Table Of ContentSYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS
MAJIDZAMANI1,MANUELMAZOJR2,ANDALESSANDROABATE3
Abstract. The last decade has witnessed significant attention on networked control systems (NCS) due to
their high architecture flexibility and low installation and maintenance costs. In a NCS, communication be-
4 tween sensors, controllers, and actuators is supported by a shared communication channel that is subject
1 to variable communication delays, quantization errors, packet losses, limited bandwidth, and other practical
0 non-idealitiesleadingtonumeroustechnicalchallenges. AlthoughstabilitypropertiesofNCShavebeeninves-
2 tigatedextensivelyinthepastfewyears,thereexistnoremarkableresultsforNCSdealingwithmorecomplex
and general objectives, such as verification or (controller) synthesis for logical specifications. This work in-
ul vestigates those complex objectives by constructively deriving symbolic models of NCS, while encompassing
J thementionednetworknon-idealities: theobtainedabstractedmodelscanbeemployedtosynthesizehybrid
controllers enforcing rich logical specifications over NCS. Examples of such specifications include properties
9
expressedasformulaeinlineartemporallogic(LTL)orasautomataoninfinitestrings,asevidencedinafinal
example.
]
C
O
.
h 1. Introduction and Motivation
t
a
m
Overthelastfewyears,theanalysisandsynthesisofnetworkedcontrolsystems(NCS)hasreceivedsignificant
[ attention, since NCS offer many advantages over traditional control systems, such as increasing architecture
flexibilityandreducedinstallationandmaintenancecosts. However,thenumerousnon-idealitiesofthenetwork
2
v introduce new challenges for the analysis of the behavior of the plant (such as its stability) in a NCS and
6 for the related synthesis of control schemes. One can categorize the various non-idealities of the network
9 as follows: (i) quantization errors; (ii) packet dropouts; (iii) time-varying sampling/transmission intervals;
3
(iv) time-varying communication delays; and (v) communication constraints (scheduling protocols). One can
6
readily verify that the limited bandwidth of the network does not require a separate classification and can be
.
1
incorporated in categories (i) and (iv).
0
4 Recently, there have been many studies focused mostly on the stability properties of NCS: in [6] (iii)-(v) are
1 simultaneously considered; in [10] (i), (ii), and (iv) are taken into account; [1] studies (ii) and (v); [4] focuses
:
v on (ii) and (iii); in [9, 23] (ii)-(iv) are considered; and finally in [18] (i), (iii), and (v) are taken into account.
i Despite all the progress on stability analysis of NCS, as reported in [6, 10, 1, 4, 9, 23, 18] there are no notable
X
results in the literature dealing with more complex objectives, such as verification or (controller) synthesis for
r
a richer, logical specifications. Examples of those specifications include linear temporal logic (LTL) formulae or
automata over infinite strings [5], which cannot be easily investigated with existing approaches for NCS.
A promising direction to study these complex properties is the use of symbolic models [22]. Symbolic models
areabstractdescriptionsoftheoriginaldynamicalsystems,whereeachabstractstate(orsymbol)corresponds
to an aggregate of states in the concrete model. When a finite symbolic model is obtained and is formally
putinrelationshipwiththeoriginalsystem,onecanleveragealgorithmicmachineryforcontrollersynthesisof
symbolic systems [16] to automatically synthesize hybrid controllers for the original, concrete model [22]. To
the best of our knowledge, the only results available in the literature on the construction of symbolic models
for NCS are the ones in [8, 7]: this work considers the network non-idealities (i), (ii), and (iv) simultaneously.
However, the results in [8, 7] exhibit several possible shortcomings: they are limited to grid-based symbolic
models,whichpracticallyarelikelytoseverelysufferfromthecurseofdimensionality;theyonlyconsiderstatic
(i.e. memoryless) symbolic controllers whereas general temporal logic specifications often require dynamic
(i.e. with memory) symbolic controllers [5]; specifications expressed exclusively in terms of some types of
1
2 M.ZAMANI,M.MAZOJR,ANDA.ABATE
nondeterministic automata can be addressed; the possibility of out-of-order packet arrivals is not considered;
they only consider non-probabilistic plants; and, furthermore, the given specification needs an additional
reformulation in an extended state-space, in order to apply standard algorithms for verification and synthesis
to the obtained symbolic model.
In this paper, we provide a general construction of symbolic models for NCS, which can directly employ
available symbolic models obtained exclusively for the plant. As such, one can directly use existing results
to obtain symbolic models for the plant, such as the grid-based approaches in [13, 27], the recent results in
[28] that do not require state-space discretization but only input set discretization, or the formula-guided
(non-grid-based) approaches in [24]: from those plant symbolic models, one can then construct the symbolic
models for the overall NCS. As a consequence, as long as there exists some type of symbolic abstraction of
the plant, one can always use the results provided in this article to construct symbolic models for the overall,
complexNCS.Hence,theproposedtechniquesinthispapercanbeusedforstochasticplantsaswell,inviewof
the recent results providing symbolic models for such systems [28, 25, 26]. In this work, we explicitly consider
the network non-idealities (i), (ii), and (iv) acting on the NCS simultaneously. We further explicitly consider
possibleout-of-orderpacketarrivalsandmessagerejections,i.e. theeffectofolderdatabeingneglectedbecause
more recent data is available. Let us remark that this work is not limited to problems where the controller
is static: as a result we enable the study of larger classes of logical specifications such as those expressed as
general LTL formulae or as automata on infinite strings, without requiring any specific reformulation.
Besides these extensions, the fundamental distinguishing feature of our work with respect to the recent con-
tributions in [8, 7] is the nature of the triggering mechanism for message transmission: [8, 7] consider a sort
of event-triggered mechanism, in which new sensor measurements are transmitted only once the actuator is
updated with the control input computed using the last transmitted measurement. This, in turn, while pre-
venting measurements from arriving out-of order, restricts the applicability to systems in which sensors and
actuators are co-located. In our approach, on the other hand, the sensors and controllers send new measure-
ments/control updates in a periodic fashion. This forces dealing explicitly with out-of-order messages, but in
exchange it removes any restriction on the location of sensors, controllers, or actuators.
2. Notation and basic concepts
2.1. Notation. TheidentitymaponasetAisdenotedby1 . ThesymbolsN, N , Z, R, R+, andR+ denote
A 0 0
the set of natural, nonnegative integer, integer, real, positive, and nonnegative real numbers, respectively.
Given a set A, define An+1 =A An for any n N. Given a vector x Rn, we denote by x the i-th element
i
× ∈ ∈
ofx,andby x theinfinitynormofx,namely, x =max x , x ,..., x ,where x denotestheabsolute
1 2 n i
value of x . (cid:107)G(cid:107)iven an interval [a,b] R with(cid:107)a (cid:107) b, we{d|en|ot|e b|y [a|;b]|t}he set [a|,b|] N. We denote by
i
[Rn] = a Rn a =k η, k Z, i⊆=1,...,n . ≤ ∩
η i i i
{ ∈ | ∈ }
Given a measurable function f :R+ Rn, the (essential) supremum of f is denoted by f ; we recall that
f :=(ess)sup f(t) ,t 0 . A0c→ontinuousfunctionγ :R+ R+,issaidtobelongto(cid:107)cla(cid:107)s∞s ifitisstrictly
(cid:107) (cid:107)∞ {(cid:107) (cid:107) ≥ } 0 → 0 K
increasing and γ(0)=0; γ is said to belong to class if γ and γ(r) as r . A continuous
functionβ :R+ R+ R+ issaidtobelongtoclass K∞if,for∈eaKchfixeds,th→em∞apβ(r,→s)b∞elongstoclass
0 × 0 → 0 KL K
with respect to r and, for each fixed nonzero r, the map β(r,s) is decreasing with respect to s and β(r,s) 0
→
as s . We identify a relation R A B with the map R:A 2B defined by b R(a) iff (a,b) R.
→∞ ⊆ × → ∈ ∈
Given a relation R A B, R 1 denotes the inverse relation defined by R 1 = (b,a) B A:(a,b) R .
− −
⊆ × { ∈ × ∈ }
When R is an equivalence relation1 on a set A, we denote by [a] the equivalence class of a A, by A/R the
∈
set of all equivalence classes, and by π : A A/R the natural projection map taking a point a A to its
R
→ ∈
equivalence class π(a)=[a] A/R.
∈
2.2. Control systems. The class of control systems that we consider in this paper is formalized in the
following definition.
1AnequivalencerelationR⊆X×X isabinaryrelationonasetX ifitisreflexive,symmetric,andtransitive.
SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS 3
Definition 2.1. A control system is a tuple Σ=(Rn,U, ,f), where:
U
Rn is the state space;
• U Rm is the compact input set;
• ⊆is a subset of the set of all measurable functions of time from intervals of the form ]a,b[ R to U
• U ⊆
with a<0 and b>0;
f :Rn U Rn isacontinuousmapsatisfyingthefollowingLipschitzassumption: foreverycompact
• set Q ×Rn→, there exists a constant Z R+ such that f(x,u) f(y,u) Z x y for all x,y Q
⊂ ∈ (cid:107) − (cid:107)≤ (cid:107) − (cid:107) ∈
and all u U.
∈
A curve ξ :]a,b[ Rn is said to be a trajectory of Σ if there exists υ satisfying:
→ ∈U
ξ˙(t)=f(ξ(t),υ(t)),
foralmostallt ]a,b[. Althoughwehavedefinedtrajectoriesoveropendomains,weshallrefertotrajectories
ξ :[0,t] Rn de∈fined on closed domains [0,t], t R+, with the understanding of the existence of a trajectory
ξ :]a,b[→ Rn such that ξ =ξ with a<0 an∈d b>t. We also write ξ (t) to denote the point reached at
(cid:48) (cid:48) [0,t] xυ
→ |
time t under the input υ from the initial condition x=ξ (0); the point ξ (t) is uniquely determined, since
xυ xυ
the assumptions on f ensure existence and uniqueness of trajectories [21].
A control system Σ is said to be forward complete if every trajectory is defined on an interval of the form
]a, [. Sufficient and necessary conditions for a control system to be forward complete can be found in [3].
∞
2.3. Notions of stability and of completeness. Someoftheexistingresults,brieflyrecalledinthispaper,
require certain stability properties (or lack thereof) on Σ. First, we recall a stability property, introduced in
[2], as defined next.
Definition 2.2. A control system Σ is incrementally input-to-state stable (δ-ISS) if it is forward complete
and there exist a function β and a function γ such that for any t R+, any x,x Rn, and any
υ,υ , the folloKwLing condition is satisKfie∞d: ∈ 0 (cid:48) ∈
(cid:48)
∈U
(2.1) (cid:107)ξxυ(t)−ξx(cid:48)υ(cid:48)(t)(cid:107)≤β(cid:0)(cid:13)(cid:13)x−x(cid:48)(cid:13)(cid:13),t(cid:1)+γ(cid:0)(cid:107)υ−υ(cid:48)(cid:107)∞(cid:1).
Next we recall a completeness property, introduced in [27], which can be satisfied by larger classes of (even
unstable) control systems.
Definition 2.3. A control system Σ is incrementally forward complete (δ-FC) if it is forward complete and
there exist continuous functions β : R+ R+ R+ and γ : R+ R+ R+ such that for each fixed s, the
functions β(r,s) and γ(r,s) belong to c0la×ss 0 →with0respect to r0, a×nd f0or→any0t R+, any x,x Rn, and any
υ,υ , the following condition is satisfiedK:∞ ∈ 0 (cid:48) ∈
(cid:48)
∈U
(2.2) (cid:107)ξxυ(t)−ξx(cid:48)υ(cid:48)(t)(cid:107)≤β(cid:0)(cid:13)(cid:13)x−x(cid:48)(cid:13)(cid:13),t(cid:1)+γ(cid:0)(cid:107)υ−υ(cid:48)(cid:107)∞,t(cid:1).
Werefertheinterestedreaderstotheresultsin[2](resp. [27])providingacharacterization(resp. description)
of δ-ISS (resp. δ-FC) in terms of the existence of so-called incremental Lyapunov functions.
3. Systems & Approximate Equivalence Notions
We now recall the notion of system, as introduced in [22], that we later use to describe NCS as well as their
symbolic abstractions.
(cid:45)
Definition 3.1. A system S is a tuple S = (X,X ,U, ,Y,H) consisting of: a (possibly infinite) set of
0
states X; a (possibly infinite) set of initial states X X; a (possibly infinite) set of inputs U; a transition
0
(cid:45) ⊆
relation X U X; a set of outputs Y; and an output map H :X Y.
⊆ × × →
4 M.ZAMANI,M.MAZOJR,ANDA.ABATE
(cid:45) u(cid:45) u(cid:45)
A transition (x,u,x) is also denoted by x x. If x x, state x is called a u-successor of
(cid:48) (cid:48) (cid:48) (cid:48)
∈
state x. We denote by Post (x) the set of all u-successors of a state x and by U(x) the set of inputs u U
u
∈
for which Post (x) is nonempty.
u
System S is said to be:
metric, if the output set Y is equipped with a metric d:Y Y R+;
• × → 0
finite (or symbolic), if X and U are finite sets;
•
countable, if X and U are countable sets;
•
deterministic, if for any state x X and any input u U, Post (x) 1;
u
• ∈ ∈ | |≤
nondeterministic, if there exist a state x X and an input u U such that Post (x) >1;
u
• ∈ ∈ | |
(cid:45) (cid:45)
Given a system S =(X,X ,U, ,Y,H), we denote by S the size of S, defined as S := , which
0
| | | | | (cid:45) |
is equal to the total number of transitions in S. Note that it is more reasonable to consider as the
| |
size of S rather than X , as in practice it is the transitions of S that are required to be stored rather than
| |
just the states of S.
We recall the notions of (alternating) approximate (bi)simulation relation, introduced in [12, 20], which are
usefultorelatepropertiesofNCStothoseoftheirsymbolicmodels. Firstwerecallthenotionsofapproximate
(bi)simulation relation, introduced in [12].
(cid:45) (cid:45)
Definition 3.2. Let S =(X ,X ,U , ,Y ,H ) and S =(X ,X ,U , ,Y ,H ) be metric sys-
a a a0 a a a b b b0 b b b
a b
tems with the same output sets Y = Y and metric d. For ε R+, a relation R X X is said to be an
a b ∈ 0 ⊆ a× b
ε-approximate simulation relation from S to S if the following three conditions are satisfied:
a b
(i) for every x X , there exists x X with (x ,x ) R;
a0 a0 b0 b0 a0 b0
∈ ∈ ∈
(ii) for every (x ,x ) R, we have d(H (x ),H (x )) ε;
a b a a b b
∈ ≤
(iii) for every (x ,x ) R, the existence of x ua(cid:45) x in S implies the existence of x ub(cid:45) x in S
a b ∈ a a (cid:48)a a b b (cid:48)b b
satisfying (x ,x ) R.
(cid:48)a (cid:48)b ∈
A relation R X X is said to be an ε-approximate bisimulation relation between S and S if R is an
a b a b
⊆ ×
ε-approximate simulation relation from S to S and R 1 is an ε-approximate simulation relation from S to
a b − b
S .
a
System S is ε-approximately simulated by S , or S ε-approximately simulates S , denoted by S ε S , if
a b b a a b
there exists an ε-approximate simulation relation from S to S . System S is ε-approximatly bisimil(cid:22)arSto S ,
a b a b
denoted by S =ε S , if there exists an ε-approximate bisimulation relation between S and S .
a ∼ b a b
S
As explained in [20], for nondeterministic systems we need to consider relationships that explicitly capture
the adversarial nature of nondeterminism. Furthermore, these types of relations become crucial to enable the
refinement of symbolic controllers [22].
(cid:45) (cid:45)
Definition 3.3. Let S =(X ,X ,U , ,Y ,H ) and S =(X ,X ,U , ,Y ,H ) be metric sys-
a a a0 a a a b b b0 b b b
a b
tems with the same output sets Y = Y and metric d. For ε R+, a relation R X X is said to be an
a b ∈ 0 ⊆ a× b
alternating ε-approximate simulation relation from S to S if conditions (i) and (ii) in Definition 3.2, as well
a b
as the following condition, are satisfied:
(iii) for every (x ,x ) R and for every u U (x ) there exists some u U (x ) such that for every
a b a a a b b b
∈ ∈ ∈
x Post (x ) there exists x Post (x ) satisfying (x ,x ) R.
(cid:48)b ∈ ub b (cid:48)a ∈ ua a (cid:48)a (cid:48)b ∈
A relation R X X is said to be an alternating ε-approximate bisimulation relation between S and S if
a b a b
⊆ ×
R is an alternating ε-approximate simulation relation from S to S and R 1 is an alternating ε-approximate
a b −
simulation relation from S to S .
b a
System S is alternatingly ε-approximately simulated by S , or S alternatingly ε-approximately simulates S ,
a b b a
denoted by S ε S , if there exists an alternating ε-approximate simulation relation from S to S . System
a b a b
(cid:22)AS
SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS 5
⌧
⌃
uk ZOH �(t) Plant ⇠(t) Sensor xk y1
⌃:⇠˙=f(⇠,�)
e
�ca �sc
k k
Symbolic xk y2
Controller
b
Figure 1. Schematics of a networked control system Σ.
S is alternatingly ε-approximately bisimilar to S , denoted by S =ε S , if th(cid:101)ere exists an alternating ε-
a b a ∼ b
approximate bisimulation relation between S and S . AS
a b
It can be readily seen that the notions of approximate (bi)simulation relation and of alternating approximate
(bi)simulation relation coincide when the systems involved are deterministic, as in Definition 3.1.
(cid:45)
Let us define a metric system S (Σ):=(X ,X ,U , ,Y ,H ), capturing all the information contained
τ τ τ0 τ τ τ
τ
in the control system Σ, assumed to be forward complete, at the sampling times:
X =Rn;
τ
• X =Rn;
τ0
•
U = ;
τ
• x υ(cid:45)τU x if there exists a trajectory ξ :[0,τ] Rn of Σ satisfying ξ (τ)=x ;
• τ τ (cid:48)τ xτυτ → xτυτ (cid:48)τ
Y =Rn/Q for some given equivalence relation Q X X ;
τ τ τ
• ⊆ ×
H =π .
τ Q
•
Notice that the set of states and inputs of S (Σ) are uncountable and that S (Σ) is a deterministic system
τ τ
in the sense of Definition 3.1 since (cf. Subsection 2.2) the trajectory of Σ is uniquely determined. We also
assume that the output set Y is equipped with a metric d :Y Y R+.
τ Yτ τ × τ → 0
Werefertheinterestedreadersto[13,27]proposingresultsontheexistenceofsymbolicabstractionsS (Σ):=
q
(cid:45)
(X ,X ,U , ,Y ,H )forS (Σ). Inparticular,theresultsin[13]and[27]providesymbolicabstractions
q q0 q q q τ
q
S (Σ)forδ-ISSandδ-FCcontrolsystemsΣ, respectively, suchthatS (Σ)=ε S (Σ)(equivalentlyS (Σ)=ε
q q ∼ τ q ∼
S (Σ))2 and S (Σ) ε S (Σ) ε S (Σ), respectively. The proposed resultsSin [13, 27] assume that Q is tAhSe
τ q τ q
identity relation in(cid:22)thAeSdefinitio(cid:22)nSof Sτ(Σ) implying that Yτ = Rn and πQ = 1Rn, is the set of piecewise
U
constant curves of duration τ (cf. equation (4.3)), and the metric d is the natural infinity norm metric.
Yτ
Remark 3.4. ConsiderthemetricsystemS (Σ)admittinganabstractionS (Σ). SincetheplantΣisforward
τ q
complete, one can readily verify that given any state x X there always exists a υ -successor of x for any
τ τ τ τ
∈
υ U . Hence, U (x ) = U for any x X . Therefore, without loss of generality, one can also assume
τ τ τ τ τ τ τ
∈ ∈
that U (x )=U for any x X .
q q q q q
∈
4. Models of Networked Control Systems
Consider a NCS Σ as depicted schematically in Figure 1 similar to the ones in [9, Figure 1] and [23, Figure 1].
TheNCSΣincludesaplantΣ,atime-drivensampler,andanevent-drivenzero-order-hold(ZOH),allofwhich
(cid:101)
2Letusr(cid:101)ecallthatthenotionsofalternatingapproximate(bi)simulationandofapproximate(bi)simulationrelationcoincide
whenthesystemsinvolvedaredeterministicasperDefinition3.1.
6 M.ZAMANI,M.MAZOJR,ANDA.ABATE
�cka1 uk 1 Message rejected
� �
uk 2 �cka+2 uk+2
� �ca u
k+1 k+1
uk 3 �ca
� k
s s s s s s
k 1 k k+1 k+2 k+3 k+4
�
Figure 2. Time-delays in the controller-to-actuator branch of the network with ∆ca τ,2τ,3τ .
k ∈{ }
aredescribedinmoredetailafterwards. TheNCSconsistsofaforwardcompleteplantΣ=(Rn,U, ,f),which
U
is connected to a symbolic controller, explained in more detail in the next subsection, over a communication
networkthatinducesdelays(∆sc and∆ca). Thestatemeasurementsoftheplantaresampledbyatime-driven
sampler at times s :=kτ, k N , and we denote x :=ξ(s ). The discrete-time control values computed by
k 0 k k
∈
thesymboliccontrollerattimess aredenotedbyu . Time-varyingnetwork-induceddelays,i.e. thesensor-to-
k k
controllerdelay(∆sc)andthecontroller-to-actuatordelay(∆ca), areincludedinthemodel. Moreover, packet
k k
dropouts in both channels of the network can be incorporated in the delays ∆sc and ∆ca (enlarging them) as
k k
long as the maximum number of subsequent dropouts over the network is bounded [14]. Finally, the varying
computation time, needed to evaluate the symbolic controller, is incorporated into ∆ca. We assume that the
k
time-varying delays are bounded and are integer multiples of the sampling time τ, i.e. ∆sc := Nscτ, where
k k
Nsc [Nsc ;Nsc ], and ∆ca := Ncaτ, where Nca [Nca ;Nca ], for some Nsc ,Nsc ,Nca ,Nca N .
k ∈ min max k k k ∈ min max min max min max ∈ 0
Undertheseassumptions,thereisnodifferenceinassumingthatboththecontrollerandtheactuatoractinan
event-drivenfashion(i.e. theyrespondinstantaneouslytonewlyarriveddata)ortime-drivenfashion(i.e. they
respondtonewlyarriveddataatthesamplinginstantss ). Furthermore,wemodeltheoccurrenceofmessage
k
rejection, i.e. the effect of older data being neglected because more recent data is available before the older
data arrival, as done in [9, 23]. The zero-order-hold (ZOH) function (see Figure 1) is placed before the plant
Σ to transform the discrete-time control inputs u , k N , to a continuous-time control input υ(t) = u ,
k 0 k∗(t)
where k (t):=max k N s +∆ca t . As argued∈in [9, 23], in the sampling interval [s ,s [, υ(t) can
∗ { ∈ 0 | k k ≤ } k k+1
be explicitly described by
(4.1) υ(t)=uk+j∗−Nmcaax, for t∈[sk,sk+1[,
where j [0;Nca Nca ] is defined as:
∗ ∈ max− min
(cid:16) (cid:17)
(4.2) j∗ =f(cid:98) N(cid:98)Nmcain,...,N(cid:98)Nmcaax ,
where N , for k [Nca ;Nca ], is the delay suffered by the control packet sent k samples ago, namely
k ∈ min max
NNmcaax−(cid:98)i =Nkc−aNmcaax+i for any i∈[0;Nmcaax−Nmcain] and
(cid:16) (cid:17) (cid:26) (cid:16) (cid:17)(cid:27)
(cid:98) f(cid:98) N(cid:98)Nmcain,...,N(cid:98)Nmcaax =max argmjing(cid:98) j,N(cid:98)Nmcain,...,N(cid:98)Nmcaax ,
where
(cid:16) (cid:17) (cid:110) (cid:110) (cid:111) (cid:110) (cid:111)
g(cid:98) j,N(cid:98)Nmcain,...,N(cid:98)Nmcaax =min max 0,N(cid:98)Nmcaax−j+j−Nmcaax ,max 0,N(cid:98)Nmcaax−1−j+j−Nmcaax+1 ,
(cid:110) (cid:111) (cid:111)
...,max 0,N(cid:98)Nmcain −Nmcain ,1 ,
with j [0;Nca Nca ]. Note that the expression for the continuous-time control input in (4.1) and (4.2)
∈ max− min
takes into account the possible out-of-order packet arrivals and message rejection. For example, in Figure 4,
the time-delays in the controller-to-actuator branch of the network are allowed to take values in τ,2τ,3τ ,
{ }
resulting in a message rejection at time s . We refer the interested readers to references [9, 23] for more
k+2
details on the proposed choices for j (4.2), f, and g.
∗
(cid:98) (cid:98)
SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS 7
4.1. Symbolic controller architecture. A symbolic controller is a finite system that take the observed
states x Rn as inputs and produces as outputs the actions u U that need to be fed into the system Σ
k k
∈ ∈
in order to satisfy some complex logical specifications. We refer the interested readers to [22] to consult the
formal definition of symbolic controllers. Although for some LTL specifications such as safety or reachability
it may be sufficient to consider only static controllers (i.e. without memory) [11], we do not limit our work
by this assumption. The approach in what follows is indeed applicable to general LTL specifications, which
require dynamic controllers (i.e. the controller has a memory) [5]. Due to the presence of a ZOH, from now
on we assume that the set contains only curves that are constant over intervals of length τ R+ and take
U ∈
values in U, i.e.:
(4.3) U =(cid:8)υ:R+ →U|υ(t)=υ((s−1)τ),t∈[(s−1)τ,sτ[,s∈N(cid:9).
0
Correspondingly, one should update U to (4.3) in the definition of S (Σ) (cf. Section 3).
τ τ
U
Similar to what was assumed in the connection between controller and plant, we also consider the possible
occurrenceofmessagerejectionforthemeasurementdatasentfromthesensortothesymboliccontroller. The
symbolic controller uses x as an input at the sampling times s :=kτ, where
k k
(4.4) x(cid:98)k =xk+(cid:96)∗−Nmscax,
(cid:98)
where (cid:96) [0;Nsc Nsc ] is defined as:
∗ ∈ max− min
(cid:16) (cid:17)
(4.5) (cid:96)∗ =f(cid:98) N(cid:101)Nmscin,...,N(cid:101)Nmscax ,
where N , for k [Nsc ;Nsc ], is the delay suffered by the measurement packet sent k samples ago, namely
k ∈ min max
NexNpmsrceaxs−si(cid:101)ion=foNrkstc−hNemscianxp+uitfoorf tahneycio∈ntr[0o;llNermscianx(−4.N4)mscainn]d, a(4n.d5)ftaisketsheinftuonacctcioonunatptpheearpinosgsiibnle(4o.u2t)-.ofN-oortdeetrhpaatctkheet
a(cid:101)rrivals and message rejection. Again, we refer the interest(cid:98)ed readers to references [9, 23] for more details on
the proposed choice for (cid:96) (4.5).
∗
4.2. DescriptionofNCSasmetricsystems. GivenS (Σ)andtheNCSΣ,nowconsiderthemetricsystem
τ
(cid:45)
S(Σ):=(X,X ,U, ,Y,H), capturing all the information contained in the NCS Σ, where:
0
(cid:101)
(cid:101) • X ={Xτ ∪q}Nmscax ×UτNmcaax ×[Nmscin;Nmscax]Nmscax ×[Nmcain;Nmcaax]Nmcaax, where q i(cid:101)s a dummy symbol;
X = x ,q,...,q,υ ,...,υ ,Nsc ,...,Nsc ,Nca ,...,Nca x X ,υ U ;
• 0 0 0 0 max max max max | 0 ∈ τ0 0 ∈ τ
• U =U(cid:110)τ(cid:0); (cid:1)υ(cid:45) (cid:111)
x1,...,xNsc ,υ1,...,υNca ,N1,...,NNsc ,N1,...,NNca x(cid:48),x1,...,xNsc 1,υ,υ1,...,
• max max max max max−
υ(cid:16)Nmcaax−1,N,N1,...,NNmscax−1,N(cid:101),N1,..(cid:101).,NNmcaa(cid:98)x−1 for(cid:98)allN(cid:17)∈[Nmsci(cid:16)n;Nmscax]andallN ∈[Nmcain;Nmcaax]
if there ex(cid:101)ists(cid:101)transit(cid:101)ion x1 υNm(cid:98)caaτx−(cid:98)(cid:45)j∗ x(cid:48) in(cid:98)Sτ(Σ) w(cid:17)here j∗(cid:101)=f NNmcain,...,NNmcaax ,(cid:98)defined in (4.2);
Y =Yτ Yτ; (cid:16) (cid:17)
• × (cid:98) (cid:98) (cid:98)
• H x1,...,xNmscax,υ1,...,υNmcaax,N1,...,NNmscax,N1,...,NNmcaax = Hτ(x1),Hτ xNmscax−(cid:96)∗ where(cid:96)∗ =
f (cid:16)NNmscin,...,NNmscax , defined in(cid:101)(4.5). W(cid:101) ith a(cid:98)slight ab(cid:98)use o(cid:17)f not(cid:0)ation, we ass(cid:0)ume that(cid:1)H(cid:1)τ(q):=q.
(cid:16) (cid:17)
Note tha(cid:98)t th(cid:101)e choice of(cid:101)the set of state X in S(Σ) allows us to keep track of an adequate number of measure-
ments and control packets and the corresponding delays suffered by them, which is sufficient and necessary
in order to consider out-of-order packet arrival(cid:101)s and message rejections. The transition relation of S(Σ) is
capturing in a nondeterministic fashion all the possible successors of a given state of S(Σ) based on all the
possible ordering of measurements arriving to the controller and of inputs arriving to the ZOH. (cid:101)
(cid:101)
Let us remark that the set of states and inputs of S(Σ) are uncountable and that S(Σ) is a nondeterministic
system in the sense of Definition 3.1, since depending on the values of N and N, more than one υ-successor
of any state of S(Σ) may exist. (cid:101) (cid:101)
(cid:101) (cid:98)
(cid:101)
8 M.ZAMANI,M.MAZOJR,ANDA.ABATE
Remark 4.1. Note that the output value of any state of S(Σ) is a pair: the first entry is the output of the
plant available at the sensors at times s :=kτ, and the second one is the output of the plant available at the
k
controller at the same times s taking into consideration the(cid:101)occurrence of message rejection (cf. see Figure
k
1 for the pair of outputs). Note that, with the output map defined as we suggest, the synthesis of controllers
should be performed using the first entries of the output pairs to define the satisfaction of properties. This
is so because usually specifications are expressed in terms of the outputs exhibited by the plant, i.e. what
is available at the sensors before the network. However, the controller refinement (and any interconnection
analysis) should make use of the second entry of the output pairs as those are the outputs received by the
controllers. In the present paper we do not dive further into these issues, which are left as object of future
research.
We assume that the output set Y is equipped with the metric d that is induced by the metric d ,
Y Yτ
as the following: given any x := x1,...,xNsc ,υ1,...,υNca ,N1,...,NNsc ,N1,...,NNca and x(cid:48) :=
max max max max
x ,...,x ,υ ,...,υ ,N ,...(cid:16),N ,N ,...,N in X, we set (cid:17)
(cid:48)1 (cid:48)Nmscax 1(cid:48) N(cid:48) mcaax 1(cid:48) N(cid:48)mscax 1(cid:48) N(cid:48)mcaax (cid:101) (cid:101) (cid:98) (cid:98)
((cid:16)4.6) d (cid:0)H(x ),H(cid:0)x(cid:48)(cid:1)(cid:1)=d (cid:0)(x ,x ),(x(cid:48),x(cid:48))(cid:1):=max(cid:8)d(cid:17) (cid:0)H (x ),H (cid:0)x(cid:48)(cid:1)(cid:1),d (cid:0)H (x ),H (cid:0)x(cid:48)(cid:1)(cid:1)(cid:9),
Y τ τ (cid:101)Y 1 (cid:101)k 1 (cid:98)k (cid:98) Yτ τ 1 τ 1 Yτ τ k τ k
forsomegivenk [Nsc ;Nsc ], whereweextendthemetricd suchthatd (H (x),H (q))=+ forany
∈ min max Yτ Yτ τ τ ∞
x Rn and d (H (q),H (q))=0. Hence, two states of S(Σ) are ε-close if not only the first entries of their
∈ Yτ τ τ
outputs are ε-close but also if the second entries are too.
(cid:101)
5. Symbolic Models for NCS
This section contains the main contributions of the paper. We show the existence and construction of
symbolic models for NCS by using an existing symbolic model for the plant Σ, namely a model S (Σ) :=
q
(cid:45)
(X ,X ,U , ,Y ,H ).
q q0 q q q
q
(cid:45)
Define the metric system S (Σ):= X ,X ,U , ,Y ,H , where
0
∗ ∗ ∗ ∗ ∗ ∗
∗
(cid:16) (cid:17)
X = X q Nmscax (cid:101)UNmcaax [Nsc ;Nsc ]Nmscax [Nca ;Nca ]Nmcaax;
• X∗ ={ (xq∪,q},...,q×,u q,...,×u ,mNinsc ,m.a.x.,Nsc ×,Ncmain,...m,aNxca ) x X ,u U ;
• ∗0 { ∗0 ∗0 ∗0 max max max max | ∗0 ∈ q0 ∗0 ∈ q}
U =U ;
q
•• x∗∗1,...,x∗Nmscax,u∗1,...,u∗Nmcaax,N∗1,...,N∗Nmscax,N∗1,...,N∗Nmcaax u∗(cid:45)∗ x(cid:48)∗,x∗1,...,x∗(Nmscax−1),u∗,
u(cid:16) ,...,u ,N ,N ,...,N ,N ,N ,...,N (cid:17) for a(cid:16)ll N [Nsc ;Nsc ] and
∗1 ∗(Nmcaax−1) ∗ ∗1 (cid:101)∗(Nmscax−1)(cid:101) ∗ ∗(cid:98)1 ∗(cid:98)(Nmcaax−1) ∗ ∈ min max
all N∗ ∈[Nmcain;Nmcaax(cid:101)] if t(cid:101)here exis(cid:101)ts transition(cid:98)x∗1(cid:98) u∗(Nmcaqax−(cid:98)j(cid:45)∗) x(cid:48)∗ in(cid:17)Sq(Σ) whe(cid:101)re
j∗ =(cid:98)f N∗Nmcain,...,N∗Nmcaax , defined in (4.2);
Y =Yq(cid:16) Yq; (cid:17)
• ∗ (cid:98) ×(cid:98) (cid:98)
• H∗ x∗1,...,x∗Nmscax,u∗1,...,u∗Nmcaax,N∗1,...,N∗Nmscax,N∗1,...,N∗Nmcaax = Hq(x∗1),Hq x∗(Nmscax−(cid:96)∗)
whe(cid:16)re (cid:96)∗ = f N∗Nmscin,...,N∗Nmscax (cid:101), defined(cid:101)in (4.5(cid:98)). With(cid:98)a slig(cid:17)ht a(cid:0)buse of notat(cid:0)ion, we set(cid:1)(cid:1)
Hq(q):=q. (cid:16) (cid:17)
(cid:98) (cid:101) (cid:101)
It can be readily seen that the system S (Σ) is countable or symbolic if the system S (Σ) is countable or
q
∗
symbolic, respectively. Although S (Σ) may be a deterministic system, S (Σ) is always a nondeterministic
q
system, sincedependingonthepossibledela(cid:101)ysinbothchannelsofthenetwo∗rk(i.e. thevaluesofN andN ),
more than one u -successor of any state of S (Σ) may exist. The system S(cid:101)(Σ) is constructed in∗the sam∗e
way as S(Σ) but∗replacing continuous states, i∗nputs, and transition relation o∗f S (Σ) with the cor(cid:101)respond(cid:98)ing
τ
ones in S (Σ). (cid:101) (cid:101)
q
(cid:101)
SYMBOLIC MODELS FOR NETWORKED CONTROL SYSTEMS 9
⌧
Sq(⌃) S (⌃)orS (⌃) ⌃
Plant ⇤ e ⇤ e uk ZOH �(t) ⌃:⇠˙P=lanft(⇠,�) ⇠(t) Sensor xk
⇠ ⌃:⇠˙=f(⇠,�) ⇠ e
�ca �sc
k k
Figure 3. The symbol represents any of the following relations: ε , ε , and =ε .
∼ S(cid:23) (cid:22)AS ∼AS
⌧
⌃
u �(t) Plant ⇠(t) x
k ZOH Sensor k
⌃:⇠˙=f(⇠,�)
e
�ca �sc
k k
u x
q Main Block q '
Symbolic Controller
⌧
⌃
u �(t) Plant ⇠(t) x
k ZOH Sensor k
⌃:⇠˙=f(⇠,�)
'
e
�ca �sc
k k
u x
q q
Main Block
Symbolic Controller
Figure 4. Shifting functions ϕ and ψ for the symbolic controller to the other side of the
communication network.
We can now state the first pair of main technical results of this work, schematically represented in Figure 3.
Theorem 5.1. Consider a NCS Σ and suppose that there exists an abstraction S (Σ) such that S (Σ) ε
q q
S (Σ) ε S (Σ). Then we have S (Σ) ε S(Σ) ε S (Σ). (cid:22)AS
τ q
(cid:22)S ∗(cid:101) (cid:22)AS (cid:22)S ∗
The proof of Theorem 5.1 is provide(cid:101)d in the Ap(cid:101)pendix. (cid:101)
Corollary 5.2. Consider a NCS Σ and suppose that there exists an abstraction S (Σ) such that S (Σ)=ε
q q ∼
S (Σ). Then we have S (Σ)=ε S(Σ). AS
τ ∼
∗ AS (cid:101)
Proof. Using Theorem 5.1(cid:101)one gets t(cid:101)hat S (Σ) ε S (Σ) implies S (Σ) ε S(Σ) equipped with the alter-
q τ
(cid:22)AS ∗ (cid:22)AS
nating ε-approximate simulation relation R as defined in the proof of Theorem 5.1. In a similar way, one can
showthatS (Σ) ε S (Σ)impliesS(Σ) ε S (Σ)equippedwiththe(cid:101)alternatin(cid:101)gε-approximatesimulation
τ q
relation R 1 whic(cid:22)hAcSompletes the proof. (cid:22)(cid:101)AS ∗ (cid:3)
−
(cid:101) (cid:101)
(cid:101)
10 M.ZAMANI,M.MAZOJR,ANDA.ABATE
Remark 5.3. By consulting the formal definition of symbolic controllers in [22], one can readily verify the
existence of two static functions ϕ:X X and ψ :U U, inside the symbolic controllers, associating to
τ q q
→ →
any x X one symbol x X and to any symbol u U one control value u U, respectively, as shown
τ τ q q q q τ
∈ ∈ ∈ ∈
in Figure 4. Since the functions ϕ and ψ are static, without violating the main results one can shift those
functions toward sensor and actuator in the NCS as shown in Figure 4. If S (Σ) is symbolic, then U and X
q q q
are finite sets. Hence, one can automatically take care of limited bandwidth constraints without introducing
additional quantization errors. As also noted in [8, 7], for the grid-based symbolic abstractions S (Σ) proposed
q
in [13,27], one has: ψ =1 and ϕ:x [x] , where [x] [Rn] such that x [x] η/2 for a given state
Uq → η η ∈ η (cid:107) − η(cid:107)≤
space quantization parameter η R+.
∈
The next subsection provides similar results as the ones in Theorem 5.1 and Corollary 5.2 when the symbolic
controller is static.
5.1. Specialized results for static symbolic controllers. There are specifications, such as safety and
reachability [11], that can be enforced by static controllers. Assuming that the symbolic controller is static,
bothdelays∆sc and∆ca canbecapturedbyasingledelay∆ :=∆sc+∆ca [9,23]andshiftedtothecontroller-
k k k k k
to-actuator branch of the network: that is, denoting by ∆sc/ca the delays in the new model, we have ∆sc =0
k k
and ∆ca =∆ . Therefore, one can also only consider the occurrence of message rejection in the control data.
k k
(cid:101) (cid:101)
(cid:45)
Given S (Σ) and the NCS Σ, now consider the metric system S(Σ) := (X,X ,U, ,Y,H), capturing all
(cid:101) τ 0
the information contained in the NCS Σ, where:
(cid:101) (cid:101)
• X =Xτ ×UτNmax ×[Nmin;Nma(cid:101)x]Nmax;
X = (x ,υ ,...,υ ,N ,...,N ) x X ,υ U ;
0 0 0 0 max max 0 τ0 0 τ
• { | ∈ ∈ }
U =U ;
τ
• υ(cid:45)
(x ,υ ,...,υ ,N ,...,N ) (x,υ,υ ,...,υ ,N,N ,...,N ) for all
• N1 [1N ;NNmax] if1there exNismtasxtransition(cid:48)x υN1max−(cid:45)j∗Nxmaxin−1S (Σ)1where jNm=axf−1(N ,...,N ),
∈ min max 1 τ (cid:48) τ ∗ Nmin max
defined in (4.2);
Y =Y ; (cid:98)
τ
•
H(x ,υ ,...,υ ,N ,...,N )=H (x ),
• 1 1 Nmax 1 Nmax τ 1
where N = Nsc +Nca and N = Nsc +Nca . Note that the set of states and inputs of S(Σ) are
min min min max max max
uncountable and that S(Σ) is a nondeterministic system, since depending on the values of N, more than one
υ-successor of any state of S(Σ) may exist. (cid:101)
(cid:101)
We now propose a symbolic model for the NCS Σ using an existing symbolic model for Σ, namely, S (Σ) :=
(cid:45) (cid:101) q
(X ,X ,U , ,Y ,H ).
q q0 q q q
q
(cid:101)
(cid:45)
Define the metric system S (Σ):= X ,X ,U , ,Y ,H , where
0
∗ ∗ ∗ ∗ ∗ ∗
∗
(cid:16) (cid:17)
• X∗ =Xq×UqNmax ×[(cid:101)Nmin;Nmax]Nmax;
X = (x ,u ,...,u ,N ,...,N ) x X ,u U ;
0 0 0 0 max max 0 q0 0 q
• ∗ { ∗ ∗ ∗ | ∗ ∈ ∗ ∈ }
U =U ;
q
• (x∗ ,u ,...,u ,N ,...,N ) u(cid:45)∗ x ,u ,u ,...,u ,N ,N ,...,N for
• all∗1N ∗1[N ;∗NNmax ] if∗1there ex∗iNstmsaxtrans∗ition(cid:0)x(cid:48)∗ ∗u∗(N∗m1ax−j(cid:45)∗) ∗x(NminaxS−1()Σ)∗whe∗r1e ∗(Nmax−1)(cid:1)
min max 1 (cid:48) q
∗ ∈ ∗ q ∗
j =f(N ,...,N ), defined in (4.2);
∗ ∗Nmin ∗Nmax
Y =Y ;
q
• ∗
H x(cid:98),u ,...,u ,N ,...,N =H (x ).
• ∗ ∗1 ∗1 ∗Nmax ∗1 ∗Nmax q ∗1
(cid:0) (cid:1)
