Compositional Symbolic Models for Networks of
Incrementally Stable Control Systems
Abstract.
In this paper we propose symbolic models for networks of discrete–time nonlinear control systems. If each subsystem composing the network admits an incremental input–to–state stable Lyapunov function and if some small gain theorem–type conditions are satisfied, a network of symbolic models, each one associated with each subsystem composing the network, is proposed which is approximately bisimilar to the original network with any desired accuracy. Quantization parameters of the symbolic models are derived on the basis of the topological properties of the network.
1. Introduction
Symbolic models are abstract descriptions of control systems where any state corresponds to an aggregate of continuous states and any control label to an aggregate of control inputs. The literature on symbolic models for control systems is very broad. Early results were based on dynamical consistency properties [6], natural invariants of the control system [14], complete approximations [15], and quantized inputs and states [9, 4]. Recent results include work on controllable discretetime linear systems [24], piecewiseaffine and multiaffine systems [12, 3], setoriented discretization approach for discretetime nonlinear optimal control problems [13], abstractions based on convexity of reachable sets [22], incrementally stable and incrementally forward complete nonlinear control systems with and without disturbances [17, 27, 21, 5], switched systems [11] and timedelay systems [20, 19].
A limitation of some of the above results is that in practice they can only be applied to control systems with small dimensional state space. This is because the computational complexity arising in the construction of symbolic models often scales exponentially with the dimension of the state space of the control system considered. When internal interconnection structure of a control system is known, one can make use of this information with the purpose of reducing the computational complexity in deriving symbolic models. Indeed, once a symbolic model is constructed for each subsystem, one can then simply interconnect them to obtain a symbolic model of the original control system.
In this paper we follow this approach and propose a network of symbolic models that approximates a network of discrete–time nonlinear control systems.
In particular, if each subsystem composing the network admits an incremental input–to–state stable Lyapunov function and if some small gain theorem–type conditions are satisfied, a network of symbolic models, each one associated with each subsystem composing the network, is proposed which is approximately bisimilar to the original network with any desired accuracy. Quantization parameters of the symbolic models are derived on the basis of the topological properties of the network. Advantages of the proposed approach with respect to current literature are as follows. Firstly, our approach does not cancel topological properties of the network, which can be of great importance in the design process; for example, it allows incremental redesign of the system when new functionalities, e.g. energy sustainability or security, are added to an existing design or an error is discovered late in the design process.
Secondly, the proposed approach simplifies the construction of symbolic models. Indeed we only require the knowledge of a –ISS Lyapunov function for each subsystem , and the satisfaction of some small gain theorem–type conditions for the strongly connected aggregates of subsystems. A single –ISS Lyapunov function for the entire network is not needed to be found. This is especially useful when realword complex systems are considered. From the computational complexity point of view, since we do not construct a symbolic model of the entire network, but symbolic models of each subsystem, whose composition approximates the original network for any desired accuracy, the resulting computational complexity scales linearly with the number of subsystems composing the network. We stress that composing symbolic models in the network is not always necessary for control design (and formal verification) purposes. In fact, by using the so–called on–the–fly algorithms (e.g. [7, 26], see also [16]), a symbolic controller for the whole network can be designed without the need of constructing explicitly the whole symbolic model of the network.
Symbolic models for interconnected systems have been also proposed in [25]. This paper compares as follows with [25]. While [25] considers stabilizable input–state–output linear systems, this paper considers –ISS nonlinear control systems. Moreover, while in [25] dynamical properties of control systems are not found for the quantization parameters to match certain conditions guaranteeing existence of approximately bisimilar symbolic models, this paper overcomes this drawback and identifies in small gain theorem–type conditions the key ingredient to construct approximately bisimilar networks of symbolic models.
2. Networks of Control Systems
In this paper we consider a network of control systems given by the coupled difference equations described by:
(2.1) 
Let and . Functions are assumed to be locally Lipschitz and satisfying . Sets and are assumed to be convex, bounded and with interior. For compact notation we refer to the network of control systems in (2.1) by the control system described by , , , , where , and for any and . Notation and some technical notions used in the sequel are reported in the Appendix.
3. Results
Define the directed graph where and , if function of depends explicitly on variable or equivalently, there exist such that . Let be the collection of strongly connected components associated with ; we define , , and . We recall that by contracting each to a vertex, a Directed Acyclic Graph () is obtained. Given we denote by the collection of strongly connected components that can be reached in one step by and by the collection of for which . We denote by the inverse map of operator , i.e. if and only if . For each , define , , and . Note that sets and are convex, bounded and with interior. The interconnection of control systems associated with each , is denoted by
(3.1) 
where . The compositional approach that we take to build a network of symbolic models for in (2.1) is based on the following three steps: (Step #1) Construction of symbolic models for in Section 3.1; (Step #2) Construction of symbolic models for in Section 3.2; (Step #3) Construction of symbolic models for in Section 3.3.
3.1. Symbolic models for subsystems
We start by providing a representation of each subsystem () in terms of the system^{1}^{1}1The notion of system, taken from [23], is reported in the Appendix. where , , , if , and . System preserves many important properties of control system , as for example reachability properties. System is metric when we regard as being equipped with the metric . Note that system is not symbolic because the cardinality of sets , and is infinite. We now define a suitable symbolic system that will approximate with any desired precision.
Definition 3.1.
Given , and a quantization vector , define the system where , , , if , and .
System is metric when we regard as being equipped with the metric . Moreover, since sets and are bounded then sets , and are finite from which, system is symbolic. Space and time complexity in computing the symbolic model are given by
and , respectively.
In the sequel, we consider the following assumption:
(A1) For each , a locally Lipschitz function exists for control system , which satisfies the following inequalities for some functions , , and functions and ():

, for any ;

, for any () and any .
Function is called a –ISS Lyapunov function [1, 2] for control system . The above assumption has been shown in [2] to be a sufficient condition for the control system to fulfill the incremental input–to–state stability property [1, 2]. We can now give the following preliminary result.
Proposition 3.2.
Suppose that Assumption (A1) holds and let be a Lipschitz constant of function in . Then, for any desired precision and for any satisfying the following inequalities
(3.2)  
(3.3) 
systems and are approximately bisimilar^{2}^{2}2The notion of approximate bisimulation, taken from [10], is recalled in the Appendix. with precision .
The proof can be given along the lines of the proof of Theorem 5.1 in [17]. We include it here for the sake of completeness.
Proof.
Consider the relation defined by if and only if and consider any pair . We first note that from which, condition (i) of Definition A.3 holds. We now show that also condition (ii) holds. Consider any and the transition in system . Consider a control label such that for any , and . Set and , and consider the transition in system . We get . In particular, the first inequality holds by definition of , the second inequality by the inequality (ii) in Assumption (A1), the third inequality by the definition of and the last inequality by condition (3.2). Hence, condition (ii) in Definition A.3 holds. Condition (iii) in Definition A.3 can be shown by using similar arguments. Finally, for any by choosing we get . In particular, the first inequality in the above chain holds by the inequality (i) in the statement and the last one by condition (3.3). Hence, . Conversely, for any by picking one gets from which, , which concludes the proof. ∎
3.2. Symbolic models for interconnected subsystems
As in the previous section, we start by providing a representation of each subsystem in terms of the system where ,
, , if , and .
System is metric when we regard as being equipped with the metric for any .
In the sequel we consider the following technical assumption that has been used in [8] to prove the small gain theorem for ISS continuous–time control systems:
(A2)
There exist functions , reals and , , , such that
and , for any , .
The above assumption is standard in the literature concerning the stability of network of control systems studied by means of small gain arguments (see, for instance, [8] for the case of ordinary differential equations). In our discrete–time case, such assumption holds, for instance, if functions with are globally Lipschitz, and Assumption (A1) holds with for any .
This reasoning is applied in Section 4 to an academic example.
For later use, define where and , , and , for any . Moreover, define matrix such that entries in the diagonal are and the entry of row and column with is given by , for all . We can now give the following result.
Theorem 3.3.
Let us consider the subsystem . If Assumptions (A1) and (A2) and the inequality hold, then, for any vector satisfying , function , is a –ISS Lyapunov function for , i.e. it satisfies the following inequalities,

, for any ;

, for any and any ,
for some functions , , and functions , (). Moreover, let be a Lipschitz constant of function in . For any desired precision , select vector satisfying the following inequalities:
(3.4)  
(3.5) 
Define vector by for all and . Then, the composition^{3}^{3}3The definition of the composition operator is reported in the Appendix. of the symbolic models associated with each control system (), is approximately bisimilar with precision to system .
Proof.
The first part of the proof follows the proof of Theorem 4.7 in [8].
By Lemma 3.1 in [8] if there exists a vector such that .
By defining and (), the inequality (i) in the statement holds. We now show inequality (ii).
Consider any
and
, .
Under Assumptions (A1) and (A2) the following equalities/inequalities hold: