To our knowledge, all the control synthesis tools PESSOA [60], SCOTS [78], MASCOT [44], ROCS [55], and ARCS [16] construct finite abstractions with an enumerative algorithm. That is, they apply a number of operations that are proportional with the number of discrete states in the abstraction. The pseudo-code presented in Algorithm 1 is one common method to construct a system abstraction of F (x ∪ u, x+). It uses forward reachable set overapproximations OutputOverapprox(·). It exhaustively traverses a collection of discrete states which each correspond to a set within a partition. Note that := signifies an assignment operation and is distinct from the operations for equality assertion = and equivalence checking ==. Algorithm 1 Enumerative Abstraction
1: Fix spatial quantizers Qi, Qo
2: F := ⊥ˆ . Universal Abstraction
3: for all partitions I ⊆ D(i) induced by Qi do
4: OA := OutputOverapprox(F, I) 5: OA := ocoarsen(OA, Qo)
6: IO := comp(I, OA)
7: F := ˆˆ F ∨ IO . Adds transitions. Assumes I disjointness.
Algorithm 1 has some desirable properties. It is an “anytime algorithm”, so even if the loop terminates early, ˆF is a valid abstraction, albeit one that may be of little use because there will be parts of the input space that are not sampled. The input grid traversal on line 3 is actually a nested for loop with depth equal to the dimension of the input space. This is the main source for the exponential runtime.
The abstraction ˆF is constructed by iteratively adding transitions via the disjunction in line 7. This approach imposes design constraints on other parts of Algorithm 1. Specifically, disjointness of input sets is a key property enforced by line 3. Without disjointness, line 7 adds many more transitions than necessary and makes the interface exhibit unnecessary non-determinism, causing one to make coarser abstractions rather than finer ones! ROCS [55] and ARCS [16] do not fix a spatial quantizer like in Algorithm 1 and instead abstract systems by implementing splitting/bisection operations to adaptively construct partitions. However, both are still instances of an enumerative abstraction procedures.
Algorithm 2 (visualized in Figure 4.4) is a generalization of Algorithm 1 that is both more flexible and can exhibit dramatically reduced runtimes with comparable results. It is the result of modifications to specific parts of Algorithm 1. First, line 7’s disjunction is changed to a shared refinement operation. Shared refinement reduces down to the disjunction under the input disjointness condition. Second, disjoint input sets are no longer generated by line 3’s loop. Instead, at each iteration any arbitrary subset of the input space can be chosen. Third, the fixed quantization from line 1 is changed so that a desired quantization level can be chosen at each iteration. On iterations with a smaller input set a finer granularity can be chosen if desired, while for larger sets a coarser granularity can be chosen.
Algorithm 2 Abstraction Through Shared Refinement
1: F := ⊥ˆ . Universal Abstraction
2: repeat
3: Pick an input set I ⊆ D(i). . Sink Interface
4: OA := OutputOverapprox(F, I) . Source Interface
5: IO := comp(I, OA) . Equal to I ∧ O
6: Pick desired quantizatizers Qi, Qo
7: IO := icoarsen(IO, Qi)
8: IO := ocoarsen(IO, Qo)
9: F := refine( ˆˆ F , IO) 10: until User specified condition
Example 4 illustrates the key idea behind how Algorithm 2 can leverage overlapping input sets to implicitly create more discrete states than the number of loop iterations. Example 4. Let I1∧ O1 and I2∧ O2 be two interfaces generated in the same manner as IO in Proposition 2. The shared refinement interface outputted by Algorithm 2
(I1∨ I2) ∧ (I1 ⇒ O1) ∧ (I2 ⇒ O2) (5.19) is logically equivalent to
(I1 ∧ I2∧ O1∧ O2) ∨ (I1∧ ¬I2∧ O1) ∨ (¬I1∧ I2∧ O2). (5.20) If I1 and I2 correspond to disjoint sets, then this simplifies to the output of Algorithm 1
(I1∧ O1) ∨ (I2∧ O2) (5.21)
because I1 ∧ I2 ⇔ ⊥, I1 ⇒ ¬I2 and I2 ⇒ ¬I1. If I1 and I2 are not disjoint, then (5.20) can be viewed as three reach set overapproximations O1∧ O2, O1 and O2 for three respective disjoint input sets I1∧ I2, ¬I1∧ I2, and I1∧ ¬I2. By leveraging overlapping input domains, Algorithm 2 has generated three discrete states despite only being provided two interfaces I1∧ O1 and I2∧ O2.
Figure 5.3: A 8 × 8 partition induced by overlaying a 4 × 4 partition and a 5 × 5 partition. Note that 42+ 52 < 82. For grids of dimension N , this technique reduces the number of iterations by a factor of roughly 2N −1. An initial factor of roughly 2N is achieved by doubling the cell width along
each dimension, but iterating over two grids reduces this factor to 2N −1.
Suppose one needs to construct a finite abstraction over an 8 × 8 grid. Algorithm 1 would exhaustively iterate over the full 64 element grid. Each iteration constructs an input interface that is disjoint from the other ones. Switching to Algorithm 2 lets one use the overlapping property of shared refinement to reduce the number of iterations while still inducing a grid of the desired granularity. Figure 5.3 depicts a simple two dimensional version of the iteration procedure where a higher granularity grid is constructed by two coarser grids that are offset from one another. This technique generally yields a more conservative abstraction than the one obtained by a full granularity traversal, but leads to a reduction in abstraction runtime. The runtime is reduced by a factor that increases with the state dimension.