Representations and Algorithms for Finite-State ... - IEEE Xplore

Joint 48th IEEE Conference on Decision and Control and 28th Chinese Control Conference Shanghai, P.R. China, December 16-18, 2009

WeA02.3

Representations and Algorithms for Finite-State Bisimulations of Linear Discrete-Time Control Systems Andrew Lamperski handles abstractions arising from arbitrary output space partitions, whereas most approximate methods use brute force state space quantization schemes and do not admit such flexibility. We will see how the choice of the output space partition determines the structure of the bisimilar finite-state system. The three main contributions of this paper are: 1) An explicit representation of the smallest finite-state system bisimilar to a linear system with partitioned output space; 2) A family of linear systems and partitions such that the state space of the associated finite-state system grows in a non-elementary fashion with the order of the linear system; 3) A theorem stating that if the output space is partitioned with rectangles, then a propositional encoding of the finitestate system can be computed from the linear system and its partition in polynomial time. The first main result describes the structure of the smallest finite-state system bisimilar to a discrete-time linear system with partitioned output space. The simple form of the finitestate system makes it amenable to further analysis. While the abstract representation is easy to write, details of the construction indicate that the abstraction could be huge. The second main result explores how big the abstraction can get by exhibiting a family of linear systems for which the bisimilar finite-state systems grow in a non-elementary fashion in the order of the linear systems. For the third main result, we seek classes of partitions for which the finite-state system construction is well behaved and avoids the pathologies of the second result. We find that if the output space of the linear system is partitioned by rectangles, then the associated abstraction has at most exponentially many states in the order of the system and the number of elements of the partition. Furthermore, we can encode the finite-state system as a propositional formula in polynomial time. Thus, for nice partitions, the bisimilar finite-state system may be amenable to automated analysis techniques such as bounded model checking [10]. More generally, the efficient propositional encoding scheme implies that we could possibly exploit the success of modern propositional satisfiability (SAT) solvers [11] for analysis and synthesis of discrete-time linear systems.

Abstract— While a large amount of research over the past two decades has focused on discrete abstractions of infinite-state dynamical systems, many structural and algorithmic details of these abstractions remain unknown. To clarify the computational resources needed to perform discrete abstractions, this paper examines the algorithmic properties of an existing method for deriving finite-state systems that are bisimilar to linear discrete-time control systems. We explicitly find the structure of the finite-state system, show that it can be enormous compared to the original linear system, and give conditions to guarantee that the finite-state system is reasonably sized and efficiently computable. Though constructing the finite-state system is generally impractical, we see that special cases could be amenable to satisfiability based verification techniques.

I. I NTRODUCTION A discrete abstraction of a continuous, or hybrid, dynamical system is another dynamical system with a discrete state space that captures many of the relevant properties of the original system. Since the 1990s, much hybrid systems research has focused on discrete abstractions [1], [2], [3]. These early works introduced equivalence notions from process algebra such as simulation and bisimulation to the study of dynamical systems with continuous state spaces. Many recent modern approaches to discrete abstractions have focused on approximate equivalence notions that allow small errors between the original system and the abstraction [4], [5], [6], [7], [8]. These methods appear to be more robust to disturbances and parametric uncertainty, in addition to being more computationally feasible than older exact abstraction methods. To the author’s knowledge, many structural and algorithmic questions about discrete abstractions remain open. In particular, for most classes of dynamical systems and most equivalence notions, work is needed to answer following questions: Given an infinite-state system and a particular equivalence notion, what is the structure of the smallest discrete abstraction? What computational resources are required to find that abstraction? This paper studies structural and algorithmic properties of a discrete abstraction method from [9], taking a class of discrete-time linear control systems with partitioned output spaces to (exactly) bisimilar finite-state systems. Arguably, abstractions with respect to exact bisimulation are less relevant than approximate bisimulation, but we claim that the exact case touches on interesting problems that current approximate methods do not. Specifically, the result of [9]

II. P ROBLEM S TATEMENT Consider a linear discrete-time control system: x(t + 1)

A. Lamperski is with Control and Dynamical Systems, California Institute of Technology, Pasadena, CA 91125 [email protected]

978-1-4244-3872-3/09/$25.00 ©2009 IEEE

y(t)

51

= Ax(t) + Bu(y) = Cx(t)

WeA02.3 where x ∈ Rn and u, y ∈ Rm . Thus the matrices satisfy A ∈ Rn×n , B ∈ Rn×m , and C ∈ Rm×n . For the rest of the paper we make the following assumptions: A1: (A, B) is controllable. A2: B has linearly independent columns.

Lemma 1 ([9]): Let (A1 , B1 , C1 ) and (A2 , B2 , C2 ) be feedback equivalent linear discrete-time control systems, and let P be a finite partition of the output space Rm . If Tf is P a finite transition system, then T(A ' Tf if and only 1 ,B1 ,C1 ) P if T(A2 ,B2 ,C2 ) ' Tf .

Definition 1: A transition system T = (Q, →, Y, g) is a tuple where: • Q is the state space. • →⊆ Q × Q is a transition relation. • Y is the output space. • g : Q → Y is the output function. Denote (q, q 0 ) ∈ → by q → q 0 . A transition system is called a finite-state system if Q is finite.

The finite-state system studied in this paper is formed by identifying states such that (x, x ˆ) ∈ R, where R is P a bisimulation relation between T(A,B,C) and itself. The construction of a smaller transition system by identifying states in the original system is formalized below. Definition 4: Let T = (Q, →, Y, g) be a transition system. Let R ⊆ Q × Q be an equivalence relation that is also a bisimulation relation between T and itself. The bisimulation quotient of T with respect to R is the transition system, T/R , defined by T/R := (PR , →R , Y, gR ),

Definition 2: Let T1 = (Q1 , →1 , Y, g1 ) and T2 = (Q2 , →2 , Y, g2 ) be two transition systems. A relation R ⊆ Q1 × Q2 is called a bisimulation relation between T1 and T2 if for all (q1 , q2 ) ∈ R: • g1 (q1 ) = g2 (q2 ) 0 0 • If q1 →1 q1 then there exists q2 ∈ Q2 such that q2 →2 0 0 0 q2 and (q1 , q2 ) ∈ R. 0 0 • If q2 →2 q2 then there exists q1 ∈ Q1 such that q1 →1 0 0 0 q1 and (q1 , q2 ) ∈ R. Transition systems T1 and T2 are said to be bisimilar, denoted T1 ' T2 if there is a bisimulation relation R between T1 and T2 .

where: • PR = {P ⊆ Q : P is an equivalence class of R} 0 0 0 • P →R P if there is q ∈ P and q ∈ P such that 0 q→q. • gR (P ) = y if there is q ∈ P such that g(q) = y. The output mapping gR is well defined, since by definition of bisimulation relations, g(q1 ) = g(q2 ) for all (q1 , q2 ) ∈ R. Furthermore, since R is a bisimulation relation between T and itself, the transitions systems T and T/R are bisimilar ˜ = {(q, P ) ∈ Q × PR : q ∈ P }. with the relation R Bisimulation quotients become interesting when PR = Q/R is much smaller than Q. In this paper, we study linear systems with infinite state spaces, Q = Rn , that have finite bisimulation quotients. Now we give some notation to describe the bisimulation algorithm, an algorithm that extracts small bisimulation quotients from a given transition system.

Consider a finite partition, P = {P1 , . . . , Pp }, of the output space, Rm . Let πP : Rm → P be the associated projection defined by πP (y) = P ∈ P if and only if y ∈ P . Associate a transition system to the control system with partitioned output space: P T(A,B,C) := (Rn , →, P, πP ◦ C),

where x → x0 if and only if there is a u ∈ Rm such that x0 = Ax + Bu. It was shown in [9] that under certain conditions on C, P the transition system T(A,B,C) is bisimilar to a finite-state system. The main goals of this paper are to determine the structure of the corresponding finite-state system and explain how the form of P determines the size and compuational difficulty of finding the finite-state system.

Definition 5: Define the output relation Rg for a transition system T = (Q, →, Y, g) by Rg := {(q1 , q2 ) ∈ Q × Q : g(q1 ) = g(q2 )}. Define the corresponding output partition by Pg := Q/Rg . Definition 6: If Pˆ is a partition, then anSelement P ∈ Pˆ is called a block of Pˆ and a union of blocks i∈I Pi is called ˆ a superblock of P.

III. R EVIEW OF P RELIMINARY R ESULTS This section reviews definitions and basic results needed in the paper. For a basic introduction to transition systems and bisimulation relations see [12], and for an introduction to discrete abstractions, see [6].

Definition 7: If T = (Q, →, Y, g) is a transition system and q ∈ Q define its set of predecessors, Pre(q), by Pre(q) := {q 0 ∈ Q : q 0 → q}.

Definition 3: Two linear systems, (A1 , B1 , C1 ) and (A2 , B2 , C2 ), are called feedback equivalent if they are related by a change of coordinates, x2 = V x1 , and a invertible feedback, u2 = F x1 + Gu1 , with G invertible. In that case

The Pre operator can be extended to subsets of Q by [ Pre(S) := Pre(q). q∈S

Lemma 2 (see [12], [13]): Given a transition system T = (Q, →, Y, g), if there is a bisimulation relation, R,

A2 = V (A1 + B1 F )V −1 , B2 = V B1 G, C2 = C1 V −1 .

52

WeA02.3 Algorithm 1 Bisimulation Algorithm Input: T = (Q, →, Y, g) Pˆ = Pg while There is a block P ∈ Pˆ and there is a superblock C of Pˆ with ∅ = 6 P ∩ Pre(C) 6= P do P1 = P ∩ Pre(C), P2 = P \ Pre(C) Pˆ = (Pˆ \ {P }) ∪ {P1 , P2 } end while Let RPˆ be the equivalence relation induced by Pˆ ˆ →R , Y, gR ) return T/RPˆ = (P, ˆ ˆ P P

[14] for more on the Brunovsky canonical form. ˆ be vectors partitioned as in Proposition 1 Let X and X  1  1 ˆ X X   ..  ˆ =  ..  X =  . , X . . µ ˆµ X X ˆ if and only if there are inputs U k Note that X ∈ Pre(   X) k+1 X k ˆ , for k = 1, . . . , µ − 1. In that such that X = Uk ˆ k by projecting out the case, we can obtain X k+1 from X last mk − mk+1 coordinates.

between T and itself such that T/R is finite, then the bisimulation algorithm (Algorithm 1) terminates in a finite number of steps and returns the smallest finite-state bisimulation quotient.

Now we give some notation that allows simple descriptions of bisimulation quotients for systems in permuted Brunovsky form.

The structure of the smallest finite-state system bisimilar P is found by stepping through the bisimulation to T(A,B,C) algorithm.

Definition 8: Let [p]1 := {1, . . . , p}, and inductively define [p]k+1 to be the non-empty subsets of [p]k , [p]k+1 := 2[p]k \ {∅}.

IV. E XPLICIT C ONSTRUCTION OF THE B ISIMILAR F INITE -S TATE S YSTEM FOR L INEAR S YSTEMS

Example 1: If p = 2, then we find [2]1 = {1, 2}, [2]2 = {{1}, {2}, {1, 2}} and   {{1}}, {{2}}, {{1, 2}},   [2]3 = {{1}, {2}}, {{1}, {1, 2}}, {{2}, {1, 2}}, .   {{1}, {2}, {1, 2}}

This section gives the precise structure of the smallest bisimulation quotient of a discrete-time linear system with output space partitioned into a finite number of sets. The proof of correctness of our finite-state representation automatically gives a novel proof of a theorem from [9], stating that linear systems with partitioned output spaces have finite bisimulation quotients. The proof from [9] first transforms the linear system into Brunovsky canonical form, and then uses the specialized structure to prove that it has a finite-state bisimulation quotient. Our finite-state system construction relies on a closely related linear systems representation, which we call the permuted Brunovsky form, that enables a clean description of the predecessor operator Pre in terms of coordinate projections.

2

m1

µ

.

2[p]1

, with the tower of powersets Note that [p]k ⊂ 2 having height k − 1. These are very big sets. For instance |[2]5 | = 2127 − 1. To discuss how the output space partition P = {P1 , . . . , Pp } induces a partition on Rn via the bisimulation algorithm, we need notation for the partitions derived by projecting the elements of P into Rm2 , . . . , Rmµ . Definition 9 (Projected Partitions): Let P1 := {P1,1 , . . . , P1,p } = P. We inductively define partitions of Rm2 , . . . , Rmµ . Assume that Pk,ζ ⊆ Rmk is defined for all ζ ∈ [p]k . For η ∈ [p]k+1 = 2[p]k \∅, define Pk+1,η ⊆ Rmk+1 by coordinate projections of the Pk,ζ ,  k+1 Pk+1,η = X ∈ Rmk+1 : ∃U k ∈ Rmk −mk+1 with  k+1   X iff ζ ∈ η ∈ P . k,ζ Uk

Proposition 1 (Permuted Brunovsky Form): If (A, B) is controllable and B has linearly independent columns, then (A, B, C) is feedback equivalent (with change of coordinates and invertible feedback depending only on A and B) to a system whose dynamics take the following form:  2  X (t) 1 X (t + 1) = U 1 (t) .. .   X µ (t) µ−1 X (t + 1) = U µ−1 (t) X µ (t + 1) = U µ (t). 1

..

Define the projected partition of Rmk by Pk := {Pk,η : η ∈ [p]k , Pk,η 6= ∅}.

mµ

Here X ∈ R ,...,X ∈ R , where m = m1 ≥ · · · ≥ mµ , m1 + · · · + mµ = n and U 1 ∈ Rm1 −m2 , . . . , U µ−1 ∈ Rmµ−1 −mµ , U µ ∈ Rmµ . We call m1 , . . . , mµ the conjugate controllability indices of (A, B).

See Figure 1 for an example. Lemma 3: The projected partition of Rmk is, in fact, a partition of Rmk . P To guarantee that T(A,B,C) is bisimilar to a finite transition system, we make the following assumption:

Proposition 1 follows by permuting the coordinates from the Brunovsky canonical form, and the proof is omitted. See

53

WeA02.3

1

V. S PECIAL C ASES OF B ISIMILAR F INITE -S TATE S YSTEMS

2

{1}

{1, 2}

This section studies the consequences of Theorem 1 in special cases. In particular, subsection V-A shows how to construct linear systems with output space partitions whose bisimulation quotients are as large as possible. Subsection VB explains why linear systems with output spaces partitioned by rectangles have reasonably small, efficiently encodable bisimilar finite-state systems. The results in this section only rely on the statement of Theorem 1, and not its proof. Furthermore, subsections V-A and V-B are independent of each other.

{1}

Fig. 1. A partition of R2 projected onto the first coordinate. Note that the P2,{1} is not connected.

A3: The output is given by y = Cx = X 1 . Theorem 1: If (A, B, C) satisfies assumptions A1-A3 P then T(A,B,C) is bisimilar to a finite-state system with state Qµ space given by k=1 Pk , where Pk is the projected partition of Rmk . Furthermore, Qµ transitionsQµin the finite-state system are given by k=1 Pk,ζk → k=1 Pk,ηk if and only if η1 ∈ ζ2 , . . . , ηµ−1 ∈ ζµ .

A. Huge Bisimulation Quotients P Theorem 1 implies that T(A,B,C) is bisimilar to a finiteQµ state system with at most k=1 |[p]k | states, but does not indicate whether this bound can be achieved. The main result of this subsection is Theorem 2, which presents a family of linear systems, with output spaces partitioned by complicated sets, whose bisimilar finite-state systems achieve the upper bound.

Proof: [Proof Sketch] By Lemma 1, assume without loss of generality that (A, B) is in the permuted Brunovsky form of Proposition Qµ 1. To show that k=1 Pk is the state space of the smallest bisimilar transition system, we describe a run of the bisimulation algorithm using µ stages, such that at the end of stage k, the partition is   k Y Pk :=  Pj  × {Rmk+1 +···+mµ }.

Theorem 2: For every µ, p ≥ 1 and there is a system P T(A,B,C) such that • • • •

Qµ

The bisimulation algorithm starts with the partition P1 = PπP ◦C . Now assume that k ≥ 1 stages have been run and the resulting partition is Pk . Straightforward, but cumbersome, manipulations show that

Pre(Rm1 +···+mk−1 × Pk,ζk × Rmk+1 +···+mµ ).

ζk ∈[p]k \ηk+1

Qk+1

Qk+1 Qk+1 Pj,ηj ∈ j=1 Pj , the set j=1 Pj,ηj × Rmk+1 +···+mµ can be constructed from the blocks of Pk , using operations from the bisimulation algorithm. By induction, the Qµbisimulation algorithm can construct the partition Pµ = j=1 Pj . To see that Pµ is the state space of the smallest bisimulation quotient, it can be shown that ! µ µ Y [ Y m1 Pre Pk,ηk = R × Pj,ζj , (1) k=1

.

2p

where the

Construction 1: Let Γ be a finite set, and let PΓ be a partition of Rq indexed by the nonempty subsets of Γ,

ζk ∈ηk+1

Thus if

..

The proof, sketched below, relies on the following construction that lifts large partitions to smaller partitions of higher dimension. See Figure 2 for an example of the construction.

Rm1 +···+mk × Pk+1,ηk+1 × Rmk+2 +···+mµ \ Pre(Rm1 +···+mk−1 × Pk,ζk × Rmk+1 +···+mµ ) = [

2

has state space of size k=1 √ |[p]k | > 2 tower has height µ − 1 = Ω( n).

j=1

\

(A, B, C) satisfy A1-A3 P has p blocks. n = 1 + 2 + · · · + µ = Θ(µ2 ) P The smallest finite-state system bisimilar to T(A,B,C)

PΓ = {PS ⊂ Rq : S ⊆ Γ, S 6= ∅}. We construct a partition of Rq+1 that is indexed by Γ. Let S be a nonempty subset of Γ. Enumerate S as S = {a1 , . . . , a|S| }. We define partitions of Rq+1 via the function IS which takes elements of Γ to intervals. If |S| ≥ 2, define the IS by  (−∞, 1) a = a1    [k − 1, k) a = ak , 1 < k < |S| IS (a) := [|S| − 1, ∞) a = a|S|    ∅ a∈ / S.

j=1

η1 ∈ζ2 ,...,ηµ−1 ∈ζµ j=2

which is a superblock of Pµ . Therefore, at this point the bisimulation algorithm would terminate andQoutput T/Pµ . µ → k=1 Pk,ζk QµFinally, equation (1) implies that P if and only if η ∈ ζ , . . . , η ∈ ζ . 1 2 µ−1 µ k=1 k,ηk

If |S| = 1, then define IS by  R IS (a) := ∅

54

a∈S a∈ / S.

WeA02.3

{1}

{2} {1, 2} {2}

{2}

{1}

2

{1}

{2}

6 3

5

{1, 2} {1, 3} {4, 5} {6}

{{

Fig. 3. The projected partitions associated with a rectangular partition are always rectangular. Compare with Figure 1.

1,

}

2}

,{

2}

,{

1}

}

2}

1,

1,

,{

2}

}

2}

,{

}

2}

,{

1}

{{

{{

1}

{{

1,

{{2}}

{{

{{1}}

4

1

{1, 2}

}

2}

Notation 1 (Interval Operator): If a and b ∈ R ∪ {−∞, ∞}, let I (a, b) ⊆ R be the interval defined by  −∞ < a < b  [a, b) I (a, b) := (−∞, b) −∞ = a < b .  ∅ a≥b

Fig. 2. Illustration of Construction 1: The partition of R2 , built from a partition of R indexed by [2]3 .

We define a partition Pˆ := {Pˆa }a∈Γ of Rq+1 where the blocks are given by [ Pˆa := PS × IS (a).

Definition 10: A partition P = {P1 , . . . , Pp } of Rm is if for all i = 1, . . . , p, Pi = Qmcalled irectangular, i ) for some vectors li , ui ∈ (R∪{−∞, ∞})m . , u I (l j j j=1

{S⊆Γ:a∈S}

ˆ is a partition, since given any The collection of sets, P, T T q+1 (x , y) ∈ R , there is a unique S ⊆ Γ such that x ∈ PS and there is a unique a ∈ S such that y ∈ IS (a). Therefore, there is a unique a ∈ Γ such that (x, y) ∈ Pˆa . Note that Pˆ has exponentially fewer blocks than the original partition, PΓ . Furthermore, Pˆ gives rise to PΓ when its elements are projected as in the definition of the projected partitions.

For the rest of this subsection, assume that P = {P1 , . . . , Pp }, is a rectangular partition of Rm defined by the vectors li , ui ∈ (R ∪ {−∞, ∞})m . Theorem 3: If (A, B, C) satisfies A1-A3 and P = {P1 , . . . , Pp } is a rectangular partition of the output space Rm , then P • T(A,B,C) is bisimilar to a finite-state system with at most np 2 states. • There is an algorithm with running time polynomial in the bit length of h(A, B, C), Pi that encodes the the state space and transition relation of the bisimilar finitestate system as a propositional formula.

Proof: [Proof of Theorem 2, Sketch] Let (A, B) be the system in permuted Brunovsky form, with m1 = µ, m2 = µ − 1,. . . , mµ = 1, and let Pµ = {Sζ : ζ ∈ [p]µ } be a |[p]µ |-element partition of R. Applying Construction 1 repeatedly, we derive the projected partitions P1 , . . . , Pµ−1 , where |Pk | = |[p]k | for k = 1, . . . , µ − 1.

The product structure of the state space given by Theorem 1 implies that the state space of P the finite-state system is µ typically exponential in µ, where i=1 mi = n. Thus, we cannot write down the abstraction in polynomial time, and a propositional encoding is the best we can hope for. The rest of this subsection sketches a proof of Theorem 3. The proofs of the supporting lemmas are omitted in the interest of space, but Theorem 3 is the most involved result in this paper.

The construction in Theorem 2 shows that the smallest bisimulation quotient of a linear system can have a surprisingly large number of states compared to the order of the linear system. Note that Theorem 2 gives no information about the difficulty of computing the abstraction, since the initial partition P1 requires nearly as many bits to represent as the entire state space. B. Rectangular Partitions

Notation 2 (Number Operator): Denote the numbers within a nested subset ζ ∈ [p]k by Num(ζ) ⊆ [p]1 . More explicitly, if i ∈ [p]1 , then Num(i) = {i}. Inductively assume that for all ζ ∈ [p]k , Num(ζ) ⊆ [p]1 is defined. Then for η ∈ [p]k+1 = 2[p]k \ ∅, define Num(η) ⊆ [p]1 by [ Num(η) := Num(ζ).

We just saw how large the discrete abstractions associated to linear systems can be when the output space partitions are complicated. To see if the transformation from linear systems to finite-state systems is ever feasible in practice, we seek a reasonable class of output space partitions that guarantees efficiently computable abstractions. In this subsection, we outline an argument showing that if the output space is partitioned by rectangles, then the bisimulation quotient is relatively small and can be encoded as a propositional formula in polynomial time.

ζ∈η

The following lemma is the technical backbone behind Theorem 3. The lemma shows that the projected partitions corresponding to a rectangular partition are all rectangular

55

WeA02.3 (see Figure 3). It also indicates that if Pk,η ∈ Pk , then Pk,η only depends on Num(η) and not the more specialized details of how η is constructed.

are polynomial-time checkable

Lemma 4: If Pk,η ∈ Pk is a block of a projected partition, then mk  n o Y Pk,η = I max lij : j ∈ Num(η) ,

RT

:= {(hm1 , . . . , mµ , Pi, hζ1 , . . . , ζµ , η1 , . . . , ηµ i :

Finally, we can sketch a proof of Theorem 3. Proof: [Proof of Theorem 3, Sketch] It can be shown that the conjugate controllability indices are computable from (A, B) in polynomial time. Now, since the relations, RS and RT , correspond to NP sets, they can be encoded as propositional formulas efficiently. Therefore, Proposition 2 implies that the state space and transition relation can be encoded as a propositional formula in polynomial time.

n o min uji : j ∈ Num(η) . Lemma 4 suggests that we do not need to keep track of the cumbersome index sets [p]k , but rather just look at subsets of [p]1 = {1, . . . , p}. To this end, we can denote the blocks of the projected partitions by r Pk,ζ :=

r := {(hm1 , . . . , mµ , Pi, hζ1 , . . . , ζµ i : Pk,ζ 6= ∅} k

r r Pk,η 6= ∅, Pk,ζ 6= ∅, η1 ⊆ ζ2 , . . . , ηµ−1 ⊆ ζµ . k k

i=1

mk Y

RS

VI. ACKNOWLEDGEMENTS The author would like to thank John Doyle, Genti Buzi and Dennice Gayme for helpful comments on the paper.

I (max{lij : j ∈ ζ}, min{uji : j ∈ ζ}).

i=1

R EFERENCES Remark 1: Note that Lemma 4 implies that the projected r r 6= ∅}. : Pk,ζ partitions have the form Pk = {Pk,ζ

[1] R. Alur and D. L. Dill, “A theory of timed automata,” Theoretical Computer Science, vol. 126, pp. 183–235, 1994. [2] R. Alur, T. A. Henzinger, G. Lafferriere, and G. J. Pappas, “Discrete abstractions of hybrid systems,” Proceedings of the IEEE, vol. 88, no. 7, pp. 971–984, 2000. [3] T. A. Henzinger, “The theory of hybrid automata,” in IEEE Symposium on Logic in Computer Science, 1996, pp. 278–292. [4] A. Girard and G. J. Pappas, “Approximation metrics for discrete and continuous systems,” IEEE Transactions on Automatic Control, vol. 52, no. 5, pp. 782–798, 2007. [5] G. Pola and P. Tabuada, “Symbolic models for nonlinear control systems: Alternating approximate bisimulations,” SIAM Journal of Control and Optimization, vol. 48, no. 2, pp. 719–733, 2009. [6] P. Tabuada, Verification and Control of Hybrid Systems. Springer, 2009. [7] D. C. Tarraf, A. Megretski, and M. A. Dahleh, “Finite automata approximations with error bounds for systems with quantized actuation and measurement: a case study,” in 43rd IEEE Conference on Decision and Control (CDC), vol. 2, 2004, pp. 1436–1441. [8] Y. Tazaki and J.-I. Imura, “Discrete-state abstractions of nonlinear systems using multi-resolution quantizer,” in 12th International Conference on Hybrid Systems: Computation and Control (HSCC), 2009, pp. 351–365. [9] P. Tabuada and G. J. Pappas, “Linear time logic control of discretetime linear systems,” IEEE Transactions on Automatic Control, vol. 51, no. 12, pp. 1862–1877, Dec. 2006. [10] A. Biere, A. Cimatti, E. Clarke, and Y. Zhu, “Symbolic model checking without bdds,” in 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS), 1999, pp. 193–207. [11] N. E´en and N. S¨orensson, “An extensible SAT-solver,” in SAT 2003, 2003. [12] C. Baier and J.-P. Katoen, Principles of Model Checking (Representation and Mind Series). The MIT Press, 2008. [13] A. Bouajjani, J.-C. Fernandez, and N. Halbwachs, “Minimal model generation,” in 2nd International Workshop on Computer-Aided Verification (CAV), 1990. [14] E. D. Sontag, Mathematical Control Theory: Deterministic Finite Dimensional Systems, 2nd ed. Springer, 1998. [15] O. Goldreich, Computational Complexity: A Conceptual Perspective. Cambridge University Press, 2008.

Combining Theorem 1 and Remark 1 gives an explicit r . form of the discrete abstraction in terms of the blocks Pk,ζ Proposition 2: If (A, B, C) satisfies A1-A3, and P is a P rectangular partition of the output space Rm1 , then T(A,B,C) pµ is bisimilar to a n finite-state systemo with at most 2 states, Qµ Qµ r r r given by k=1 Pk,ζk → k=1 Pk,ζ : Pk,ζ 6= ∅ , with Qµ r k=1 Pk,ηk if and only if η1 ⊆ ζ2 , . . . ηµ−1 ⊆ ζµ . Again we see that the state space of the finite-state system is typically exponential in the order of the linear system. Thus we seek an implicit representation of the finite-state system that is computable in polynomial time. In order to formally discuss efficient encodings of the state space and transition relation from Proposition 2, we use the notion of polynomial-time checkable relations from computational complexity [15]. Definition 11: A relation between strings R ⊆ {0, 1}∗ × {0, 1}∗ is polynomial-time checkable if • there is a polynomial q such that if (x, y) ∈ R, then |y| ≤ q(|x|), • there is a polynomial-time algorithm that given (x, y) decides whether or not (x, y) ∈ R. Here |x| and |y| are the respective lengths of x and y as strings. Polynomial-time checkable relations are closely related to NP sets, since if R is polynomial-time checkable, then the set {x ∈ {0, 1}∗ : ∃y ∈ {0, 1}∗ with (x, y) ∈ R} is in NP. We can discuss relations between numbers by suitably encoding integers and rational numbers as binary strings. Lemma 5: Assuming P ranges over the collections of rectangles with rational coefficients, the following relations

56