Symbolic Models for Infinite Networks of Control Systems: A Compositional Approach
SSYMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: ACOMPOSITIONAL APPROACH
SIYUAN LIU , NAVID NOROOZI , AND MAJID ZAMANI , Abstract.
This paper presents a compositional framework for the construction of symbolic models for anetwork composed of a countably infinite number of finite-dimensional discrete-time control subsystems. Werefer to such a network as infinite network. The proposed approach is based on the notion of alternatingsimulation functions. This notion relates a concrete network to its symbolic model with guaranteed mismatchbounds between their output behaviors. We propose a compositional approach to construct a symbolic modelfor an infinite network, together with an alternating simulation function, by composing symbolic models andalternating simulation functions constructed for subsystems. Assuming that each subsystem is incrementallyinput-to-state stable and under some small-gain type conditions, we present an algorithm for orderly con-structing local symbolic models with properly designed quantization parameters. In this way, the proposedcompositional approach can provide us a guideline for constructing an overall symbolic model with any desiredapproximation accuracy. A compositional controller synthesis scheme is also provided to enforce safety prop-erties on the infinite network in a decentralized fashion. The effectiveness of our result is illustrated througha road traffic network consisting of infinitely many road cells. Introduction
Over the past few decades, large-scale interconnected systems have emerged in a wide range of safety-criticalapplications, such as traffic networks, smart manufacturing, and power networks. In such applications, thenumber of agents can be extremely large, possibly unknown, or even vary over time as agents plug in and out.Unless rigorously addressed, such scalability issues may dramatically degrade system performance [1, 2]. It isa reasonable strategy to over-approximate the original network with the limit case in size , in the sense thatwe introduce a network having infinitely many subsystems which includes the original network. We call thisover-approximated network an infinite network [3, 4, 5]. Note that as a special class of infinite-dimensionalsystems, infinite networks require a rigorous treatment with careful choice of the infinite-dimensional statespace of the overall network. It is widely acknowledged that infinite networks capture the essence of theoriginal network, in the sense that functionality indices, e.g. transient and steady-states behaviors, of aninfinite network are preserved for its corresponding original finite network; see, e.g., [1, 6]. In that way, onecan eventually develop scale-free (i.e., independent of the system size) approaches for the analysis and controlof a finite, but arbitrarily large network [7, 8, 6, 9].This paper is mainly concerned with symbolic controller synthesis for infinite networks. In the past fewyears, symbolic model (a.k.a. finite abstraction) based techniques have been widely developed to assist in theanalysis/synthesis of controllers enforcing complex specifications which are difficult to handle using classicalcontrol design methods [10, 11, 12]. Specifically, symbolic models are abstract descriptions of original dynamics.In this regard, one can first build up a symbolic model of the original complex system, then perform analysisor synthesis over the symbolic model in an automated fashion (employing automata-theoretic techniquesdeveloped in the computer science literatures [13]), and finally translate the results back to the originalsystem with correctness guarantees. A major challenge in the construction of symbolic models for large-scale networks is the curse of dimensionality , i.e., the computational complexity of constructing symbolicmodels grows exponentially with the dimension of the system. In this paper, we aim at proposing a scale-freeapproach to alleviate the computational complexity in the construction of symbolic models for arbitrarilylarge-scale (potentially infinite) networks. A promising solution is to apply a divide and conquer scheme, a r X i v : . [ ee ss . S Y ] F e b SIYUAN LIU , NAVID NOROOZI , AND MAJID ZAMANI , namely, compositional approach . In this framework, the overall network is decomposed into a set of finitelower-dimensional subsystems, for which symbolic models can be individually constructed in a computationallyefficient way. Then, a symbolic model for the overall network can be obtained by aggregating those of thesubsystems. Various compositional approaches have been explored in the past decade for the constructionof symbolic models; see, e.g., [14, 15, 16, 17, 18, 19, 20]. The results in [14, 15, 17, 18] leverage small-gaintype conditions to compositionally construct so-called complete abstractions for a finite network. The resultspresented in [16] introduce a different compositionality framework based on dissipativity theory. The recentresults in [19, 20] provide compositional construction of so-called sound abstractions for a large-scale systemwithout imposing compositionality conditions. Although promising, all of the above-mentioned compositionalapproaches are typically tailored to a network composed of a finite number of subsystems and do not addressthe scalability issues discussed earlier.In this paper, we develop a compositional approach for the construction of symbolic models for infinite net-works. We first introduce a notion of so-called alternating simulation functions used to relate an infinitenetwork to its symbolic model with bounded mismatch between the output behaviors of them. Then, weprovide a compositionality result showing that an overall symbolic model can be obtained by composing thoseof subsystems. Particularly, for a network composed of infinitely many incrementally input-to-state stablecontrol subsystems, we leverage a recently presented small-gain theorem [4] and present an algorithm to de-sign quantization parameters for the construction of local symbolic models and local simulation functions ina systematic way. In particular, we give a top-down , still compositional, algorithm computing local quantiza-tion parameters with the guarantee of obtaining an overall symbolic model with any desired precision. Thisdifferentiates our approach from existing ones as discussed in the sequel (cf. Related Works below). Moreover,we present a decentralized controller synthesis approach for an infinite network that needs to meet safety specifications. It is shown that by composing local safety controllers which are synthesized for subsystemsindividually, the resulting overall controller enforces the safety specification on the overall infinite networkwith a formal guarantee. Finally, the effectiveness of our proposed framework is verified through a road trafficnetwork containing infinitely many road cells. Related Works.
There have been several attempts on the construction of symbolic models for infinite-dimensional systems [21, 22]. The result in [21] deals with continuous time-delay systems, for which symbolicmodels are obtained by projecting the infinite-dimensional functional state-space on a finite-dimensional sub-space. The result in [22] provides a state-space discretization-free approach which can be applied to possiblyinfinite-dimensional incrementally stable control systems. Although the results in [21, 22] are developed for(time-delay) infinite-dimensional systems, either state or input sets can be infinite dimensional. Here, we allowboth state and input sets to be in infinite-dimensional space. Moreover, the results in [21, 22] take a monolithicview of the systems while constructing symbolic models. Therefore, in the case of potential application toan infinite network, the results in [21, 22] lose the network structure, and hence, they cannot be used fordistributed control purposes. Here, we propose a compositional approach for the construction of symbolicmodels for infinite networks, such that the network structures are preserved. A preliminary investigation ofour proposed method appeared in [9]. Our results here improve and extend those in [9] in three directions:1) In this paper, we provide a detailed and mature description of the results presented in [9], including allproofs. 2) Here, we provide a top-down compositional framework: under certain small-gain type conditions,an algorithm is provided as a guideline to orderly design local quantization parameters with the guaranteeof obtaining an overall symbolic model with any desired precision. Whereas [9] presents a bottom-top designapproach, in the sense that one needs to first design local quantization parameters for subsystems and thenuse them to compute the overall approximation error. 3) In comparison with the proposed results in [9], dueto the less conservatism in the definitions of alternating simulation functions in our work (cf. Definitions 3and 5), our compositional approach can potentially provide symbolic models for infinite networks with muchsmaller approximation errors (cf. case study in Section 5).
YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 3 Preliminaries
Notation:
We denote by R , N , and N the sets of real numbers, non-negative integers, and positive integers,respectively. We denote the closed, open, and half-open intervals in R by [ a, b ], ( a, b ), [ a, b ), and ( a, b ],respectively. For a, b ∈ N and a ≤ b , we use [ a ; b ], ( a ; b ), [ a ; b ), and ( a ; b ] to denote the corresponding intervalsin N . Given any ν = ( ν , · · · , ν n ) ∈ R n , we define by | ν | = max ≤ i ≤ n | ν i | the infinity norm of ν . We denoteby card( · ) the cardinality of a given set and by ∅ the empty set. For any set S ⊆ R n of the form of finiteunion of boxes, e.g., S = (cid:83) Mj =1 S j for some finite number M ∈ N , where S j = (cid:81) ni =1 [ c ji , d ji ] ⊆ R n with c ji < d ji ,we define span ( S ) = min j =1 ,...,M η S j and η S j = min {| d j − c j | , . . . , | d jn − c jn |} . Moreover, for a set in the formof X = (cid:81) Ni =1 X i , where X i ⊆ R n i , ∀ i ∈ [1; N ], are of the form of finite union of boxes, and any positive(component-wise) vector φ = [ φ ; . . . ; φ N ] with φ i ≤ span ( X i ), ∀ i ∈ [1; N ], we define [ X ] φ = (cid:81) Ni =1 [ X i ] φ i ,where [ X i ] φ i = [ R n i ] φ i ∩ X i and [ R n i ] φ i = { a ∈ R n i | a j = k j φ i , k j ∈ Z , j = 1 , . . . , n i } . Note that if φ = [ η ; . . . ; η ], where 0 ≤ η ≤ span ( S ), we simply use notation [ S ] η rather than [ S ] φ . Note that [ S ] η (cid:54) = ∅ forany 0 ≤ η ≤ span ( S ). We use the notations K and K ∞ to denote different classes of comparison functions,as follows: K = { α : R ≥ → R ≥ | α is continuous, strictly increasing, and α (0) = 0 } ; K ∞ = { α ∈ K| lim r →∞ α ( r ) = ∞} . For α, γ ∈ K ∞ we write α ≤ γ if α ( r ) ≤ γ ( r ), and, with a slight abuse of the notation, α = c if α ( r ) = cr for all c, r ≥
0. Finally, we denote by id the identity function over R ≥ , i.e., id( r ) = r for all r ∈ R ≥ .2.1. Infinite networks.
In this paper, we study the interconnection of a countably infinite number ofdiscrete-time control subsystems. Using N as the index set, the i -th subsystem is denoted by a tupleΣ i = ( X i , U i , W i , f i , Y i , h i ), where X i ⊆ R n i , U i ⊆ R m i , W i ⊆ R p i , Y i ⊆ R q i , are the state, externalinput, internal input, and output set, respectively. The set valued map f i : X i × U i × W i ⇒ X i is the statetransition function and h i : X i → Y i is the output map. The discrete-time control subsystem Σ i is describedby difference inclusions of the formΣ i : (cid:26) x i ( k + 1) ∈ f i ( x i ( k ) , ν i ( k ) , ω i ( k )) , y i ( k ) = h i ( x i ( k )) , (1)where x i : N → X i , y i : N → Y i , ν i : N → U i , and ω i : N → W i are the state, output, externalinput, and internal input signals, respectively. System Σ i is called deterministic if card( f i ( x i , u i , w i )) ≤ ∀ x i ∈ X i , ∀ u i ∈ U i , ∀ w i ∈ W i , and non-deterministic otherwise. System Σ i is called discrete if X i , U i , W i arefinite sets, and continuous otherwise.Throughout the paper, we assume that each subsystem Σ i is affected by finitely many neighbors. For each i ∈ N , the set of in-neighbors of Σ i is denoted by N i ⊂ N \ { i } , i.e. the set of subsystems Σ j , j ∈ N i , directlyinfluencing Σ i . On the other hand, the set of out-neighbors of Σ i , denoted by M i ⊂ N \ { i } , is the set of Σ j , j ∈ M i , directly affected by Σ i . Sets N i and M i are finite, though not necessarily uniformly. Formally, theinput-output structure of each subsystem Σ i , i ∈ N , is given by w i = ( w ij ) j ∈N i ∈ W i := (cid:89) j ∈N i W ij , (2) y i = ( y ij ) j ∈ ( i ∪M i ) ∈ Y i := (cid:89) j ∈ ( i ∪M i ) Y ij , (3) h i ( x i ) = ( h ij ( x i )) j ∈ ( i ∪M i ) , (4)with w ij ∈ W ij , y ij = h ij ( x i ) ∈ Y ij . The outputs y ii are considered as external ones, whereas y ij , j ∈ M i , areinterpreted as internal ones which are used to construct an interconnection of subsystems.In the sequel, we denote by (cid:96) ∞ the Banach space of all uniformly bounded sequences s = ( s i ) i ∈ N ∈ (cid:96) ∞ , where s i ∈ R n i denotes the i -th position of a sequence s ∈ (cid:96) ∞ . The (cid:96) ∞ space is defined as (cid:96) ∞ ( N , ( n i )) := (cid:26) s = ( s i ) i ∈ N : s i ∈ R n i , sup i ∈ N | s i | < ∞ (cid:27) , (5) SIYUAN LIU , NAVID NOROOZI , AND MAJID ZAMANI , endowed with the norm (cid:107) s (cid:107) := sup i ∈ N | s i | . Moreover, we use (cid:96) ∞ + to denote the positive cone in (cid:96) ∞ consistingof all vectors s ∈ (cid:96) ∞ with s i ≥ , i ∈ N . We denote by int( (cid:96) ∞ + ) the interior of (cid:96) ∞ + .Now, we are ready to provide a formal definition of the infinite network. Definition 1.
Consider subsystems Σ i = ( X i , U i , W i , f i , Y i , h i ) , i ∈ N , with input-output structure given by (2) to (4) . An infinite network is formally a tuple Σ = (
X, U, f, Y, h ) , where X = { x = ( x i ) i ∈ N : x i ∈ X i } , U = { u = ( u i ) i ∈ N : u i ∈ U i } , f ( x, u ) = { ( x + i ) i ∈ N | x + i ∈ f i ( x i , u i , w i ) } , Y = (cid:81) i ∈ N Y ii , h ( x ) = ( h ii ( x i )) i ∈ N . A concrete infinite network Σ = (
X, U, f, Y, h ) , denoted by Σ = I (Σ i ) i ∈ N , consists of infinitely many continuous subsystems Σ i , with the interconnection variables constrained by ∀ i ∈ N , ∀ j ∈ N i , w ij = y ji , Y ji ⊆ W ij . (6) An abstract infinite network ˆΣ = ( ˆ X, ˆ U , ˆ f , ˆ Y , ˆ h ) , denoted by ˆΣ = I ( ˆΣ i ) i ∈ N , is composed of infinitely many discrete subsystems, with the interconnection variables constrained by ∀ i ∈ N , ∀ j ∈ N i , | ˆ y ji − ˆ w ij | ≤ φ ij , [ ˆ Y ji ] φ ij ⊆ ˆ W ij , (7) where φ ij ∈ R ≥ is an internal input quantization parameter designed later (cf. Definition 9). Throughout the paper, we assume that f ( x, u ) ∈ X for all ( x, u ) ∈ X × U , which ensures that the infinitenetwork is well-posed. Remark 2.
Note that in Definition 1, the interconnection constraint in (6) for the concrete network isdifferent from (7) for the abstract network. For a network of symbolic models, we allow for possibly differentgranularities of finite internal input sets ˆ W ij and output sets ˆ Y ji , and introduce parameters φ ij in (7) forhaving a well-posed interconnection. The values of φ ij will be designed later in Definition 9 while constructinglocal symbolic models of subsystems. (cid:5) Alternating simulation functions.
Here, we provide a notion of alternating simulation functions whichquantitatively relate two infinite networks.
Definition 3.
Consider infinite networks
Σ = (
X, U, f, Y, h ) and ˆΣ = ( ˆ X, ˆ U , ˆ f , ˆ Y , ˆ h ) , where ˆ Y ⊆ Y . For (cid:36) ∈ R ≥ , a function ˜ V : X × ˆ X → R ≥ is called an (cid:36) -approximate alternating simulation function ( (cid:36) -ASF)from ˆΣ to Σ , if there exists a function α ∈ K ∞ such that(i) For all x ∈ X , ˆ x ∈ ˆ X , one has α ( (cid:107) h ( x ) − ˆ h (ˆ x ) (cid:107) ) ≤ ˜ V ( x, ˆ x ); (8) (ii) For all x ∈ X and ˆ x ∈ ˆ X with ˜ V ( x, ˆ x ) ≤ (cid:36) , for all ˆ u ∈ ˆ U , there exists u ∈ U such that for all x + ∈ f ( x, u ) ,there exists ˆ x + ∈ ˆ f (ˆ x, ˆ u ) so that ˜ V ( x + , ˆ x + ) ≤ (cid:36). (9) If there exists an alternating simulation function from ˆΣ to Σ , ˆΣ is called an abstraction of Σ . Additionally,if ˆΣ is discrete ( ˆ X and ˆ U are finite sets), ˆΣ is called a symbolic model (or finite abstraction ) of the concretenetwork Σ . Remark 4.
Definition 3 implies that the relation R ⊆ X × ˆ X defined by R = (cid:110) ( x, ˆ x ) ∈ X × ˆ X | ˜ V ( x, ˆ x ) ≤ (cid:36) (cid:111) is an ˆ ε -approximate alternating simulation relation, defined in [11] , from ˆΣ to Σ with ˆ ε = α − ( (cid:36) ) . As shownin [11] , the existence of an (cid:36) -ASF enables us to design a controller for the abstract network ˆΣ , and refine thecontroller back to the concrete network Σ . (cid:5) YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 5 Compositional Construction of Symbolic Models
In this section, we provide a method for compositional construction of an alternating simulation functionbetween two infinite networks Σ = I (Σ i ) i ∈ N and ˆΣ = I ( ˆΣ i ) i ∈ N . Here, we assume that each pair of subsystemsΣ i = ( X i , W i , U i , f i , Y i , h i ) and ˆΣ i = ( ˆ X i , ˆ W i , ˆ U i , ˆ f i , ˆ Y i , ˆ h i ) admit a local alternating simulation function asdefined next. Definition 5.
Consider subsystems Σ i = ( X i , U i , W i , f i , Y i , h i ) and ˆΣ i = ( ˆ X i , ˆ U i , ˆ W i , ˆ f i , ˆ Y i , ˆ h i ) where ˆ W i ⊆ W i and ˆ Y i ⊆ Y i . Given (cid:36) i ∈ R ≥ , a function V i : X i × ˆ X i → R ≥ is called a local (cid:36) i -ASF from ˆΣ i to Σ i , ifthere exist a constant ϑ i ∈ R ≥ , and functions α i , α i ∈ K ∞ such that(i) For all x i ∈ X i , all ˆ x i ∈ ˆ X i , one has α i ( | h i ( x i ) − ˆ h i (ˆ x i ) | ) ≤ V i ( x i , ˆ x i ) ≤ α i ( | x i − ˆ x i | ) . (10) (ii) For all x i ∈ X i , all ˆ x i ∈ ˆ X i with V i ( x i , ˆ x i ) ≤ (cid:36) i , for all w i ∈ W i , all ˆ w i ∈ ˆ W i with | w i − ˆ w i | ≤ ϑ i , for all ˆ u i ∈ ˆ U i , there exists u i ∈ U i such that for all x + i ∈ f i ( x i , u i , w i ) , there exists ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ) so that V i ( x + i , ˆ x + i ) ≤ (cid:36) i . (11) If there exists a local alternating simulation function from ˆΣ i to Σ i , ˆΣ i is called an abstraction of Σ i . Addi-tionally, if ˆΣ i is discrete ( ˆ X i , ˆ U i , and ˆ W i are finite sets), ˆΣ i is called a symbolic model (or finite abstraction )of the concrete subsystem Σ i . The next theorem provides a compositional approach for the construction of an alternating simulation functionbetween two infinite networks using the above-defined local alternating simulation functions.
Theorem 6.
Consider an infinite network
Σ = I (Σ i ) i ∈ N . Assume that each Σ i and its abstraction ˆΣ i admit alocal (cid:36) i -ASF V i equipped with functions α i , α i ∈ K ∞ and constants (cid:36) i , ϑ i ∈ R ≥ as in Definition 5. Supposethat there exist α, α ∈ K ∞ , and constants (cid:36), (cid:36) ∈ R ≥ such that for each i ∈ N α ≤ α i ≤ α i ≤ α, (12) (cid:36) ≤ (cid:36) i ≤ (cid:36). (13) For each i ∈ N and j ∈ N i , let functions α j , constants (cid:36) j , ϑ i , and constants φ ij as in (7) satisfy the followinginequality α − j ( (cid:36) j ) + φ ij ≤ ϑ i . (14) Then, function ˜ V ( x, ˆ x ) := sup i ∈ N { (cid:36)(cid:36) i V i ( x i , ˆ x i ) } , (15) is well-defined and it is an (cid:36) -ASF from ˆΣ = I ( ˆΣ i ) i ∈ N to Σ = I (Σ i ) i ∈ N .Proof. First we show that function ˜ V constructed as in (15) is well-defined. Note that for all x ∈ X and forall ˆ x ∈ ˆ X we have ˜ V ( x, ˆ x ) := sup i ∈ N { (cid:36)(cid:36) i V i ( x i , ˆ x i ) } (10) ≤ (cid:36) sup i ∈ N { (cid:36) − i α i ( | x i − ˆ x i | ) }≤ (cid:36) sup i ∈ N { (cid:36) − i α i ( | x i | + | ˆ x i | ) } (13) ≤ (cid:36) sup i ∈ N { (cid:36) − α ( | x i | + | ˆ x i | ) }≤ (cid:36)(cid:36) α sup i ∈ N {| x i | + | ˆ x i |} ≤ (cid:36)(cid:36) α (sup i ∈ N {| x i |} + sup i ∈ N {| ˆ x i |} ) (5) ≤ (cid:36)(cid:36) α ( (cid:107) x (cid:107) + (cid:107) ˆ x (cid:107) ) < ∞ . SIYUAN LIU , NAVID NOROOZI , AND MAJID ZAMANI , Next, we show that there exists α ∈ K ∞ such that condition (i) of Definition 3 holds. Consider any x ∈ X ,ˆ x ∈ ˆ X , one gets (cid:107) h ( x ) − ˆ h (ˆ x ) (cid:107) = sup i ∈ N {| h ii ( x i ) − ˆ h ii (ˆ x i ) |} (4) ≤ sup i ∈ N {| h i ( x i ) − ˆ h i (ˆ x i ) |} (10) ≤ sup i ∈ N { α − i ( V i ( x i , ˆ x i )) } = sup i ∈ N { α − i ( (cid:36) i (cid:36) − i V i ( x i , ˆ x i )) } (12)(13) ≤ α − sup i ∈ N { (cid:36)(cid:36) − i ( V i ( x i , ˆ x i )) } (15) = α − ( ˜ V ( x, ˆ x )) . Hence, condition (i) holds with α := α . Next, we show that condition (ii) of Definition 3 is satisfied. Let usconsider any x = ( x i ) i ∈ N ∈ X and ˆ x = (ˆ x i ) i ∈ N ∈ ˆ X such that ˜ V ( x, ˆ x ) ≤ (cid:36) . It can be seen that from theconstruction of ˜ V in (15), we have V i ( x i , ˆ x i ) ≤ (cid:36) i , for each i ∈ N . For each pair of subsystems Σ i and ˆΣ i , theinternal inputs satisfy the following inequality | w i − ˆ w i | = max j ∈N i {| w ij − ˆ w ij |} (6) = max j ∈N i {| y ji − ˆ y ji + ˆ y ji − ˆ w ij |} (7) ≤ max j ∈N i {| y ji − ˆ y ji | + φ ij } ≤ max j ∈N i {| h j ( x j ) − ˆ h j (ˆ x j ) | + φ ij } (10) ≤ max j ∈N i { α − j V j ( x j , ˆ x j ) + φ ij } ≤ max j ∈N i { α − j ( (cid:36) j ) + φ ij } . Using (14), one has | w i − ˆ w i | ≤ ϑ i for each i ∈ N . Therefore, by Definition 5 for each pair of subsystemsΣ i and ˆΣ i , one has for any ˆ u i ∈ ˆ U i , there exists u i ∈ U i such that for any x + i ∈ f i ( x i , u i , w i ), there existsˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ) such that V i ( x + i , ˆ x + i ) ≤ (cid:36) i . As a result, we get for any ˆ u = (ˆ u i ) i ∈ N ∈ ˆ U , there exists u = ( u i ) i ∈ N ∈ U , such that for any x + = ( x + i ) i ∈ N ∈ f ( x, u ), there exists ˆ x + = (ˆ x + i ) i ∈ N ∈ ˆ f (ˆ x, ˆ u ) such that˜ V ( x + , ˆ x + ) = sup i ∈ N { (cid:36)(cid:36) i V i ( x i , ˆ x i ) } ≤ (cid:36) . Therefore, condition (ii) of Definition 3 is satisfied with (cid:36) = sup i ∈ N (cid:36) i .Therefore, we conclude that ˜ V is an (cid:36) -ASF from ˆΣ = I ( ˆΣ i ) i ∈ N to Σ = I (Σ i ) i ∈ N . (cid:3) Remark 7.
Note that practically speaking, the computation of a symbolic model consisting of infinite sub-systems requires an infinite memory usage, which prevents us from having a central entity to handle theconstruction of a symbolic model for the overall network. However, the proposed compositional frameworkis still needed to formally establish the alternating simulation relation between infinite networks in terms ofpreserving desired properties. On this basis, one can develop decentralized (or distributed) schemes to solvecontroller synthesis problems compositionally using symbolic models of subsystems. (cid:5)
Next we provide a method to construct local symbolic models together with corresponding local alternatingsimulation functions for the concrete subsystems under incremental stability-type conditions.3.1.
Construction of local symbolic models.
In this subsection, we present a method to construct asymbolic model ˆΣ i , together with the corresponding local alternating simulation function, for a given finite-dimensional deterministic subsystem Σ i . Consider a subsystem Σ i = ( X i , U i , W i , f i , Y i , h i ) as in (1). Assumethat there exists (cid:96) ∈ K such that the output map h i satisfies | h i ( x i ) − h i ( x (cid:48) i ) | ≤ (cid:96) ( | x i − x (cid:48) i | ) for all x i , x (cid:48) i ∈ X i .Additionally, let Σ i be incrementally input-to-state stable ( δ -ISS) [23] as defined next. Definition 8.
System Σ i is incrementally input-to-state stable ( δ -ISS) if there exist a so-called δ -ISS Lyapunovfunction V i : X i × X i → R ≥ , and functions ψ i , ψ i , κ i , ρ w i , ρ u i ∈ K ∞ , with κ i < id such that for all x i , x (cid:48) i ∈ X i ,all w i , w (cid:48) i ∈ W i , and all u i , u (cid:48) i ∈ U i ψ i ( | x i − x (cid:48) i | ) ≤V i ( x i , x (cid:48) i ) ≤ ψ i ( | x i − x (cid:48) i | ) , (16) V i ( f i ( x i , u i , w i ) , f i ( x (cid:48) i , u (cid:48) i , w (cid:48) i )) ≤ κ i ( V i ( x i , x (cid:48) i )) + (cid:37) w i ( | w i − w (cid:48) i | ) + (cid:37) u i ( | u i − u (cid:48) i | ) . (17) YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 7
We further assume that there exists ˆ γ i ∈ K ∞ such that for all x i , x (cid:48) i , x (cid:48)(cid:48) i ∈ X i V i ( x i , x (cid:48) i ) ≤ V i ( x i , x (cid:48)(cid:48) i ) + ˆ γ i ( | x (cid:48) i − x (cid:48)(cid:48) i | ) . (18)Note that a typical δ -ISS Lyapunov function [23] does not require condition (18). However, in most real-worldapplications, the state set X i of a concrete subsystem is restricted to a compact subset of R n , and hence,condition (18) is not restrictive [24].Now, we construct a symbolic model ˆΣ i of a δ -ISS subsystem Σ i as follows. Definition 9.
Let Σ i = ( X i , U i , W i , f i , Y i , h i ) be δ -ISS, where X i , U i , W i are assumed to be finite unions ofboxes. Consider a symbolic model ˆΣ i = ( ˆ X i , ˆ U i , ˆ W i , ˆ f i , ˆ Y i , ˆ h i ) with a tuple of parameters q i = ( η xi , η ui , φ i ) ,where: • ˆ X i = [ X i ] η xi , where ≤ η xi ≤ span( X i ) is the state set quantization parameter; • ˆ U i = [ U i ] η ui , where ≤ η ui ≤ span( U i ) is the external input set quantization parameter; • ˆ W i = [ W i ] φ i , where φ i , satisfying ≤ | φ i | ≤ span( W i ) , is the internal input set quantization parameter; • ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ) if and only if | ˆ x + i − f i (ˆ x i , ˆ u i , ˆ w i ) | ≤ η xi ; • ˆ Y i = { h i (ˆ x i ) | ˆ x i ∈ ˆ X i } ; • ˆ h i = h i . Now we are ready to establish a local alternating simulation relation between a δ -ISS subsystem Σ i and itssymbolic model ˆΣ i constructed as in Definition 9 with suitably chosen quantization parameters. Theorem 10.
Let Σ i be δ -ISS with the corresponding δ -ISS Lyapunov function V i satisfying (16) to (18) withfunctions ψ i , ψ i , κ i , ρ w i , ρ u i , ˆ γ i ∈ K ∞ . For design parameters (cid:36) i and ϑ i , let ˆΣ i be a symbolic model constructedas in Definition 9 with the quantization parameters η xi and η ui satisfying η xi ≤ ˆ γ − i [(id − κ i )( (cid:36) i ) − ρ w i ( ϑ i ) − ρ u i ( η ui )] . (19) Then, V i is a local (cid:36) i -ASF both from ˆΣ i to Σ i and from Σ i to ˆΣ i .Proof. First, we show that condition (i) in Definition 5 holds. Given the Lipschitz assumption on h i and by(16), for all x i ∈ X i and ˆ x i ∈ ˆ X i , one gets the left inequality of (10) as | h i ( x i ) − ˆ h i (ˆ x i ) | ≤ (cid:96) ( | x i − ˆ x i | ) ≤ (cid:96) ◦ ψ − i ( V ( x i , ˆ x i )) , and the right inequality (10) holds with V ( x i , ˆ x i ) ≤ ψ i ( | x i − ˆ x i | ). Hence, condition (i) in Definition 5 holdswith α i = ψ i ◦ (cid:96) − and α i = ψ i . Now we show condition (ii) in Definition 5. From (18), for all x i ∈ X i , ˆ x i ∈ ˆ X i ,for all u i ∈ U i , ˆ u i ∈ ˆ U i , and for all w i ∈ W i , ˆ w i ∈ ˆ W i , we have for any ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ): V i ( x + i , ˆ x + i )) ≤ V i ( x + i , f i (ˆ x i , ˆ u i , ˆ w i )) + ˆ γ i ( | ˆ x + i − f i (ˆ x i , ˆ u i , ˆ w i ) | ) , where x + i = f i ( x i , u i , w i ). By Definition 9, ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ) implies | ˆ x + i − f i (ˆ x i , ˆ u i , ˆ w i ) | ≤ η xi , thus, the aboveinequality reduces to V i ( x + i , ˆ x + i ) ≤ V i ( x + i , f i (ˆ x i , ˆ u i , ˆ w i )) + ˆ γ i ( η xi ) . Observe that by (17), we obtain V i ( x + i , f i (ˆ x i , ˆ u i , ˆ w i )) ≤ κ i ( V i ( x i , ˆ x i )) + (cid:37) w i ( | w i − ˆ w i | ) + (cid:37) u i ( | u i − ˆ u i | ) . Hence, for all x i ∈ X i , ˆ x i ∈ ˆ X i , for all u i ∈ U i , ˆ u i ∈ ˆ U i , and for all w i ∈ W i , ˆ w i ∈ ˆ W i , one obtains V i ( x + i , ˆ x + i ) ≤ κ i ( V i ( x i , ˆ x i )) + (cid:37) w i ( | w i − ˆ w i | ) + (cid:37) u i ( | u i − ˆ u i | ) + ˆ γ i ( η xi ) , (20) SIYUAN LIU , NAVID NOROOZI , AND MAJID ZAMANI , for any ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ). Take any x i ∈ X i and any ˆ x i ∈ ˆ X i satisfying V i ( x i , ˆ x i ) ≤ (cid:36) i , and any w i ∈ W i and ˆ w i ∈ ˆ W i such that | w i − ˆ w i | ≤ ϑ i . For any ˆ u i , choose u i = ˆ u i . Then, by combining (20) with (19), we getthat for x + i = f i ( x i , ˆ u i , w i ), there exists ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ) such that V i ( x + i , ˆ x + i ) ≤ κ i ( (cid:36) i ) + (cid:37) w i ( ϑ i ) + ˆ γ i ( η xi ) ≤ (cid:36) i . (21)This implies that condition (ii) in Definition 5 is satisfied, and thus, V i is a local (cid:36) i -ASF from ˆΣ i to Σ i .Similarly, we can also show that V i is a local (cid:36) i -ASF from Σ i to ˆΣ i . In particular, by the structure of ˆ U i =[ U i ] η ui , for any u i ∈ U i , there always exists ˆ u i satisfying | ˆ u i − u i | ≤ η ui . As a result, for any ˆ x + i ∈ ˆ f i (ˆ x i , ˆ u i , ˆ w i ),there exists x + i = f i ( x i , u i , w i ) such that V i ( x + i , ˆ x + i ) ≤ κ ( (cid:36) i ) + (cid:37) w i ( ϑ i ) + (cid:37) u i ( η ui ) + ˆ γ i ( η xi ) ≤ (cid:36) i . Therefore,we conclude that V i is a local (cid:36) i -ASF both from ˆΣ i to Σ i and Σ i to ˆΣ i . (cid:3) Given the results of Theorems 6 and 10, one can observe that inequalities (14) and (19) are competing conditionswhich may not hold simultaneously. To resolve this issue, we propose a small-gain type condition ensuring thesimultaneous satisfaction of both conditions.4.
Compositionality Result
In this section, we employ a small-gain type condition for the infinite network, under which one can alwaysfind suitable quantization parameters for the construction of symbolic models so that conditions (14) and (19)are simultaneously satisfied.Before stating the main result, let us introduce the terminologies that will be used later. In particular, werecall the notion of strongly connected components (SCCs) of graphs. We assume that the infinite network Σis composed of finitely many sub-networks, where each of them is an infinite network by itself, and the graphassociated with each sub-network is strongly connected [13].4.1.
Strongly connected components.
Consider an infinite network Σ = I (Σ i ) i ∈ N , as defined in Definition1. Hereafter, we denote the directed graph associated with Σ = I (Σ i ) i ∈ N by G = ( I, E ), where I = N is theset of vertices with each vertex i ∈ I labeled with subsystem Σ i , and E ⊆ I × I is the set of ordered pairs( i, j ), ∀ i, j ∈ I , with y ji (cid:54) = 0. Note that given the graph of our infinite network, we can formally define thefinite index sets N i and M i of subsystem Σ i , as mentioned in Subsection 2.1, i.e., N i = { j ∈ I |∃ ( i, j ) ∈ E } and M i = { j ∈ I |∃ ( j, i ) ∈ E } .The SCCs of a directed graph G are maximal strongly connected subgraphs, i.e., no additional edges or verticesfrom G can be included in the subgraph without breaking its property of being strongly connected [13]. Giventhe structure of an infinite network, we denote by ¯ N ∈ N the number of SCCs in the network. In the sequel,we will denote the graphs of the SCCs in G by ¯ G k , k ∈ [1; ¯ N ], where ¯ G k = ( I k , E k ) with I k = N . In addition,we define set N k i = { j ∈ I k |∃ ( i, j ) ∈ E k } which collects in-neighbors of Σ i in ¯ G k , i.e., subsystems in the samesubnetwork ¯ G k who are directly influencing Σ i . On the other hand, we define set M k i = { j ∈ I k |∃ ( j, i ) ∈ E k } which collects out-neighbors of Σ i in ¯ G k , i.e., subsystems in the same subnetwork ¯ G k that are directly influencedby Σ i . Intuitively, N k i and M k i are the sets of neighboring subsystems of Σ i , i ∈ I k , in the same SCC. Notethat if we regard each SCC in G as a vertex, the resulting directed graph is acyclic . We denote by BSCC( G )the collection of bottom SCCs ¯ G k of graph G from which no vertex in G outside ¯ G k is reachable.In the next subsection, we leverage a small-gain type condition to facilitate the compositional construction ofa symbolic model for an infinite network.4.2. Small-gain theorem.
Consider an infinite network Σ = I (Σ i ) i ∈ N associated with a directed graph G .Assume that each Σ i and its symbolic model ˆΣ i admit a local (cid:36) i -ASF V i with constants κ i , ρ w i , α i ∈ R > (asin Definitions 5 and 8). Let ¯ G k , k ∈ [1; ¯ N ], be the SCCs in G with each ¯ G k consisting of N vertices, where YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 9 each vertex represents a subsystem. For any ¯ G k , we define for each i, j ∈ N , γ ij = (cid:26) (1 − κ i ) − ρ w i α − j if j ∈ N k i , . (22)For each SCC ¯ G k , we introduce a gain operator Γ k : (cid:96) ∞ + → (cid:96) ∞ + byΓ k ( s ) = (cid:0) sup j ∈ N { γ ij s j } (cid:1) i ∈ N , s ∈ (cid:96) ∞ + . (23)We furthermore assume that the following uniformity conditions hold for the constants introduced above. Assumption 11.
There are constants κ , ρ w , α ∈ R > , so that for all i ∈ N κ i ≤ κ, ρ w i ≤ ρ w , α i ≥ α. (24)Notice that the above assumption guarantees that the operator Γ k is well-defined. Accordingly, we have thefollowing result recalled from [4, Proposition 17]. Proposition 12.
Under Assumption 11, the following conditions are equivalent:(i) The spectral radius of Γ k satisfies r (Γ k ) = lim n →∞ (cid:0) sup j ,...,j n +1 ∈ N γ j j . . . γ j n j n +1 (cid:1) /n < . (25) (ii) There exist a vector σ k ∈ int( (cid:96) ∞ + ) and constant λ k ∈ (0 , satisfying Γ k ( σ k ) ≤ λ k σ k . (26)The following theorem states the main result of this section. Theorem 13.
Consider a network
Σ = I (Σ i ) i ∈ N . Suppose that Assumption 11 holds. Assume that for eachSCC in Σ , condition (25) holds. Then, for any desired precision (cid:36) ∈ R > as in Definition 3, and for each i ∈ N , there exist quantization parameters η xi , η ui , φ i , as designed in Algorithm 1, such that (14) and (19) aresatisfied simultaneously.Proof. Note that by Proposition 12, the spectral radius condition (25) implies that for each ¯ G k , there existsa vector σ k = ( σ k i ) i ∈ N satisfying (26). Hence, we getΓ k ( σ k ) = (cid:0) sup j ∈ N { γ ij σ k j } (cid:1) i ∈ N ≤ λ k σ k = ⇒ sup j ∈ N { γ ij σ k j } ≤ λ k σ k i < σ k i . (27)Since (27) holds for all i ∈ N , one hassup j ∈ N { γ ij σ k j } < σ k i (22) = ⇒ sup j ∈ N { (1 − κ i ) − ρ w i α − j σ k j } < σ k i = ⇒ ρ w i max j ∈N ki { α − j σ k j } < (1 − κ i ) σ k i . (28)Now, set (cid:36) k i = σ k i r , for all i ∈ N , where r ∈ R > is chosen under the criteria given in lines 5 and 7 ofAlgorithm 1. Choose the internal input quantization parameters φ ij such that for all i ∈ N max j ∈N ki { φ ij } < ρ − w i (1 − κ i ) (cid:36) k i − max j ∈N ki { α − j (cid:36) k j } . (29)By setting ϑ i = max j ∈N ki { α − j (cid:36) k j + φ ij } and combining with (29), one has, for all i ∈ N , ρ w i ϑ i = ρ w i max j ∈N ki { α − j (cid:36) k j + φ ij }≤ ρ w i ( max j ∈N ki { α − j (cid:36) k j } + max j ∈N ki { φ ij } ) (29) < (1 − κ i ) (cid:36) k i , , NAVID NOROOZI , AND MAJID ZAMANI , Algorithm 1:
Compositional design of local quantization parameters η xi , η ui , φ i ∈ R ≥ , ∀ i ∈ N Input:
The desired precision (cid:36) ∈ R > ; the directed graph G composed of SCCs ¯ G k , ∀ k ∈ [1; ¯ N ], andvectors σ k = ( σ k i ) i ∈ N satisfying (26) for ¯ G k ; the functions V i equipped with κ i , ρ w i , α i ∈ R ≥ , ∀ i ∈ N . Output: η xi , η ui , φ i ∈ R ≥ , ∀ i ∈ N . Set (cid:36) i := ∞ , ϑ i := ∞ , ∀ i ∈ N , ∀ k ∈ [1; ¯ N ], G ∗ = G ; while G ∗ (cid:54) = ∅ do foreach ¯ G k ∈ BSCC( G ∗ ) do if G ∗ = G then choose r ∈ R > s.t. sup i ∈ N { σ k i r } = (cid:36) ; else choose r ∈ R > s.t. σ k i r ≤ α i min j ∈M i \M ki { ϑ j − φ ji } , ∀ i ∈ N ; end set (cid:36) k i = σ k i r , choose φ ij , ∀ i, j ∈ N , s.t. max j ∈N ki { φ ij } < ρ − w i κ i (cid:36) k i − max j ∈N ki { α − j (cid:36) k j } ; set ϑ k i =max j ∈N ki { α − j (cid:36) k j + φ ij } , ∀ i ∈ N ; choose φ ij < ϑ i , ∀ i ∈ N , ∀ j ∈ N i \N k i ; end G ∗ = G ∗ \ BSCC( G ∗ ); end Compute η xi and η ui s.t. η xi ≤ ˆ γ − i [(1 − κ i ) (cid:36) i − ρ w i ϑ i − ρ u i ( η ui )], ∀ i ∈ N .which implies that one can always find suitable local quantization parameters η xi and η ui to satisfy (19).Additionally, the selection of ϑ i = max j ∈N ki { α − j (cid:36) k j + φ ij } as in line 9 of Algorithm 1, together with the designprocedure for (cid:36) i and φ ij ensure that (14) is satisfied as well, which concludes the proof. (cid:3) Remark 14.
Note that if γ ij < for any i, j ∈ N , the spectral radius condition r (Γ k ) < as in (25) issatisfied automatically. In this case, by Proposition 12, there always exists λ k ∈ (0 , such that inequality (26) holds with σ k = (1) i ∈ N and sup i ∈ N { γ ij } ≤ λ k . Note that by involving the notion of SCCs in the designprocedure for the selection of parameters, we are allowed to check the small-gain condition and design localquantization parameters inside each SCC, independently of the entire network. In addition, since the originalinfinite network is composed of a finite number of SCCs, the algorithm terminates in finite iterations. (cid:5) Safety controllers.
In this subsection, we consider a safety synthesis problem for an infinite network.Note that classical safety synthesis methods are not applicable any more in this context since they requireinfinite memory. Here, we show a compositional approach which addresses such a synthesis problem in adecentralized manner.Consider an infinite network Σ = (
X, U, f, Y, h ) as in Definition 1, consisting of subsystems Σ i = ( X i , U i , W i , f i ,Y i , h i ), i ∈ N , as in (1). Suppose we are given a global decomposable safety specification S = (cid:81) i ∈ N S i . Wedefine Out = (cid:96) ∞ \ S and its projection on the i -th subsystem as Out i = R n i \ S i . From Definition 1, the statetransition function of the infinite network holds the following relations:For all x = ( x i ) i ∈ N ∈ S , all u = ( u i ) i ∈ N ∈ U , all x (cid:48) = ( x (cid:48) i ) i ∈ N ∈ S , x (cid:48) ∈ f ( x, u ) ⇐⇒ x (cid:48) i ∈ f i ( x i , u i , w i ) , w ij = h ji ( x j ) , ∀ i ∈ N , ∀ j ∈ N i . (30)For all x = ( x i ) i ∈ N ∈ S , all u = ( u i ) i ∈ N ∈ U , Out ∩ { f ( x, u ) } (cid:54) = ∅ ⇐⇒ ∃ i ∈ N : Out i ∩ { f i ( x i , u i , w i ) } (cid:54) = ∅ , w ij = h ji ( x j ) , ∀ j ∈ N i . (31) YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 11
Now, we introduce the notion of safety controllers that are used to enforce safety specifications over thesubsystems.
Definition 15.
A safety controller for a discrete-time control subsystem Σ i and the safe set S i ⊆ X i is a map C i : X i ⇒ U i such that:(i) dom( C i ) = { x i ∈ X i | C i ( x i ) (cid:54) = ∅ } ⊆ S i ;(ii) f i ( x i , u i , w i ) ⊆ dom( C i ) for all x i ∈ dom( C i ) , all u i ∈ C i ( x i ) , and all w i ∈ W i . Remark 16.
Note that the safety controllers for subsystems are synthesized by following an assume-guaranteereasoning [25] . In particular, for each subsystem Σ i , we guarantee that safety controller C i (if existing) enforcesthe safety specification S i over Σ i , by assuming that all of its in-neighbors Σ j , j ∈ N i , have safety controllers C j enforcing safety specifications S j . Moreover, since the interconnection variables of the concrete infinitenetwork are constrained as w ij = y ji (cf. Definition 1), for all i ∈ N , j ∈ N i , the internal input set W i considered in Definition 15 is restricted to W i = (cid:81) j ∈N i W ij = (cid:81) j ∈N i Y ji where Y ji = { h ji ( x j ) | x j ∈ S j } . (cid:5) Similarly, the definition of a safety controller for the overall network is given as follows.
Definition 17.
A safety controller for an infinite network Σ and the safe set S ⊆ X is a map C : X ⇒ U such that:(i) dom( C ) = { x ∈ X | C ( x ) (cid:54) = ∅ } ⊆ S ;(ii) f ( x, u ) ⊆ dom( C ) for all x ∈ dom( C ) and all u ∈ C ( x ) . Suppose that we are given local safety controllers C i as in Definition 15 for all i ∈ N , each corresponding tosubsystems Σ i and safety specification S i . Let controller C : X ⇒ U be defined by C ( Out ) = ∅ and ∀ i ∈ N with x i ∈ X i , C ( x ) = { u ∈ U | u i ∈ C i ( x i ) , i ∈ N } , (32)where x = ( x i ) i ∈ N ∈ X , u = ( u i ) i ∈ N ∈ U .Now, we provide the next proposition, adapted from [26, Theorem 3.1], which shows that the composedcontroller as defined above works for the overall infinite network. Proposition 18.
Controller C : X ⇒ U defined in (32) is a safety controller for the infinite network Σ andsafe set S .Proof. We start by showing condition (i) of Definition 17. By (32), it can be readily seen that for all x ∈ X with C ( x ) (cid:54) = ∅ we get x / ∈ Out . From the definition of
Out = (cid:96) ∞ \ S , we have that all x ∈ X where C ( x ) (cid:54) = ∅ necessarily lie inside S , which satisfies condition (i) of Definition 17. We proceed to show condition (ii) ofDefinition 17. Let x ∈ dom( C ) ⊆ S , u ∈ C ( x ) and x (cid:48) ∈ f ( x, u ). First, we show x (cid:48) ∈ S by contradiction. If x (cid:48) / ∈ S , then x (cid:48) ∈ Out . From (31), there exists i ∈ N , such that Out i ∩ { f i ( x i , u i , w i ) } (cid:54) = ∅ , which contradictsthe fact that u i ∈ C i ( x i ) with C i being the safety controller for subsystem Σ i and the corresponding safe set S i . Therefore, we have x (cid:48) ∈ S . From (30), it is clear that, for each i ∈ N , x (cid:48) i ∈ f i ( x i , u i , w i ). Moreover, bycondition (ii) of Definition 15, u i ∈ C i ( x i ) implies that x (cid:48) i ∈ dom ( C i ). For all i ∈ N , let u (cid:48) i ∈ C i ( x (cid:48) i ) and by(32), we have u (cid:48) = ( u (cid:48) i ) i ∈ N ∈ C ( x (cid:48) ) and x (cid:48) ∈ dom ( C ). It follows that condition (ii) of Definition 17 is satisfiedas well. Hence, we conclude that C is a safety controller for Σ and safe set S . (cid:3) Proposition 18 shows that one can obtain a global safety controller for an infinite network which enforcesan overall safety specification by composing local safety controllers designed for subsystems. In that way,one can follow this decentralized controller synthesis strategy to easily design local safety controllers for thelocal symbolic models, and then refine the controllers back to the concrete subsystems via the correspondingalternating simulation relations across them. , NAVID NOROOZI , AND MAJID ZAMANI , … …… … Figure 1.
Model of a road traffic network composed of four subnetworks, each of whichconsists of infinitely many subsystems.5.
Case Study
In this section, we present our results on a road traffic network divided into infinitely many road cells. Wefirst construct a symbolic model of the infinite network in a compositional way. Then we use the constructedsymbolic model as a substitute to compositionally synthesize a safety controller to keep the density of trafficin each cell remaining within a desired region. The effectiveness of our results is also shown in comparisonwith the existing compositional results in [9].5.1.
Road traffic network.
In this subsection, let us first introduce the model of this case study which isa variant of the road traffic model in [27]. Here, the traffic flow model is considered as a network dividedinto infinitely many cells. Each cell, indexed by i ∈ N , can be modeled as a one-dimensional subsystem,represented as a tuple Σ i = ( X i , U i , W i , f i , X i , id). Moreover, each cell is assumed to be equipped with atleast one measurable entry and one exit. The traffic flow dynamics of each cell is given byΣ i : (cid:26) x i ( k + 1) = (1 − τvl − e ) x i ( k ) + d i ω i ( k ) + bν i ( k ) , y i ( k ) = x i ( k ) , (33)where τ is the sampling time in hour, l is the length of each cell in kilometers, and v is the traffic flow speedin kilometers per hour. For each cell i ∈ N in the network, the state x i ( k ) of each subsystem Σ i representsthe density of the traffic in vehicle per cell at a specific time instant indexed by k . The scalar b denotesthe number of vehicles that are allowed to enter each cell during each sampling time controlled by the inputsignals ν i ( · ) ∈ { , } , where ν i ( · ) = 1 (resp. ν i ( · ) = 0) corresponds to green (resp. red) traffic light. Theconstant e denotes the percentage of vehicles that leave the cell during each sampling time through exits.The left side of Figure 1 shows the structure of the traffic network as a directed graph consisting of ¯ N = 4strongly connected subnetworks, each of which is denoted by ¯ G k , k ∈ { , , , } . Subnetworks are connectedthrough single-directional freeways. The right side of Figure 1 roughly depicts the traffic network topologyof subnetwork ¯ G consisting of infinitely many cells (modeled by Σ i ) with different link models. The internalinputs of the subsystems satisfy the following interconnection structure:(i) For subsystems Σ i in subnetworks ¯ G and ¯ G • d i = ( − e )( τvl , τvl ) (cid:62) , ω i = ( y i +1 , y i +2 ) if i ∈ { c + 1 : c ∈ N } ; • d i = (1 − e ) τvl , ω i = y i − if i ∈ { } ; • d i = ( − e )( τvl , τvl ) (cid:62) , ω i = ( y i − , y i − ) if i ∈ { c + 2 : c ∈ N } .(ii) For subsystems Σ i in subnetworks ¯ G and ¯ G • d i = ( − e )( τvl , τvl ) (cid:62) , ω i = ( y i +1 , y i +2 ) if i ∈ { c + 1 : c ∈ N } ; • d i = ( − e )( τvl , τvl ) (cid:62) , ω i = ( y i − , y i − ) if i ∈ { c + 2 : c ∈ N } ,where y = y n , n ∈ I k − , k ∈ { , } . By Definition 1, the infinite network Σ = I (Σ i ) i ∈ N is denoted by atuple Σ = ( X, U, f, X, id), where X = { x = ( x i ) i ∈ N : x i ∈ X i } , U = { u = ( u i ) i ∈ N : u i ∈ U i } , f ( x, u ) = YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 13 { ( x + i ) i ∈ N | x + i ∈ f i ( x i , u i , w i ) } , and Y = (cid:81) i ∈ N X i . First we show the well-posedness of the overall network byestablishing that (cid:107) f ( x, u ) (cid:107) < ∞ . Note that we have (cid:107) f ( x, u ) (cid:107) = sup i ∈ N {| f i ( x i , u i , w i ) |} (33) = sup i ∈ N {| (1 − τ vl − e ) x i + d i w i + bu i |}≤ | (1 − τ vl − e ) | sup i ∈ N {| x i |} + | (1 − e ) τ vl | sup i ∈ N {| x i |} + | b | sup i ∈ N {| u i |}≤ max {| (1 − τ vl − e ) | , | (1 − e ) τ vl | , | b |} (sup i ∈ N {| x i |} +sup i ∈ N {| x i |} +sup i ∈ N {| u i |} ) (5) = max {| (1 − τ vl − e ) | , | (1 − e ) τ vl | , | b |} (2 (cid:107) x (cid:107) + (cid:107) u (cid:107)} ) < ∞ . Therefore, the infinite network Σ = I (Σ i ) i ∈ N is well-posed. Moreover, each subsystem admits a δ -ISS Lyapunovfunction of the form V i ( x i , ˆ x i ) = | x i − ˆ x i | satisfying conditions (16)–(18) for all i ∈ N with ψ i = ψ i = id, κ i = (1 − τvl − e ) id, ρ w i = | (1 − e ) τvl | id, and ρ u i = ˆ γ i = id.5.2. Hierarchical compositional construction of symbolic model.
Now set the parameter values of thesystem as τ = × h, l = 0 . v = 60km/h, b = 5, and e = 0 .
1. We construct a symbolic model thatsimulates the infinite network through an (cid:36) -ASF as in Definition 3. For a given desired parameter (cid:36) , theoutput behavior of the constructed symbolic network will mimic that of the original network with a mismatchˆ ε = α − ( (cid:36) ) (cf. Remark 4). By fixing (cid:36) = 0 .
8, we apply our compositionality results to design properquantization parameters for all the subsystems, so that the overall symbolic network simulates the originalinfinite network with precision ˆ ε . First note that for each strongly connected subnetwork ¯ G k , by (22), it canbe verified that γ ij <
1, for all i ∈ N , j ∈ N k i , and the uniformity conditions in Assumption 11 hold readily.Thus, the spectral radius condition (25) is satisfied, and condition (26) holds as well with a candidate vector σ k = ( σ k ) i ∈ N = (1) i ∈ N (cf. Remark 14). Next, given the desired parameter (cid:36) , we apply Algorithm 1 todesign local quantization parameters compositionally. We start with G ∗ = G and get the bottom stronglyconnected subnetwork BSCC( G ∗ ) = ¯ G for line 3 in Algorithm 1. Consider the subnetwork ¯ G , we choose r = (cid:36) = 0 . φ ij = 0, and accordingly (cid:36) k i = ϑ k i = r so that the conditions in lines 5 and 9 are satisfied. Now G ∗ is updated in line 11 to { ¯ G , ¯ G , ¯ G } and the BSCC of the updated G ∗ is ¯ G . We proceed by choosing r = min j ∈ I ϑ j = 0 . (cid:36) k i = ϑ k i = 0 . φ ij = 0. Now G ∗ and its BSCCs are updated to G ∗ = BSCC( G ∗ ) = { ¯ G , ¯ G } . Similarly, one can choose (cid:36) k i = ϑ k i = 0 . φ ij = 0 for all of the subsystems in subnetworks ¯ G and ¯ G such that conditions in lines 7 and 9 aresatisfied. Till here, we obtain local parameters ( (cid:36) i , ϑ i ) = (0 . , .
8) for all i ∈ N . Now we proceed to designlocal quantization parameters η xi and η ui such that the inequality in line 13 holds with the parameters ( (cid:36) i , ϑ i )we just obtained. Here, we take the local quantization parameters as η xi = 0 . η ui = 0, for all i ∈ N , whichwill be later used to build local symbolic models of all the subsystems. Using the result in Theorem 10, onecan readily verify that the δ -ISS Lyapunov function V i ( x i , ˆ x i ) = | x i − ˆ x i | is a local (cid:36) i -ASF from each localsymbolic model ˆΣ i to the original subsystem Σ i . Furthermore, by Theorem 6, ˜ V ( x, ˆ x ) = sup i ∈ N {| x i − ˆ x i |} is well-defined and is an (cid:36) -ASF from the abstract network ˆΣ = I ( ˆΣ i ) i ∈ N to the original infinite networkΣ = I (Σ i ) i ∈ N . We have the guarantee that the mismatch between the output behaviors of the infinite networkΣ and that of its symbolic model ˆΣ will not exceed ˆ ε = α − ( (cid:36) ) = 0 . η xi = 0 . , η ui = 0 as in the present paper, the overallapproximation error between related networks obtained in [9] is ˆ ε = 1 .
7, which is much larger than the onewe obtained here (ˆ ε = 0 . , NAVID NOROOZI , AND MAJID ZAMANI , (a) Trajectories in subnetwork ¯ G (b) Trajectories in subnetwork ¯ G (c) Trajectories in subnetwork ¯ G (d) Trajectories in subnetwork ¯ G Figure 2.
Simulation results: Trajectories of traffic density (upper subplots) and trafficlights (lower subplots) in sample cells from different subnetworks. The traffic density in eachcell (subsystem Σ i ) is required to remain in desired safe region S i (indicated by the reddashed lines). The sets S i are given by S i = [5 ,
15] in subnetworks ¯ G and ¯ G , S i = [10 , G and ¯ G .5.3. Compositional safety controller synthesis.
Now we synthesize a safety controller for the infinitenetwork via the constructed symbolic model such that the density of traffic in each cell is maintained in adesired safe region. Specifically, we aim at finding a control policy such that in subnetworks ¯ G k , k ∈ { , } , eachsubsystem Σ i satisfies safety specification S i = [5 ,
15] (vehicles per cell), and in subnetworks ¯ G k , k ∈ { , } ,each subsystem Σ i satisfies safety specification S i = [10 ,
25] (vehicles per cell). Note that for the overallnetwork, the overall safety specification S = (cid:81) i ∈ N S i is globally decomposable. By Proposition 18, one can YMBOLIC MODELS FOR INFINITE NETWORKS OF CONTROL SYSTEMS: A COMPOSITIONAL APPROACH 15 design local safety controllers for the subsystems separately with respect to local safety specifications, with theguarantee that the composed controller works as the overall safety controller for the overall infinite network.For each subsystem Σ i , the idea is to design a local safety controller for its symbolic model ˆΣ i , and thenrefine the controller back to the original subsystem by choosing u i = ˆ u i . The control strategies are correct-by-construction, in the sense that the safety specification is guaranteed to be satisfied from any initial conditionin the safe region.Here, we employ the software tool SCOTS [28] to compositionally construct symbolic models and computelocal safety controllers for subsystems Σ i with quantization parameters η xi = 0 . η ui = 0, for each i ∈ N .Computing symbolic models and synthesizing controllers for each subsystem took on average 0 . . Conclusion
In this paper, we proposed a methodology to compositionally construct symbolic models for infinite networks.To do this, we first introduced a notion of so-called alternating simulation functions that can be used to relateinfinite networks. A compositional approach was then proposed to construct symbolic models locally for con-crete subsystems under incremental input-to-state stability property. By leveraging max-type small-gain typeconditions, we provided an algorithm as a guideline for the design of local quantization parameters, such thatthe symbolic model of the infinite network can satisfy any given desired approximation accuracy. A decentral-ized controller synthesis approach was presented to enforce safety properties on the overall infinite network.Finally, we applied our results on a road traffic network to verify the effectiveness of our compositionalityresults.
Acknowledgment
The authors would like to thank Abdalla Swikir for his fruitful discussions.
References [1] M. R. Jovanovic and B. Bamieh, “On the ill-posedness of certain vehicular platoon control problems,”
IEEE Transactionson Automatic Control , vol. 50, no. 9, pp. 1307–1321, 2005.[2] B. Bamieh, F. Paganini, and M. A. Dahleh, “Distributed control of spatially invariant systems,”
IEEE Transactions onAutomatic Control , vol. 47, no. 7, pp. 1091–1107, 2002.[3] C. Kawan, A. Mironchenko, A. Swikir, N. Noroozi, and M. Zamani, “A Lyapunov-based small-gain theorem for infinitenetworks,”
IEEE Transactions on Automatic Control, in press , 2021.[4] A. Mironchenko, C. Kawan, and J. Gl¨uck, “Nonlinear small-gain theorems for input-to-state stability of infinite interconnec-tions,” arXiv preprint arXiv:2007.05705 , 2020.[5] S. Dashkovskiy, A. Mironchenko, J. Schmid, and F. Wirth, “Stability of infinitely many interconnected systems,” in
Pro-ceedings of 11th IFAC Symposium on Nonlinear Control Systems.
Elsevier, 2019, pp. 937–942.[6] N. Noroozi, A. Mironchenko, and F. R. Wirth, “A relaxed small-gain theorem for discrete-time infinite networks,” in , 2020, pp. 3102–3107.[7] A. Mironchenko and C. Prieur, “Input-to-state stability of infinite-dimensional systems: Recent results and open questions,”
SIAM Review , vol. 62, no. 3, pp. 529–614, 2020.[8] S. Dashkovskiy and S. Pavlichkov, “Stability conditions for infinite networks of nonlinear systems and their application forstabilization,”
Automatica , vol. 112, p. 108643, 2020.[9] A. Swikir, N. Noroozi, and M. Zamani, “Compositional synthesis of symbolic models for infinite networks,” in , July 2020.[10] P. Tabuada,
Verification and control of hybrid systems: a symbolic approach . Boston, MA: Springer, 2009. , NAVID NOROOZI , AND MAJID ZAMANI , [11] G. Pola and P. Tabuada, “Symbolic models for nonlinear control systems: Alternating approximate bisimulations,” SIAMJournal on Control and Optimization , vol. 48, no. 2, pp. 719–733, 2009.[12] G. Pola, A. Girard, and P. Tabuada, “Approximately bisimilar symbolic models for nonlinear control systems,”
Automatica ,vol. 44, no. 10, pp. 2508–2516, 2008.[13] C. Baier and J.-P. Katoen,
Principles of model checking . MIT press, 2008.[14] Y. Tazaki and J.-i. Imura, “Bisimilar finite abstractions of interconnected systems,” in
International Workshop on HybridSystems: Computation and Control . Springer, 2008, pp. 514–527.[15] G. Pola, P. Pepe, and M. D. D. Benedetto, “Symbolic models for networks of control systems,”
IEEE Transactions onAutomatic Control , vol. 61, no. 11, pp. 3663–3668, Nov. 2016.[16] M. Zamani and M. Arcak, “Compositional abstraction for networks of control systems: A dissipativity approach,”
IEEETransactions on Control of Network Systems , vol. 5, no. 3, pp. 1003–1015, 2018.[17] A. Swikir and M. Zamani, “Compositional synthesis of finite abstractions for networks of systems: A small-gain approach,”
Automatica , vol. 107, no. 11, pp. 551 – 561, 2019.[18] K. Mallik, A.-K. Schmuck, S. Soudjani, and R. Majumdar, “Compositional synthesis of finite-state abstractions,”
IEEETransactions on Automatic Control , vol. 64, no. 6, pp. 2629–2636, 2018.[19] P. J. Meyer, A. Girard, and E. Witrant, “Compositional abstraction and safety synthesis using overlapping symbolic models,”
IEEE Transactions on Automatic Control , vol. 63, no. 6, pp. 1835–1841, 2017.[20] E. S. Kim, M. Arcak, and M. Zamani, “Constructing control system abstractions from modular components,” in
Proceedingsof the 21st International Conference on Hybrid Systems: Computation and Control , 2018, pp. 137–146.[21] G. Pola, P. Pepe, M. D. Di Benedetto, and P. Tabuada, “Symbolic models for nonlinear time-delay systems using approximatebisimulations,”
Systems & Control Letters , vol. 59, no. 6, pp. 365–373, 2010.[22] A. Girard, “Approximately bisimilar abstractions of incrementally stable finite or infinite dimensional systems,” in , 2014, pp. 824–829.[23] D. Angeli, “A Lyapunov approach to incremental stability properties,”
IEEE Transactions on Automatic Control , vol. 47,no. 3, pp. 410–421, 2002.[24] M. Zamani, P. Mohajerin Esfahani, R. Majumdar, A. Abate, and J. Lygeros, “Symbolic control of stochastic systems viaapproximately bisimilar finite abstractions,”
IEEE Transactions on Automatic Control , vol. 59, no. 12, pp. 3135–3150, 2014.[25] T. A. Henzinger, S. Qadeer, and S. K. Rajamani, “You assume, we guarantee: Methodology and case studies,” in
ComputerAided Verification , 1998, pp. 440–451.[26] S. Liu and M. Zamani, “Compositional synthesis of almost maximally permissible safety controllers,” in
American ControlConference , 2019, pp. 1678–1683.[27] C. Canudas-de Wit, L. L. Ojeda, and A. Y. Kibangou, “Graph constrained-ctm observer design for the grenoble south ring,”
IFAC Proceedings Volumes , vol. 45, no. 24, pp. 197–202, 2012.[28] M. Rungger and M. Zamani, “SCOTS: A tool for the synthesis of symbolic controllers,” in
Proceedings of the 19th Interna-tional Conference on Hybrid Systems: Computation and Control . ACM, Apr. 2016. Electrical and Computer Engineering Department, Technical University of Munich, Germany.
Email address : [email protected] Computer Science Department, Ludwig Maximilian University of Munich, Germany.
Email address : [email protected] Computer Science Department, University of Colorado Boulder, USA.
Email address ::