Hybrid System
50
description
book
Transcript of Hybrid System
Thomas Bak, Roozbeh Izadi-Zamanabadi, withinput from class
Lecture Notes - Hybrid Systems
October 27, 2004
Aalborg UniversityDepartment of Control EngineeringFredrik Bajers Vej 7CDK-9220 AalborgDenmark
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41.2 Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.3 Analysis Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3.1 Synthesis Techniques . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2. Notes on Lecture 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.1 Introduction to Hybrid Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
2.1.1 Traditional Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82.1.2 Supervision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92.1.3 Hybrid Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.2.1 Pendulum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122.2.2 Manufacturing Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132.2.3 Water Tank . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3. Notes from Lecture 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193.1 Model Checking and Transition Systems . . . . . . . . . . . . . . . . . . . . . . . 19
3.1.1 Transition Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203.1.2 The Predecessor Operator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
3.2 Partitions and Bi-simulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213.3 Example: Finite State Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223.4 Model Checking summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2
4. Notes from Lecture 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254.1 Open Hybrid Automata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
4.1.1 Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264.2 Example (Automatic Transmission) . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5. Notes on Lecture 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305.1 Modeling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.1.1 Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315.1.2 Connectives in Boolean Algebra . . . . . . . . . . . . . . . . . . . . . . . . 315.1.3 How to build up equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315.1.4 Mixed Logical Dynamical (MLD) Systems - An example . . 335.1.5 General Form for MLD systems . . . . . . . . . . . . . . . . . . . . . . . . 345.1.6 Round-off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355.1.7 Piece-wise linear dynamic systems . . . . . . . . . . . . . . . . . . . . . 36
6. Notes for Lecture 9 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.1 Recapitulation of Lecture 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396.2 Modelling and Control of Hybrid Systems . . . . . . . . . . . . . . . . . . . . . . 40
6.2.1 Optimal Control of MLD system . . . . . . . . . . . . . . . . . . . . . . . 406.3 Matrix representation of MDL systems . . . . . . . . . . . . . . . . . . . . . . . . 41
6.3.1 Soft Constraints and Constraints Priorities . . . . . . . . . . . . . . . 426.4 Predictive Control Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
6.4.1 Implementation procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446.5 Predictive Control of MLD systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
A. Notation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
3
1. Introduction
Most of the cost in today's control system development is spent on ad-hoc systemsintegration and engineers typically rely on exhaustive testing as a way of validatinga design. Why do we spend so much time on integration test and validation?At the lowest level, control systems typically rely on individual feedback control(servo loops). These loops are typically interconnected and characterized by theircontinuous input/output behavior (often a discrete controller is used, but it is typi-cally just a discrete version of a continuous design). The controller design is ver-ied by design e.g. by placing the poles in the left half plane we have guaranteedstability and possibly a certain gain and phase margin. Most control system designs,however, naturally include discrete control modes (due to saturations, different setpoints, mode changes etc.). Hybrid phenomena also arises at the high-level as ab-stract protocol layers of hierarchical control designs. The discrete protocols are away to manage system complexity. By adding these discrete components and transi-tions the design that was originally veried by design is no longer guaranteed stablestable and performance may not be exactly what we designed it to be. As a resultwe end up having to spend considerable time testing and validating the design.To tackle design problems, we need a mathematical well founded theory that inte-grate models with heterogeneous components. New research directions in controluse an analytical foundation based on hybrid systems, i.e. work with models thatcombine nontrivial interactions of continuous and discrete phenomena a funda-mental characteristics of software-based control systems. The focus is on system-atic hierarchical design methodologies, and a practical set of software design toolswhich support the construction, integration and safety and performance analysis ofhierarchical control systems.
1.1 Background
While the notion of hybrid systems is relative new, it builds on previous work in theareas of computer science and control theory.We illustrate the basic concepts of hybrid systems with the following small exam-ple, see Figure 1.1. The example consists of two tanks. Both tanks are leaking at a
4
constant rate, v1, v2. Water is added to the system at a constant rate, w. The waterinput can only be directed to one tank at a time. The switching between the tanks isassumed instant. The water levels in the tanks are x1, x2 and the control task is tomaintain the levels above r1 and r2. Initially the water levels in both tanks are abover1 and r2.
22
22
11
1
rx
vx
vwx
q
≥−=−=
11
22
11
2
rx
vwx
vx
q
≥−=
−=
2211 rxrx ≥∧≥22 rx ≤ xx =:
11 rx ≤xx =:
1v
w
2v
2x1x
2r
1r
Fig. 1.1. Directed graph representation and illustration of tank example.
As the example illustrates the control of such a system requires a combination ofan automata making discrete transitions between states, in this case q1 and q2 feed-ing one or the other cylinder. Within each state the evolution of the state spaceis described by conventional differential equations. Hybrid systems theory has de-veloped such models, analysis techniques and synthesis techniques. It has foundapplication in a number of areas, just to name a few: air trafc management (Tom-lin, Pappas, and Sastry 1998), automotive control (Balluchi, Benvenuti, Benedetto,Pinello, Luigi, and Sangiovanni-Vincentelli 2000), transportation systems (Varaiya1993; Lygeros, Godbole, and Sastry 1998), mobile robotics (Bak, Bendtsen, andRavn 2003), and mechatronic systems (Ravn, Rischel, Holdgaard, Eriksen, Conrad,and Andersen 1995), (Ravn, Eriksen, Holdgaard, and Rischel 1998).
5
1.2 Models
Early attempts to formulate a theory are derived from computer science. They repre-sent extensions of verication methodologies to timed and hybrid systems. Typicallythese approaches are able to deal with complex discrete dynamics described by au-tomata and emphasize analysis results (verication), simulation and abstraction. Theinitial contributions include, (Alur and Dill 1990) introduced algorithms for check-ing properties of timed automata while (Chaochen, Ravn, and Hansen 1993) usedduration calculus for hybrid real-time systems; (Back, Guckenheimer, and Myers1993) provided a framework for numerical simulation, (Hooman 1993) discussedcomposition of hybrid systems.Concurrently hybrid phenomena were addressed by control theory, extending con-trol theoretical results to include discrete transitions. Typically these approachesare able to deal with complex continuous dynamics and emphasize stability results.Contributions include (Nerode and Kohn 1993) that took an an automata theoreticapproach, (Sontag 1981) discusses a piecewise linear approach, (Brockett 1993) ad-dressed hybrid motion control systems, and (Antsaklis, Stiver, and Lemmon 1993)discussed discrete event dynamical systems.A unied hybrid systems model was introduced in (Branicky 1995; Branicky 1996).It captures many discrete phenomena arising in hybrid systems: autonomous jumpsand switches, which model discontinuous changes of the dynamics, and controlledjumps and switches between dynamics in response to external command. Importantvariations of this model include the work on hybrid timed automata (Henzinger1996), the hybrid I/O automata (Lynch, Segala, Vaandrager, and Weinberg 1996)that introduces synchronization and compositionality and (Kesten, Pnueli, Sifakis,and Yovine 1993) that among other things addresses the notion of abstraction andhierarchy.
1.3 Analysis Techniques
One class of approaches to modelling and analysis of hybrid systems extends tech-niques from discrete systems to include simple continuous dynamics. Given an ex-tended model, the emphasis is placed on answering questions such as Does the sys-tem satisfy the specication? One approach has been to use model checking tech-niques, which veries system specication algorithmically. Model checking is ec-centrically techniques that determine if the dynamics of a given model (automaton)allow it to reach certain states. Properties or specications may be specied in termsof reachability or unreachability of such states.For timed automata (Alur and Dill 1990), where differential equations are very sim-ple, x = 1, modelling clocks, model checking can be completely automated. For alarger class e.g. linear hybrid automata models that use differential inclusions of the
6
form Ax ≤ b, the techniques of timed automata can in most cases be reused and pro-vide semiautomatic verication procedures (Henzinger 1996; ?). A number of toolshave been developed (Henzinger, Ho, and Wong-Toi 1995; Daws, Olivero, Tripakis,and Yovine 1995) for these classes of systems and allow (semi)automated modelchecking. Other tools are based on various approximation techniques for reachablesets such that they can give an indication of wether certain states are denitely reach-able or denitely unreachable in a given system.A different approach has been to extend theorem proving techniques, which usesoftware tools, theorem provers (Ghosh, Tiwari, and Tomlin 2003), to prove mathe-matical results. The emphasis has been on models (Lynch, Segala, Vaandrager, andWeinberg 1996) that support proof techniques such as induction, invariant assertionsand simulation. Theorem provers are far from being automatic and require signi-cant interaction with the designer.A second class of techniques for hybrid systems has developed out of the controlresearch community. The emphasis here has been on extending the standard mod-elling, stability analysis, and controller design techniques to capture the interactionbetween the continuous and discrete dynamics. Results include extension of stabil-ity theory (Branicky 1998), optimal control (Branicky 1998; Hedlund and Rantzer1999; Lygeros, Godbole, and Sastry 1996; Johansson and Rantzer 1998), modelpredictive control (A. and Morari 1999), and supervisory control (Maler, Pnueli,and Sifakis 1995; ?), to hybrid systems. As part of verication efforts the notionof reachability, i.e. determination of regions of the state space to which the systemcan evolve from a set of initial conditions has been addressed. In general one cannotcompute the reachable set and even with over-approximations it is computation-ally expensive (Chutinan and Krogh 2003; Asarin, Dang, Maler, and Bournez 2002;Kurzhanski and Varaiya 1998; Mitchell, Bayen, and Tomlin 2001).
1.3.1 Synthesis Techniques
As discussed above analysis is difcult and results in synthesis are hence also lim-ited. However, there are some models for design discrete controllers, (Maler, Pnueli,and Sifakis 1995; Wong-Toi 1997) building on supervisory control for discrete eventsystems by (Ramadge and Wonham 1987). An indication that synthesis is really ahard problem is the recent result from distribute d controllers that it is not decidablewether a controller exists (Arnold, Vincent, and Walukiewicz ; Pnueli and Rossner1990). In order to deal with the complexity of the problem another approach hasbeen based on compositionality techniques (Tabuada, Pappas, and Lima 2002). Adevelopment paradigm using such ideas may be based on the Charon language andtool set, see e.g. (Alur, Grosu, Lee, , and Sokolsky 2001).Thanks to Carsten Kallese
7
2. Notes on Lecture 1
Notes by: [email protected]
This lecture introduces the general notation and terminology used in the eld ofhybrid systems. This is done by starting form the traditional control problems, in-creasing the complexity to control systems where the control is obtained by switch-ing between a set of controllers. For this switched control system the terminologyof hybrid system is obtained.
The lecture ends with three examples of respectively a dynamic system, a time dis-crete system and nally a hybrid system.
2.1 Introduction to Hybrid Systems
2.1.1 Traditional Control
In traditional control the plant and the controller is connected in a feedback loop asshown in gure 2.1.
Plant Controller u y
Fig. 2.1. Control loop used in traditional control theory.
The following characteristic can be put on the theory of traditional control,
Model: In the continuous case the system is described by a set of rst order or-dinary differential equations (ODE) given by the following expression in thegeneral case,
8
x = f(x, u)y = h(x)
or in the linear case,x = Ax + Bu
y = Cx
In the discrete time case the system is described by a set of differece equationsinstate of ODE,
xk+1 = Ax + Bu
y = Cx
Synthesis: In the linear case a lot of methods exist for designing controllers, suchas PID, pol-placement, optimal or robust control. Also in the nonlinear casedesign methods exists, such as feedback linearization or Lyapunov redesign.
Validation: In control theory performance validation and stability are obtained byconstruction. Meaning that the design guarantees stability and performance.Beside that numerical simulations are used.
2.1.2 Supervision
In real life applications it is often not enough to design one single controller for agiven application. This could be due to nonlinearities in the plant or due to differ-ent performance demands in different operating points. Therefore it is common todesign a supervision system to supervise the plant and to choose between differentcontrollers. A possible structure of such a system is shown in gure 2.2.
Plant Ctrl 2 u y
Ctrl 3
Ctrl 1
subervisor
Fig. 2.2. Control loop with a set of different controllers. A supervision system is used toswitch between the controllers.
Here the supervision system is used to switch between a set of different controllers.As the system contains a switching part it is not modelled by only a set of ODE as in
9
the previous case. Moreover in the general case the model of the plant might itselfcontain switching function and is therefore not modelled by only ODE either. Thefollowing characteristic can be put on this type of control,
Model: The continuous time part of the model is either modelled by ODE or bydifference equations. The supervision system is modelled as a discrete eventsystem.
Synthesis: Each of the controllers could be design as in the previous case, but thesupervision system is normally design ad-hoc using rule-of-thumb and commonsense.
Validation: Here there are only three ways for validation, these are simulation,simulation and simulation.
It is said that a normal control engineer is using the majority of his or hers timeon the design of the supervision system and not designing traditional controllers.This combination of dynamic systems and discrete event system is called a hybridsystem. As a lot of time is spend on this part it is reasonable to look into theories,which can help solving problems in this area. This is exactly the concept of hybridsystems theory.
2.1.3 Hybrid Systems
The system described in the previous subsection is really a hybrid system as themodel modelling the system is a hybrid of continuous time models and a discreteevent model. One can ask what is needed to guarantee stability of such system?And how to design such systems? The following example will reveal some of thecomplexity connected to the analysis of hybrid systems.Ex: In this example two asymptotical stable continuous time system are dened. Atrajectory with initial condition x0 =
[1 1
]for each of the systems is shown in
the rst two plots in gure 2.3. These trajectories show that the systems are stable.If a switching function switching between the two systems is added, the trajectorycould be as shown in the last plot of gure 2.3. This plot shows that even though thetwo subsystems are asymptotical stable the overall system might be unstable.This is of cause not the only choice of switching function. There could easily havebeen found a switching function, which do not affect the stability of the system. Ingure 2.4 another switching function is used for switching between the two asymp-totical stable subsystems. With this switching function the overall system is stable.This example shows that the stability of the dynamics in the two subsystems is notenough the guarantee stability of the overall system. A matter of fact is that thestability of the dynamics of the subsystems is a necessary condition for stability ofthe overall system. But as the example shows it is not a sufcient condition. ¤
10
−2 0 2−2
−1
0
1
2
x1
x 2system 2
−2 0 2−2
−1
0
1
2
x1
x 2
system 1
−2 0 2−2
−1
0
1
2
x1
x 2
Hybrid system
Sys 1Sys 2
Fig. 2.3. A hybrid system containing two stable dynamic systems, with a unstable switchingfunction.
−2 0 2−2
−1
0
1
2
x1
x 2
system 2
−2 0 2−2
−1
0
1
2
x1
x 2
system 1
−2 0 2−2
−1
0
1
2
x1
x 2
Hybrid system
Sys 1Sys 2
Fig. 2.4. A hybrid system containing two stable dynamic systems, with a stable switchingfunction.
The previous example shows that it is necessary to be able to analysis hybrid system.As the nature of a hybrid system is a combination of continuous time systems anddiscrete event systems the tools necessary for such analysis must be found in thearea of respectively control theory and computer science. In the following tablesome theories necessary from both areas are listed.
Control Theory Computer ScienceStability Transition systemsFeedback Composition (Parallel running systems)
Robustness Abstractions (bi-simulations)Existence and uniqueness Reach ability
non-determined
Using a combination of theories from the two areas a description of a hybrid systemis obtained. A Hybrid Automaton is dened as
Denition 2.1.1 (Hybrid Automaton). A hybrid automaton H is a collection H =(Q, X , Init, f , Dom, E, G, R), where
Q is a set of discrete variables and Q is countable; X is a set of continuous variables; Init ⊆ Q×X is a set of initial states;
11
f : Q×X → TX is a vector eld; Dom : Q → P (X) assigns to each q ∈ Q an domain; E ⊂ Q×Q is a collection of discrete transitions; G : E → P (XX) assigns to each e = (q, q′) ∈ E a guard; and R : E×X → P (X) assigns to each e = (q, q′) ∈ E and x ∈ X a reset relation.
Remarks:
1. We refer to (q, x) ∈ Q×X as the state of H .
2.2 Examples
To illustrate the similarities and differences between continuous time systems dis-crete event system and hybrid systems, three examples are given in this section.
2.2.1 Pendulum
The pendulum is a well-known dynamic system and is in this example used topresent the characteristics of dynamic systems. A gure of the pendulum is shownin gure 2.5. In this gure l is the length of the pendulum, M is the masse, θ is
M
l θ
d ~ drag losses.
Fig. 2.5. The pendulum.
the angular displacement from the equilibrium and d is the drag losses due to air.The evolution of this system is governed by the following second order nonlinearordinary differential equation (ODE),
Mlθ + dlθ + Mg sin(θ) = 0
Assuming the initial conditions θ(t0) = θ0 and θ(t0) = θ0 a solution of ODE existsand is given by,
θ : [t0, t1] → R
12
For the function θ(t) to be a solution, it must fulll,
Mlθ(t) + dlθ(t) + Mg sin(θ(t)) = 0 θ(t0) = θ0 θ(t0) = θ0
This must be fullled for all t ∈ [t0, t1]. A graph of the solution can be obtainedusing numerical simulations. Let l = 1, M = 1, d = 0.2 and g = 9.18. Moreoverthe initial conditions are given by θ0 = 0.75 and θ0 = 0. The result of a simulationunder these conditions is shown in gure 2.6.
0 5 10 15 20−3
−2
−1
0
1
2
t
x 1, x2
θ : [t0,t
1]→ R
θ dθ/dt
−1 −0.5 0 0.5 1−3
−2
−1
0
1
2
x1
x 2
phase plot
Fig. 2.6. Simulation results with the pendulum process.
The pendulum system could also be written as a set of nonlinear rst order differ-ential equations, when this is done the model becomes,
x = f(x)(x1
x2
)=
(x2
− gl sin(x1)− d
mx2
)
where f is a vector eld, in this case dened as f : R2 → R2.
2.2.2 Manufacturing Machine
To show the characteristic of a discrete event system a simple manufacturing ma-chine is dened. This machine is dened as a machine, which is able to manufacturea part whenever a part arrives. Unfortunately the machine is sometime broken, inwhich case it has to be repaired. The following discrete states, events and transitionsdene this machine.Discrete states qi ∈ Q = I, W,D where,
I ∼ Idle.W ∼ Working.D ∼ Down.
13
Events σ ∈ Σ = p, c, f, r where,
p ∼ Part arrives.c ∼ Completed processing the part.f ∼ failure.r ∼ repair.
Transition relations δ : Q×Σ → Q,
δ(I, p) = W δ(W, c) = I
δ(W, f) = D δ(D, r) = I
For a discrete system dened by Q, Σ and δ a nite state machine representationexits (directed graph). This state machine is shown in gure 2.7.
I
W D
r p
c
f
Fig. 2.7. Finite state machine for the manufacturing machine example.
The language of this state machine is dened as,
(pc + pfr)∗(1 + p + pf)
where the + is the or operator, ∗ means that the sequence can be taken any numberof time and nally 1 means the empty sequence.
2.2.3 Water Tank
To illustrate the characteristic of a hybrid system a water tank system is dened. Asketch of the system is shown in gure 2.8. The system consists of two tanks, fromwhich water is drained. Water is led to the tanks be a valve, form which the wateris either put into tank T1 or tank T2. The amount of water led to this valve is W .This two directional valve is the actuator of the system. The levels in the tanks arerespectively x1 and x2 and the outlet ow from the tanks are respectively V1 andV2.The control objective for the systems is x1 > r1 and x2 > r2. With this controlobjective a stable solution exists whenever W ≥ V1, W ≥ V2, W ≤ V1 + V2,x1(t0) > r1 and x2(t0) > r2.
14
22
22
11
1
rx
vx
vwx
q
≥−=−=
11
22
11
2
rx
vwx
vx
q
≥−=
−=
2211 rxrx ≥∧≥22 rx ≤ xx =:
11 rx ≤xx =:
1v
w
2v
2x1x
2r
1r
Fig. 2.8. Directed graph representation and illustration of tank example.
The system is modelled by a set of discrete states with a dynamic model in eachof these states. The set of discrete states is given by Q = q1, q2 where q1 is theinow to tank T1 and q2 is the inow to tank T2. The state space for the dynamicsystems are X ∈ R2 and the domain D = (x1, x2)|x1 > r1, x2 > r2. Thedynamics in state q1 is governed by,
x1 = W − V1
x2 = −V2
and the dynamics in state q2 is governed by,
x1 = −V1
x2 = W − V2
Numerical simulation results form this process is shown in gure 2.9. In this simu-lation V1 = 1.5, V2 = 1 and W = 2.335. The control references are r1 = r2 = 1.And nally the initial conditions are x1(t0) = 3 and x2(t0) = 2. It is seen thatthe system is asymptotical moving towards (1, 1) but with an increasing switch-ing frequency. Eventually this switching frequency would escape to innity. Thisphenomenon is called Zeno 1 behavior and is obviously not wanted.1 The name Zeno refers to the philosopher Zeno of Elea (500400 B.C.), who established
a number of famous paradoxes. They were designed to explain the view of his mentor,
15
0 5 10 15 201
1.5
2
2.5
3
3.5
4
t
x 1, x2
level T1
level T2
0 1 2 3 40
1
2
3
4
x1
x 2
phase plot
filling T1
filling T2
Fig. 2.9. Test results form the tank simulations. The outlet ow is model as constant values.
Now the process is changed so that V1 = R1x1 and V2 = R2x2 meaning thatthe outow is a linear function of the pressure across the valve or pipe. In gure2.10 the result of a simulation under these conditions is shown. Here R1 = 0.5and R2 = 0.5, moreover W = 1.6 in this simulation. From this gure it is seen
0 5 10 15 201
1.5
2
2.5
3
3.5
t
x 1, x2
level T1
level T2
0 1 2 3 40
1
2
3
4
x1
x 2
phase plot
filling T1
filling T2
Fig. 2.10. Test results form the tank simulations. The outlet ow is model as a linear functionof the level in the tanks.
that a stable solution exist, and that this solution is a limit cycle guaranteeing that∫T
Wdt =∫
TV1 + V2dt where T is the switching period.
The water tank automaton is a hybrid automaton with
Q = q1, q2 and X = <2; Init = Q× x ∈ X : (x1 > r1) ∧ (x2 > r2), r1, r2 > 0; f(q1, x) = (w − v1,−v2)T and f(q2, x) = (−v1, w − v2)T , v1, v2, w > 0; Dom(q1) = x ∈ X : x2 ≥ r2 and Dom(q2) = x ∈ X : x1 ≥ r1;
Parmenides, that the ideas of motion and evolving time lead to contradictions. An exam-ple is Zeno's suggestion of a race between Achilles (the world's swiftest runner) and atortoise. The tortoise was to get a substantial headstart. Zeno reasoned that after a shorttime Achilles would close the lead to 1/2 its original length. Then shortly afterward, hewould close that distance by a 1/2 to 1/4 its original length. Zeno said then that Achilleswould have to continue this process forever, always closing the remaining gap by 1/2 butnever catching the tortoise.
16
E = (q1, q2), (q2, q1); G(q1, q2) = x ∈ X : x2 ≤ r2 and G(q2, q1) = x ∈ X : x1 ≤ r1; and R(q1, q2, x) = R(q2, q1, x) = x.
17
18
3. Notes from Lecture 3
Notes by Lars Alminde ([email protected])
This lecture treats the possibilities of formally checking a hybrid model using thereachability concept. However, in order to make model checking feasible it is neces-sary to reduce, or rather abstract, the hybrid model into a more manageable formatsuitable for discrete analysis. In order to facilitate this analysis two new conceptsare introduced: Transition systems and bi-simulation.According to San-Giovani the following levels of system validation can be estab-lished:
Construction Verication Simulation Intuition Assertion Intimidation
The tools to presented here falls in the verication category.
3.1 Model Checking and Transition Systems
Model checking or verication can be expressed as Automatic exploration of sys-tems by exploring their state-space, i.e. from a given set of initial values the alloutgoing trajectories are analyzed in order to determine if it is possible to reach aset of nal values in the state-space. In other words; we want to examine if sometarget state(s) are reachable from an initial state.The target state(s) can either besome state that we would like the system to reach or a state that we must prove isnot reachable by the system.
19
In this section the concept of transitions systems will be presented, which ade-quately facilitates reachability analysis for discrete systems, while the next sectionwill present further abstractions that will allow the reachability analysis to be ex-tended to hybrid systems containing innite numbers of continues states.
3.1.1 Transition Systems
The transition system (TS) is an abstraction/generalization of our nominal hybridsystem in which we only take into account the discrete states and their transitions,as well as initial and nal states. Formally dened as:
Denition 3.1.1 (Transition system). A transition system is dened by:
T = (S, δ, S0, Sf )
where:S : Set of all statesδ : Transition relations: δ : s → P (s)S0 : Initial states: So ∈ SSf : Final states: Sf ∈ S
Note the TS description does not include the concept of time. Examples of TS sys-tems are given in section 3.3.
3.1.2 The Predecessor Operator
Having dened the TS it will be the focus of the reachability analysis of the systemthat it models. The problem statement is: to examine if a nal state sf ∈ S isreachable from the initial condition so ∈ S by a sequence of transitions. To facilitatethis analysis the predecessor operator Pre(x) will be dened:
Denition 3.1.2 (Predecessor operator).
Pre(s) = s ∈ S|∃s ∈ s with s ∈ δ(s)
Pre(s) takes a set of states s and returns the set of states s that can be reached from sin a single transitions. Now, by starting from the nal set of states sf it is possible towork backwards in order to determine if there are trajectories in the state-space thatconnects the nal set of states with the initial set of states (and visa versa), i.e. if thenal set of states are reachable from the initial. This can be expressed as a backwardsreachability algorithm that iteratively traverses all trajectories backwards from thenal set of stages until it reaches an initial state or until all possible trajectories havebeen examined.
20
Denition 3.1.3 (Backwards Reachability). For a TS reachability can be ana-lyzed by using the following algorithm:Initial values: ω0 = sf , i = 0do:if ωi ∩ S0 6= ∅ then return Reachableelse ωi = Pre(ωi) ∪ ωi ; i + +while ωi 6= ωi−1
return Not reachable
Figure 3.1 demonstrates the algorithm. Starting from Sf we iterates backwards inthe state-space until the S0 states can be reached. In this case two iterations arerequired before ωi includes states that are part of S0.
S f
S o
Pre(Sf)
Pre(Pre(Sf))
Fig. 3.1. Illustration of the backward reachability procedure
In order for any system to be decidable, using the above sketched algorithm, it musthave a nite set of states. Otherwise the algorithm may never complete. This limitsthis kind of analysis to systems that contain no continuous variables, but only dis-crete. The next section will explore the possibility of by-passing this requirements,by partitioning the continuous state-space, such that the complete state-space can beexplored as a discrete system.
3.2 Partitions and Bi-simulation
The idea behind the bi-simulation is to look at the complete state-space and identifypartitions, i.e. regions in the state-space, that have similar behavior in the sense thatif there is a trajectory from one partition to another partition then the target partitionis reachable from every point in the source partition.
Denition 3.2.1 (Partition). A partition is a collection of sets of states sii∈I withsi ≤ S, such that:
21
si ∧ sj = 0, i.e. disjoint ∀i,j i 6= j
∪i=Isi = s
S0 S1 S2
S3 S4 S5 S6
S7 S8 S9
Fig. 3.2. The state-space is envisioned as a number of partitions that separates the state-spaceinto regions of similar behavior
This denition can now be used to dene the bi-simulation:
Denition 3.2.2 (Bi-simulation). A by-simulation of T = (S, δ, S0, Sf ) is a parti-tion sii∈I
s0 is a union of elements in partition sf is a union of elements in partition if s ∈ Si can transit to s′ ∈ Sj then all states in si must be able to transit to sj:∀(i, j), s ∈ si ifδ(s) ∩ sj 6= ∅ then δ(s) ∩ sj 6= ∅
The denitions of partition and bi-simulation leads to the following theorem forbi-simulations:
Theorem 3.2.1. Let sii∈I be a bi-simulation of T then sf is reachable by T ifand only if Sf is reachable by T , where T = (S, δ, s0, sf ).
In this theorem T is the transition system of the original continuous hybrid system,while T is the transition system of the same hybrid system, but abstracted usingpartitioning, such that T only depends on discrete states.In this sense the bi-simulation makes reachability much easier (possible) for hy-brid systems containing continuous state variables by abstracting the model withoutloosing generality.
3.3 Example: Finite State Machine
In order to demonstrate the concepts introduced an example incorporating a FiniteState Machine (FSM) will be presented. Consider gure 3.3. The system consistsof 7 discrete states and a number of transitions between these states.
22
q0
q1
q3 q6
q2
q4 q5
Fig. 3.3. Example: Finite State Machine
Denition of the Transition-system. : The following denes the transition systemT of the FSM-example:S = q0, q1, q2, q3, q4, q5, q6δ(q0) = q0, q1, q2δ(q1) = q0, q3, q4δ(q2) = q0, q5, q6δ(q3, q4) = ∅δ(q5, q6) = ∅S0 = q0
Sf = q3, q6
Backward Reachability. : For the FSM system we will analyze reachability be-tween sf = q3, q6 to s0 = q0 using the backwards reachability algorithm:Initially: w0 = q3, q6 and s0 = q0Iteration 1: No intersection: w1 = Pre(w0) ∪ w0 = q1, q2, q3, q6Iteration 2: No intersection: w2 = Pre(w1) ∪ w1 = q0, q1, q2, q3, q6Iteration 3: No intersection: w3 = Pre(w2) ∪ w2 = q0, q1, q2, q3, q6Iteration 4: Intersection, thus reachable
Partitioning. : The FSM system can, according to level, be partitioned into threepartitions: q0, q1, q2 and q3, q4, q5, q6.
3.4 Model Checking summary
This lecture has led to the denition of the bi-simulation, which is a tool to facilitatereachability analysis of hybrid systems by abstracting them into discrete systems.
23
This is done identifying regions, called partitions, of similar behavior in the contin-uous state-space and using the possible transitions between the partitions to performreachability.
H
T
Partitioning
T
Transition system. No time
Discrete only transition system
Continuity abstracted by partitions
Orginal Hybrid System
Fig. 3.4. The procedure for abstracting hybrid systems to facilitate reachability studies
This allows systematic model checking of hybrid systems, such that it is possibleto conclude if the hybrid system is able to reach certain states that either representsbehavior of the system that is agreeable or must be avoided.Figure 3.4 shows the steps required in order to abstract a hybrid system model intoa discrete transitions system suitable for reachability. The steps are:
1. The hybrid system H is abstracted to a transition system T including continu-ous variables, but in which the concept of time no longer applies.
2. The transitions system is analyzed in order nd partitions for the continuousvariables.
3. Using the partitions the transition system is re-stated using into T only discretevariables.
The bi-simulation theorem then ensures that reachability analysis performed on thesimpler T also applies for the original hybrid system H .
24
4. Notes from Lecture 4
Up until now, we have only studied autonomous hybrid systems, also known asclosed hybrid systems, i.e. hybrid automata with no inputs or outputs. Thesesystems are good for modelling and simulation of small to medium size physicalsystems as well as analysis, e.g. verifying that all executions satisfy certain desir-able properties. They are, however, limited as they have no sense of control, andthey model single monolithic blocks. In many situations, however, it is natural tobuild up a hybrid system from subsystems. It is therefore useful to have a notion ofcomposition of hybrid automata.In this lecture we introduce open hybrid automata, i.e., hybrid automata with inputsand outputs, and we discuss composition of two open hybrid automata.
4.1 Open Hybrid Automata
Denition 4.1.1 (Open Hybrid Automaton). An open hybrid automaton H is acollection H = (Q, X , U , Y , Init, f , h, Dom, E, G, R), where
Q is a nite collection of discrete state variables; X is a nite collection of continuous state variables; U is a nite collection of input variables. We assume U = UD ∪ UC , where UD
contains discrete and UC contains continuous variables. Y is a nite collection of output variables. We assume Y = YD ∪ YC , where YD
contains discrete and YC contains continuous variables. Init ⊆ Q×X is a set of initial states; f : Q×X × U → Rn is a vector eld; h : Q×X → Y is a vector eld; Dom : Q → P (X × U) assigns to each q ∈ Q an invariant set; E ⊂ Q×Q is a collection of discrete transitions; G : E → P (X × U) assigns to each e = (q, q′) ∈ E a guard; and
25
R : E ×X × U → P (X) assigns to each e = (q, q′) ∈ E, x ∈ X and u ∈ U areset relation.
To avoid technicalities with continuous dynamics we impose the following assump-tion:
Assumption 4.1.1. Assume f(q, x, u) and h(q, x) are globally Lipschitz continu-ous in x and f(q, x, u) is continuous in u.
Note that a discrete transition may either take place due to a (conventional) discretetransition or due to that a transition takes place in some hybrid automaton connectedto H , and, thus, possibly affecting the continuous part of the input variables of H .
4.1.1 Composition
Denition 4.1.2 (Compatible Hybrid Automata). Two open hybrid automata H1
and H2 are called compatible if Y1 ∩ Y2 = ∅.
Denition 4.1.3 (Composition). Consider two compatible open hybrid automata,H1 and H2, with X1∩X2 = ∅, Y1 = U2, and Y2 = U1. The composition is an openhybrid automata H = H1‖H2 = (Q, X , U , Y , Init, f , h, Dom, E, G, R), where
Q = Q1 ∪Q2, X = X1 ∪X2, X ∈ Rn, n = n1 + n2, U = (U1 ∪ U2) \ (Y1 ∪ Y2), Y = Y1 ∪ Y2,
for all ((q1, q2), (x1, x2), (w1, w2))) ∈ Q1 × Q2 × X1 × X2 × U1 × U2, withw1 = h2(q2, x2) and w2 = h1(q1, x1), it holds that
Init = ((q1, q2), (x1, x2)) ∈ Q×X : (q1, x1) ∈ Init1 ∧ (q2, x2) ∈ Init2, f : Q×X × U → Rn given by:
f ((q1, q2), (x1, x2), (u1, u2)) =[
f1 (q1, x1, w1)f2 (q2, x2, w2)
]
h : Q×X → Y is a vector eld given by:
h ((q1, q2), (x1, x2)) =[h1(q1, x1)h2(q2, x2)
]
Dom : Q×X → P (Q×X) given by:
Dom(q, x) = ((q1, q2), (x1, x2)) ∈ Q×X : (q1, x1) ∈ Dom1 ∧ (q2, x2) ∈ Dom2
26
E ⊂ Q×Q given by:
E = ((q1, q′1), (q2, q
′2)) ∈ Q×Q : (q1, q
′1) ∈ e1 ∧ (q2, q
′2) ∈ E2
G : E → P (X × U) given by:
G(q, q′) = ((x1, x2), (u1, u2)) ∈ X × U : e1 ∈ E1 ⇒ (q1, x1, u1) ∈ G1(e1) ∧ (q2, x2, u2) ∈ G2(e2)
R : E ×X × U → P (X) dened by:
R(q, q′, x, u) = x′ ∈ X : e1 ∈ E1 ⇒ x′ ∈ R1(e1, x1, u1) ∨ x′ ∈ R2(e2, x2, u2)
Remarks:
1. Both interleaving and synchronous transitions are allowed.2. A transition is forced for the composition if a transition is forced in at least one
of the constituents.3. A transition is enabled for the composition if a transition is enabled in at least
one of the constituents.4. The parallel composition of the two automata H1 and H2 may be viewed as
simply choosing variable names for input variables in H1 that are output vari-ables in H2.
5. It may sometimes be desirable to eliminate output variables, especially after ithas been composed with an input variable of another automaton. This opera-tion does not change the dynamics of the automaton, it just affects its externalbehavior (Alur and Henzinger 1997; Alur and Henzinger 1996).
4.2 Example (Automatic Transmission)
Example 4.2.1. Figure 4.1 shows a model of car with a transmission having threegears, neutral, gear 1 and gear 2. The lateral position of the car is denoted x1 andthe velocity x2. The model has two control signals: gear ∈ 0, 1, 2 and the throt-tle position, u ∈ [−1; 1]. The function αi represent the efciency of gear i. Fromzero velocity gear = 0 is most efcient, but as the velocity increases, gear = 1becomes more efcient etc.The two control signals gear and throttle, u are not specied. Assume that another(control) hybrid automaton is given that models these two signals out of the positionand the speed of the car. By coupling the car model with the control model we get aa conventional feed-back type system. Such connection is possible with the notionof open hybrid automata we have just introduced.The open hybrid automata H1 = (Q1, X1, U1, Y1, Init1, f1, h1, Dom1, E1, G1, R1)modelling the car is (partly) given by:
27
0
0
0
2
1
===
gear
zero
x
x
2
)( 222
21
==
=
gear
high
uxx
xx
α
1
)( 212
21
==
=
gear
low
uxx
xx
α
1=gear 2=gear
1=gear0=gear
00 21 =∧= xx
Fig. 4.1. Directed graph for car model.
Q1 = zero,low,high, X1 = x1, x2, UD1 = gear and UC1 = u, YD1 = ∅, YC1 = x1, x2, etc.
Next we design a controller with the following specications: take the car from theposition x1 = 0 to x1 = 100. Wait the rst 10 s with zero velocity, then acceleratein gear = 1 until the speed x2 ≥ 20, and, nally, continue in gear = 2 until thenal position is reached. This type of specication with mixed discrete and contin-uous components ts into our open hybrid automata framework and is illustrated inFigure 4.2.
10
0
1
≤==
t
u
t
stop
0:,10010 =<< ut00 =∧= ut
20
1
1
2 ≤==
x
u
t
gear1
100
1
1
1 ≤==
x
u
t
gear2
0:,20100 21 =>∧< uxx
0:,1001 => ux0:,1001 => ux
Fig. 4.2. Directed graph for transmission controller.
The open hybrid automata H2 = (Q2, X2, U2, Y2, Init2, f2, h2, Dom2, E2, G2, R2)modelling the controller is (partly) given by:
Q2 = stop,gear1,gear2, X2 = t, u, UD2 = ∅ and UC2 = x1, x2, YD2 = gear, YC1 = u, etc.
28
Let us connect the car and the controller by deriving the composition of H1 and H2.First note that they are compatible and satisfy the assumptions of Denition 4.1.3.
Q = Q1 ∪Q2 = zero,low,high ∪ stop,gear1,gear2, X = X1 ∪X2 = x1, x2, t, u, etc.
29
5. Notes on Lecture 8
The course material for the next two lectures are taken from following reference:Control of systems integrating logic, dynamics, and constraints by Alberto Bem-porad and Manfred Morari, Automatica 35(1999), pp. 407 − 427. Interestedstudents can obtain additional references from the publication site of the Institutefur Automatic, ETH given in the following
http://control.ee.ethz.ch/research/publications/publications.msql
MLD-Systems
Mixed Logical Systems The lecture will cover
Physical Dynamic Relations Rules (logic) Constraints
5.1 Modeling
In the following a framework for modelling and control of systems described byphysical laws, logical rules, and operating constraints called Mixed Logical Dy-namical (MLD) systems.
Model. is described by linear dynamic equations subject to linear inequalities in-volving real and integer variables. MLD systems include linear hybrid systems, -nite state machines, some class of DESs, constrained linear systems and nonlinearsystems (approximated by piecewise linear functions).
Control. is performed by using different schemes of Optimal control (via dynamicprogramming) or predictive control.
30
5.1.1 Notation
Xi represents statements (also called litterals) for example:
δ(x) ≥ 0 Temp is too High
Xi has the truth value of either T or F.
5.1.2 Connectives in Boolean Algebra
Boolean algebra enables compositions of statements by means of connectives ∨(OR), ∧ (AND), ∼ (NOT), −→ (IMPLIES), ←→ (IFF),
⊕(Excluded OR). Con-
nectives are dened by means of truth tables.We can transform compound statements into equivalent statements involving differ-ent connectives. Examples are provided below:
∼,∨
x1 −→ x2 equivalent to ∼ x1 ∨ x2
x2 −→ x1 equivalent to ∼ x2 ∨ x1
x1 ←→ x2 equivalent to (x1 −→ x2) ∧ (x2 −→ x1)
5.1.3 How to build up equations
Statement Xi could be associated with a logical variable: δi ∈ 0, 1
δi =
1 if Xi = T0 else
Problem in Propositional logic. : Prove that the statement Xi is true given a set of(compound) statements involving litterals X1, · · · , Xn.
One solution. : Use linear integer programming by translating the original com-pound statements into linear inequalities involving logical variables δi.Some examples:
x1 ∨ x2 equivalent to δ1 + δ2 ≤ 1x1 ∧ x2 equivalent to δ1 = 1 ∧ δ2 = 1∼ x1 equivalent to δ1 = 0x1 −→ x2 equivalent to δ1 − δ2 ≤ 0x1 ←→ x2 equivalent to δ1 − δ2 = 0x1
⊕x2 equivalent to δ1 + δ2 = 1
31
We would like to represent systems involving both dynamics and logic. In partic-ular, we would like to build statements from operating events concerning physicaldynamics.
Consider statement X , [f(x) ≤ 0] where f : Rn → R is a linear functionand x ∈ X (a bounded set).Dene:
M , maxf(x), x ∈ X overestimate (5.1)m , minf(x), x ∈ X underestimate (5.2)
So, the following statements are valid
[f(x) ≤ 0] ∨ [δ = 1] is true iff: f(x) ≤ Mδ (5.3)[f(x) ≤ 0] ∧ [δ = 1] is true iff: f(x)− δ ≤ −1 + m(1− δ) (5.4)
∼ [f(x) ≤ 0] is true iff: f(x) ≥ ε, ε positive small number(5.5)[f(x) ≤ 0] −→ [δ = 1] is true iff: f(x) ≥ ε + (m− ε)δ (5.6)[f(x) ≤ 0] ←→ [δ = 1] is true iff: f(x) ≥ ε + (m− ε)δ (5.7)[f(x) ≤ 0] ←→ [δ = 1] is true iff: f(x) ≤ M(1− δ) (5.8)
In this case both continuous variables and logical variables are involved.
The next step. : is to transform products of logical variables, and of continuous andlogical variables to linear inequalities using auxiliary variables. For instance, δ1δ2
is computed by introducing δ3:
δ1δ2 , δ3 then [δ3 = 1] ←→ [δ1 = 1] ∧ [δ2 = 1]
or
δ3 , δ1δ2 ≡−δ1 + δ3 ≤ 0−δ2 + δ3 ≤ 0δ1 + δ2 − δ3 ≤ 1
Another example:δf(x) where f : Rn −→ R, δ ∈ 0, 1
We can write this product as y , δf(x) which satises
[δ = 0] ←→ [y = 0] (5.9)[δ = 1] ←→ [y = f(x)], (5.10)
32
that is equivalent to
y ≤ Mδy ≥ mδy ≤ f(x)−m(1− δ)y ≥ f(x)−M(1− δ)
(5.11)
So instead of 5.9 one may use 5.11.There exists alternative methods for transforming propositional logics problemsinto equivalent integer programs. An example is Conjunctive Normal Forms (CNF)which will be treated later on.
5.1.4 Mixed Logical Dynamical (MLD) Systems - An example
Consider the following system:
x(t + 1) =
0.8x(t) + u(t) x(t) ≥ 0−0.8x(t) + u(t) else (5.12)
where
x(t) ∈ [−10; 10]u(t) ∈ [−1; 1]
The condition X , [x(t) ≥ 0] will be associated to a binary variable δ(t) (logicvariable), meaning that:
[x(t) ≥ 0] ←→ [δ = 1]
Using the transformation 5.8 we can transform the proposition to the following in-equalities: −mδ(t) ≤ x(t)−m
−(M + ε)δ ≤ −x− ε(5.13)
where
ε is a very small positive number M = 10
m = −10
Now we can rewrite 5.12 to:
33
x(t + 1) = 1.6x(t)δ(t)− 0.8x(t) + u(t) (5.14)
Eq. 5.14 has a nonlinear part x(t)δ(t). This part is substituted with z(t), and thefollowing equations can be stated:
z(t) ≤ Mδz(t) ≥ mδz(t) ≤ x(t)−m(1− δ(t))z(t) ≥ x(t)−M(1− δ(t))
(5.15)
The system dynamics (evolution) can hence be expressed by the following lineardynamic equation
x(t + 1) = 1.6z(t)− 0.8x(t) + u(t)
subject to constraints in 5.13 and 5.15
5.1.5 General Form for MLD systems
The generalized formulation for the mixed logical dynamical (MLD) systems isexpressed through the following relations:
x(t + 1) = Atx(t) + B1tu(t) + B2tδ(t)B3tz(t) (5.16)y(t) = Ctx(t) + D1tu(t) + D2tδ(t)D3tz(t) (5.17)
E2tδ(t) + E3tz(t) ≤ E1tu(t) + E4tx(t) + E5t (5.18)
where t ∈ Z, and
x(t) =[xc
xl
]xc ∈ Rnc
xl ∈ 0, 1nln = nc + nl
y(t) =[yc
yl
]yc ∈ Rpc
yl ∈ 0, 1plp = pc + pl
u(t) =[uc
ul
]uc ∈ Rmc
ul ∈ 0, 1mlm = mc + ml
and δ ∈ 0, 1rl are the auxiliary logical variables and z ∈ Rc are the auxiliarycontinuous variables.In principle, the inequalities in 5.18 might be satised for many values of δ(t) and/orz(t). But, what is of interest is to determine x(t + 1) and y(t) values uniquely byx(t) and u(t). Following denition is introduced:
34
Denition 5.1.1. Let IBt denote the set of all indices i ∈ 1, . . . , rl, such that[B2t]i denotes the ith column of B2t. Let IDt, JBt, JBt be dened analogously bycollecting the positions of nonzero columns of D2t, B3t, and D3t respectively. LetIt , IBt∪IDt, Jt , JBt∪JDt. A MLD system is said to be well posed if, ∀t ∈ Z
(i) x(t) and u(t) satisfy Eq. 5.18 for some δ(t) ∈ 0, 1rl , z(t) ∈ Rrc , and xl(t +1) ∈ 0, 1nl ;
(ii) ∀i ∈ It there exists a mapping Dit : Rn+m ½ 0, 1 such that the ith
component δi(t) = Dit(x(t), u(t)), and ∀j ∈ Jt there exists a mappingZjt : Rn+m ½ R such that zj(t) = Zjt(x(t), u(t)).
A MLD system (Eqs. 5.16, 5.17, 5.18) is said to be completely well posed if inaddition It1, . . . , rl and Jt1, . . . , rc, ∀t ∈ Z.In the sequel, an auxiliary variable δi(t) (zj(t)) is said to be well posed if i ∈It (j ∈ Jt), or indenite otherwise.
Assumption 1. The MLD system (Eqs. 5.16, 5.17, 5.18) is well posed, i.e. once x(t)and u(t) are known then x(t + 1) and y(t) are uniquely dened, and hence, thetrajectories in the x-space and y-space for the system can be dened.Lets generate a trajectory from the initial state x(t0) = x0 by applying the commandinputs u(t0), u(t0 + 1, . . . , u(t − 1)) on the system. The generated trajectory isdenoted by x(t, to, x0, u
t−1t0 ).
In order to transform propositional logic into linear inequalities and to include thephysical constraints that are present during plant operation (e.g. saturating actuators,safety conditions, ...), the following constraints will be added to the control problem:
[x
u
]∈ G ,
[x
u
]∈ Rn+m : Fx + Gu ≤ H
(5.19)
Since physical constraints are typically specied on continuous components, oftenEq. 5.19 can be expressed as a Cartesian product G = Gc × [0, 1]nl+ml where
Gc ,[
xc
uc
]∈ Rnc+mc : Fcxc + Gcuc ≤ Hc
Note that Fx + Gu ≤ H can be included in 5.18.
Assumption 2. G is a polytope.This assumption is used to dene the upper- and lower-bounds as in Eqs. 5.1 and5.2.
5.1.6 Round-off
Observe that MLD-systems can represent different classes of systems, including:
35
Linear Hybrid Systems. Sequential logical systems (Finite State Machines, Automata) (nc = mc = pc =
0). Constrained linear systems (nl = ml = pl = rl = rc = 0). Nonlinear dynamic systems, where the nonlinearity can be expressed through
combinational logic (nl = 0). Linear Systems (nl = ml = pl = rl = rc = 0 Eit = 0, i = 1, 4, 5. Some classes of discrete event systems (nc = pc = 0).
In the following subsection, it will be shown how systems classied as piece-wiselinear time-invariant dynamic systems are represented as MLD systems.
5.1.7 Piece-wise linear dynamic systems
Consider the following piece-wise linear time-invariant (PWLTI) dynamic system
x(t + 1) =
A1x(t) + B1u(t) if δ1(t) = 1...Asx(t) + Bsu(t) if δs(t) = 1
(5.20)
where δi(t) ∈ 0, 1, ∀i = 1, . . . , s are 01 variables satisfying the exclusive-orcondition
s⊕
i=1
[δi(t) = 1]. (5.21)
System 5.20 is completely well posed iff G can be partitioned in s parts Gi such that
Gi ∩ Gj = 0 , ∀i 6= j, (5.22)s⋃
i=1
Gi = G (5.23)
and δi's are dened as[δi = 0] ↔
[[xu
]∈ Gi
](5.24)
Several nonlinear models can e approximated by a model of the form 5.20, althoughthis approximation capability is limited for computational reasons by the number sof logical variables.
When the sets Gi are polytopes of the form
36
Gi =[x
u
]: Six + Riu ≤ Ti
the implication ← in Eq. 5.24 corresponds to
[δi = 0] →ni∨
j=1
[Sji x + Rj
i u ≤ T ji ] (5.25)
Where Sji denotes the jth row of Si. It is easy to see that 5.25 is implied by
Eqs. 5.22, 5.23, and 5.24, and therefore can be omitted (Proof it as anexercise).
Equations 5.215.24 are therefore equivalent to
Six(t) + Riu(t)− Ti ≤ M∗i [1− δi(t)] (5.26)
s∑
i=1
δi(t) = 1, (5.27)
where M∗i , maxx∈G Six(t) + Riu(t) − Ti. The system model (Eq. 5.20) can be
rewritten asx(t + 1) =
s∑
i=1
[Aix(t) + Biu(t)]δi(t) (5.28)
However, this equation is nonlinear as it involves products between logical variables,states, and inputs. In order to circumvent this problem, we should use the sameprocedure as shown in Eq. 5.15 by introducing mixed-integer linear inequalities asit is shown below. Set
x(t + 1) =s∑
i=1
zi(t), (5.29)
zi(t) , [Aix(t) + Biu(t)]δi(t) (5.30)and dene the vectors M = [M1, . . . , Mn]T , m = [m1, . . . , mn]T as
Mj(t) , maxi=1,...,s
max2
4 xu
35∈G
Ajix(t) + Bj
i u(t)
(5.31)
mj(t) , mini=1,...,s
max2
4 xu
35∈G
Ajix(t) + Bj
i u(t)
. (5.32)
Note that by Assumption 1, M and m are nite, or can be either estimated or exactlycomputed by solving 2ns linear programs. Then Eq. 5.30 is equivalent to
37
zi(t) ≤ Mδi(t),zi(t) ≥ mδi(t),zi(t) ≤ Aix(t) + Biu(t)−m(1− δi(t)),zi(t) ≥ Aix(t) + Biu(t)−M(1− δi(t)),
(5.33)
Hence, Eqs. 5.26, 5.27, 5.29, and 5.33 represent Eq. 5.20 in the general form givenby Eqs. 5.16, 5.17, and 5.18.
38
6. Notes for Lecture 9
6.1 Recapitulation of Lecture 8
Lecture 8 provided an introduction to modelling of different classes of systems in-cluding hybrid systems using Mixed Logical Dynamical Systems (MLD). The the-ory of Mixed Logical Dynamical Systems (MDL), which is being developed byMorari & Co., Switzerland, was introduced together with a notation set.The elements of an MDL model consists of:
1. Dynamics2. Rules3. Constraints
From a set of literals Xi (e.g. statements that could either be True or False) describ-ing the rules of a MDL system and associated these with logical variable δi.A boolean variable can be dened as a boolean function:
f : True, Falsen−1 ½ True, False
that representsXn ↔ f(X1, . . . , Xn−1)
where the function f represents a combination of NOT(∼), OR(∨), AND(∧), Ex-clusive OR(⊕), Implies(←) or if(⇒) operators.The function can be written in its Conjunctive Normal Form (CNF)
k∧
j=1
∨
i∈Pj
Xi
∨
∨
i∈Nj
∼ Xi
, Nj , Pj ∈ 1, ..., n (6.1)
These can be rewritten into a set of integer linear inequalities:
39
1 ≤∑
i∈P1
δi +∑
i∈N1
(1− δi) (6.2)
...
1 ≤∑
i∈Pk
δi +∑
i∈Nk
(1− δi) (6.3)
These inequalities together with system equations will compose the MLD dynamicsystem of Eqs. 5.165.18.
6.2 Modelling and Control of Hybrid Systems
The model of a MDL system is repeated for convenience:
x(t + 1) = Ax(t) + B1u(t) + B2δ(t) + B3z(t) (6.4)y(t) = Cx(t) + D1u(t) + D2δ(t) + D3z(t) (6.5)
The constraints are given by
E2δ(t) + E3z(t) ≤ E1u(t) + E4x(t) + E5 (6.6)
With the model in place the control problem can be stated. This is considered in anexample:
6.2.1 Optimal Control of MLD system
Given an initial state x0, and a nal time T it is desired to nd (if it exists) theoptimal control sequence:
uT−10 , u(0), ..., u(T − 1) (6.7)
Which transfers the state from x0 to xf and minimizes the performance index
J(uT−10 , x0) ,
T−1∑t=0
‖ u(t)− uf ‖2Q1 + ‖ δ(t, x0, ut0)− δf ‖2Q2
+ ‖ z(t, x0, ut0)− zf ‖2Q3 + ‖ x(t, x0, u
t0)− xf ‖2Q4
+ ‖ y(t, x0, ut0)− yf ‖2Q5 (6.8)
40
subject tox(T, x0, u
T−10 ) = xf
and the MLD dynamic system (Eqs. 5.165.18), where ||x||2Q , x′Qx, Qi =Q′i ≥ 0, i = 1, . . . , 5 are given weight matrices, and xf , uf , δf , zf , yf are givenoffset vectors satisfying Eqs. 5.17 and 5.18.As it can be seen, the performance index is just enhanced with the additional termscontaining logical and auxiliary real variables. This problem can be solved as amixed-integer quadratic programming MIQP problem.
6.3 Matrix representation of MDL systems
Let denote x(t, x0, ut−10 ) by x(t), δ(t, x0, u
t−10 ) by δ(t), and z(t, x0, u
t−10 ) by z(t).
Equation 5.16 can be rewritten iteratively to obtain:
x(t+1) = Atx1 +t−1∑
i=1
Ai[B1u(t−1− i)+B2δ(t−1− i)+B3z(t−1− i)
](6.9)
Lets further dene the following vectors
Ω ,
u(0)...
u(T − 1)
, ∆ ,
δ(0)...
δ(T − 1)
, Ξ ,
z(0)...
z(T − 1)
, V ,
Ω∆Ξ
(6.10)Then we can obtain the following equivalent formulation of equation 5.18:
J(uT−10 , x0) ,
T−1∑t=0
V ′S1V + 2(S2 + x′0S3)V (6.11)
Using the same notations the constraints can also be represented in the matrix form:
F1V ≤ F2 + F3x0 (6.12)
Matrices Si, Fi, i = 1, 2, 3 are suitably dened. The solution to the system (i.e. rightsequence of inputs) is found by minimizing the performance matrix J(uT−1
0 , x0)with respect to V under the constraints given by Eq. 6.12.
41
6.3.1 Soft Constraints and Constraints Priorities
In practical terms there will be distinguished between two kinds of constraints :
Hard Constraints - Violation is NOT allowedSoft Constraints - Violation is allowed but will be penalized
Soft Constraints. An example for soft constraint is bound on temperature (that canbe allowed for short periods of time).To comply with a set of constraints an optimization problem is stated. The objectiveis to keep the states x within the limits of the constraints as much as possible.Consider the following optimization problem
minx∈X
x′Sx (6.13)
s.to Ax ≤ B
Where X is bounded polyhedron. The simplest way to soften constraints is to mod-ify Eq. 6.13 by introducing a vector of positive slack variables ε ∈ Rs in the follow-ing form:
minx∈X,ε≥o
x′Sx + ε′M1ε (6.14)
s.to Ax− Cε ≤ B
C is a vector whose components are 0 or 1 depending on our choice of constraints(Hard or Soft). Mtrix M1 is a (large) positive penalty matrix.The problem with formulation given by equation 6.14 is that the rst requirementcan not be guaranteed. As an alternative a logical variable δ can be dened such that
[δ = 0] ←→ [εi = 0, ∀i = 1, ..., s],
and minimizeminx,ε,δ
x′Sx + ε′M1ε + M2δ
where M2 > maxx∈X x′Sx and M1 decides the trade-off between cost and cn-straint violation, when no feasible solution exists to the hard-constrained problem.As a nal note it must be emphasized that a solution of the optimization problemfor x always must be tried with ε = 0 → δ = 0 for the best result.
Priorities. Constraint violation can also be considered at r levels of priority byintroducing r 01 variables δi, i = 1, ..., r by letting
42
[δ1 = 0] ←→ [ε1 = 0, ..., εi1 ] (6.15)[δ2 = 0] ←→ [εi1+1 = 0, ..., εi2 ] ∧ [δ1 = 0] (6.16)
...[δr = 0] ←→ [εir−1+1 = 0, ..., εir ] ∧ [δ1 = δ2 = ... = δr−1 = 0] (6.17)
This is a series of parity equations where it for every δi = 0 is required that δi−1 =... = δ1 = 0.The optimization problem, extended with the priority of constraints, is then to min-imize
x′Sx + ε′M1ε + M2
r∑
i=1
δi.
6.4 Predictive Control Strategy
Basic idea. : Find the best future control strategy from all the possible ones byperforming on-line numerical optimization.This approach is an excellent choice for some industrial sectors, because the opti-mization problem can be informed about important constraints on the system. Mainreasons for using this strategy are
It handles multivariable control problem natually It can take account of actuator limitations It allows operations closed to constraints
The requirements. for employing this strategy are:
An explicit internal model is needed (is used to predict the behaviour of the plant,starting at time k, over a future prediction horizon, denoted by HP
Need lot of Computing capacity (for online computation)
Since the predicted behaviour depends on the input trajectory u(k + 1|k), i =0, ..., HP−1 the problem will be to select the input for which we obtain the best1predictive behaviour.
1 This quality is judged by some performance index, usually some quadratic terms such asr(t|k)− y(t|k) for some t. r(t|k) is the reference trajectory, i.e. the ideal trajectory alongwhich the plant should return to the set point trajectory, and y is the predicted output
43
6.4.1 Implementation procedure
Assumption. We assume that the internal model is strictly proper, i.e. value of y(k)depends on u(k − 1), u(k − 2), . . . but NOT u(k) (which is dened after y(k) ismeasured).
The implementation procedure is as follows: for each time step k
1. Compute and nd u(k|k), (k+1|k), . . . u(k+Hp|k) as the best input sequence2. Choose u(k|k) as the best input and then go to 1)
6.5 Predictive Control of MLD systems
We need following notations and denition:Let the vector xe ∈ Rnc × 0, 1nl and ue ∈ Rmc × 0, 1ml .
Denition 6.5.1. A vector xe is said to be an equilibrium state for MLD system5.165.18 if [x′e u′e]′ ∈ G and x(t, t0, xe, ue) = xe, ∀t ≥ t0,∀t0 ∈ Z. The pair issaid to be an equilibrium pair.
Denition 6.5.2. Let (xe, ue) be an equilibrium pair for the MLD system, and letthe system be well posed. Assume that I , limt→∞ It and J , limt→∞ Jt exist.For i ∈ I, j ∈ J , let δe,i, ze,i the corresponding equilibrium auxiliary variables.An auxiliary vector δ (or z) is said to be denitely admissible if δi = δe,i, ∀i ∈ I,(zj = ze,j , ∀j ∈ J ), and ∃te such that
E2tδ + E3tz ≤ E1tue + E4txe + E5t, ∀t ≥ te (6.18)
Now, consider an equilibrium pair (xe, ue) and let (δe, ze) be denitely admissi-ble. furthermore, let the components δe,i, ze,j i ∈ I, j ∈ J correspond to desiredsteady-state values for the indenite auxiliary variables.-let t be the current time and x(t) the current state
Consider the following optimal control problem
minvT−1
0 J(vT−1
0 , x(t)) ,T−1∑
k=0
||v(k)− ue||2Q1+ ||δ(k|t)− δe||2Q2
+||z(k|t)− ze||2Q3+ ||x(k|t)− xe||2Q4
+||y(k|t)− ye||2Q5(6.19)
subject to
44
x(T |t) = xe
x(k + 1|t) = Ax(k|t) + B1v(t) + B2δ(k|t) + B3z(k|t)y(k|t) = Cx(k|t) + D1v(t) + D2δ(k|t) + D3z(k|t)E2δ(k|t) + E3z(k|t) ≤ E1v(t) + E4x(k|t) + E5
(6.20)
where Q1 = Q′1 > 0, Q2 = Q′2 ≥ 0, Q3 = Q′3 ≥ 0, Q4 = Q′
4 > 0, Q5 = Q′5 ≥ 0,x(k|t) , x(t + k, x(t), vk−1
0 ), and δ(k|t), z(k|t), y(k|t) are similarly dened.
Assume that the optimal solution v∗t (k)k=0,...,T−1 exists. According to the reced-ing horizon philosophy, set
u(t) = v∗t (0), (6.21)and disregard the subsequent inputs v∗t (1), . . . , v∗t (T − 1), and repeat the wholeoptimization procedure at time t + 1. The control law 6.196.21 is refered to asMixed integer predictive Control (MIPC) law.
45
A. Notation
Basics
Rn denotes the n-dimensional Euclidean space. ‖x‖ =
√x2
1 + x22 + . . . + x2
n denotes the standard (Euclidean) norm in Rn. Z denotes the set of integers, . . . ,−2,−1, 0, 1, 2, . . .. x ∈ A means that x belongs to the set A
P (X) denotes the power set of X , i.e. the set of all subsets of X . As an example,let X = 1, 2, 3. Then P (X) = 0, 1, 2, 3, 1, 2, 1, 3, 2, 3, 1, 2, 3.
f(·) : A → B denotes a function mapping every element x ∈ A to an elementf(x) ∈ B.
∃ there exists, ∀ for all, ! unique, 3 such that, iff if and only if. ∧ logical AND, ∨ logical OR, ¬ logical NOT. Given two sets Q and X , the product is denoted by Q ×X . The result is the set
of pairs (q,x) i.e.Q×X = (q, x)|q ∈ Q ∧ x ∈ X
Variables
A set of variables, Y , is a set of symbols. The set of valuations, Y of a set of variables Y is the set of all possible values
these variables can assume. A valuation, y, can be thought of as a map y : Y → Y. We will be concerned mainly with two types of variables:
Continuous variables, X , with x ∈ X = Rn, for some n ∈ N. Discrete variables, Q, with q ∈ Q ⊆ Z.
y will sometimes be used to refer either to a variable or to its valuation. Theinterpretation should be clear from the context.
46
References
A., B. and M. Morari (1999, March). Control of systems integrating logic, dy-namics, and constraints. Automatica, Special issue on hybrid systems 35(3),407427.
Alur, R. and D. Dill (1990). A theory of timed automata. Theoretical ComputerScience 126, 183235, preliminary versions appeared in Proc. 17th ICALP,LNCS 443, 1990, and Real Time: Theory in Practice, LNCS 600, 1991.
Alur, R., R. Grosu, I. Lee, , and O. Sokolsky (2001, April). Compositional re-nement for hierarchical hybrid systems. In M. G. Claire Tomlin (Ed.), Hy-brid Systems: Computation and Control (HSCC 2000), LNCS, pp. 3348.Springer-Verlag.
Alur, R. and T. Henzinger (1996). Reactive modules. In Proceedings of the 11thAnnual Symposium on Logic in Computer Science, pp. 207218. IEEE Com-puter Society Press.
Alur, R. and T. Henzinger (1997). Modularity for timed and hybrid systems. InProceedings of the Eighth International Conference on Concurrency Theory(CONCUR 1997), Number 1243 in LNCS, pp. 7488. Springer Verlag.
Antsaklis, P., J. Stiver, and M. Lemmon (1993). Hybrid systems modelling andautonomous control systems. In A. Nerode, R. Grossman, A. Ravn, andH. Rischl (Eds.), Hybrid Systems, Lecture Notes in Computer Science 736,pp. 366392. Springer-Verlag.
Arnold, A., A. Vincent, and I. Walukiewicz. Games for synthesis of controlelrswith partial observations. TCS. To appear, preprint 22 February 2002.
Asarin, E., T. Dang, O. Maler, and O. Bournez (2002). The d/dt tool for verica-tion of hybrid systems. In B. Krogh and N. Lynch (Eds.), CAV'2002, Volume2404 of LNCS, pp. 365370. Springer-Verlag.
Back, A., J. Guckenheimer, and M. Myers (1993). A dynamical simulation facil-ity for hybrid systems. In A. Nerode, R. Grossman, A. Ravn, and H. Rischl(Eds.), Hybrid Systems, Lecture Notes in Computer Science 736, pp. 255267. Springer-Verlag.
Bak, T., J. D. Bendtsen, and A. P. Ravn (2003, April). Hybrid control design fora wheeled mobile robot. In O. Maler and A. Pnueli (Eds.), Hybrid Systems:Computation and Control (HSCC 2003), Volume 2623 of LNCS, pp. 5065.Springer-Verlag.
47
Balluchi, A., L. Benvenuti, M. D. D. Benedetto, C. Pinello, A. Luigi, andSangiovanni-Vincentelli (2000, July). Automotive engine control and hybridsystems: Challenges and opportunities. Proceedings of the IEEE 88(7), 888912.
Branicky, M. (1995, June). Studies in Hybrid Systems: Modeling, Analysis, andControl. Doctor of science thesis, Massachusetts Institute of Technology, De-partment of Electrical Engineering and Computer Science.
Branicky, M. (1996). General hybrid dynamical systems: Modeling, analysis, andcontrol. In T. H. R. Alur and E. Sontag (Eds.), Hybrid Systems III: Vericationand Control, Number 1066 in LNCS, pp. 186200. Springer Verlag.
Branicky, M. S. (1998). Multiple Lyapunov functions and other analysis toolsfor switched and hybrid systems. IEEE Transactions on Automatic Con-trol 43(4), 475482.
Brockett, R. W. (1993). Hybrid models for motion control systems. In H. Trentel-man and J. Willems (Eds.), Essays in Control: Perspectives in the Theory andIts Applications, pp. 2953. Birkhuser.
Chaochen, Z., A. Ravn, and M. Hansen (1993). An extended duration calculus forhybrid real-time systems. In A. Nerode, R. Grossman, A. Ravn, and H. Rischl(Eds.), Hybrid Systems, Lecture Notes in Computer Science 736, pp. 3659.Springer-Verlag.
Chutinan, A. and B. Krogh (2003, January). Computational techniques for hybridsystem verication. IEEE Transactions on Automatic Control 48(1), 6475.
Daws, C., A. Olivero, S. Tripakis, and S. Yovine (1995, 2225 October). The toolKRONOS. In Hybrid Systems III: Verication and Control, Volume 1066,Rutgers University, New Brunswick, NJ, USA, pp. 208219. Springer.
Ghosh, R., A. Tiwari, and C. Tomlin (2003, April). Automated symbolic reacha-bility analysis with application to delta-notch signaling automata. In O. Malerand A. Pnuelu (Eds.), Hybrid Systems: Computation and Control HSCC, Vol-ume 2623 of LNCS, pp. 233248. Springer.
Hedlund, S. and A. Rantzer (1999, December). Optimal control of hybridsystems. In Proceedings 38th IEEE Conference on Decision and Control,Phoenix, Arizona.
Henzinger, T. (1996). The theory of hybrid automata. In Proceedings of the 11thAnnual IEEE Symposium on Logic in Computer Science (LICS '96), NewBrunswick, New Jersey, pp. 278292.
Henzinger, T. A., P.-H. Ho, and H. Wong-Toi (1995). A user guide to hytech. InTools and Algorithms for Construction and Analysis of Systems, pp. 4171.
Hooman, J. (1993). A compositional approah to the design of hybrid systems.In A. Nerode, R. Grossman, A. Ravn, and H. Rischl (Eds.), Hybrid Systems,Lecture Notes in Computer Science 736, pp. 121148. Springer-Verlag.
Johansson, M. and A. Rantzer (1998). Computation of piecewise quadratic lya-punov functions for hybrid systems. IEEE Transactions on Automatic Con-trol 43(4), 555559.
48
Kesten, Y., A. Pnueli, J. Sifakis, and S. Yovine (1993). Integration graphs: Aclass of decidable hybrid systems. In A. Nerode, R. Grossman, A. Ravn, andH. Rischl (Eds.), Hybrid Systems, Lecture Notes in Computer Science 736,pp. 179208. Springer-Verlag.
Kurzhanski, A. and P. Varaiya (1998). Ellipsoidal techniques for reachabilityanalysis. (preprint).
Lygeros, J., D. Godbole, and S. Sastry (1996). Multiagent hybrid system designusing game theory and optimal control. In Proceedings IEEE Conference onDecision and Control, Kobe, Japan, pp. 11901195.
Lygeros, J., D. N. Godbole, and S. Sastry (1998). Veried hybrid controllers forautomated vehicles. IEEE Transactions on Automatic Control 43(4), 522539.
Lynch, N., R. Segala, F. Vaandrager, and H. Weinberg (1996). Hybrid I/O au-tomata. In Hybrid Systems III, Number 1066 in LNCS, pp. 496510. SpringerVerlag.
Maler, O., A. Pnueli, and J. Sifakis (1995). On the synthesis of discrete con-trollers for timed systems. In Theoretical Aspects of Computer Science, Num-ber 900 in LNCS, pp. 229242. Springer Verlag.
Mitchell, I., A. Bayen, and C. Tomlin (2001). Validating a hamilton-jacobi ap-proximation to hybrid system reachable sets. In M. D. D. Benedetto andA. Sangiovanni-Vincentelli (Eds.), Hybrid Systems: Computation and Con-trol (HSCC 2001), pp. 418432. Springer-Verlag.
Nerode, A. and W. Kohn (1993). Models for hybrid systems: Automata, topolo-gies, controlability and observability. In A. Nerode, R. Grossman, A. Ravn,and H. Rischl (Eds.), Hybrid Systems, Lecture Notes in Computer Science736, pp. 317356. Springer-Verlag.
Pnueli, A. and R. Rossner (1990, December). Distributed reactive systems arehard to synthesize. In Proceedings 31th IEEE Symposium, foundations ofcomputer science (FOCS), pp. 747757.
Ramadge, P. and W. Wonham (1987, jan). Supervisory control of a class of dis-crete event processes. SIAM Journal on Control and Optimization 25(1), 206230.
Ravn, A. P., T. J. Eriksen, M. Holdgaard, and H. Rischel (1998). Engineeringof real-time systems with an experiment in hybrid control. In G. Rozenbergand F. W. Vaandrager (Eds.), Embedded Systems, Volume 1494 of LNCS, pp.316352. Springer-Verlag.
Ravn, A. P., H. Rischel, M. Holdgaard, T. J. Eriksen, F. Conrad, and T. O. Ander-sen (1995). Hybrid control of a robot - a case study. In P. Antsaklis, W. Cohn,A. Nerode, and S. Sastry (Eds.), Hybrid SystemsI, Volume 999 of LNCS, pp.391404. Springer-Verlag.
Sontag, E. (1981). Nonlinear regulation: The piecewise linear approach. IEEETransaction on Automatic Control 26(2), 16921708.
Tabuada, P., G. J. Pappas, and P. Lima (2002, April). Composing abstractions ofhybrid systems. In M. G. Claire Tomlin (Ed.), Hybrid Systems: Computation
49
and Control (HSCC 2002), Volume 2289 of LNCS, pp. 436450. Springer-Verlag.
Tomlin, C., G. Pappas, and S. Sastry (1998). Conict resolution in multi-agentsystems: A case study in air trafc control. IEEE Transactions on AutomaticControl 43(4), 509521.
Varaiya, P. (1993). Smart cars on smart roads: problems of control. IEEE Trans-actions on Automatic Control AC-38(2), 195207.
Wong-Toi, H. (1997). The synthesis of controllers for linear hybrid automata. In36th Conference on Decision and Control, New Brunswick, New Jersey, pp.46074612.
50
