (Rn , U, U, f ), where: • Rn is the state space; • U ⊆ Rm is the compact input set; • U is a subset of the set of all measurable functions of time from intervals of the form ]a, b[⊆ R to U with a < 0 and b > 0; • f : Rn × U → Rn is a continuous map satisfying the following Lipschitz assumption: for every compact set Q ⊂ Rn , there exists a constant Z ∈ R+ such that kf (x, u) − f (y, u)k ≤ Zkx − yk for all x, y ∈ Q and all u ∈ U. A curve ξ :]a, b[→ Rn is said to be a trajectory of Σ if there exists υ ∈ U satisfying: ˙ = f (ξ(t), υ(t)) , ξ(t) for almost all t ∈ ]a, b[. Although we have defined trajectories over open domains, we shall refer to trajectories ξ :[0, t] → Rn defined on closed domains [0, t], t ∈ R+ , with the understanding of the existence of a trajectory ξ 0 :]a, b[→ Rn such that ξ = ξ 0 |[0,t] with a < 0 and b > t. We also write ξxυ (t) to denote the point reached at time t under the input υ from the initial condition x = ξxυ (0); the point ξxυ (t) is uniquely determined, since the assumptions on f ensure existence and uniqueness of trajectories [20].

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

3

A control system Σ is said to be forward complete if every trajectory is defined on an interval of the form ]a, ∞[. Sufficient and necessary conditions for a control system to be forward complete can be found in [4]. 2.3. (In)Stability notion. Some of the existing results, recalled in this paper, require certain (in)stability properties on Σ. First, we recall the stability property, introduced in [3], as defined next. Definition 2.2. A control system Σ is incrementally input-to-state stable (δ-ISS) if it is forward complete 0 n and there exist a KL function β and a K∞ function γ such that for any t ∈ R+ 0 , any x, x ∈ R , and any 0 υ, υ ∈ U, the following condition is satisfied: kξxυ (t) − ξx0 υ0 (t)k ≤ β (kx − x0 k , t) + γ (kυ − υ 0 k∞ ) .

(2.1)

Now we recall the instability property, introduced in [23], as defined next. Definition 2.3. A control system Σ is incrementally forward complete (δ-FC) if it is forward complete and + + + + + there exist continuous functions β : R+ 0 × R0 → R0 and γ : R0 × R0 → R0 such that for each fixed s, the 0 n functions β(r, s) and γ(r, s) belong to class K∞ with respect to r, and for any t ∈ R+ 0 , any x, x ∈ R , and any 0 υ, υ ∈ U, the following condition is satisfied: kξxυ (t) − ξx0 υ0 (t)k ≤ β (kx − x0 k , t) + γ (kυ − υ 0 k∞ , t) .

(2.2)

We refer the interested readers to the results in [3] (resp. [23]) providing a characterization (resp. description) of δ-ISS (resp. δ-FC) in terms of the existence of so-called incremental Lyapunov functions. 3. Systems & Approximate Equivalence Notions 3.1. Systems. We now recall the notion of systems, introduced in [21], that we use later to describe NCS as well as their symbolic abstractions. Definition 3.1. A system S is a tuple S = (X, X0 , U, →, Y, H) consisting of: a (possibly infinite) set of states X; a (possibly infinite) set of initial states X0 ⊆ X; a (possibly infinite) set of inputs U ; a transition relation →⊆ X × U × X; a set of outputs Y ; and an output map H : X → Y . u u A transition (x, u, x0 ) ∈→ is also denoted by x - x0 . If x - x0 , state x0 is called a u-successor of state x. We denote by Postu (x) the set of all u-successors of a state x and by U (x) the set of inputs u ∈ U for which Postu (x) is nonempty.

System S is said to be: • • • • •

metric, if the output set Y is equipped with a metric d : Y × Y → R+ 0; finite (or symbolic), if X and U are finite sets; countable, if X and U are countable sets; deterministic, if for any state x ∈ X and any input u ∈ U , |Postu (x)| ≤ 1; nondeterministic, if there exist a state x ∈ X and an input u ∈ U such that |Postu (x)| > 1;

Given a system S = (X, X0 , U, −→, Y, H), we denote by |S| the size of S, defined as |S| := |−→|, which is equal to the total number of transitions in S. Note that it is more reasonable to consider |−→| as the size of S rather than |X|, as it is the transitions of S that are required to be stored rather than just the states of S. 3.2. System relations. We recall the notions of (alternating) approximate (bi)simulation relation, introduced in [13, 19], which are useful to relate properties of NCS to those of their symbolic models. First we recall the notions of approximate (bi)simulation relation, introduced in [13]. - , Ya , Ha ) and Sb = (Xb , Xb0 , Ub , - , Yb , Hb ) be metric sysDefinition 3.2. Let Sa = (Xa , Xa0 , Ua , a

b

tems with the same output sets Ya = Yb and metric d. For ε ∈ R+ 0 , a relation R ⊆ Xa × Xb is said to be an ε-approximate simulation relation from Sa to Sb if the following three conditions are satisfied:

4

M. ZAMANI, M. MAZO JR, AND A. ABATE

(i) for every xa0 ∈ Xa0 , there exists xb0 ∈ Xb0 with (xa0 , xb0 ) ∈ R; (ii) for every (xa , xb ) ∈ R we have d(Ha (xa ), Hb (xb )) ≤ ε; ua - x0a in Sa implies the existence of xb (iii) for every (xa , xb ) ∈ R, the existence of xa a

satisfying (x0a , x0b ) ∈ R.

ub

- x0 in Sb b

b

A relation R ⊆ Xa × Xb is said to be an ε-approximate bisimulation relation between Sa and Sb if R is an ε-approximate simulation relation from Sa to Sb and R−1 is an ε-approximate simulation relation from Sb to Sa . System Sa is ε-approximately simulated by Sb , or Sb ε-approximately simulates Sa , denoted by Sa εS Sb , if there exists an ε-approximate simulation relation from Sa to Sb . System Sa is ε-approximate bisimilar to Sb , denoted by Sa ∼ =εS Sb , if there exists an ε-approximate bisimulation relation between Sa and Sb . Note that when ε = 0, condition (ii) in the above definition is modified as (xa , xb ) ∈ R if and only if Ha (xa ) = Hb (xb ), and R becomes an exact (bi)simulation relation, as introduced in [17]. As explained in [19], for nondeterministic systems we need to consider relationships that explicitly capture the adversarial nature of nondeterminism. Furthermore, these types of relations become crucial to enable the refinement of symbolic controllers [21]. Definition 3.3. Let Sa = (Xa , Xa0 , Ua ,

- , Ya , Ha ) and Sb = (Xb , Xb0 , Ub ,

a

- , Yb , Hb ) be metric sys-

b

tems with the same output sets Ya = Yb and metric d. For ε ∈ R+ 0 , a relation R ⊆ Xa × Xb is said to be an alternating ε-approximate simulation relation from Sa to Sb if conditions (i) and (ii) in Definition 3.2, as well as the following condition, are satisfied: (iii) for every (xa , xb ) ∈ R and for every ua ∈ Ua (xa ) there exists some ub ∈ Ub (xb ) such that for every x0b ∈ Postub (xb ) there exists x0a ∈ Postua (xa ) satisfying (x0a , x0b ) ∈ R. A relation R ⊆ Xa × Xb is said to be an alternating ε-approximate bisimulation relation between Sa and Sb if R is an alternating ε-approximate simulation relation from Sa to Sb and R−1 is an alternating ε-approximate simulation relation from Sb to Sa . System Sa is alternatingly ε-approximately simulated by Sb , or Sb alternatingly ε-approximately simulates Sa , denoted by Sa εAS Sb , if there exists an alternating ε-approximate simulation relation from Sa to Sb . System Sa is alternatingly ε-approximately bisimilar to Sb , denoted by Sa ∼ =εAS Sb , if there exists an alternating εapproximate bisimulation relation between Sa and Sb . Note that when ε = 0, R becomes an exact alternating (bi)simulation relation, as introduced in [2]. It can be readily seen that the notions of approximate (bi)simulation relation and of alternating approximate (bi)simulation relation coincide when the systems involved are deterministic as in Definition 3.1. 3.3. Existence of symbolic   models for control systems. Let us define a metric system Sτ (Σ) := - , Yτ , Hτ , capturing all the information contained in the plant Σ, assumed to be forward Xτ , Xτ 0 , Uτ , τ complete, at the sampling times: • • • •

Xτ = Rn ; Xτ 0 = Rn ; Uτ = U; υτ - x0τ if there exists a trajectory ξx υ : [0, τ ] → Rn of Σ satisfying ξx υ (τ ) = x0τ ; xτ τ τ τ τ τ

• Yτ = Rn /Q for some given equivalence relation Q ⊆ Xτ × Xτ ; • Hτ = πQ .

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

5

Notice that the set of states and inputs of Sτ (Σ) are uncountable and that Sτ (Σ) is a deterministic system in the sense of Definition 3.1 since (cf. Subsection 2.2) the trajectory of Σ is uniquely determined. We also assume that the output set Yτ is equipped with a metric dYτ : Yτ × Yτ → R+ 0. We recall now some of the existing results on the existence of symbolic abstractions   - , Yq , Hq , Sq (Σ) := Xq , Xq0 , Uq , q

for Sτ (Σ). The following results assume that Q is the identity relation in the definition of Sτ (Σ) implying that Yτ = Rn and πQ = 1Rn and assume that the metric dYτ is the natural infinity norm metric. We recall the following theorem from [14]. + Theorem 3.4. Consider a δ-ISS control system Σ. For any ε ∈ R+ 0 and any sampling time τ ∈ R , there ε ε ∼ ∼ exists a countable deterministic abstraction Sq (Σ) such that Sq (Σ) =S Sτ (Σ) (equivalently Sq (Σ) =AS Sτ (Σ))1.

Now we recall a result, borrowed from [23], on the existence of an abstraction Sq (Σ) for Σ without requiring any stability assumption on Σ. + Theorem 3.5. Consider a δ-FC control system Σ. For any ε ∈ R+ 0 and any sampling time τ ∈ R , there ε ε exists a countable nondeterministic abstraction Sq (Σ) such that Sq (Σ) AS Sτ (Σ) S Sq (Σ).

Although the abstractions Sq (Σ) in Theorems 3.4 and 3.5 are countable, if one is interested in the dynamics of Σ over a compact set D ⊂ Rn , then they are also finite. The relationships established in Theorem 3.5 are weaker than the relationships established in Theorem 3.4 in the sense that failing to find a controller for the desired specifications on Sq (Σ) does not prevent the existence of a controller for Σ satisfying the same specifications. Note that the specific abstractions Sq (Σ) in Theorems 3.4 and 3.5 provided in [14, 23] are grid-based abstractions that suffer from the curse of dimensionality. For some specific classes of control systems Σ, one can also construct abstractions that are exactly bisimilar to Σ using some equivalence relation Q ⊆ Rn × Rn . We refer the interested readers to [21, Theorem 8.10] to consult the results on abstractions not based on grids. Remark 3.6. Consider the metric system Sτ (Σ) admitting an abstraction Sq (Σ). Since the plant Σ is forward complete, one can readily verify that given any state xτ ∈ Xτ there always exists a υτ -successor of xτ for any υτ ∈ Uτ . Hence, Uτ (xτ ) = Uτ for any xτ ∈ Xτ . Therefore, without loss of generality, one can also assume that Uq (xq ) = Uq for any xq ∈ Xq . 4. Networked Control Systems Consider a NCS as depicted schematically in Figure 1. The NCS consists of a forward complete plant Σ = (Rn , U, U, f ) which is connected to a symbolic controller, explained in more detail in the next subsection, over a communication network that induces delays (∆sc and ∆ca ). The state measurements of the plant are sampled by a time-driven sampler at times sk := kτ , k ∈ N0 , and we denote xk := ξ(sk ). The discrete-time control values computed by the symbolic controller at times sk are denoted by uk . Time-varying network-induced ca delays, i.e. the sensor-to-controller delay (∆sc k ) and the controller-to-actuator delay (∆k ), are included in the model. Moreover, packet dropouts in both channels of the network can be incorporated in the delays ∆sc k and ∆ca as long as the maximum number of subsequent dropouts over the network is bounded [15]. Finally, the k varying computation time, needed to evaluate the symbolic controller, is incorporated into ∆ca . We assume k sc that the time-varying delays are bounded and are integer multiples of the sampling time τ , i.e. ∆sc k := Nk τ , ca sc sc ca ca sc sc sc ca ca ca ca where Nk ∈ [Nmin ; Nmax ], and ∆k := Nk τ , where Nk ∈ [Nmin ; Nmax ], for some Nmin , Nmax , Nmin , Nmax ∈ N0 . Under these assumptions, there is no difference in assuming that both the controller and the actuator act in an event-driven fashion (i.e. they respond instantaneously to newly arrived data) or time-driven fashion 1Let us recall that the notions of alternating approximate (bi)simulation and of approximate (bi)simulation relation coincide when the systems involved are deterministic as per Definition 3.1.

6

M. ZAMANI, M. MAZO JR, AND A. ABATE

⌧

e ⌃

uk

Plant ⌃ : ⇠˙ = f (⇠, )

(t)

ZOH

⇠(t)

Sensor

ca k

xk

sc k

Symbolic Controller

Figure 1. Schematics of a networked control system. ca k 1

uk uk

sk

1

uk

1

Message rejected ca k+2

2 ca k+1

uk+2

uk+1

ca k

3

sk

sk+1

sk+2

sk+3

sk+4

Figure 2. Time-delays in the controller-to-actuator branch of the network with ∆ca k ∈ {τ, 2τ, 3τ }. (i.e. they respond to newly arrived data at the sampling instants sk ). Furthermore, we model the occurrence of message rejection, i.e. the effect of older data being neglected because more recent data is available before the older data arrival, similarly to the work in [10, 22]. The zero-order-hold (ZOH) function (see Figure 1) is placed before the plant Σ to transform the discrete-time control inputs uk , k ∈ N0 , to a continuous-time control input υ(t) = uk∗ (t) , where k ∗ (t) := max {k ∈ N0 | sk + ∆ca k ≤ t}. As argued in [10, 22], in the sampling interval [sk , sk+1 [, υ(t) can be explicitly described by (4.1)

ca , for t ∈ [sk , sk+1 [ , υ(t) = uk+j∗ −Nmax

ca ca where j∗ ∈ [0; Nmax − Nmin ] is defined as:

(4.2)

  bN ca , . . . , N bN ca , j∗ = fb N max min

ca bk , for k ∈ [N ca ; Nmax where N ], is the delay suffered by the control packet sent k samples ago, namely min ca ca ca b ca −i = N NNmax for any i ∈ [0; Nmax ] and − Nmin ca k−Nmax +i      bN ca , . . . , N bN ca bN ca , . . . , N bN ca fb N = max arg min g b j, N , max max min min j

where (   n o n o ca ca b b bN ca −j + j − Nmax bN ca −1−j + j − Nmax ca , . . . , NN ca gb j, NNmin = min max 0, N , max 0, N + 1 , max max max ) n o ca bN ca − Nmin , 1 , . . . , max 0, N min

ca ca with j ∈ [0; Nmax − Nmin ]. Note that the expression for the continuous-time control input in (4.1) and (4.2) takes into account the possible out-of-order packet arrivals and message rejection. For example, in Figure 3, the time-delays in the controller-to-actuator branch of the network are allowed to take values in {τ, 2τ, 3τ }, resulting in a message rejection at time sk+2 .

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

7

4.1. Symbolic controller. A symbolic controller is a mechanism that determines which inputs uk ∈ U should be fed into the system Σ based on the observed states xk ∈ Rn . We refer the interested readers to [21] to consult the formal definition of symbolic controllers. Although for some LTL specifications such as safety or reachability it is sufficient to consider only static controllers (i.e. without memory) [12], we do not limit our work by this assumption. Hence the approach presented in what follows is applicable to dynamic controllers (i.e. the controller has a memory), which are required to address general LTL specifications [6]. Due to the presence of a ZOH, from now on we assume that the set U contains only curves that are constant over intervals of length τ ∈ R+ and take values in U, i.e.: n o U = υ : R+ 0 → U | υ(t) = υ((s − 1)τ ), t ∈ [(s − 1)τ, sτ [, s ∈ N .

Similarly to what was assumed in the connection between controller and plant, we also consider the possible occurrence of message rejection for the measurement data sent from the sensor to the symbolic controller. The symbolic controller uses x bk as an input at the sampling times sk := kτ , where (4.3)

sc sc − Nmin ] is defined as: where `∗ ∈ [0; Nmax

sc , x bk = xk+`∗ −Nmax

  eN sc , . . . , N eN sc , `∗ = fe N max min

(4.4)

sc ek , for k ∈ [N sc ; Nmax ], is the delay suffered by the measurement packet sent k samples ago, namely where N min sc sc sc e sc −i = N − Nmin ] and NNmax for any i ∈ [0; Nmax sc k−Nmax +i      e e e e e sc , . . . , NN sc sc , . . . , NN sc f NNmin = max arg min ge `, NNmin , max max `

where (   n o n o eN sc , . . . , N eN sc eN sc −` + ` − N sc e sc −1−` + ` − N sc + 1 , ge `, N = min max 0, N max , max 0, NNmax max max max min ) n o sc e sc . . . , max 0, NNmin − Nmin , 1 ,

sc sc with ` ∈ [0; Nmax − Nmin ]. Note that the expression for the input of the controller in (4.3) and (4.4) takes into account the possible out-of-order packet arrivals and message rejection.

e now consider the metric system 4.2. Describing NCS as metric systems. Given Sτ (Σ) and the NCS Σ, e where: e , Y, H), capturing all the information contained in NCS Σ, S(Σ) := (X, X0 , U, N sc

N ca

N sc

N ca

sc sc ca ca max • X = {X × Uτ max × [Nmin ; Nmax ] max × [Nmin ; Nmax ] max , where q is a dummy symbol; o n τ ∪ q}
sc sc ca ca • X0 = x0 , q, . . . , q, υ0 , . . . , υ0 , Nmax , . . . , Nmax , Nmax , . . . , Nmax | x0 ∈ Xτ 0 , υ0 ∈ Uτ ; • U  = Uτ ;  υ  e1 , . . . , N eN sc , N b1 , . . . , N bN ca - x0 , x1 , . . . , xN sc −1 , υ, υ1 , . . . , sc , υ1 , . . . , υN ca , N • x1 , . . . , xNmax max max max max  sc sc ca ca e, N e1 , . . . , N eN sc −1 , N b, N b1 , . . . , N bN ca −1 for all N e ∈ [N ; N b ca −1 , N υNmax max ] and all N ∈ [Nmin ; Nmax ] min max max   ca −j∗ υNmax bN ca , . . . , N bN ca - x0 in Sτ (Σ) where j∗ = fb N if there exists transition x1 in (4.2); max min τ • Y = Yτ × Yτ ; 

e1 , . . . , N eN sc , N b1 , . . . , N bN ca sc , υ1 , . . . , υN ca , N sc −` • H x1 , . . . , xNmax = Hτ (x1 ), Hτ xNmax where ∗ max max max   eN sc , . . . , N eN sc `∗ = fe N in (4.4). With a slight abuse of notation, we assume that Hτ (q) := q. max min

8

M. ZAMANI, M. MAZO JR, AND A. ABATE

e are uncountable and that S(Σ) e is a nondeterministic Let us remark that the set of states and inputs of S(Σ) e b system in the sense of Definition 3.1, since depending on the values of N and N , more than one υ-successor e may exist. of any state of S(Σ)

e is a pair: the first entry is the output of the Remark 4.1. Note that the output value of any state of S(Σ) plant available at the sensors at times sk := kτ , and the second one is the output of the plant available at the controller at the same times sk taking into consideration the occurrence of message rejection. We assume that the output  set Y is equipped with the metric dY that is induced by the metric dYτ , as the e1 , . . . , N eN sc , N b1 , . . . , N bN ca sc , υ1 , . . . , υN ca , N following: given any x := x1 , . . . , xNmax and max max   max 0 0 e0 e0 b0 b0 x0 := x01 , . . . , x0Nmax in X, we set sc , υ1 , . . . , υN ca , N1 , . . . , NN sc , N1 , . . . , NN ca max max max

(4.5) dY (H (xτ ) , H (x0τ )) = dY ((x1 , xk ), (x01 , x0k )) := max {dYτ (Hτ (x1 ) , Hτ (x01 )) , dYτ (Hτ (xk ) , Hτ (x0k ))} ,

sc sc for some given k ∈ [Nmin ; Nmax ], where we extend the metric dYτ such that dYτ (Hτ (x), Hτ (q)) = +∞ for any n e are ε-close if not only their first entries are x ∈ R and dYτ (Hτ (q), Hτ (q)) = 0. Hence, two states of S(Σ) ε-close but also if the second entries are too.

5. Symbolic Models for NCS This section contains the main contributions of the paper. We show the existence and construction of symbolic models for NCS by using existing symbolic models for the plant Σ, namely,   - , Yq , Hq . Sq (Σ) := Xq , Xq0 , Uq , q

Define the following system:

where N sc

 - , Y∗ , H∗ ,

 e := X∗ , X∗0 , U∗ , S∗ (Σ)

N ca

∗

N sc

N ca

sc sc ca ca max • X∗ = {X × Uq max × [Nmin ] max × [Nmin ] max ; ; Nmax ; Nmax o n q ∪ q}
ca ca sc sc | x∗0 ∈ Xq0 , u∗0 ∈ Uq ; , . . . , Nmax , Nmax , . . . , Nmax • X∗0 = x∗0 , q, . . . , q, u∗0 , . . . , u∗0 , Nmax • U  ∗ = Uq ;  u  ∗ e∗1 , . . . , N e∗N sc , N b∗1 , . . . , N b∗N ca sc , u∗1 , . . . , u∗N ca , N sc −1) , u∗ , • x∗1 , . . . , x∗Nmax x0∗ , x∗1 , . . . , x∗(Nmax max max max  ∗ sc e∗ , N e∗1 , . . . , N e∗(N sc −1) , N b∗ , N b∗1 , . . . , N b∗(N ca −1) for all N e∗ ∈ [N sc ; Nmax ca −1) , N ] and u∗1 , . . . , u∗(Nmax min max max u

ca

∗(Nmax −j∗ ) ca b∗ ∈ [N ca ; Nmax - x0∗ in Sq (Σ) where ] if there exists transition x∗1 all N min q   b∗N ca , . . . , N b∗N ca j∗ = fb N in (4.2); max min • Y∗  = Yq × Yq ; 

e∗1 , . . . , N e∗N sc , N b∗1 , . . . , N b∗N ca sc , u∗1 , . . . , u∗N ca , N sc −` ) • H∗ x∗1 , . . . , x∗Nmax = Hq (x∗1 ) , Hq x∗(Nmax ∗ max max max   e∗N sc , . . . , N e∗N sc where `∗ = fe N in (4.4). With a slight abuse of notation, we set Hq (q) := q. max min

e is countable or symbolic if the system Sq (Σ) is countable or It can be readily seen that the system S∗ (Σ) e is always a nondeterministic symbolic, respectively. Although Sq (Σ) may be a deterministic system, S∗ (Σ) e b e may system, since depending on the values of N∗ and N∗ , more than one u∗ -successor of any state of S∗ (Σ) exist.

Remark 5.1. Note that, with the output map defined as we suggest, the synthesis of controllers should be performed using the first entries of the output pairs to define the satisfaction of properties. This is so because usually specifications are expressed in terms of the outputs exhibited by the plant, i.e. what is available at

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

e ⌃

uk

9

⌧ ZOH

Plant

(t)

⇠(t)

⌃ : ⇠˙ = f (⇠, )

Sensor

ca k

xk

sc k

uq

Main Block

xq

'

Symbolic Controller

e ⌃

uk

⌧ ZOH

(t)

Plant ⌃ : ⇠˙ = f (⇠, )

⇠(t)

Sensor

xk '

ca k

sc k

uq

Main Block

xq

Symbolic Controller

Figure 3. Shifting functions ϕ and ψ to the other sides of the communication network. the sensors before the network. However, the controller refinement (and any interconnection analysis) should make use of the second entry of the output pairs as those are the outputs received by the controllers. In the present paper we do not dive further into these issues, which are left as object of future research. We can now state the first main results of the paper. e and suppose that there exists an abstraction Sq (Σ) such that Sq (Σ) ε Theorem 5.2. Consider a NCS Σ AS e e ε S∗ (Σ). e ε S(Σ) Sτ (Σ) εS Sq (Σ). Then we have S∗ (Σ) S AS

The proof of Theorem 5.2 is provided in the Appendix.

e and suppose that there exists an abstraction Sq (Σ) such that Sq (Σ) ∼ Corollary 5.3. Consider a NCS Σ =εAS e ∼ e Sτ (Σ). Then we have S∗ (Σ) =εAS S(Σ).

e ε S(Σ). e In a similar way, one can Proof. Using Theorem 5.2 one gets that Sq (Σ) εAS Sτ (Σ) implies S∗ (Σ) AS e ε S∗ (Σ) e which completes the proof. show that Sτ (Σ) εAS Sq (Σ) implies S(Σ)  AS

Remark 5.4. By consulting the formal definition of symbolic controllers in [21], one can readily verify the existence of two static functions ϕ : Xτ → Xq and ψ : Uq → U, inside the symbolic controllers, associating to any xτ ∈ Xτ one symbol xq ∈ Xq and to any symbol uq ∈ Uq one control value uτ ∈ U, respectively, as shown in Figure 3. Since the functions ϕ and ψ are static, without violating the main results one can shift those functions toward sensor and actuator in the NCS as shown in Figure 3. If Sq (Σ) is symbolic, then Uq and Xq are finite sets. Hence, one can automatically take care of limited bandwidth constraints without introducing additional quantization errors. Note that for the grid-based symbolic abstractions Sq (Σ) proposed in [14, 23], one has: ψ = 1Uq and ϕ : x → [x]η , where [x]η ∈ [Rn ]η such that kx − [x]η k ≤ η/2 for a given state space quantization parameter η ∈ R+ . The next subsection provides similar results as the ones in Theorem 5.2 and Corollary 5.3 when the symbolic controller is static.

10

M. ZAMANI, M. MAZO JR, AND A. ABATE

5.1. Results for static symbolic controllers. Assuming that the symbolic controller is static, both delays ca sc ca ∆sc k and ∆k can be captured by a single delay ∆k := ∆k + ∆k [10, 22] and shifted to the controller-tosc/ca e e sc = 0 and ∆ e ca = ∆k . actuator branch of the network, i.e. denoting by ∆k the delays in the new model: ∆ k k Therefore, one can also only consider the occurrence of message rejection in the control data.

e := (X, X0 , U, e now consider the metric system S(Σ) Given Sτ (Σ) and the NCS Σ, e the information contained in the NCS Σ, where:

- , Y, H), capturing all

N

• X = Xnτ × UτNmax × [Nmin ; Nmax ] max ; o • X0 = (x0 , υ0 , . . . , υ0 , Nmax , . . . , Nmax ) | x0 ∈ Xτ 0 , υ0 ∈ Uτ ; • U = Uτ ; υ - (x0 , υ, υ1 , . . . , υNmax −1 , N, N1 , . . . , NNmax −1 ) for all • (x1 , υ1 , . . . , υNmax , N1 , . . . , NNmax ) υNmax −j∗ - x0 in Sτ (Σ) where j∗ = fb(NN , . . . , Nmax ) N ∈ [Nmin ; Nmax ] if there exists transition x1 min τ

in (4.2); • Y = Yτ ; • H (x1 , υ1 , . . . , υNmax , N1 , . . . , NNmax ) = Hτ (x1 ),

ca sc ca sc e are . Note that the set of states and inputs of S(Σ) + Nmax where Nmin = Nmin + Nmin and Nmax = Nmax e uncountable and that S(Σ) is a nondeterministic system, since depending on the values of N , more than one e may exist. υ-successor of any state of S(Σ)

e using an existing symbolic model for Σ, namely, We now propose a symbolic model for the NCS Σ   - , Yq , Hq . Sq (Σ) := Xq , Xq0 , Uq , q

Define the following system:

where

 e := X∗ , X∗0 , U∗ , S ∗ (Σ)

 - , Y∗ , H∗ ,

∗

N

• X∗ = Xq × UqNmax × [Nmin ; Nmax ] max ; n o • X∗0 = (x∗0 , u∗0 , . . . , u∗0 , Nmax , . . . , Nmax ) | x∗0 ∈ Xq0 , u∗0 ∈ Uq ; • U∗ = Uq ;
u∗ • (x∗1 , u∗1 , . . . , u∗Nmax , N∗1 , . . . , N∗Nmax ) - x0∗ , u∗ , u∗1 , . . . , u∗(Nmax −1) , N∗ , N∗1 , . . . , N∗(Nmax −1) for ∗

all N∗ ∈ [Nmin ; Nmax ] if there exists transition x∗1

u∗(Nmax −j∗ )

j∗ = fb(N∗Nmin , . . . , N∗Nmax ) in (4.2); • Y∗ = Yq ;
• H∗ x∗1 , u∗1 , . . . , u∗Nmax , N∗1 , . . . , N∗Nmax = Hq (x∗1 ).

q

- x0∗ in Sq (Σ) where

e is countable or symbolic if the system Sq (Σ) is countable or It can be readily seen that the system S ∗ (Σ) e is always a nondeterministic symbolic, respectively. Although Sq (Σ) may be a deterministic system, S ∗ (Σ) e may exist. one, since depending on the values of N∗ , more than one u∗ -successor of any state of S ∗ (Σ) e and S ∗ (Σ), e as the following: Note that Theorem 5.2 and Corollary 5.3 are still valid for systems S(Σ)

e and suppose that the symbolic controller is static and there exists an Theorem 5.5. Consider a NCS Σ e ε S(Σ) e ε S ∗ (Σ). e abstraction Sq (Σ) such that Sq (Σ) εAS Sτ (Σ) εS Sq (Σ). Then we have S ∗ (Σ) AS S Proof. The proof is analogous to the one of Theorem 5.2.



SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

11

e and suppose that the symbolic controller is static and there exists an Corollary 5.6. Consider a NCS Σ ∼ e ∼ e abstraction Sq (Σ) such that Sq (Σ) =εAS Sτ (Σ). Then we have S ∗ (Σ) =εAS S(Σ). Proof. The proof is analogous to the one of Corollary 5.3.



6. Comparison with the Existing Results in the Literature We compare the results provided here with the ones provided in [9, 8] in terms of the size of the proposed symbolic models. For the sake of a fair comparison, assume that we use also a grid-based symbolic abstraction for the plant Σ using the same sampling time and quantization parameters as the ones in [9, 8]. By assuming that we are only interested in the dynamics of Σ on a compact set D ⊂ Rn , the size of the set of states of the symbolic models, provided in [9, 8], is: i X |X? | = [D]η . i∈{{1}∪[Nmin ;Nmax ]}

Meanwhile, the size of the set of states for the abstractions provided by Theorem 5.2 and Corollary 5.3, is: ca sc Nmax Nmax  N sc N ca sc sc ca ca · (Nmax − Nmin + 1) max · (Nmax − Nmin + 1) max , · [U]µ |X∗ | = [D]η + 1 and for the ones provided by Theorem 5.5 and Corollary 5.6, is: Nmax N · (Nmax − Nmin + 1) max , |X∗ | = [D]η · [U]µ

where [D]η = D ∩ [Rn ]η and [U]µ = U ∩ [Rm ]µ for some quantization parameters η, µ ∈ R+ .

One can easily verify that the size of the symbolic models proposed in [9, 8] is at most: (6.1)  e = |X? | · |[U]µ | · (Nmax − Nmin + 1) · K =  S? (Σ)

X

i∈{{1}∪[Nmin ;Nmax ]}

 i [D]η  · |[U]µ | · (Nmax − Nmin + 1) · K,

where K is the maximum number of u-successors of any state of the symbolic model Sq (Σ) for u ∈ [U]µ . Note that with the results in Theorem 3.4 one has K = 1 because Sq (Σ) is a deterministic system, while with the ones from Theorem 3.5 one has K ≥ 1 because Sq (Σ) is a nondeterministic system and the value of K depends on the functions β and γ in (2.2), see [23] for more details. The sizes of the symbolic models provided in this paper are at most: e = |X∗ | · |[U]µ | · (N sc − N sc + 1) · (N ca − N ca + 1) (6.2) S∗ (Σ) max min max min sc ca Nmax  Nmax +1 N sc +1 N ca +1 sc sc ca ca = [D]η + 1 · [U]µ · (Nmax − Nmin + 1) max · (Nmax − Nmin + 1) max · K, Nmax +1 N +1 e = |X∗ | · |[U]µ | · (Nmax − Nmin + 1) = [D] · [U] (6.3) S ∗ (Σ) · (Nmax − Nmin + 1) max · K, η µ

with the same K as in (6.1). For the sake of a fair comparison, one should compare the sizes in (6.1) and e e (6.3) because in both symbolic models S? (Σ) and S ∗ (Σ) it is assumed  that the symbolic  controllers are static. It can be readily verified that if [D]η is much bigger than [U]µ [D]η >> [U]µ which is often the case, e specially for large values of Nmax . The symbolic model S∗ (Σ) e can e can be much smaller than S? (Σ) S ∗ (Σ) also have a smaller size for large values of Nmax and for [D]η >> [U]µ , as shown in the following numerical example.

12

M. ZAMANI, M. MAZO JR, AND A. ABATE

Example 6.1. Consider a plant Σ such that D = [−1, 1] × [−1, 1], U = [0, 1], η = 0.1, and µ = 1. Assume sc sc ca that the delays in different parts of the network are as the following: Nmin = 1, Nmax = 2, Nmin = 2, and ca Nmax = 3. Using equations (6.1), (6.2), and (6.3), one obtains: e = 3.2932 × 108 K, S ∗ (Σ) e = 6.1594 × 1013 K, S∗ (Σ) e = 1.8662 × 107 K. S? (Σ) e and S ∗ (Σ) e are roughly 2 × 105 and It can be readily verified that the sizes of our proposed abstractions S∗ (Σ) 6 e 3 × 10 times smaller than the one of S? (Σ), proposed in [9, 8], respectively. 7. Discussion

In this paper we have provided a construction of symbolic models for NCS, subject to variable communication delays, quantization errors, packet losses, and limited bandwidth, using available symbolic models for the plant (not limited to grid-based ones). Furthermore, our approach allows us to treat any specification expressed as formulae in LTL or as automata on infinite strings without requiring additional reformulations. Finally, we have shown that the proposed methodology also results, in general, in smaller abstractions than similar approaches in the literature [9, 8]. Future work will concentrate on: 1) providing efficient implementations of the symbolic models, the existence of which has been shown in this work; 2) the construction of symbolic models for NCS with stochastic plants described as continuous-time diffusion equations and by considering some probabilistic structure on the transmission intervals, communication delays, and packet dropouts; 3) construction of symbolic models for NCS by considering additional network non-idealities, in particular time-varying sampling/transmission intervals. 8. Appendix e Since Sq (Σ) ε Sτ (Σ), there exists an ale ε S(Σ). Proof of Theorem 5.2. We start by proving S∗ (Σ) AS AS e ⊆ X∗ × X ternating ε-approximate simulation relation R from Sq (Σ) to Sτ (Σ). Consider the relation R  e where x∗ = x∗1 , . . . , x∗N sc , u∗1 , . . . , u∗N ca , N e∗1 , . . . , N e∗N sc , N b∗1 . . . , N b∗N ca defined by (x∗ , x) ∈ R, and max max max max   sc e1 , . . . , N eN sc , N b1 . . . , N bN ca , if and only if N e∗i = N ei , ∀i ∈ [1; Nmax ], x = x1 , . . . , xN sc , υ1 , . . . , υN ca , N max

max

max

max

sc ca b∗j = N bj , ∀j ∈ [1; Nmax ], and for each u∗i and the corresponding υi there exists ], (x∗k , xk ) ∈ R, ∀k ∈ [1; Nmax N ca ] and any (x∗ , x) ∈ R. Note that if Uτ = Uq x0∗ ∈ Postu∗i (x∗ ) such that (x0∗ , ξxυi (τ )) ∈ R for any i ∈ [1; Nmax e and they are finite then the last condition of the relation R is nothing more than requiring u∗i = υi for any ca i ∈ [1; Nmax ].
sc sc ca ca Consider x∗0 := x∗0 , q, . . . , q, u∗0 , . . . , u∗0 , Nmax , . . . , Nmax , Nmax , . . . , Nmax ∈ X∗0 . Due to the relation R, there exist x0 ∈ Xτ 0 such that (x∗0 , x0 ) ∈ R and υ0 ∈ Uτ such that there exists x0∗ ∈ Postu∗0 (x∗ ) satisfying sc sc ca (x0∗ , ξxυ0 (τ )) ∈ R for any (x∗ , x) ∈ R. Hence, by choosing x0 := (x0 , q, . . . , q, υ0 , . . . , υ0 , Nmax , . . . , Nmax , Nmax , ca e . . . , Nmax ) ∈ X0 , one gets (x∗0 , x0 ) ∈ R and condition (i) in Definition 3.3 is satisfied.   e where x∗ = x∗1 , . . . , x∗N sc , u∗1 , . . . , u∗N ca , N e∗1 , . . . , N e∗N sc , N b∗1 , . . . , N b∗N ca Now consider any (x∗ , x) ∈ R, max max max   max sc e1 , . . . , N eN sc , N b1 , . . . , N bN ca . Since N e∗i = N ei , ∀i ∈ [1; Nmax sc , υ1 , . . . , υN ca , N and x = x1 , . . . , xNmax ], and max max max b∗j = N bj , ∀j ∈ [1; N ca ], and using definitions of S∗ (Σ) e and S(Σ), e one obtains H∗ (x∗ ) = (x∗1 , x∗k ) N max sc sc e and S(Σ)). e and H (x) = (x1 , xk ), for some k ∈ [Nmin ; Nmax ] (cf. Definitions S∗ (Σ) Since (x∗i , xi ) ∈ R, sc sc ∀i ∈ [1; Nmax ], one gets dYτ (Hq (x∗i ) , Hτ (xi )) ≤ ε, ∀i ∈ [1; Nmax ]. Therefore,

dY (H∗ (x∗ ), H(x)) = max {dYτ (Hq (x∗1 ) , Hτ (x1 )) , dYτ (Hq (x∗k ) , Hτ (xk ))} ≤ ε,

and condition (ii) in Definition 3.3 is satisfied.

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS

13

e where x∗ = x∗1 , . . . , Let us now show that condition (iii) in Definition 3.3 holds. Consider any (x∗ , x) ∈ R,
e e b b e1 , . . . , N eN sc , sc , u∗1 , . . . , u∗N ca , N∗1 , . . . , N∗N sc , N∗1 , . . . , N∗N ca sc , υ1 , . . . , υN ca , N x∗Nmax , x = x1 , . . . , xNmax max max max max max
b1 , . . . , N bN ca . Consider any u∗ ∈ U∗ (x∗ ) = Uq . Using the relation R, there exist υ ∈ U (x) = Uτ and x N `∗ ∈ max sc −1 , υ, υ1 , Postu∗ (x∗ ) such that (` x∗ , ξxυ (τ )) ∈ R for any (x∗ , x) ∈ R. Now consider any x0 = x0 , x1 , . . . , xNmax
sc e, N e1 , . . . , N eN sc −1 , N b, N b1 , . . . , N bN ca −1 ∈ Postυ (x) ⊆ X for some N e ∈ [N sc ; Nmax b∈ ca −1 , N . . . , υNmax ] and N min max max ca ca 0 ca ca e [Nmin ; Nmax ] where x = ξx1 υk (τ ) for some given k ∈ [Nmin ; Nmax ] (cf. Definition S(Σ)). Because of the relae one tion R, there exists x0∗ ∈ Postu∗k (x∗1 ) in Sq (Σ) such that (x0∗ , x0 ) ∈ R. Hence, due to the definition S∗ (Σ),
0 0 e e e b b b sc −1) , u∗ , u∗1 , . . . , u∗(N ca −1) , N , N1 , . . . , NN sc −1 , N , N1 , . . . , NN ca −1 can choose x∗ = x∗ , x∗1 , . . . , x∗(Nmax max max max ∈ Postu∗ (x∗ ) ⊆ X∗ . Due to the relation R, one can readily verify that dYτ (Hq (x0∗ ), Hτ (x0 )) ≤ ε. Since sc dYτ (Hq (x∗j ), Hτ (xj )) ≤ ε, ∀j ∈ [1; Nmax − 1], one gets dY (H∗ (x0∗ ) , H (x0 )) = max {dYτ (Hq (x0∗ ) , Hτ (x0 )) , dYτ (Hq (x∗k ) , Hτ (xk ))} ≤ ε, sc sc e and S(Σ)). e e implying that for some given2 k ∈ [Nmin − 1; Nmax − 1] (cf. Definitions S∗ (Σ) Hence, (x0∗ , x0 ) ∈ R condition (iii) in Definition 3.3 holds.

e e ε S∗ (Σ). Since Sτ (Σ) εS Sq (Σ), there exists an ε-approximate simulation relaNow we prove S(Σ) S e ⊆ X × X∗ defined by (x, x∗ ) ∈ R, e where x = tion R from Sτ (Σ) to Sq (Σ). Consider the relation R
e e b b e∗1 , sc , υ1 , . . . , υN ca , N1 , . . . , NN sc , N1 , . . . , NN ca sc , u∗1 , . . . , u∗N ca , N x1 , . . . , xNmax and x∗ = x∗1 , . . . , x∗Nmax max max max max
ca sc bj = N b∗j , ∀j ∈ [1; Nmax e∗N sc , N b∗1 , . . . , N b∗N ca , if and only if N ei = N e∗i , ∀i ∈ [1; Nmax ], (xk , x∗k ) ∈ R, ], N ...,N max max 0 sc ∀k ∈ [1; Nmax ], and for each υi and the corresponding u∗i there exists a x∗ ∈ Postu∗i (x∗ ) such that ca ] and any (x, x∗ ) ∈ R. (ξxυi (τ ), x0∗ ) ∈ R for any i ∈ [1; Nmax
sc sc ca ca Consider x0 := x0 , q, . . . , q, υ0 , . . . , υ0 , Nmax , . . . , Nmax , Nmax , . . . , Nmax ∈ X0 . Due to the relation R, there exist x∗0 ∈ X∗0 such that (x0 , x∗0 ) ∈ R and u∗0 ∈ Uq such that there exists x0∗ ∈ Postu∗0 (x∗ ) satisfying sc sc (ξxυ0 (τ ), x0∗ ) ∈ R for any (x, x∗ ) ∈ R. Hence, by choosing x∗0 := x∗0 , q, . . . , q, u∗0 , . . . , u∗0 , Nmax , . . . , Nmax ,
ca ca e Nmax , . . . , Nmax ∈ X∗0 , one gets (x0 , x∗0 ) ∈ R and condition (i) in Definition 3.2 is satisfied.
e where x = x1 , . . . , xN sc , υ1 , . . . , υN ca , N e e sc b b ca Now consider any (x, x∗ ) ∈ R, max max   1 , . . . , NNmax , N1 . . . , NNmax and sc e∗1 , . . . , N e∗N sc , N b∗1 . . . , N b∗N ca . Since N ei = N e∗i , ∀i ∈ [1; Nmax sc , u∗1 , . . . , u∗N ca , N x∗ = x∗1 , . . . , x∗Nmax ], max max max ca b b e e and Nj = N∗j , ∀j ∈ [1; Nmax ], and using definitions of S(Σ) and S∗ (Σ), one obtains H (x) = (x1 , xk ) sc sc e and S(Σ)). e ] (cf. Definitions S∗ (Σ) Since (xi , x∗i ) ∈ and H∗ (x) = (x∗1 , x∗k ), for some k ∈ [Nmin ; Nmax sc sc ]. Therefore, dY (H(x), H∗ (x∗ )) = R, ∀i ∈ [1; Nmax ], one gets dYτ (Hτ (xi ) , Hq (x∗i )) ≤ ε, ∀i ∈ [1; Nmax max {dYτ (Hτ (x1 ) , Hq (x∗1 )) , dYτ (Hτ (xk ) , Hq (x∗k ))} ≤ ε and condition (ii) in Definition 3.2 is satisfied. e where x = x1 , . . . , xN sc , Let us now show that condition (iii) in Definition 3.2 holds. Consider any (x, x∗ ) ∈ R, max
e1 , . . . , N eN sc , N b1 , . . . , N bN ca , x∗ = x∗1 , . . . , x∗N sc , u∗1 , . . . , u∗N ca , N e∗1 , . . . , N e∗N sc , N b∗1 , ca , N υ1 , . . . , υNmax max max max max max
b∗N ca . Consider any υ ∈ U (x) = Uτ . Using the relation R, there exist u∗ ∈ U∗ (x∗ ) = Uq and x ...,N `∗ ∈ max sc −1 , υ, υ1 , Postu∗ (x∗ ) such that (ξxυ (τ ), x `∗ ) ∈ R for any (x, x∗ ) ∈ R. Now consider any x0 = x0 , x1 , . . . , xNmax
sc e, N e1 , . . . , N eN sc −1 , N b, N b1 . . . , N bN ca −1 ∈ Postυ (x) ⊆ X for some N b ∈ e ∈ [N sc ; Nmax ca −1 , N . . . , υNmax ] and N min max max ca ca ca ca e [Nmin ; Nmax ] where x0 = ξxυk (τ ) for some given k ∈ [Nmin ; Nmax ] (cf. Definition S(Σ)). Because of the relation 0 0 0 e one R, there exists x∗ ∈ Postu∗k (x∗1 ) in Sq (Σ) such that (x , x∗ ) ∈ R. Hence, due to the definition S∗ (Σ),
0 0 e, N e1 , . . . , N eN sc −1 , N b, N b1 . . . , N bN ca −1 ∈ sc −1) , u∗ , u∗1 , . . . , u∗(N ca −1) , N can choose x∗ = x∗ , x∗1 , . . . , x∗(Nmax max max max Postu∗ (x∗ ) ⊆ X∗ . Due to the relation R, one can readily verify that dYτ (Hτ (x0 ), Hq (x0∗ )) ≤ ε. Since sc dYτ (Hτ (xj ), Hq (x∗j )) ≤ ε, ∀j ∈ [1; Nmax − 1], one gets dY (H (x0 ) , H∗ (x0∗ )) = max {dYτ (Hτ (x0 ) , Hq (x0∗ )) , dYτ (Hτ (xk ) , Hq (x∗k ))} ≤ ε, 2Note that if N sc = 0, then x 0 0 ∗(−1) = x∗ and x−1 = x . min

14

M. ZAMANI, M. MAZO JR, AND A. ABATE

sc sc e and S(Σ)). e e implying that for some given3 k ∈ [Nmin − 1; Nmax − 1] (cf. Definitions S∗ (Σ) Hence, (x0 , x0∗ ) ∈ R condition (iii) in Definition 3.2 holds.



References [1] R. Alur, A. D’Innocenzo, K. H. Johansson, G. J. Pappas, and G. Weiss. Compositional modeling and analysis of multi-hop control networks. IEEE Transactions on Automatic Control, 56(10):2345–2357, 2011. [2] R. Alur, T. A. Henzinger, O. Kupferman, and M. Vardi. Alternating refinement relations. in Proceedings of 8th International Conference on Concurrence Theory, Lecture Notes in Computer Science, 1466:163–178, 1998. [3] D. Angeli. A Lyapunov approach to incremental stability properties. IEEE Transactions on Automatic Control, 47(3):410– 421, 2002. [4] D. Angeli and E. D. Sontag. Forward completeness, unboundedness observability, and their Lyapunov characterizations. Systems and Control Letters, 38:209–217, 1999. [5] D. Antunes, J. P. Hespanha, and C. Silvestre. Volterra integral approach to impulsive renewal systems: Application to networked control. IEEE Transactions on Automatic Control, 57(3):607–619, March 2012. [6] C. Baier and J. P. Katoen. Principles of model checking. The MIT Press, April 2008. [7] N. W. Bauer, P. J. H. Maas, and W. P. M. H. Heemels. Stability analysis of networked control systems: a sum of squares approach. Automatica, 48(8):1514–1524, 2012. [8] A. Borri, G. Pola, and M.D. Di Benedetto. Integrated symbolic design of unstable nonlinear networked control systems. in Proceedings of 51th IEEE Conference on Decision and Control, December 2012. [9] A. Borri, G. Pola, and M.D. Di Benedetto. A symbolic approach to the design of nonlinear networked control systems. in Proceedings of 15th International Conference on Hybrid Systems: Computation and Control, pages 255–264, April 2012. [10] M. B. G. Cloosterman, N. van de Wouw, W. P. M. H. Heemels, and H. Nijmeijer. Stability of networked control systems with uncertain time-varying delays. IEEE Transactions on Automatic Control, 54(7):1575–1580, July 2009. [11] H. Gao, T. Chen, and J. Lam. A new delay system approach to network-based control. Automatica, 44(1):39–52, 2008. [12] A. Girard. Synthesis using approximately bisimilar abstractions: state-feedback controllers for safety specifications. in Proceedings of 13th International Conference on Hybrid Systems: Computation and Control, pages 111–120, April 2010. [13] A. Girard and G. J. Pappas. Approximation metrics for discrete and continuous systems. IEEE Transactions on Automatic Control, 25(5):782–798, 2007. [14] A. Girard, G. Pola, and P. Tabuada. Approximately bisimilar symbolic models for incrementally stable switched systems. IEEE Transactions on Automatic Control, 55(1):116–126, 2009. [15] W. P. M. H. Heemels and N. van de Wouw. Stability and stabilization of networked control systems. In A. Bemporad, W. P. M. H. Heemels, and M. Johansson, editors, Networked Control Systems, volume 406 of Lecture Notes in Control and Information Sciences, pages 203–253. Springer London, 2010. [16] O. Maler, A. Pnueli, and J. Sifakis. On the synthesis of discrete controllers for timed systems. in Proceedings of 12th Annual Symposium on Theoretical Aspects of Computer Science, 900:229–242, 1995. [17] R. Milner. Communication and Concurrency. Prentice-Hall, Inc., 1989. [18] D. Nesic and D. Liberzon. A unified framework for design and analysis of networked and quantized control systems. IEEE Transactions on Automatic Control, 54(4):732–747, 2009. [19] G. Pola and P. Tabuada. Symbolic models for nonlinear control systems: alternating approximate bisimulations. SIAM Journal on Control and Optimization, 48(2):719–733, 2009. [20] E. D. Sontag. Mathematical control theory, volume 6. Springer-Verlag, New York, 2nd edition, 1998. [21] P. Tabuada. Verification and Control of Hybrid Systems, A symbolic approach. Springer US, 2009. [22] N. van de Wouw, D. Nesic, and W. P. M. H. Heemels. A discrete-time framework for stability analysis of nonlinear networked control systems. Automatica, 48(6):1144–1153, June 2012. [23] M. Zamani, G. Pola, M. Mazo Jr., and P. Tabuada. Symbolic models for nonlinear control systems without stability assumptions. IEEE Transaction on Automatic Control, 57(7), 2012.

1 Department

of Design Engineering, Delft University of Technology, 2628 CE, Delft, The Netherlands.

E-mail address: [email protected] URL: http://staff.tudelft.nl/en/m.zamani

3Note that if N 0 0 min = 0, then x∗(−1) = x∗ and x−1 = x .

SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS 2 Delft

Center for Systems and Control, Delft University of Technology, 2628 CD, Delft, The Netherlands.

E-mail address: [email protected] URL: http://www.dcsc.tudelft.nl/∼mmazo 3 Department

of Computer Science, University of Oxford, OX1 3QD, Oxford, United Kingdom.

E-mail address: [email protected] URL: http://www.cs.ox.ac.uk/people/alessandro.abate

15