COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ...

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS OF INTERCONNECTED CONTROL SYSTEMS

arXiv:1507.05014v1 [math.OC] 17 Jul 2015

MATTHIAS RUNGGER AND MAJID ZAMANI

Abstract. We consider a compositional construction of approximate abstractions of interconnected control systems. In our framework, an abstraction acts as a substitute in the controller design process and is itself a continuous control system. The abstraction is related to the concrete control system via a so-called simulation function: a Lyapunov-like function, which is used to establish a quantitative bound between the behavior of the approximate abstraction and the concrete system. In the first part of the paper, we provide a small gain type condition that facilitates the compositional construction of an abstraction of an interconnected control system together with a simulation function from the abstractions and simulation functions of the individual subsystems. In the second part of the paper, we restrict our attention to linear control system and characterize simulation functions in terms of controlled invariant, externally stabilizable subspaces. Based on those characterizations, we propose a particular scheme to construct abstractions for linear control systems. We illustrate the compositional construction of an abstraction of an interconnected system with a simple example consisting of four linear control subsystems.

1. Introduction One way to address the inherent difficulty in modeling, analyzing and controlling complex, large-scale, interconnected systems, is to apply a divide-and-conquer scheme [12]. In this approach, as a first step, the overall system is partitioned in a number of reasonably sized components, i.e., subsystems. Simultaneously, a number of appropriate interfaces to connect the individual subsystems are introduced. Subsequently, the analysis and the design of the overall system is reduced to those of the subsystems. There exist different reasoning schemes to ensure the correctness of such a component-based, compositional analysis and design procedure. One scheme, which is often invoked in the formal methods community, is called assume-guarantee reasoning, see e.g. [15, 10, 7]. Here, one establishes the correctness of the composed system by guaranteeing that each subsystem is correct, i.e., satisfies its specification, under the assumption that all other subsystems are correct. The assume-guarantee reasoning is always correct, if there is no circularity between assumptions and guarantees. In the case of circular reasoning, some additional “assume/guarantee” assumptions are imposed. Another approach, which is known from control theory, invokes a so called small gain condition, see e.g. [11, 6, 4] to establish the stability of the interconnected system. For example in [4], the authors assume that the gain functions that are associated with the Lyapunov functions of the individual subsystems satisfy a certain “small gain” condition. The condition certifies a small (or weak) interaction of the subsystems, which prevents an amplification of the signals across possible feedback interconnections. Similarly to the assume-guarantee Key words and phrases. Simulation Functions, Approximate Abstractions, Interconnected Control Systems, Compositionality . 1

2

MATTHIAS RUNGGER AND MAJID ZAMANI

reasoning, the small gain condition is always satisfied in the absence of any feedback interconnection [4, and references therein]. In this paper, we use the later reasoning and present a method for the compositional construction of approximate abstractions of interconnected nonlinear control systems. In our approach, an abstraction is itself a continuous control system (possibly with lower dimension), which is used as a substitute in the controller design process. The correctness reasoning from the abstraction to the concrete system is based on a notion of simulation function, which relates the concrete system with its abstraction. Simulation functions provide a quantitative bound between the behavior of the concrete systems and their abstractions. We employ a small gain type condition to construct a simulation function that relates the abstract interconnected system to the concrete interconnected system from the simulation functions of the individual subsystems. In the second part of the paper, we focus on the construction of abstractions (together with the associated simulation functions) of linear control systems. First, we characterize simulation functions in terms of controlled invariant, externally stabilizable subspaces. Subsequently, we propose a particular construction of abstractions of linear control systems. We conclude the paper with the construction of an abstraction together with a simulation function of an interconnected system consisting of four linear subsystems. Related Work. Compositional reasoning schemes for verification in connection with abstractions of control systems are developed in [22, 7, 13]. The methods employ exact notions of abstractions which are based on simulation relations [7, 13] and simulation maps [22], for which constructive procedures exist only for rather restricted classes of control systems, e.g. linear control systems [5] and linear hybrid automata [7]. In contrast to the exact notions, the approximate abstractions which we study in this paper are based on simulation functions whose structures are closely related to (incremental) Lyapunov functions. Thus, advanced nonlinear control techniques developed to construct Lyapunov functions have the potential to also be used to construct simulation functions as well with some small modifications. For example the toolbox developed in [16] uses sum-of-squares techniques to construct bisimulation functions to relate nonlinear control systems. In [23] and [18] compositional schemes for the construction of finite abstractions of nonlinear control systems are presented. Similarly to the work in this paper, small gain type conditions are used to facilitate the compositional construction. Our work is complementary to [23, 18] as in our framework an abstraction is itself a continuous control system. In a controller synthesis scheme based on finite abstractions, we can apply our results as a first pre-processing step to reduce the dimensionality of given control systems, before their finite abstractions are constructed, see e.g. [3]. An early approach to the compositional construction of simulation functions is given in [8], where the interconnection of two subsystems is studied. We generalize that result by considering interconnections of an arbitrary (but finite) number of subsystems. Moreover, in the definition of simulation function, unlike in [8], we do not restrict the comparison functions to be linear. Another result, considering general interconnected systems with an arbitrary number of subsystems, appeared in [24], where a class of stochastic hybrid systems are considered. As already mentioned, we focus on continuoustime deterministic control systems. Moreover, in comparison to [8, 24], we provide constructive means to compute approximate abstractions of linear control systems.

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

3

A preliminary investigation of our results on the construction of approximate abstractions for interconnected systems appeared in [19]. In this paper we present detailed and mature description of the results in [19], including a novel geometric characterization of abstractions of linear control systems. 2. Notation and Preliminaries We denote by N the set of natural numbers (including zero) and by R the set of real numbers. We annotate those symbols with subscripts to restrict those sets in the obvious way, e.g. R>0 denotes the positive real numbers. We use Rn×m , with n, m ∈ N≥1 , to denote the vector space of real matrices with n rows and m columns. The identity matrix in Rn×n is denoted by In . For a, b ∈ R with a ≤ b, we denote the closed, open and half-open intervals in R by [a, b], ]a, b[, [a, b[, and ]a, b], respectively. For a, b ∈ N and a ≤ b, we use [a; b], ]a; b[, [a; b[, and ]a; b] to denote the corresponding intervals in N. Given N ∈ N≥1 , vectors xi ∈ RniP , ni ∈ N≥1 and i ∈ [1; N], we use x = (x1 ; . . . ; xN ) to denote the vector in Rn with n = i ni consisting of the concatenation of vectors xi . We use | · | to denote the Euclidean norm of vectors in Rn as well as the induced operator norm, i.e., the spectral norm, of matrices in Rn×m . We equip the space of measurable and essentially bounded functions ξ : R≥0 → Rn with the norm ||ξ||∞ := ess supt∈R≥0 |ξ(t)|. Given a function f : Rn → Rm and x¯ ∈ Rm , we use f ≡ x¯ to denote that f (x) = x¯ for all x ∈ Rn . If x is the zero vector, we simply write f ≡ 0. The identity function in R is denoted by id. We use DV : Rn → R1×n to denote the gradient of a scalar function V : Rn → R≥0 . Given two subsets A, B ⊆ Rn , we use A + B = {a + b | a ∈ A, b ∈ B} to denote the Minkowsky set addition. In this paper, we use the following classes of comparison (or generalized gain) functions: K = {α : R≥0 → R≥0 | α is continuous, strictly increasing and α(0) = 0}; K∞ = {α ∈ K | limr→∞ α(r) = ∞}; A function β : R≥0 × R≥0 → R≥0 is a KL function, if it is a K function in its first argument and strictly decreasing to zero in its second argument while the first argument is arbitrary but fixed and nonzero. We recall some concepts from the geometric approach to linear systems theory [2]. Let A ∈ Rn×n and B ∈ Rn×m . We use the usual symbols im B and ker B to denote image and kernel of B. A linear subspace S ⊆ Rn is called (A, B)-controlled invariant if there exists a matrix K (of appropriate dimension) such that (A + BK)S ⊆ S, where the matrix-subspace product is given by AS := {x ∈ Rn | ∃y∈S x = Ay}. An (A, B)controlled invariant subspace S ⊆ Rn is (A, B)-externally stabilizable if there exists a matrix K (of appropriate dimension) such that (A + BK)S ⊆ S and (A + BK)|Rn /S is Hurwitz, i.e., the real parts of all the eigenvalues are strictly less than 0. Here, (A + BK)|Rn /S denotes the map induced by (A + BK) on the quotient space Rn /S, see [2, Def. 3.2.2]. 3. Background and Motivation In this work, we study nonlinear control systems of the following form. Definition 1. A control system Σ is a tuple Σ = (X, U, W, U, W, f, Y, h) ,

(1)

4

MATTHIAS RUNGGER AND MAJID ZAMANI

where X ⊆ Rn , U ⊆ Rm , W ⊆ Rp , and Y ⊆ Rq are the state space, external input space, internal input space, and output space, respectively. We use the symbols U and W to, respectively, denote the set of all essentially bounded measurable functions ν : R≥0 → U and ω : R≥0 → W . The function f : X × U × W → Rn is the vector field and h : X → Y is the output function. In our definition of a control system, we distinguish between external inputs u ∈ U and internal inputs w ∈ W . The purpose of this distinction will become apparent in Section 4 where we introduce the interconnection of systems. Basically, we use the internal inputs to define the interconnection. For now, without referring to the interconnection, we can interpret the internal inputs as disturbances over which we have no control and the external inputs as control inputs which we are allowed to modify. A control system Σ induces a set of trajectories by the differential equation ˙ = f (ξ(t), ν(t), ω(t)), ξ(t) (2) ζ(t) = h(ξ(t)). A trajectory of Σ is a tuple (ξ, ζ, ν, ω), consisting of a state trajectory ξ : R≥0 → X, an output trajectory ζ : R≥0 → Y , and input trajectories ν ∈ U and ω ∈ W, that satisfies (2) for almost all times t ∈ R≥0 . We often use ξx,ν,ω and ζx,ν,ω to denote the state trajectory and output trajectory associated with input trajectories ν ∈ U, ω ∈ W and initial state x = ξ(0), without explicitly referring to the tuple (ξ, ζ, ν, ω). Throughout the paper, we impose the usual regularity assumptions [21] on f and assume that X is strongly invariant and Σ is forward complete [1], so that for every initial state and input trajectories, there exists a unique state trajectory which is defined on the whole non-negative time axis. We recall the notion of simulation function, introduced in [9], which we adapt here to match our notion of control system with internal and external inputs. As we show in Section 5, for the case of linear control systems, our notion of simulation function is related to the notion of simulation relation used in [5]. ˆ be two ˆ = (X, ˆ U, ˆ W ˆ , U, ˆ W, ˆ fˆ, Yˆ , h) Definition 2. Let Σ = (X, U, W, U, W, f, Y, h) and Σ control systems with the same internal input and output space dimension. A continuˆ × X → R≥0 is called a simulation function from Σ ˆ ously differentiable function V : X ˆ uˆ ∈ U, wˆ ∈ W ˆ , there exists u ∈ U so that for all w ∈ W to Σ if for every x ∈ X, xˆ ∈ X, we have the following inequalities ˆ x) − h(x)|) ≤V (ˆ α(|h(ˆ x, x), (3)   fˆ(ˆ x, u ˆ, w) ˆ ≤ − λ(V (ˆ x, x)) (4) DV (ˆ x, x) f (x, u, w) + ρext (|ˆ u|) + ρint (|w − w|), ˆ where α, λ, ρext , ρint are some K∞ functions.

Let us point out some differences between our definition of simulation function and Definition 1 in [9]. Here, for the sake of a simpler presentation, we simply assume that for every x, xˆ, uˆ, wˆ there exists a u so that (4) holds for all w. While in [9] the authors use an interface function k to provide the input u = k(x, xˆ, uˆ, w) ˆ that enforces (4). Moreover, in Definition 1 in [9] there is no distinction between internal and external inputs and, therefore, ρint (|w − w|) ˆ does not appear on the right-hand-side of (4). Also,

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

5

α in [9, Definiton 1] is restricted to be the identity. Furthermore, we formulate the decay condition (4) in “dissipative” form [4], while in [9, Definiton 1] the decay condition is formulated in “implication” form [4]. The following theorem shows the importance of the existence of a simulation function according to Definition 2. ˆ ˆ = (X, ˆ U ˆ, W ˆ , U, ˆ W, ˆ fˆ, Yˆ , h) Theorem 1. Consider Σ = (X, U, W, U, W, f, Y, h) and Σ with the same internal input and output space dimension. Suppose V is a simulation ˆ to Σ. Then, there exist a KL function β and K∞ functions γext , γint , function from Σ ˆ νˆ ∈ U, ˆ ω such that for any x ∈ X, xˆ ∈ X, ˆ ∈ W there exists ν ∈ U so that for all ω ∈ W we have |ζˆxˆ,ˆν ,ˆω (t) − ζx,ν,ω (t)| ≤ β(V (ˆ x, x), t) (5) + γext (||ˆ ν ||∞ ) + γint (||ω − ω ˆ ||∞ ).

The proof, which is given in the appendix, follows the usual arguments that are known from similar results in the context of input-to-state Lyapunov functions, e.g. see [20]. We need the following technical corollary later in the proof of Theorem 3.

Corollary 1. Given the assumptions of Theorem 1, there exist a KL function β and ˆ ω ˆ there exists K∞ functions γext , γint such that for any νˆ ∈ U, ˆ ∈ W, x ∈ X, and xˆ ∈ X ν ∈ U so that for every ω ∈ W we have V (ξˆxˆ,ˆν ,ˆω (t), ξx,ν,ω (t)) ≤ β(V (ˆ x, x), t) (6) + γext (||ˆ ν ||∞ ) + γint (||ω − ω ˆ ||∞ ),

where the KL function β satisfies β(r, 0) = r for all r ∈ R≥0 . The proof is provided in the appendix.

Remark 1. If we are given an interface function k that maps every x, xˆ, uˆ and wˆ to an input u = k(x, xˆ, u ˆ, w) ˆ so that (4) is satisfied, then, the input ν ∈ U that realizes (5) ˆ νˆ(t), ω is readily given by ν(t) = k(ξ(t), ξ(t), ˆ (t)), see [19, Theorem 1]. Given an interface function, we might exploit the usefulness of simulation functions as follows. For various reasons (e.g. lower dimension) it might be easier to synthesize a ˆ enforcing some complex specifications, e.g. given as formulae controller for the system Σ in linear temporal logic, rather than for the original system Σ. Then we can use the ˆ to a interface function k to transfer or refine the controller that we computed for Σ controller for the system Σ. A quantification of the error that is introduced in the design process by taking the detour through the abstraction, is given by (5). In this context, ˆ as an approximate abstraction and to Σ as the concrete system. we refer to Σ Remark 2. In the next section, we work with interconnected control systems without internal inputs, resulting from the interconnection of control subsystems having both internal and external signals. In that case, the interconnected control systems reduce to the tuple Σ = (X, U, U, f, Y, h) and the vector field becomes f : X × U → Rn . Correspondingly, the definition of simulation function for control systems without internal inputs simplifies, i.e., in (4) we do not quantify the inequality over w, w ˆ and the term ρint (|w − w|) ˆ is omitted. Similarly, the results in Theorem 1 and Corollary 1 are modified, i.e., for systems without internal inputs the inequalities (5) and (6) are not quantified over ω, ω ˆ ∈ W and the term γint (||ω − ω ˆ ||∞ ) is omitted.

6

MATTHIAS RUNGGER AND MAJID ZAMANI

4. Compositionality Result In this section, we analyze interconnected control systems and show how to construct an approximate abstraction of an interconnected system and the corresponding simulation function from the abstractions of the subsystems and their corresponding simulation functions, respectively. The definition of the interconnected control system is based on the notion of interconnected systems introduced in [23]. 4.1. Interconnected Control Systems. We consider N ∈ N≥1 control systems Σi = (Xi , Ui , Wi , Ui , Wi , fi , Yi , hi ) ,

i ∈ [1; N]

with partitioned internal inputs and outputs wi = (wi1 ; . . . ; wi(i−1) ; wi(i+1) ; . . . ; wiN ), yi = (yi1 ; . . . ; yiN ), and output function

wij ∈ Wij ⊆ Rpij yij ∈ Yij ⊆ Rqij

hi (xi ) = (hi1 (xi ); . . . ; hiN (xi )),

(7)

(8)

as depicted schematically in Figure 1. u wi1i wiN

.. .

Σi

.. .

yi1 yi2 yiN

Figure 1. Input/output configuration of subsystem Σi . We interpret the outputs yii as external outputs, whereas the outputs yij with i 6= j are internal outputs which are used to define the interconnected systems. In particular, we assume that the dimension of wij is equal to the dimension of yji , i.e., the following interconnection constraints hold: ∀i, j ∈ [1; N], i 6= j : qij = pji , Yij ⊆ Wji .

(9)

If there is no connection from subsystem Σi to Σj , then we assume that the connecting output functions are zero for all arguments, i.e., hij ≡ 0. We define the interconnected control system as follows. Definition 3. Consider N ∈ N≥1 control systems Σi = (Xi , Ui , Wi , Ui , Wi , fi , Yi , hi ), i ∈ [1; N], with the input-output structure given by (7)-(9). The interconnected control system Σ = (X, U, U, f, Y, h), denoted by I(Σ1 , . . . , ΣN ), follows by X := X1 × · · · × XN , U := U1 × · · · × UN , Y := Y11 × · · · × YN N and functions f (x, u) := (f1 (x1 , u1 , w1 ); . . . ; fN (xN , uN , wN )), h(x) := (h11 (x1 ); . . . ; hN N (xN )), where u = (u1; . . . ; uN ) and x = (x1 ; . . . ; xN ) and with the interconnection variables constrained by wij = yji for all i, j ∈ [1; N], i 6= j. An example of the interconnection of two control subsystems Σ1 and Σ2 is illustrated in Figure 2.

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

y11

u1 I(Σ1 , Σ2 )

7

w12

Σ1

y12

w21

Σ2

y21

u2

y22

Figure 2. Interconnection of two control subsystems Σ1 and Σ2 . 4.2. Compositional Construction of Approximate Abstractions and Simulation Functions. In this subsection, we assume that we are given N subsystems Σi = ˆ i) ˆ i = (X ˆ i , Uˆi , W ˆ i , Uˆi , W ˆ i , fˆi , Yˆi , h (Xi , Ui , Wi , Ui , Wi , fi , Yi , hi ) , together with their abstractions Σ ˆ i to Σi . We use αi , λi , ρiext , and ρiint to denote and the simulation functions Vi from Σ the corresponding K∞ functions appearing in Definition 2. The compositionality result is based on the following assumption: Assumption 1. For any i, j ∈ [1; N], i 6= j, there exist K∞ functions γi and constants ˆ i ∈ R>0 and δij ∈ R≥0 such that for any r ∈ R≥0 one has λ ˆ i γi (r) λi (r) ≥ λ hij ≡ 0 =⇒ δij = 0 and hij 6≡ 0 =⇒ ρiint ((N − 1)αj−1 (r)) ≤ δij γj (r).

(10a) (10b) (10c)

ˆ i and δij as matrices Λ and ∆ in RN ×N with In the following, we cast the constants λ ˆ i , ∆ii = 0 for i ∈ [1; N] and Λij = 0, ∆ij = δij for i, j ∈ their components given by Λii = λ [1; N], i 6= j. Moreover, we define Γ(ˆ s) := (γ1 (s1 ); . . . ; γN (sN )), where sˆ = (s1 ; . . . ; sN ). The next theorem, one of the main results of the paper, provides a compositional approach on the construction of abstractions of interconnected control systems and of their corresponding simulation functions. Theorem 2. Consider the interconnected control system Σ = I(Σ1 , . . . , ΣN ) induced by ˆi N ∈ N≥1 control subsystems Σi . Suppose that for each subsystem Σi , we are given Σ ˆ i to Σi with αi , λi , ρiext , and ρiint being together with a simulation function Vi from Σ the associated K∞ functions. If Assumption 1 holds and there exists a vector µ ∈ RN >0 such that µT (−Λ + ∆) < 0

(11)

X

(12)

is satisfied1 , then V (ˆ x, x) =

µi Vi (ˆ xi , xi )

i

ˆ = I(Σ ˆ 1, . . . , Σ ˆ N ) to Σ. is a simulation function from Σ T Remark 3. Note that as shown in [4, Lemma 3.1] a vector µ ∈ RN >0 satisfying µ (−Λ + ∆) < 0 exists iff the spectral radius of Λ−1 ∆ is strictly less than one.

We interpret the inequality (11) component-wise, i.e., for x ∈ RN we have x < 0 iff every entry xi < 0, i ∈ [1; N ]. 1

8

MATTHIAS RUNGGER AND MAJID ZAMANI

  X  N fˆ(ˆ x, u ˆ) fˆi (ˆ xi , u ˆi , w ˆi ) DV (ˆ x, x) µi DVi (ˆ xi , xi ) = f (x, u) fi (xi , ui , wi ) 

i=1

≤ ≤ ≤

N X

µi (−λi (Vi (ˆ xi , xi )) + ρiint (|wi − w ˆi |) + ρiext (|ˆ ui |))

i=1

µi −λi (Vi (ˆ xi , xi )) +

i=1

N X

N X i=1

≤

N X

≤

N X

≤

i=1

i=1

N X i=1





µi −λi (Vi (ˆ xi , xi )) + 

µi −λi (Vi (ˆ xi , xi )) + 

µi −λi (Vi (ˆ xi , xi )) + 

N X

j=1,j6=i N X

j=1,j6=i N X



ρiint ((N − 1) |wij − w ˆij |) + ρiext (|ˆ ui |) 

ρiint ((N − 1) |yji − yˆji |) + ρiext (|ˆ ui |) ρiint

j=1,j6=i N X

j=1,j6=i

ˆ i γi (Vi (ˆ µi  − λ xi , xi )) +

N X

 

  ˆ j (ˆ ui |) xj ) + ρiext (|ˆ (N − 1) hj (xj ) − h 



xj , xj )) + ρiext (|ˆ ui |) ρiint (N − 1)α−1 j (Vj (ˆ

i6=j,j=1



δij γj (Vj (ˆ xj , xj )) + ρiext (|ˆ ui |)

⊤

= µ (−Λ + ∆) Γ ([V1 (ˆ x1 , x1 ) ; . . . ; VN (ˆ xN , xN )]) +

N X i=1

µi ρiext (|ˆ ui |) . (14)

Remark 4. If the functions ρiint satisfy the triangle inequality, i.e., ρiint (a + b) ≤ ρiint (a) + ρiint (b), ∀a, b ∈ R≥0 , then the condition (10c) reduces to hij 6≡ 0 =⇒ ρiint (αj−1 (r)) ≤ δij γj (r).

(13)

Proof of Theorem 2. The proof is inspired by the proof of Theorem 4.5 in [24]. Let us first show that inequality (3) holds for some K∞ function α. For any x = (x1 ; . . . ; xN ) ∈ ˆ one gets: X and xˆ = (ˆ x1 ; . . . ; xˆN ) ∈ X, ˆ x) − h(x)| ≤ |h(ˆ

N X i=1

≤

ˆ ii (ˆ |h xi ) − hii (xi )| ≤ N X

αi−1 (Vi (ˆ xi , xi ))

i=1

N X i=1

ˆ i (ˆ |h xi ) − hi (xi )|

≤ α( ¯

N X

µi Vi (ˆ xi , xi ))

i=1

P −1 ⊤ where α(s) ¯ = max{ N i=1 αi (si ) | µ [s1 ; . . . ; sN ] = s} which is a K∞ function. By defin−1 ing the K∞ function α(r) = α ¯ (r), ∀r ∈ R≥0 , one obtains ˆ x) − h(x)|) ≤ α(|h(ˆ

N X i=1

µi Vi (ˆ xi , xi ) = V (ˆ x, x),

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

9

satisfying inequality (3). Now we show that inequality (4) holds as well. Consider any ˆ uˆ = (ˆ ˆ and u = (u1 ; . . . ; uN ) ∈ x = (x1 ; . . . ; xN ) ∈ X, xˆ = (ˆ x1 ; . . . ; xˆN ) ∈ X, u1 ; . . . ; uˆN ) ∈ U U, where we pick ui ∈ Ui to satisfy (4) for each subsystem with the internal inputs given ˆ ji (ˆ by wij = hji (xj ) and wˆij = h xj ). We derive the chain of inequalities in (14), where we use the inequality: ρiint (r1 + · · · + rN −1 ) ≤

N −1 X i=1

ρiint (ri + · · · + ri ),

which is valid for any ρiint ∈ K∞ and any ri ∈ R≥0 , i ∈ [1; N[. Note that if ρiint satisfies the triangle inequality, one gets the less conservative inequality ρiint (r1 + · · · + rN −1 ) ≤

N −1 X

ρiint (ri ),

i=1

and it suffices that (13) holds instead of (10c). By defining  λ(s) := min −µT (−Λ + ∆) Γ (ˆ s) | µT sˆ = s , ( N ) X ρext (s) := max µi ρiext (si ) | |[s1 ; . . . ; sN ]| = s , i=1

N

where sˆ ∈ R , we obtain:

 fˆ(ˆ x, u ˆ) ≤ −λ (V (ˆ x, x)) + ρext (|ˆ u|) . DV (ˆ x, x) f (x, u) 

Since it can be readily verified that λ and ρext are K∞ functions, we conclude that V is ˆ to Σ. a simulation function from Σ  5. Approximate Abstractions and Simulation Functions for Linear Systems In this section, we focus on linear control systems Σ and square-root-of-quadratic simulation functions V . In the first part, we follow the geometric approach to linear control systems, and characterize simulation functions for linear control systems Σ in terms of controlled invariant externally stabilizable subspaces [2]. The results are closely connected to the characterization of simulation relations developed in [5]. In the second part, we use the characterization of simulation functions to actually construct abstractions of linear control systems. 5.1. Characterization of Simulation Functions. A linear control system is defined as a control system with the vector field and output function given by the following linear maps ˙ = Aξ(t) + Bν(t) + Dω(t), ξ(t) (15) ζ(t) = Cξ(t), with the state space, external input space, internal input space and output space given by Rn , Rm , Rp and Rq , respectively. The dimensions of the matrices follow by A ∈ Rn×n , B ∈ Rn×m , D ∈ Rn×p , and C ∈ Rq×n .

(16)

10

MATTHIAS RUNGGER AND MAJID ZAMANI

Henceforth, we simply use the tuple Σ = (A, B, C, D) to refer to a control system with vector field and output function of the form of (15) with the dimension of the corresponding matrices specified by (16). We follow the geometric approach [2], and restrict the set of admissible inputs U and W to be piecewise continuous. As the co-domain of the internal and external inputs are implicitly determined by the dimension of B and D, we do not include the sets U and W in the system tuple. In the following we characterize simulation functions from Σ1 = (A1 , B1 , C1 , D1 ) to Σ2 = (A2 , B2 , C2 , D2 ) in terms of the auxiliary matrices given by         A1 0 0 B1 D1 A12 = , B12 = , B21 = , D12 = , 0 A2 B2 0 D2   (17) C12 = −C1 C2 .

Theorem 3 (Necessity). Consider two linear control systems Σi = (Ai , Bi , Ci , Di ), i ∈ {1, 2} with the same internal input and output space dimensions. Let the matrices A12 , B12 , B21 , C12 , D12 be given by (17). Suppose there exists a simulation function V from Σ1 to Σ2 , then there exists a relation R ⊆ Rn1 × Rn2 which is a subspace that satisfies R is (A12 , B12 )-externally stabilizable A12 R ⊆ R + im B12 im D12 ⊆ R + im B12 R ⊆ ker C12 .

(18a) (18b) (18c) (18d)

im B21 ⊆ R + im B12 .

(19a)

If the K∞ function ρext associated with V equals to zero, then

Proof of Theorem 3. Let R ⊆ Rn1 × Rn2 be the smallest subspace in Rn1 ×n2 that contains the set S = {(x1 ; x2 ) | V (x1 , x2 ) = 0}. By definition, any element of R follows by applying scalar multiplication and addition to elements in S, and therefore, we obtain R ⊆ ker C12 . Now let ν1 ≡ 0 and ω1 = ω2 . Choose x1 , x2 such that V (x1 , x2 ) = 0, then it follows from Corollary 1 that there exists ν2 such that V (ξ1,x1,ν1 ,ω1 (t), ξ2,x2,ν2 ,ω2 (t)) = 0 holds for all t ∈ R≥0 . By the linearity of solutions of linear systems, we have (x1 , x2 ) ∈ R implies that there exists ν2 such that (ξ1,x1 ,ν1 ,ω1 (t), ξ2,x2,ν2 ,ω2 (t)) ∈ R holds for all t ∈ R≥0 , which shows that R is (A12 , B12 )-controlled invariant, see [2, Theorem 4.1.1] and (18b) follows. As the choice of x1 , x2 and ω1 is arbitrary, we invoke the fundamental lemma of the geometrical approach [2, Lemma 3.2.1] and obtain that for every x1 , x2 , w1 there is u2 so that (A1 x1 + D1 w1 , A2 x2 + D2 w1 + B2 u2 ) ∈ R. By setting x1 = x2 = 0, we obtain (18c). We continue to show (18a). For ν1 ≡ 0, ω1 = ω2 , Corollary 1 implies that for every (x1 , x2 ) ∈ Rn1 × Rn2 , there exists ν2 ∈ U2 such that limt→∞ V (ξ1,x1 ,ν1 ,ω1 (t), ξ2,x2 ,ν2 ,ω2 (t)) = 0, which implies that (ξ1,x1 ,ν1,ω1 (t), ξ2,x2,ν2 ,ω2 (t)) converges to R. Then using [2, Definition 4.1.6 and Property 4.1.14] we conclude that R is (A12 , B12 )-externally stabilizable. We continue with (19a). Let ω1 = ω2 ≡ 0. Since γext ≡ 0, we use the same arguments as above, and obtain that for every (x1 , x2 ) ∈ R and ν1 ∈ U1 there is ν2 ∈ U2 so that (ξ1,x1 ,ν1,ω1 (t), ξ2,x2,ν2 ,ω2 (t)) ∈ R holds for all t ∈ R≥0 . By the fundamental lemma of the geometric approach [2, Lemma 3.2.1], we have that (ξ˙1,x1,ν1 ,ω1 (t), ξ˙2,x2 ,ν2 ,ω2 (t)) ∈ R for almost all t ∈ R≥0 . This implies, for every (x1 , x2 ) ∈ R and u1 ∈ Rm1 there exists u2 ∈  Rm2 so that (A1 x1 + B1 u1 , A2 x2 + B2 u2 ) ∈ R, which concludes the proof.

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

11

Theorem 4 (Sufficiency). Consider two linear control systems Σi = (Ai , Bi , Ci , Di ), i ∈ {1, 2} with the same internal input and output space dimensions. Let the matrices A12 , B12 , B21 , C12 , D12 be given by (17). Suppose there exists a linear subspace R ⊆ Rn1 × Rn2 that satisfies (18a)-(18d), then there exists a symmetric positive semi-definite matrix M ∈ R(n1 +n2 )×(n1 +n2 ) so that
1 V (x1 , x2 ) = (x1 ; x2 )⊤ M(x1 ; x2 ) 2

is a simulation function2 from Σ1 to Σ2 . If additionally (19a) holds, then the K∞ function ρext associated with V equals to zero, i.e., ρext ≡ 0.

Proof of Theorem 4. We pick K12 so that (A12 + B12 K12 )R ⊆ R and (A12 + B12 K12 )|(Rn1 ×Rn2 )/R is Hurwitz. Let A = (A12 + B12 K12 ), from [2, Proof of Theorem 3.2.1 and Definition 3.2.4] it follows that for any invertible matrix T = [T1 T2 ] with im T1 = R and T −1 = [T¯1⊤ T¯2⊤ ]⊤ we obtain   F11 F12 −1 T AT = , F22 is Hurwitz, F22 T¯2 = T¯2 A. (20) 0 F22

For the remainder, we use A¯ = F22 and Π = T¯2 . Let x ∈ ker T¯2 , then we compute x = T T −1 x = T1 y for y = T¯1 x and it follows that ker Π ⊆ R. Since R ⊆ ker C12 , we ¯ = C12 . As A¯ is Hurwitz, there obtain ker Π ⊆ ker C12 and there exists C¯ so that CΠ ¯ , so that exist a constant λ ∈ R>0 and a symmetric positive definite matrix M ¯ C¯ ⊤ C¯ ≤ M (21) ⊤ ¯ +M ¯ A¯ ≤ −2λM ¯. A¯ M

We define V : Rn1 × Rn2 → R≥0 by

¯ V (x1 , x2 ) = (x1 ; x2 )⊤ Π⊤ MΠ(x 1 ; x2 )


1

2.

¯ is symmetric positive semi-definite and it remains to show that V Clearly M = Π⊤ MΠ is indeed a simulation function from Σ1 to Σ2 . First, we verify that (3) holds for α = id by ¯ |C1 x1 − C2 x2 |2 = |C12 (x1 ; x2 )|2 = |CΠ(x 1 ; x2 )| ⊤ ⊤ ¯ ≤ (x1 ; x2 ) Π M Π(x1 ; x2 ) = V (x1 , x2 )2 . We continue to show that (4) holds as well. Let x1 , x2 , u1 and w1 be given. Then we pick u2 = K12 (x1 ; x2 ) + K4 u1 + u3 where we pick u3 so that D12 w1 + B12 u3 ∈ R holds, which is possible by (18c). The purpose of K4 u1 will become apparent later. Let x = (x1 ; x2 ), then for any w2 the left-hand-side of (4) evaluates to      ¯ Π x⊤ Π⊤ M B1 0 Ax + D12 w1 + B12 u3 + u + ∆w B2 K4 1 D2 V (x1 , x2 )

¯ = ΠA and (21) to bound the first term by with ∆w = (w1 − w2 ). We use AΠ ¯Π ¯ Πx x⊤ Π⊤ M x⊤ Π⊤ M Ax ≤ −λ = −λV (x1 , x2 ). V (x1 , x2 ) V (x1 , x2 )

Note that, here it is sufficient that V is continuously differentiable over Rn1 × Rn2 \V0 , where V0 = {(x1 ; x2 ) ∈ Rn1 × Rn2 | V (x1 , x2 ) = 0}. 2

12

MATTHIAS RUNGGER AND MAJID ZAMANI

Moreover, Π(D12 w1 + B12 u3 ) = 0 as D12 w1 + B12 u3 ∈ R. Then we use the CauchySchwarz inequality to bound    ¯ Π   B1  x⊤ Π⊤ M 0 u + ∆w ≤ B2 K4 1 D2 V (x1 , x2 )     p p B1 0 ¯ ¯ ||u1| + | M Π ||w2 − w1 | | MΠ B2 K4 D2

and we see that V is a simulation function with the associated K∞ functions given for all r ∈ R≥0 by α(r) = r, λ(r) = λr,     p p B1 0 ¯ ¯ |r and ρint (r) = | M Π |r. ρext (r) = | M Π B2 K4 D2 If im B21 ⊆ R + im B12 , for every u1 we choose u2 differently by u2 = K12 (x1 ; x2 ) + u3 + u4 with u4 so that B21 u1 + B12 u4 ∈ R which implies Π(B21 u1 + B21 u4 ) = 0 and the term of the left-hand-side of (4) associated with u1 vanishes.  Theorem 4 gives rise to the following definition. Definition 4. Let Σi = (Ai , Bi , Ci , Di ), i ∈ {1, 2} be two linear control systems with the same internal input and output space dimensions. Let the matrices A12 , B12 , C12 , D12 be given by (17). We say that a relation R ⊆ Rn1 × Rn2 induces a simulation function from Σ1 to Σ2 if it satisfies (18a)-(18d). Theorems 3 and 4 facilitate a direct comparison of simulation functions with the notion of a simulation relation R from Σ1 to Σ2 [5]. A relation R ⊆ Rn1 × Rn2 is a simulation relation from Σ1 to Σ2 if for every (x1 , x2 ) ∈ R, ν1 and ω1 ≡ ω2 , there exists ν2 so that ∀t∈R≥0 : (ξ1,x1 ,ν1,ω1 (t), ξ2,x2,ν2 ,ω2 (t)) ∈ R (22) ∀t∈R≥0 : ζ1,x1 ,ν1 ,ω1 (t) = ζ2,x2 ,ν2 ,ω2 (t). This notion of simulation relation was introduced in [5] in the context of verification for linear systems with two types of inputs. Due to the verification context, in [5] the internal input is interpreted as control input and the external inputs as disturbances. While in our approach, we use the external input as control input that we refine from Σ1 to Σ2 and the internal input is used for the interconnection of the subsystems. Nevertheless, mathematically, both notions are closely related and the authors in [5] characterized simulation relations from Σ1 to Σ2 in terms of conditions (18b)-(19a). On one hand, the conditions that characterize a relation inducing a simulation function are less restrictive (compared to the conditions that characterize a simulation relation) since (19a) needs to hold only optionally (in the case that ρext ≡ 0). As a result, two output trajectories ζ1,x1 ,ν1,ω1 (t) and ζ2,x2,ν2 ,ω2 (t) that are related in terms of a simulation function, are not necessarily identical. On the other hand, a relation R inducing a simulation function, in contrast to a simulation relation, is required to be externally stabilizable (18a). The external stabilizability allows ζ1,x1 ,ν1 ,ω1 (t) and ζ2,x2 ,ν2 ,ω2 (t) to be driven by the different internal inputs ω1 6≡ ω2 and the initial states are not restricted to satisfy (x1 , x2 ) ∈ R. In view of (5) the effect of the different internal inputs on the output difference is bounded and the effect of the freely chosen initial states vanishes over time. Note that in the context of robust synthesis, it is particularly important not

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

13

to restrict the initial states to R, since the initial state of the plant Σ2 cannot always be set freely. We conclude this subsection with the characterization of a relation inducing a simulation function from Σ1 to Σ2 (or from Σ2 to Σ1 ) that is defined in terms of a matrix P ∈ Rn2 ×n1 , i.e., R = {(x1 ; x2 ) ∈ Rn1 × Rn2 | P x1 = x2 }.

(23)

We use this characterization in the next subsection to construct an approximate abˆ of a given linear control system Σ. straction Σ Theorem 5. Consider two linear control systems Σi = (Ai , Bi , Ci , Di ), i ∈ {1, 2} with the same internal input and output space dimensions. Let R be given by (23) with the matrix P ∈ Rn2 ×n1 . The relation R induces a simulation function from Σ1 to Σ2 iff there exists matrices K1 , K2 , K3 of appropriate dimensions so that the following holds A2 + B2 K1 is Hurwitz A2 P = P A1 + B2 K2 D2 = P D1 + B2 K3 C1 = C2 P.

(24a) (24b) (24c) (24d)

Moreover, (19a) holds iff there exists K4 so that P B1 = B2 K4 .

(25a)

Proof. First, we show that R satisfies (18b)-(18d) ((18b)-(19a)) iff (24b)-(24d) ((24b)(25a)) holds. By the definition of R it is straightforward to establish the equivalences (18b) ⇐⇒ (24b), (18c) ⇐⇒ (24c), (18d) ⇐⇒ (24d) and (19a) ⇐⇒ (25a). Now we assume that R is (A12 , B12 )-controlled invariant. Let K12 = [K1′ K1 ] so that (A12 + B12 K12 )R ⊆ R. Then we pick T in (20) by     In 1 0 I T = , where im n1 = R P P In 2

and observe that −P A1 + B2 K1′ + (A2 + B2 K1 )P = 0 and F22 = A2 + B2 K1 , which shows that (24b) holds and, consequently, (18a) holds iff (24a) holds.  The following corollary readily follows from the proofs of Theorem 4 and 5.

Corollary 2. Suppose that (24a)-(24d) hold. Let M ∈ Rn2 ×n2 be a symmetric positive definite matrix that satisfies C2⊤ C2 ≤ M (A2 + B2 K1 )⊤ M + M(A2 + B2 K1 ) ≤ −2λM

for some λ ∈ R>0 . Then a simulation function from Σ1 to Σ2 is given by
1 V (x1 , x2 ) = (x2 − P x1 )⊤ M(x2 − P x1 ) 2

and the interface function that maps x1 , x2 , u1 , w1 to u2 so that (4) holds is given by u2 = K1 (x2 − P x1 ) − K2 x1 − K3 w1 + K4 u1 √ where K4 is given implicitly as the matrix that minimizes | M(P B1 − B2 K4 )|. The associated comparison functions are given for all r ∈ R≥0 by α(r) = r, λ(r) = λr, √ √ ρext (r) = | M (P B1 − B2 K4 )|r, ρint (r) = | M D2 |r.

14

MATTHIAS RUNGGER AND MAJID ZAMANI

5.2. Construction of Approximate Abstractions. In this subsection, we are interˆ = (A, ˆ B, ˆ C, ˆ D) ˆ for a given ested in the construction of an approximate abstraction Σ linear control system Σ = (A, B, C, D) together with a square-root-of-quadratic simuˆ to Σ. The construction is based on the assumption that lation function from Σ (A, B) is stabilizable and on the existence of a matrix P ∈ R

n׈ n

(26a)

with a trivial kernel that satisfies

A im P ⊆ im P + im B im D ⊆ im P + im B im P + ker C = Rn .

(27a) (27b) (27c)

Here we follow the scheme developed in [9] to construct abstractions of linear control systems. In particular, in [9] conditions (26a), (27a) and (27c) were used to construct ˆ and a square-root-of-quadratic simulation function V from Σ ˆ to Σ an abstraction Σ 3 ˆ n ˆ ×n ˆ ˆ together with a simulation relation R = {(x; xˆ) | P x = xˆ} (for some P ∈ R ) from Σ ˆ The simulation function V from Σ ˆ to Σ serves for the controller refinement, while to Σ. ˆ from Σ to Σ ˆ ensures that nice properties like controllability of the simulation relation R ˆ In this paper, we extend the scheme in [9] in the Σ are preserved on the abstraction Σ. following directions. First, we add condition (27b) in order to be able to account for systems with internal and external inputs. Second, we show that the simulation relation ˆ actually induces a simulation function from Σ to Σ. ˆ Third, and most importantly, R using the novel characterization of simulation functions in terms of controlled invariant externally stabilizable subspaces, we show that the conditions (26a)-(27c) are not only ˆ so that the relation sufficient but actually necessary for the existence of an abstraction Σ ˆ to Σ and R ˆ induces a R = {(ˆ x, x) | P xˆ = x} induces a simulation function from Σ ˆ simulation function from Σ to Σ. Theorem 6. Consider Σ = (A, B, C, D) and R = {(ˆ x; x) ∈ Rnˆ × Rn | P x ˆ = x}

ˆ = (A, ˆ B, ˆ C, ˆ D) ˆ with the same internal input with P ∈ Rn׈n , ker P = 0. There exist Σ ˆ = {(x; xˆ) ∈ Rn × Rnˆ | Pˆ x = xˆ} with Pˆ ∈ Rnˆ ×n , and output space dimension as Σ and R ˆ to Σ and R ˆ induces a simulation function so that R induces a simulation function from Σ ˆ iff (26a)-(27c) hold. from Σ to Σ ˆ induces a simulation function from Σ ˆ to Σ (Σ to Σ). ˆ From Theorem 5 it Proof. Let R (R) follows that (24a) implies (26a), (24b) implies (27a) and (24c) implies (27b). From (24d) it follows that Cˆ = CP and Cˆ Pˆ = C, which implies that CP Pˆ = C. Since ker P = 0, Lemma 3 in [9] is applicable and we obtain (27c). Now suppose that (26a)-(27c) hold. Let Cˆ = CP . And pick Aˆ and Cˆ together with K1 , K2 , K3 so that (24a)-(24d) hold for A, ˆ B, ˆ C, ˆ D ˆ in place of A2 , B2 , C2 , D2 , A1 , B1 , C1 , D1 , respectively. Theorem 5 B, C, D, A, ˆ = (A, ˆ B, ˆ C, ˆ D) ˆ to Σ for any B ˆ of apshows that R induces a simulation function from Σ ˆ induces a simulation function from Σ propriate dimension. We continue to show that R ˆ Again we use Lemma 3 in [9] to pick Pˆ with im Pˆ = Rnˆ so that Cˆ Pˆ = C, Pˆ P = Inˆ to Σ. ˆ is Pˆ -related to Σ (see [9, Def. 3]), which, when we omit Actually, the authors of [9] show that Σ ˆ ˆ the internal inputs, is equivalent to R being a simulation relation from Σ to Σ. 3

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

15

and P Pˆ + EF = In for some matrices E and F of appropriate dimension with im E = ˆ = [Pˆ B Pˆ AE]. We derive AˆPˆ = Pˆ P AˆPˆ = Pˆ AP Pˆ − Pˆ B(K2 + K1 P )Pˆ = ker C. Let B ⊤ ˆ ˆ = Pˆ P D ˆ= Pˆ A − Pˆ AEF − Pˆ B(K2 + K1 P )Pˆ = Pˆ A + B[−(K − F ⊤ ]⊤ and D 2 + K1 P ) ⊤ ⊤ ⊤ ˆ ˆ ˆ Pˆ (D − BK3 ) = Pˆ D + B[−K 3 0] . Additionally, we have P B = B[Im 0] and it follows ˆ satisfies (24b)-(25a) for Pˆ , A, ˆ B, ˆ C, ˆ D, ˆ A, B, C, D in place of P , A2 , B2 , C2 , that R ˆ is a simulation relation from Σ D2 , A1 , B1 , C1 and D1 , respectively, which shows that R n ˆ ˆ ˆ to Σ [5, Proposition 5.2]. Moreover, im P = R . As (A, B) is stabilizable we use (22) to ˆ B) ˆ is stabilizable as well. Hence, there exists a matrix K ˆ 1 so that (24a) verify that (A, ˆ induces a simulation function from Σ to Σ. ˆ holds. It follows that R  We summarize the construction of an approximate abstraction of a stabilizable control ˆ to Σ system Σ = (A, B, C, D) in Table 1. The associated simulation function from Σ (1) Compute M and K1 so that C ⊤ C ≤ M and (A + BK1 )⊤ M + M(A + BK1 ) ≤ −2λM holds. (2) Determine P with ker P = 0 that satisfies (27a)-(27c) and Pˆ so that CP Pˆ = C and im Pˆ = Rnˆ . (3) Determine Aˆ and K2 so that AP = P Aˆ + BK2 holds. ˆ and K3 so that D = P D ˆ + BK3 holds. (4) Determine D ˆ and Cˆ follow by B ˆ = [Pˆ B Pˆ AE] (5) The matrices B where im E = ker C and Cˆ = CP . ˆ Table 1. Construction of an approximate abstraction Σ. p follows from Corollary 2 to V (ˆ x, x) = (x − P x ˆ)⊤ M(x − P x ˆ) and the interface function that maps xˆ, x, uˆ, wˆ to u so that (4) holds is given by ˆ) − K2 xˆ − K3 w ˆ + K4 uˆ. √u = K1 (x − P x ˆ The matrix K4 is given as the one that minimizes | M (P B − BK4 )| which can be computed according to [9, Proposition 1]. 6. An Example Let us now consider the compositional construction of an approximate abstraction together with a simulation function for an interconnected linear control system illustrated in Figure 3. y43

u1

Σ1

y14

Σ4 u 3

y12

Σ2 y 23

y33

Σ3

y31

Figure 3. The interconnected system I(Σ1 , Σ2 , Σ3 , Σ4 ). We assume that Σ1 and Σ3 are triple integrators with the system matrices given by     0 1 0 0    0 1 , B1 = B3 = 0 A1 = A3 = 0 −4 −5 −2 1     C11 = 0 0 0 , C33 = 1 0 0 ,

16

MATTHIAS RUNGGER AND MAJID ZAMANI

and Σ2 and Σ4 are double integrators with     0 1 A2 = A4 = , B2⊤ = B4⊤ = C22 = C44 = 0 0 . −4 −5

We fix the interconnection scheme as illustrated in Figure 3 with the interconnection matrices Cij , Dij given by     C14 = C12 = C31 = 1 0 0 , C23 = C43 = 1 0       0 0 −d2 D13 =  0  , D21 = D41 = , D34 = D32 = d3  , d2 d1 0

for some di ∈ R. The remaining Cij and Dij are given by zero matrices. We summarize the internal input and output matrices by     C1 = C3 = 1 0 0 , C2 = C4 = 1 0 ,       0 0 0 −d2 D1 =  0  , D2 = D4 = , D3 = d3 d3  . d2 d1 0 0 6.1. The Abstract Subsystems. We continue the example by applying the procedure ˆ i of each subsystem Σi . outlined in Table 1 to construct an abstraction Σ

6.1.1. Subsystem Σ1 and Σ3 . We start by computing Mi , Ki,1 and λi , for i ∈ {1, 3}, such that the matrix inequalities in 1) of Table 1 hold. To this end, we solve the linear matrix inequality given by equations (6) and (7) in [9]. We obtain   70 33 4   Mi = 33 20 3 , Ki,1 = −37.5 −24.5 −4.5 , 4 3 1 with λi = 2. Next we determine P1 for Σ1 so that (27a)-(27c) hold by P1 = [1 −1 1]⊤ . ˆ1 Note that P1 is an eigenvector of A1 . Following 2) through 5) in Table 1 we obtain Σ by ˆ1 = 1, D ˆ 1 = 0, Cˆ1 = 1, Aˆ1 = −1, B

together with the matrices for the interface K1,2 = 0, K1,3 = d1 , K1,4 = 2. Since the image of the internal input matrix of Σ3 is not a subset of the image of B3 , i.e., im D3 6⊆ im B3 , we cannot use the same P1 for Σ3 in order to satisfy (27b). We compute P3 to   1 0 0 ⊤ P3 = 0 1 0 ˆ 3 follows by which satisfies (27a)-(27c). The abstraction Σ         0 1 1 0 0 0 ˆ3 = ˆ3 = Aˆ3 = ,B ,D , Cˆ3 = 1 0 0 0 0 1 d3 d3

with the matrices for the interface as Kp 3,2 = [−4 − 5], K3,3 = 0, K3,4 = [4 3]. The simulation functions follow by Vi (ˆ xi , xi ) = ((xi − Pi xˆi )⊤ Mi (xi − Pi xˆi ) and the associated gain functions by α1 (r) = r, λ1 (r) = 2r, ρ1ext (r) = 1.1r, ρ1int (r) = 2.9d1 r α3 (r) = r, λ3 (r) = 2r, ρ3ext (r) = 3r, ρ3int (r) = 11d3 r.

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

17

6.1.2. Subsystems Σ2 and Σ4 . Since the subsystems Σ2 and Σ4 have no external inputs, it is necessary that the matrices A2 and A4 are Hurwitz in order to be able to find matrices M2 and M4 that satisfy the matrix inequalities in 1) of Table 1. This holds for our example and we compute   5 2 M2 = M4 = , K1,2 = K1,4 = 0 2 1 with λ2 = λ4 = 1.5. Also the conditions (27a) and (27b) simplify in the absence of any external inputs. It follows that im Pi needs to be an Ai -invariant subspace that contains im Di . In this case, we can use the Algorithm 3.2.1 in [2] to compute the minimal Ai invariant subspace that contains im Di . We obtain Pi = [1 − 1]⊤ , i ∈ {2, 4}, and the abstractions by ˆi = 1, D ˆ i = −d2 , Cˆi = 1. Aˆi = −1, B As before we obtain the square-root-of-quadratic simulation function, defined by Pi and Mi . The associated interface follows to ki ≡ 0. The gain functions associated with the simulation function Vi are given by αi (r) = r, λi (r) = 3/2r, ρiext (r) = r, ρiint (r) = 1.8d2 r. 6.2. The Composition. We continue our example by applying Theorem 2 to construct ˆ 1, Σ ˆ 2, Σ ˆ 3, Σ ˆ 4 ) to I(Σ1 , Σ2 , Σ3 , Σ4 ). Let us first point a simulation function from I(Σ ˆ i = λi , δ13 = out that Assumption 1 (with (13) instead of (10c)) holds for γi = id, λ 2.9d1 , δ32 = δ34 = 11d3 , δ21 = δ41 = 1.8d2 , and δij = 0 for the remaining i, j ∈ [1; 4]. The matrices ∆ and Λ follow by     2 0 Λ= 0 0

0 0 2.9d1 0 0 0 0 1.8d 0 0 0  2 0 0  2 ,∆ =  .  0 1.5 0 0 11d3 0 11d3  0 0 1.5 1.8d2 0 0 0

In order to be able to apply Theorem 2, we need to assure that there exists a positive vector µ ∈ R4>0 such that (11) holds. We pick d1 = d2 = 0.5, d3 = 0.1 and observe that the spectral radius of Λ−1 ∆ is strictly less than one. Since ∆ is irreducible, we obtain µ from the left eigenvector of (−Λ + ∆) corresponding to the largest eigenvalue  ⊤ (see [4]) which is µ = 0.5 0.4 0.6 0.5 . It follows from Theorem 2 that V (ˆ x, x) = P4 ˆ ˆ ˆ ˆ xi , xi ) is a simulation function from I(Σ1 , Σ2 , Σ3 , Σ4 ) to I(Σ1 , Σ2 , Σ3 , Σ4 ). i=1 µi Vi (ˆ 7. Summary

In this paper we presented a compositional reasoning approach based on a small gain type argument in connection with approximate abstractions of nonlinear control systems. Given that the small gain type condition is satisfied, we showed how to construct an approximate abstraction together with a simulation function for an interconnected nonlinear control system from the abstractions and simulation functions of its subsystems. Moreover, for the special case of linear control systems, we characterized simulation functions in terms of a controlled invariant, externally stabilizable subspace. Based on this characterization, we proposed a particular scheme to construct approximate abstractions together with the associate simulation functions.

18

MATTHIAS RUNGGER AND MAJID ZAMANI

References [1] D. Angeli and E. D. Sontag. Forward completeness, unboundedness observability, and their lyapunov characterizations. Systems & Control Letters, 38(4):209–217, 1999. [2] G. Basile and G. Marro. Controlled and conditioned invariants in linear system theory. Prentice Hall Englewood Cliffs, 1992. [3] A. Colombo and A. Girard. An approximate abstraction approach to safety control of differentially flat systems. In European Control Conference, pages 4226–4231. IEEE, 2013. [4] S. Dashkovskiy, H. Ito, and F. Wirth. On a small gain theorem for iss networks in dissipative lyapunov form. European Journal of Control, 17(4):357–365, 2011. [5] A. Van der Schaft. Equivalence of dynamical systems by bisimulation. IEEE TAC, 49(12):2160– 2172, 2004. [6] E. G. Dullerud and F. Paganini. A course in robust control theory: a convex approach, volume 36 of Texts in Applied Mathematics. Springer, 2000. [7] G. F. Frehse. Compositional verification of hybrid systems using simulation relations. PhD thesis, Radboud Universiteit Nijmegen, 2005. [8] A. Girard. A composition theorem for bisimulation functions, 2007. Preprint. [9] A. Girard and G. J. Pappas. Hierarchical control system design using approximate simulation. Automatica, 45(2):566–571, 2009. [10] T. A. Henzinger, S. Qadeer, S. K. Rajamani, and S. Tasiran. An assume-guarantee rule for checking simulation. ACM TOPLAS, 24(1):51–64, 2002. [11] Z. P. Jiang, A. R. Teel, and L. Praly. Small-gain theorem for ISS systems and applications. Mathematics of Control, Signals and Systems, 7:95–120, 1994. [12] M. Keating. The Simple Art of SoC Design. Springer, 2011. [13] F. Kerber and A. van der Schaft. Compositional analysis for linear control systems. In Proc. of the 13th ACM Int. Conf. on Hybrid Systems: Computation and Control, pages 21–30, 2010. [14] Y. Lin, E. D. Sontag, and Y. Wang. A smooth converse lyapunov theorem for robust stability. SIAM Journal on Control and Optimization, 34:124–160, 1996. [15] J. Misra and K. M. Chandy. Proofs of networks of processes. IEEE TSE, SE-7(4):417–426, 1981. [16] A. Murthy, M. Islam, S. Smolka, and R. Grosu. Computing bisimulation functions using sos optimization and δ-decidability over the reals. In Proc. of the 18th Int. Conf. on Hybrid Systems: Computation and Control, pages 78–87, 2015. [17] A.W. Naylor and G.R. Sell. Linear Operator Theory in Engineering and Science. Applied Mathematical Sciences. Springer New York, 2000. [18] G. Pola, P. Pepe, and M. D. Di Benedetto. Compositional symbolic models for networks of incrementally stable control systems, 2014. Preprint. [19] M. Rungger and M. Zamani. Compositional construction of approximate abstractions. In Proc. of the 18th Int. Conf. on Hybrid Systems: Computation and Control, pages 68–77. ACM, 2015. [20] E. D. Sontag. Smooth stabilization implies coprime factorization. IEEE TAC, 34:435–443, 1989. [21] E. D. Sontag. Mathematical control theory: deterministic finite dimensional systems. Springer, 1998. [22] P. Tabuada, G. J. Pappas, and P. Lima. Compositional abstractions of hybrid control systems. Discrete event dynamic systems, 14(2):203–238, 2004. [23] Y. Tazaki and J. Imura. Bisimilar finite abstractions of interconnected systems. In Proc. of the 11th Int. Conf. on Hybrid Systems: Computation and Control, pages 514–527, 2008. [24] M. Zamani. Compositional approximations of interconnected stochastic hybrid systems. In Proc. of the 53rd IEEE Conf. on Decision and Control, pages 3395–3400, 2014.

ˆ ζ, ˆ νˆ, ω Proof of Theorem 1. We consider the trajectories (ξ, ζ, ν, ω) and (ξ, ˆ ) of the conˆ respectively. We assume that ν is given such that (4) holds with trol systems Σ and Σ, ˆ x = ξ(t), xˆ = ξ(t), u = ν(t), uˆ = νˆ(t), ˆ (t) for all t ∈ R≥0 . We define c =
w = ω(t), wˆ = ω −1 λ 2ρext (||ˆ ν ||∞ ) + 2ρint (||ω − ω ˆ ||∞ ) and the set S = {(x; xˆ) ∈ Rn × Rnˆ | V (ˆ x, x) ≤ c}. From (4), we see that the trajectories satisfy, whenever they are outside the set S, i.e.

COMPOSITIONAL CONSTRUCTION OF APPROXIMATE ABSTRACTIONS

19

ˆ ξ(t)) > c, the inequality V (ξ(t), d ˆ ξ(t)) ≤ − 1 λ(V (ξ(t), ˆ ξ(t))). V (ξ(t), (28) 2 dt ˆ 0 )) ∈ S We show that S is forward invariant, i.e., if there exists t0 ≥ 0 with (ξ(t0 ), ξ(t ˆ then we have (ξ(t), ξ(t)) ∈ S for all t ≥ t0 . ˆ 0 )) ∈ S and suppose to the contrary that the trajectories leave S. Since Let (ξ(t0 ), ξ(t ˆ 1 ), ξ(t1 )) ≥ c + ε. Let t1 be S is closed, there exists t1 > t0 and ε ∈ R>0 such that V (ξ(t ˆ ξ(t)) is continuous in t, there exists δ ∈ R>0 minimal for this choice of ε. Since V (ξ(t), ˆ with δ < t1 − t0 , so that V (ξ(t), ξ(t)) > c holds for all t ∈ t1 + [−δ, δ]. However, for all t ∈ t1 + [−δ, δ] the inequality (28) holds which implies that there exists t ∈ ]t0 , t1 − δ[ ˆ ξ(t)) > V (ξ(t ˆ 1 ), ξ(t1 )) which contradicts the minimality of t1 . It follows such that V (ξ(t), that S is forward invariant and the output trajectories satisfy for all t ≥ t0 the inequality ˆ ˆ ξ(t))) |ζ(t) − ζ(t)| ≤ α−1 (V (ξ(t),
≤ α−1 λ−1 (2ρext (||ˆ ν ||∞ ) + 2ρint (||ω − ω ˆ ||∞ )) ≤ γext (||ˆ ν ||∞ ) + γint (||ω − ω ˆ ||∞ ) (29)

with γi (s) = α−1 (λ−1 (4ρi (s))) and i ∈ {int, ext}. Note that here we used the fact that for any K∞ function γ the inequality γ(a + b) ≤ γ(2a) + γ(2b) holds for all a, b ∈ R≥0 . We proceed with the analysis of the trajectories outside of S. We define t0 = inf{t | ˆ ˆ ξ(t)) is (ξ(t), ξ(t)) ∈ S} (possibly infinite) and observe that the function y(t) = V (ξ(t), an absolutely continuous function in t, since V is continuously differentiable and the state trajectories are absolutely continuous, see e.g. [17, Theorem D.13.3]. Moreover, y satisfies y(t) ˙ ≤ − 12 λ(y(t)) for all t ∈ [0, t0 [. Then we apply Lemma 4.4 in [14] and ¯ 0) = r, depending only on λ, so that y(t) ≤ β(y(0), ¯ obtain a KL function β¯ with β(r, t) holds for all t ∈ [0, t0 [. It follows that the output trajectories satisfy for all t ∈ [0, t0 [ the inequality ˆ ˆ |ζ(t) − ζ(t)| ≤ β(V (ξ(0), ξ(0)), t) (30) ¯ t)). By combining the bounds (29) and (30) we obtain the desired with β(r, t) = α−1 (β(r, estimate (5). Proof of Corollary 1. It follows immediately by the previous derivations that V satisfies (6) with the KL function given by β¯ (as determined in the previous proof) and the K∞ functions given by γi (s) = λ−1 (4ρi (s)) and i ∈ {int, ext}. ¨t Department of Electrical and Computer Engineering at the Technische Universita ¨nchen, 80333 Munich, Germany. Mu E-mail address: [email protected] ¨t Department of Electrical and Computer Engineering at the Technische Universita ¨nchen, 80333 Munich, Germany. Mu E-mail address: [email protected]