Basic Controller Properties

Given a plant hybrid automaton and a property our goal is to find a controller that satisfies the property.

Memoryless Controllers

A controller, C, is called memoryless (or sometimes pure feedback) if for all χ, χ^ ∈ H^∗ ending at the same state, C(χ) = C(χ^). A memoryless controllers can be characterized by a feedback map:

g : Q× X → 2^U

To prevent technical problems we again restrict our attention to memoryless controllers such that for all (q, x)∈ Q × X ∅ = g(q, x) ⊆ φ(q, x). Given a plant, H, and a memoryless controller, g, we can defined the closed loop open hybrid automaton, H_g = (Q, X, V , Init, f , I, E, G, R, φg), where φg(q, x) = φ(q, x)∩ g(q, x). It is easy to show that:

Proposition 6.1 If C is memoryless controller with feedback map g, then Hg =HC. This property allows one to nest controller synthesis problems, provided they can be solved by memoryless controllers. In general, is unclear whether the set of closed loop causal executions is the set of executions of some hybrid automaton.

For properties of the form (Q∪ X, 2F ), it turns out that it it suffices to look for a solution among memoryless controllers.

Proposition 6.2 A controller that satisfies property (Q∪ X, 2F ) exists if and only if a memoryless controller that satisfies (Q∪ X, 2F ) exists.

Proof: The if part is obvious. For the only if part, assume that there exists a controller C that solves the synthesis problem (H,2F ), but there does not exist a feedback controller that solves the synthesis problem. Therefore, there must exist (q, x)∈ F and two different finite executions χ₁ = (τ₁, q₁, x₁, (u₁, d₁))∈ HC and χ₂ = (τ₂, q₂, x₂, (u₂, d₂))∈ HC ending in (q, x) such that C(q₁, x₁)= C(q₂, x₂). Moreover, the “information” about whether (q, x) was reached via χ₁or whether it was reached via χ₂must be essential for subsequent control decisions.

More formally, assume (q, x) is reached via χ₂, and let χ^denote a subsequent execution, that is assume that the concatenation χ₂χ^ belongs toH. Note that, since χ₁ also ends in (q, x), χ₁χ^ also belongs to H. Let χ₂χ^ = (τ₂^, q₂^, x^₂, (u^₂, d^₂)) and χ₁χ^ = (τ₁^, q^₁, x^₁, (u^₁, d^₁)).

Assume that for all t ∈ τ₂^ \ τ2, a control u(t) ∈ C((q₁^, x^₁) ↓t) is applied (instead of a control u(t)∈ C((q₂^, x^₂)↓t)). Then, as the fact that (q, x) was reached via χ₂ is essential, there must exist a subsequent execution χ^ such that χ₂χ^ ∈ H (in fact χ₂χ^ ∈ H \ HC) and 2F (χ2χ^) = False. This implies that there exists t∈ τ₂^ such that (q₂^(t), x^₂(t))∈ F^c. Since C is assumed to solve the synthesis problem and χ₂∈ HC,2F (χ₂) = True, therefore t∈ τ₂^ \ τ₂.

However, since for all t ∈ τ₂^ \ τ₂, u(t) ∈ C((q₁^, x^₁) ↓t), and (τ₁^, q₁^, x^₁, (u^₁, d^₁)) ∈ H, we have that χ₁χ^ ∈ HC. But the above discussion indicates that there exists t ∈ τ₁^ (in fact

t∈ τ₁^\ τ₁) such that (q^₁(t), x^₁(t))∈ F^c. This contradicts the assumption that C solves the synthesis problem (H,2F ).

Motivated by Proposition 6.2, we restrict our attention to feedback controllers. For brevity, we refer to the problem of finding a controller for a plant H that satisfies a specification (Q∪ X, 2F ) as the controller synthesis problem (H, 2F ).

Controlled Invariant Sets

Typically, for a controller synthesis problem one treats the set of initial conditions, Init, as variable and attempts to establish the largest set of states for which there exists a controller that satisfies the specification. This set of initial conditions turns out to be a “controlled invariant set”.

Definition 6.1 (Controlled Invariant) A set W ⊆ Q × X is called controlled invariant if there exists a controller that solves the controller synthesis problem (H^,2W ) when H^ is identical to H except for Init^ which is equal to W .

A controlled invariant set W is called maximal if it is not a proper subset of another controlled invariant set. We say a controller renders W invariant if it solves the controller synthesis problem (H^,2W ) where Init^ = W .

Proposition 6.3 A controller that solves the synthesis problem (H,2F ) exists if and only if there exists a unique maximal controlled invariant W ⊆ Q × X such that Init ⊆ W ⊆ F . Proof: If there exists any control invariant W ⊆ F (in particular, if there exists a unique maximal one) then, by definition, the synthesis problem (H,2F ) can be solved for I = W . For the only if part, if the synthesis problem can be solved for some Init, there exists a set Init and a feedback controller g such that for all d and for all (q( ₀, x₀)∈ (Init the execution for all t∈ τ. Therefore, controller g renders the set W invariant.

Having established the existence of controlled invariant subsets of F , consider now two such sets W₁ ⊆ F and W2 ⊆ F . We show that their union is also a controlled invariant subset of F . Clearly W₁ ∪ W₂ ⊆ F . For i = 1, 2, as Wi is controlled invariant, there exists a feedback controller g_i that solves the controller synthesis problem (H,2Wi), with Init = Wi. Consider the feedback controller g with:

g(q, x) =

 g₁(q, x) if (q, x)∈ W₁ g₂(q, x) otherwise

Consider an arbitrary (q₀, x₀) ∈ W₁∪ W₂. Then either (q₀, x₀) ∈ W₁ or (q₀, x₀) ∈ (W₁∪ W₂)\W1 ⊆ W2. In the first case, all executions are guaranteed to satisfy2W1as g₁ renders

W₁ invariant. For the second case, consider an arbitrary execution χ = (τ, q, x, (u, d)) with u(t)∈ g(q(t), x(t)) for all t ∈ τ. Since g₂ solves the controller synthesis problem (H,2W₂) with Init = W₂, either 2(W₂ \ W₁)(χ) = True or (q, x) ∈ W₂ \ W₁ until (q, x) ∈ W₁, which brings us back to the first case. Hence, g solves the controller synthesis problem (H,2(W₁∪ W₂)) with Init = W₁∪ W₂, and the set W₁∪ W₂ is controlled invariant.

Summarizing, the class of controlled invariant subsets of F is closed under union. Hence, it possesses a unique maximal element.

Least Restrictive Controllers

We would like to derive a memoryless controller that solves the problem while imposing minimal restrictions on the controls it allows. There are at least two reasons why such a controller is desirable:

1. As discussed above, safety properties can sometimes be satisfied using trivial con-trollers (that cause deadlocks or zeno executions for example). Imposing as few re-strictions as possible allows us to find a meaningful controller whenever possible.

2. In many cases multiple, prioritized specifications are given for a particular problem.

Imposing fewer restrictions on the controls when designing controllers for higher pri-ority specifications allows us greater flexibility when trying to satisfy lower pripri-ority specifications.

Memoryless controllers that solve the synthesis problem (H,2F ) can be partially ordered by the relation:

g₁ $ g₂⇔ g₁(x)⊆ g₂(x) for all x∈ X

Definition 6.2 A memoryless controller that solves (H,2F ) is called least restrictive if it is maximal among the controllers that solve (H,2F ).

There is a conjecture that for every controller synthesis problem (H,2F ) either there is no solution or there exists a unique least restrictive controller that solves the problem. As of now there is no proof of this fact however.

Some Remarks on “Implementation”

The notion of a controller introduced above may be inadequate when it comes to imple-mentation. For one thing, the set valued map g allows non-deterministic choices of control inputs. Since in practice only one input can be applied to the system at any time, this nondeterminism has to somehow be resolved when it comes time to implement such a con-troller. The set valued map can in this sense be thought of as a family of single valued controllers; implementation involves choosing one controller from this family.

Normally, one would “implement” a controller by another hybrid automaton, which, when composed with the plant automaton yields the desired behavior. To do this one would need to introduce output variables to the hybrid automaton and define formal semantics for composition, as in Lecture 8. The process is slightly more complicated for the models

considered here because of the presence of the state dependent input constraints, encoded by φ.

We assume that the entire state is available to the controller. In general this will not be the case. If a controller is to be implemented by a hybrid automaton, the information the controller has about the plant is obtained through the valuations of the output variables of the plant, which are not necessarily in one to one correspondence with the valuations of the state variables. The controller synthesis problem under partial observation (output feedback) is much more complicated than the full observation (state feedback) problem addressed here (partly because it makes it harder to define composition as discussed above).