Conference PaperPDF Available

Synthesis of Symbolic Controllers: A Parallelized and Sparsity-Aware Approach


Abstract and Figures

The correctness of control software in many safety-critical applications such as autonomous vehicles is very crucial. One approach to achieve this goal is through "symbolic control", where complex physical systems are approximated by finite-state abstractions. Then, using those abstractions, provably-correct digital controllers are algorithmi-cally synthesized for concrete systems, satisfying some complex high-level requirements. Unfortunately, the complexity of constructing such abstractions and synthesizing their controllers grows exponentially in the number of state variables in the system. This limits its applicability to simple physical systems. This paper presents a unified approach that utilizes sparsity of the inter-connection structure in dynamical systems for both construction of finite abstractions and synthesis of symbolic controllers. In addition, parallel algorithms are proposed to target high-performance computing (HPC) platforms and Cloud-computing services. The results show remarkable reductions in computation times. In particular, we demonstrate the effectiveness of the proposed approach on a 7-dimensional model of a BMW 320i car by designing a controller to keep the car in the travel lane unless it is blocked.
Content may be subject to copyright.
Synthesis of Symbolic Controllers:
A Parallelized and Sparsity-Aware Approach ?
Mahmoud Khaled1, Eric S. Kim2, Murat Arcak2, and Majid Zamani3,4
1Department of Electrical and Computer Engineering, Technical University of
Munich, Germany
2Department of Electrical Engineering and Computer Sciences, University of
California Berkeley, Berkeley, CA, USA
3Department of Computer Science, University of Colorado Boulder, USA
4Department of Computer Science, Ludwig Maximilian University of Munich,
Abstract. The correctness of control software in many safety-critical
applications such as autonomous vehicles is very crucial. One approach
to achieve this goal is through “symbolic control”, where complex phys-
ical systems are approximated by finite-state abstractions. Then, using
those abstractions, provably-correct digital controllers are algorithmi-
cally synthesized for concrete systems, satisfying some complex high-
level requirements. Unfortunately, the complexity of constructing such
abstractions and synthesizing their controllers grows exponentially in
the number of state variables in the system. This limits its applicability
to simple physical systems.
This paper presents a unified approach that utilizes sparsity of the inter-
connection structure in dynamical systems for both construction of finite
abstractions and synthesis of symbolic controllers. In addition, parallel
algorithms are proposed to target high-performance computing (HPC)
platforms and Cloud-computing services. The results show remarkable
reductions in computation times. In particular, we demonstrate the ef-
fectiveness of the proposed approach on a 7-dimensional model of a BMW
320i car by designing a controller to keep the car in the travel lane unless
it is blocked.
1 Introduction
Recently, the world has witnessed many emerging safety-critical applications
such as smart buildings, autonomous vehicles and smart grids. These applica-
tions are examples of cyber-physical systems (CPS). In CPS, embedded control
software plays a significant role by monitoring and controlling several physical
variables, such as pressure or velocity, through multiple sensors and actuators,
?This work was supported in part by the H2020 ERC Starting Grant AutoCPS.
2 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
and communicates with other systems or with supporting computing servers.
A novel approach to design provably correct embedded control software in an
automated fashion, is via formal method techniques [10, 11], and in particular
symbolic control.
Symbolic control provides algorithmically provably-correct controllers based
on the dynamics of physical systems and some given high-level requirements.
In symbolic control, physical systems are approximated by finite abstractions
and then discrete (a.k.a. symbolic) controllers are automatically synthesized for
those abstractions, using automata-theoretic techniques [5]. Finally, those con-
trollers will be refined to hybrid ones applicable to the original physical systems.
Unlike traditional design-then-test workflows, merging design phases with for-
mal verification ensures that controllers are certified-by-construction. Current
implementations of symbolic control, unfortunately, take a monolithic view of
systems, where the entire system is modeled, abstracted, and a controller is syn-
thesized from the overall state sets. This view interacts poorly with the symbolic
approach, whose complexity grows exponentially in the number of state variables
in the model. Consequently, the technique is limited to small dynamical systems.
1.1 Related Work
Recently, two promising techniques were proposed for mitigating the computa-
tional complexity of symbolic controller synthesis. The first technique [2] utilizes
sparsity of internal interconnection of dynamical systems to efficiently construct
their finite abstractions. It is only presented for constructing abstractions while
controller synthesis is still performed monolithically without taking into account
the sparse structure. The second technique [4] provides parallel algorithms tar-
geting high performance (HPC) computing platforms, but suffers from state-
explosion problem when the number of parallel processing elements (PE) is fixed.
We briefly discuss each of those techniques and propose an approach that effi-
ciently utilizes both of them.
Many abstraction techniques implemented in existing tools, including SCOTS
[9], traverse the state space in a brute force way and suffer from an exponen-
tial runtime with respect to the number of state variables. The authors of [2]
note that a majority of continuous-space systems exhibit a coordinate structure,
where the governing equation for each state variable is defined independently.
When the equations depend only on few continuous variables, then they are
said to be sparse. They proposed a modification to the traditional brute-force
procedure to take advantage of such sparsity only in constructing abstractions.
Unfortunately, the authors do not leverage sparsity to improve synthesis of sym-
bolic controllers, which is, practically, more computationally complex. In this
paper, we propose a parallel implementation of their technique to utilize HPC
platforms. We also show how sparsity can be utilized, using a parallel implemen-
tation, during the controller synthesis phase as well.
The framework pFaces [4] is introduced as an acceleration ecosystem for im-
plementations of symbolic control techniques. Parallel implementations of the
abstraction and synthesis algorithms are introduced as computation kernels in
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 3
pFaces, which were originally done serially in SCOTS [9]. The proposed algo-
rithms treat the problem as a data-parallel task and they scale remarkably well
as the number of PEs increases. pFaces allows controlling the complexity of
symbolic controller synthesis by adding more PEs. The results introduced in [4]
outperform all exiting tools for abstraction construction and controller synthe-
sis. However, for a fixed number of PEs, the algorithms still suffer from the
state-explosion problem.
In this paper, we propose parallel algorithms that utilize the sparsity of the
interconnection in the construction of abstraction and controller synthesis. In
particular, the main contributions of this paper are twofold:
(1) We introduce a parallel algorithm for constructing abstractions with a dis-
tributed data container. The algorithm utilizes sparsity and can run on HPC
platforms. We implement it in the framework of pFaces and it shows remark-
able reduction in computation time compared to the results in [2].
(2) We introduce a parallel algorithm that integrates sparsity of dynamical sys-
tems into the controller synthesis phase. Specifically, a sparsity-aware pre-
processing step concentrates computational resources in a small relevant sub-
set of the state-input space. This algorithm returns the same result as the
monolithic procedure, while exhibiting lower runtimes. To the best of our
knowledge, the proposed algorithm is the first to merge parallelism with
sparsity in the context of symbolic controller synthesis.
2 Preliminaries
Given two sets Aand B, we denote by |A|the cardinality of A, by 2Athe
set of all subsets of A, by A×Bthe Cartesian product of Aand B, and by
A\Bthe Pontryagin difference between the sets Aand B. Set Rnrepresents
the n-dimensional Euclidean space of real numbers. This symbol is annotated
with subscripts to restrict it in the obvious way, e.g., Rn
+denotes the positive
(component-wise) n-dimensional vectores. We denote by πA:A×BAthe
natural projection map on Aand define it, for a set CA×B, as follows:
πA(C) = {aA| ∃bB(a, b)C}. Given a map R:ABand a set A ⊆ A,
we define R(A) := S
{R(a)}. Similarly, given a set-valued map Z:A2B
and a set A ⊆ A, we define Z(A) := S
We consider general discrete-time nonlinear dynamical systems given in the
form of the update equation:
Σ:x+=f(x, u),(1)
where xXRnis a state vector and uURmis an input vector. The
system is assumed to start from some initial state x(0) = x0Xand the map
fis used to update the state of the system every τseconds. Let set ¯
Xbe a
finite partition on Xconstructed by a set of hyper-rectangles of identical widths
+and let set ¯
Ube a finite subset of U. A finite abstraction of (1) is a
4 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
Fig. 1: The sparsity graph of the vehicle example as introduced in [2].
finite-state system ¯
Σ= ( ¯
X, ¯
U , T ), where T¯
Xis a transition relation
crafted so that there exists a feedback-refinement relation (FRR) R ⊆ Xׯ
from Σto ¯
Σ. Interested readers are referred to [8] for details about FRRs and
their usefulness on synthesizing controllers for concrete systems using their finite
For a system Σ, an update-dependency graph is a directed graph of verticies
representing input variables {u1, u2,· · · , um}, state variables {x1, x2,· · · , xn},
and updated state variables {x+
1, x+
2,· · · , x+
n}, and edges that connect input
(resp. states) variables to the affected updated state variables based on map
f. For example, Figure 1 depicts the update-dependency graph of the vehicle
case-study presented in [2] with the update equation:
f1(x1, x3, u1, u2)
f2(x2, x3, u1, u2)
f3(x3, u1, u2)
for some nonlinear functions f1, f2, and f3. The state variable x3affects all
updated state variables x+
2, and x+
3. Hence, the graph has edges connecting
x3to x+
2, and x+
3, respectively. As update-dependency graphs become denser,
sparsity of their corresponding abstract systems is reduced. The same graph
applies to the abstract system ¯
We sometimes refer to ¯
U, and Tas monolithic state set, monolithic input
set and monolithic transition relation, respectively. A generic projection map
is used to extract elements of the corresponding subsets affecting the updated
state ¯x+
i. Note that A¯
X:= ¯
X2× · · · × ¯
Xnwhen we are interested in
extracting subsets of the state set and A¯
U:= ¯
U2× · · ·× ¯
Umwhen we are
interested in extracting subsets of the input set. When extracting subsets of the
state set, πiis the projection map π¯
Xk2×···× ¯
XkK, where kj∈ {1,2,· · · , n},
j∈ {1,2,· · · , K}, and ¯
Xk2× · ·· × ¯
XkKis a subset of states affecting the
updated state variable ¯x+
i. Similarly, when extracting subsets of the input set,
πiis the projection map π¯
Up2×···× ¯
UpP, where pi∈ {1,2,· · · , m},i∈ {1,2,
· · · , P },¯
Up2× · · · × ¯
UpPis a subset of inputs affecting the updated state
variable ¯x+
For example, assume that the monolithic state (resp. input) set of the system
Σin Figure 1 is given by ¯
X:= ¯
X3(resp. ¯
U:= ¯
U2) such
that for any ¯x:= (¯x1,¯x2,¯x3)¯
Xand ¯u:= (¯u1,¯u2)¯
U, one has ¯x1¯
X2, ¯x3¯
X3, ¯u1¯
U1, and ¯u2¯
U2. Now, based on the dependency
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 5
graph, Pf
1x) := π¯
X3x) = ( ¯x1,¯x3) and Pf
1u) := π¯
U2u) = ( ¯u1,¯u2). We
can also apply the map to subsets of ¯
Xand ¯
U, e.g., Pf
X) = ¯
X3, and
U) = ¯
For a transition element t= (¯x, ¯u, ¯x0)T, we define Pf
i(t) := (Pf
ix), P f
Xix0)), for any component i∈ {1,2,· · · , n}. Note that for t, the successor state
¯x0is treated differently as it is related directly to the updated state variable ¯x+
We can apply the map to subsets of T, e.g., for the given update-dependency
graph in Figure 1, one has Pf
1(T) = ¯
On the other hand, a generic recovery map
is used to recover elements (resp. subsets) from the projected subsets back to
their original monolithic sets. Similarly, A¯
X:= ¯
X2× · · · × ¯
Xnwhen we
are interested in subsets of the state set and A¯
U:= ¯
U2× · · · × ¯
we are interested in subsets of the input set.
For the same example in Figure 1, let ¯x:= ( ¯x1,¯x2,¯x3)¯
Xbe a state. Now,
define ¯xp:= Pf
1x) = ( ¯x1,¯x3). We then have Df
1xp) := {( ¯x1,¯x
Similarly, for a transition element t:= ((¯x1,¯x2,¯x3),(¯u1,¯u2),(¯x0
3)) T
and its projection tp:= Pf
1(t) = ((¯x1,¯x3),( ¯u1,¯u2),(¯x0
1)), the recovered transi-
tions is the set Df
1(tp) = {((¯x1,¯x
2,¯x3),u1,¯u2),( ¯x0
3)) |¯x
X2, ¯x0∗
X2, and ¯x0∗
Given a subset e
X, let [ e
X] := Df
X). Note that [ e
X] is not necessarily
equal to e
X. However, we have that e
X]. Here, [ e
X] over-approximates e
For an update map fin (1), a function f:¯
hyper-rectangles that over-approximate the reachable sets starting from a set
Xwhen the input ¯uis applied. For example, if a growth bound map (β:
Rn×URn) is used, fcan be defined as follows:
fx, ¯u) = (xlb , xub ) := (r+fxc,¯u), r +fxc,¯u)),
where r=β(η/2, u), and ¯xc¯xdenotes the centroid of ¯x. Here, βis the growth
bound introduced in [8, Section VIII]. An over-approximation of the reachable
sets can then be obtained by the map Of:¯
Xdefined by:
Ofx, ¯u) := Qf( ¯x, ¯u),
where Qis a quantization map defined by:
Q(xlb, xub ) = {¯x0¯
X|¯x0[[xlb, xub ]] 6=∅},(2)
where [[xlb, xub ]] = [xlb,1, xub,1]×[xlb,2, xub,2]× · · · × [xlb,n, xub,n ].
We also assume that Ofcan be decomposed component-wise (i.e., for each
dimension i∈ {1,2,· · · , n}) such that for any (¯x, ¯u)¯
U,Ofx, ¯u) =
i=1 Df
ix), P f
iu))), where Of
X)is an over-
approximation function restricted to component i∈ {1,2,· · · , n}of f. The same
assumption applies to the underlying characterization function f.
6 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
Algorithm 1: Serial algorithm for constructing abstractions (SA).
Input: ¯
X, ¯
U , Of
Output: A transition relation T¯
1T← ∅ ;Initialize the set of transitions
2for all ¯x¯
3for all ¯u¯
4for all ¯x0Of(¯x, ¯u)do
5TT∪ {x, ¯u, ¯x0)};Add a new transition
Algorithm 2: Serial sparsity-aware algorithm for constructing abstrac-
tions (Sparse-SA) as introduced in [2].
Input: ¯
X, ¯
U , Of
Output: A transition relation T¯
X;Initialize the set of transitions
2for all i∈ {1,2,· · · , n}do
X), P f
U), Of
i) ; Transitions of sub-spaces
i(Ti) ; Add transitions of sub-spaces
3 Sparsity-aware distributed constructions of abstractions
Traditionally, constructing ¯
Σis achieved monolithically and sequentially. This
includes current state-of-the-art tools, e.g. SCOTS [9], PESSOA [6], CoSyMa [7], and
SENSE [3]. More precisely, such tools have implementations that serially traverse
each element (¯x, ¯u)¯
Uto compute a set of transitions {x, ¯u, ¯x0)|¯x0
Ofx, ¯u)}. Algorithm 1 presents the traditional serial algorithm (denoted by SA)
for constructing ¯
The drawback of this exhaustive search was mitigated by the technique intro-
duced in [2] which utilizes the sparsity of ¯
Σ. The authors suggest constructing
Tby applying Algorithm 1 to subsets of each component. Algorithm 2 presents
a sparsity-aware serial algorithm (denoted by Sparse-SA) for constructing ¯
Σ, as
introduced in [2]. If we assume a bounded number of elements in subsets of each
component (i.e., |Pf
X)|and |Pf
U)|from line 3 in Algorithm 2), we would
expect a near-linear complexity of the algorithm. This is not clearly the case
in [2, Figure 3] as the authors decided to use Binary Decision Diagrams (BDD)
to represent transition relation T.
Clearly, representing Tas a single storage entity is a drawback in Algorithm
2. All component-wise transition sets Tiwill eventually need to push their results
into T. This hinders any attempt to parallelize it unless a lock-free data structure
is used, which affects the performance dramatically.
On the other hand, Algorithm 2 in [4] introduces a technique for constructing
Σby using a distributed data container to maintain the transition set Twithout
constructing it explicitly. In [4], using a continuous over-approximation fis
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 7
Algorithm 3: Proposed sparsity-aware parallel algorithm for con-
structing discrete abstractions.
Input: ¯
X, ¯
U , Ωf
Output: A list of characteristic sets: K:=
1for all i∈ {1,2,· · · , n}do
2for all p∈ {1,2,· · · , P }do
loc,i ← ∅ ;Initialize local containers
6for all i∈ {1,2,· · · , n}in parallel do
7for all (¯x, ¯u)Pf
U)in parallel with index jdo
8p=I(i, j) ; Identify target PE
9(xlb, xub )f(¯x, ¯u) ; Calculate characteristics
10 Kp
loc,i Kp
loc,i ∪ {x, ¯u, (xlb , xub ))};Store characteristics
11 end
12 end
Fig. 2: An example task distributions for the parallel sparsity-aware abstraction.
favored as opposed to the discrete over-approximation Ofsince it requires less
memory in practice. The actual computation of transitions (i.e., using Ofto
compute discrete successor states) is delayed to the synthesis phase and done
on the fly. The parallel algorithm scales remarkably with respect to the number
of PEs, denoted by P, since the task is parallelizable with no data dependency.
However, it still handles the problem monolithically which means, for a fixed P,
it will not probably scale as the system dimension ngrows.
We then introduce Algorithm 3 which utilizes sparsity to construct ¯
parallel, and is a combination of Algorithm 2 in [4] and Algorithm 2. Function
I:N+\ {∞} × N+\ {∞} → {1,2,· · · , P }maps a parallel job (i.e., lines 9
and 10 inside the inner parallel for-all statement), for a component iand a
tuple (¯x, ¯u) with index j, to a PE with an index p=I(i, j ). Kp
loc,i stores the
characterizations of abstraction of ith component and is located in PE of index p.
Collectively, K1
loc,1,. . . , Kp
loc,i,. . . , K P
loc,n constitute a distributed container that
stores the abstraction of the system.
Figure 2 depicts an example of the job and task distributions for the example
presented in Figure 1. Here, we use P= 6 with a mapping Ithat distributes one
partition element of one subset Pf
U) to one PE. We also assume that
the used PEs have equal computation power. Consequently, we try to divide each
8 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
0 10 20 30 40 50 60 70 80 90 100
Dimension of the state set
Time (sec.)
Serial algorithm for sparsity-aware abstraction
Distributed algorithm for sparsity-aware abstraction
Fig. 3: Comparison between the serial and parallel algorithms for constructing
abstractions of a traffic network model by varying the dimensions.
subset Pf
U) into two equal partition elements such that we have, in
total, 6 similar computation spaces. Inside each partition element, we indicate
which distributed storage container Kp
loc,i is used.
To assess the distributed algorithm in comparison with the serial one pre-
sented in [2], we implement it in pFaces. We use the same traffic model presented
in [2, Subsection VI-B] and the same parameters. For this example, the authors
of [2] construct Ti, for each component i∈ {1,2,· · · , n}. They combine them
incrementally in a BDD that represents T. A monolithic construction of Tfrom
Tiis required in [2] since symbolic controllers synthesis is done monolithically.
On the other hand, using Kp
loc,i in our technique plays a major role in reducing
the complexity of constructing higher dimensional abstractions. In Subsection
4, we utilize Kp
loc,i directly to synthesize symbolic controllers with no need to
explicitly construct T.
Figure 3 depicts a comparison between the results reported in [2, Figure 3]
and the ones obtained from our implementation in pFaces. We use an Intel Core
i5 CPU, which comes equipped with an internal GPU yielding around 24 PEs
being utilized by pFaces. The implementation stores the distributed containers
loc,i as raw-data inside the memories of their corresponding PEs. As expected,
the distributed algorithm scales linearly and we are able to go beyond 100 di-
mensions in a few seconds, whereas Figure 3 in [2] shows only abstractions up
to a 51-dimensional traffic model because constructing the monolithic Tbegins
to incur an exponential cost for higher dimensions.
Remark 1. Both Algorithms 2 and 3 utilize sparsity of Σto reduce the space
complexity of abstractions from |¯
U|to Pn
i=1 |Pf
U)|. However,
Algorithm 2 iterates over the space serially. Algorithm 3, on the other hand,
handles the computation over the space in parallel using PPEs.
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 9
4 Sparsity-aware distributed synthesis of symbolic
Given an abstract system ¯
Σ= ( ¯
X, ¯
U , T ), we define the controllable predecessor
map CP r eT: 2 ¯
Ufor Z¯
CP r eT(Z) = {x, ¯u)¯
U|∅6=Tx, ¯u)π¯
where Tx, ¯u) is an interpretation of the transitions set Tas a map T:¯
Xthat evaluates a set of successor states from a state-input pair. Sim-
ilarly, we introduce a component-wise controllable predecessor map CP reTi:
U), for any component i∈ {1,2,· · · , n}and any
Z:= Pf
i(Z) := πPf
U)(Z), as follows:
CP r eTi(e
Z) = {x, ¯u)Pf
U)|∅6=Tix, ¯u)π¯
Proposition 1. The following inclusion holds for any i∈ {1,2,· · · , n}and any
i(CP r eT(Z)) CP reTi(Pf
Proof. Consider an element zpPf
i(CP r eT(Z)). This implies that there exists
Usuch that zCP reT(Z) and zp=Pf
i(z). Consequently, Ti(zp)6=
since T(z)6=. Also, since zCP r eT(Z), then T(z)π¯
X(Z). Now, recall how
Tiis constructed as a component-wise set of transitions in line 2 in Algorithm
2. Then, we conclude that Ti(zp)π¯
i(Z)). By this, we already satisfy the
requirements in (4) such that zp= (¯x, ¯u)C P reTi(Z).
Here, we consider reachability and invariance specifications given by the LTL
formulae ψand ψ, respectively, where ψis a propositional formula over a set
of atomic propositions AP . We first construct an initial winning set Zψ={x,
U|Lx, ¯u)|=ψ)}, where L:¯
U2AP is some labeling function.
During the rest of this section, we focus on reachability specifications for the sake
of space and a similar discussion can be pursued for invariance specifications.
Traditionally, to synthesize symbolic controllers for the reachability specifi-
cations ψ, a monotone function:
G(Z) := CP r eT(Z)Zψ(5)
is employed to iteratively compute Z=µZ.G(Z) starting with Z0=. Here,
a notation from µ-calculus is used with µas the minimal fixed point operator
and Z¯
Uis the operated variable representing the set of winning pairs
x, ¯u)¯
U. Set Z¯
Urepresents the set of final winning pairs,
after a finite number of iterations. Interested readers can find more details in [5]
and the references therein. The transition map Tis used in this fixed-point
computation and, hence, the technique suffers directly from the state-explosion
10 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
Algorithm 4: Traditional serial algorithm to synthesize Cenforcing
the specification ψ.
Input: Initial winning domain Zψ¯
Uand T
Output: A controller C:¯
1Z← ∅ ;Initialize a running win-pairs set
Xw← ∅ ;Initialize a running win-states set
4Z0Z;Current win-pairs gets latest win-pairs
5ZCP r eT(Z0)Zψ;Update the running win-pairs set
6DZ\Z0;Separate the new win-pairs
7foreach ¯xπ¯
X(D)with ¯x6∈ ¯
Xw∪ {¯x};Add new win-states
9Cx) := {¯u¯
U|x, ¯u)D};Add new control actions
10 end
11 while Z6=Z0;
problem. Algorithm 4 depicts a traditional serial algorithm of symbolic controller
synthesis for reachability specifications. The synthesized controller is a map C:
U, where ¯
Xrepresents a winning (a.k.a. controllable) set of
states. Map Cis defined as: Cx) = {¯u¯
U|x, ¯u)µj( ¯x)Z.G(Z)}, where
jx) = inf {iN|¯xπ¯
X(µiZ.G(Z))}, and µiZ.G(Z) represents the set of
state-input pairs by the end of the ith iteration of the minimal fixed point
A parallel implementation that mitigates the complexity of the fixed-point
computation is introduced in [4, Algorithm 4]. Briefly, for a set Z¯
U, each
iteration of µZ.G(Z) is computed via parallel traversal in the complete space
U. Each PE is assigned a disjoint set of state-input pairs from ¯
it declares whether, or not, each pair belongs to the next winning pairs (i.e.,
G(Z)). Although the algorithm scales well w.r.t P, it still suffers from the state-
explosion problem for a fixed P. We present a modified algorithm that utilizes
sparsity to reduce the parallel search space at each iteration.
First, we introduce the component-wise monotone function:
Gi(Z) := CP r eTi(Pf
i(Z)) Pf
for any i∈ {1,2,· · · , n}and any Z¯
U. Now, an iteration in the sparsity-
aware fixed-point can be summarized by the following three steps:
(1) Compute the component-wise sets Gi(Z). Note that Gi(Z) lives in the set
(2) Recover a monolithic set Gi(Z), for each i∈ {1,2,· · · , n}, using the map Df
and intersect these sets. Formally, we denote this intersection by:
[G(Z)] :=
Note that [G(Z)] is an over-approximation of the monolithic set G(Z), which
we prove in Theorem 1.
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 11
(3) Now, based on the next theorem, there is no need for a parallel search in
Uand the search can be done in [G(Z)]. More accurately, the search
for new elements in the next winning set can be done in [G(Z)] \Z.
Theorem 1. Consider an abstract system ¯
Σ= ( ¯
X, ¯
U , T ). For any set Z
Proof. Consider any element zG(Z). This implies that zZ,zZψor
zCP r eT(Z). We show that z[G(Z)] for any of these cases.
Case 1 [zZ]: By the definition of map Pf
i, we know that Pf
i(Z). By the
monotonicity of map Gi,Pf
i(Z)Gi(Z). This implies that Pf
Also, by the definition of map Df
i, we know that zDf
i(Gi(Z)). The above
argument holds for any component i∈ {1,2,· · · , n}which implies that z
i(Gi(Z))) = [G(Z)].
Case 2 [zZψ]: The same argument used for the previous case can be used for this
one as well.
Case 3 [zC P reT(Z)]: We apply the map Pf
ito both sides of the inclusion.
We then have Pf
i(CP r eT(Z)). Using Proposition 1, we know that
i(CP r eT(Z)) CP reTi(Z). This implies that Pf
i(z)CP r eTi(Pf
From (6) we obtain that Pf
i(z)Gi(Z), and consequently, zDf
The above argument holds for any component i∈ {1,2,· · · , n}. This, conse-
quently, implies that zTn
i(Gi(Z))) = [G(Z)], which completes the
Remark 2. An initial computation of the controllable predecessor is done component-
wise in step (1) which utilizes the sparsity of ¯
Σand can be easily implemented
in parallel. Only in step (3) a monolithic search is required. However, unlike the
implementation in [4, Algorithm 4], the search is performed only for a subset of
U, which is [G(Z)] \Z.
Note that dynamical systems pose some locality property (i.e., starting from
nearby states, successor states are also nearby) and an initial winning set will
grow incrementally with each fixed-point iteration. This makes the set [G(Z)]\Z
relatively small w.r.t |¯
U|. We clarify this and the result in Theorem 1 with
a small example.
4.1 An Illustrative Example
For the sake of illustrating the proposed sparsity-aware synthesis technique, we
provide a simple two-dimensional example. Consider a robot described by the
following difference equation:
12 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
Fig. 4: A visualization of one arbitrary fixed-point iteration of the sparsity-aware
synthesis technique for a two-dimensional robot system.
target set
Obstacles to be avoided Undescoverd
Latest winning set Z
[G(Z)] nZ
Orange area:
Search space
Black box:
for next Z
Obstacles to be avoided
Iteration 5 Iteration 228
Fig. 5: The evolution of the fixed-point sets for the robot example by the end of
fixed-point iterations 5 (left side) and 228 (right side). A video of all iterations
can be found in:
where (x1, x2)¯
X:= ¯
X2is a state vector and (u1, u2)¯
U:= ¯
U2is an
input vector. Figure 4 shows a visualization of the sets related to this sparsity-
aware technique for symbolic controller synthesis for one fixed-point iteration.
Set Zψis the initial winning-set (a.k.a. target-set for reachability specifications)
constructed from a given specification (e.g., a region in ¯
Xto be reached by
the robot) and Zis the winning-set of the current fixed-point iteration. For
simplicity, all sets are projected on ¯
Xand the readers can think of ¯
Uas an
additional dimension perpendicular to the surface of this paper.
As depicted in Figure 4, the next winning-set G(Z) is over-approximated
by [G(Z)], as a result of Theorem 1. Algorithm 4 in [4] searches for G(Z) in
U2). This work suggests searching for G(Z) in [G(Z)] \Z
4.2 A sparsity-aware parallel algorithm for symbolic controller
We propose Algorithm 5 to parallelize sparsity-aware controller synthesis. The
main difference between this and Algorithm 4 in [4] are lines 9-12. They cor-
respond to computing [G(Z)] at each iteration of the fixed-point computation.
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 13
Algorithm 5: Proposed parallel sparsity-aware algorithm to synthesize
Cenforcing specification ψ.
Input: Initial winning domain Zψ¯
Uand T
Output: A controller C:¯
1Z← ∅ ;Initialize a shared win-pairs set
Xw← ∅ ;Initialize a shared win-states set
4Z0Z;Current win-pairs set gets latest win-pairs
5for all p∈ {1,2,· · · , P }do
loc ← ∅ ;Initialize a local win-pairs set
w,loc ← ∅ ;Initialize a local win-states set
U;Initialize [G(Z)]
10 for all i∈ {1,2,· · · , n}do
11 [G][G]Df
i(Gi(Z)) ; Over-approximate
12 end
13 for all (¯x, ¯u)[G]\Zin parallel with index jdo
14 p=I(i) ; Identify a PE
15 P osts QKp
loc(¯x, ¯u) ; Compute successor states
16 if P osts Z0Zψthen
17 Zp
loc Zp
loc ∪ {x, ¯u)};Record a winning pair
18 ¯
w,loc ¯
w,loc ∪ {¯x};Record a winning state
19 if ¯x6∈ π¯
20 Cx)C( ¯x)∪ {¯u};Record a control action
21 end
22 end
23 end
24 for all p∈ {1,2,· · · , P }do
25 ZZZp
loc ;Update the shared win-pairs set
26 ¯
w,loc ;Update the shared win-states set
27 end
28 while Z6=Z0;
Line 13 is modified to do the parallel search inside [G(Z)] \Zinstead of ¯
in the original algorithm. The rest of the algorithm is well documented in [4].
The algorithm is implemented in pFaces as updated versions of the kernels
GBFP and GBFPmin [4]. We synthesize a reachability controller for the robot
example presented earlier. Figure 5 shows an arena with obstacles depicted as
red boxes. It depicts the result at the fixed point iterations 5 and 228. The blue
box indicates the target set (i.e., Zψ). The region colored with purple indicates
the current winning states. The orange region indicates [G(Z)] \Z. The black
box is the next search region which is a rectangular over approximation of the
[G(Z)] \Z. We over-approximate [G(Z)] \Zwith such rectangle as it is straight-
forward for PEs in pFaces to work with rectangular parallel jobs. The synthesis
problem is solved in 322 fixed-point iterations. Unlike the parallel algorithm
in [4] which searches for the next winning region inside ¯
Uat each iteration,
the implementation of the proposed algorithm reduces the parallel search by an
average of 87% when searching inside the black boxes in each iteration.
14 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
Fig. 6: An autonomous vehicle trying to avoid a sudden obstacle on the highway.
5 Case Study: Autonomous Vehicle
We consider a vehicle described by the following 7-dimensional discrete-time
single track (ST) model [1]:
6=x6+τ µm
Iz(lr+lf)lfCS,f (glru2hcg )x3+ (lrCS,r (glf+u2hcg )lfCS,f (glr
u2hcg))x7(lflfCS,f (glru2hcg ) + l2
rCS,r(glf+u2hcg )) x6
7=x7+τ µ
x4(lf +lr)CS,f (glru2hcg )x3(CS,r (glf+u2hcg ) + CS,f (glr
u2hcg))x7+ (Cs,r (glf+u2hcg )lrCS,f (glru2hcg)lf)x6
where x1and x2are the position coordinates, x3is the steering angle, x4is
the heading velocity, x5is the yaw angle, x6is the yaw rate, and x7is the
slip angle. Variables u1and u2are inputs and they control the steering angle
and heading velocity, respectively. Input and state variables are all members
of R. The model takes into account tire slip making it a good candidate for
studies that consider planning of evasive maneuvers that are very close to the
physical limits. We consider an update period τ= 0.1 seconds and the following
parameters for a BMW 320i car: m= 1093 [kg] as the total mass of the vehicle,
µ= 1.048 as the friction coefficient, lf= 1.156 [m] as the distance from the
front axle to center of gravity (CoG), lr= 1.422 [m] as the distance from the
rear axle to CoG, hcg = 0.574 [m] as the hight of CoG, Iz= 1791.0 [kg m2]
as the moment of inertia for entire mass around z axis, CS,f = 20.89 [1/rad]
as the front cornering stiffness coefficient, and CS,r = 19.89 [1/rad] as the rear
cornering stiffness coefficient.
To construct an abstract system ¯
Σ, we consider a bounded version of the state
set X:= [0,84] ×[0,6] ×[0.18,0.8] ×[12,21] ×[0.5,0.5] ×[0.8,0.8] ×[0.1,
0.1], a state quantization vector ηX= (1.0,1.0,0.01,3.0,0.05,0.1,0.02), a input
set U:= [0.4,0.4] ×[4,4], and an input quantization vector ηU= (0.1,0.5).
We are interested in an autonomous operation of the vehicle on a highway.
Consider a situation on two-lane highway when an accident happens suddenly on
the same lane on which our vehicle is traveling. The vehicle’s controller should
find a safe maneuver to avoid the crash with the next-appearing obstacle. Figure
6 depicts such a situation. We over-approximate the obstacle with the hyper-box
[28,50] ×[0,3] ×[0.18,0.8] ×[12,21] ×[0.5,0.5] ×[0.8,0.8] ×[0.1,0.1].
Symbolic Controllers: a Parallelized and Sparsity-Aware Approach 15
Table 1: Used HW configurations for testing the proposed technique.
Identifier Description PEs Frequency
HW1Local machine: Intel Xeon E5-1620 8 3.6 GHz
HW2AWS instance p3.16xlarge: Intel(R) Xeon(R) E5-2686 64 2.3 GHz
HW3AWS instance c5.18xlarge: Intel Xeon Platinum 8000 72 3.6 GHz
Table 2: Results obtained after running the experiments EX1and EX2.
EX1(Memory = 22.1 G.B.)
U|= 23.8×109
EX2(Memory = 49.2 G.B.)
U|= 52.9×109
HW Time
This work Speedup HW Time
This work Speedup
HW22.1 hours 0.5 hours 4.2x HW124 hours 8.7 hours 2.7x
HW31.9 hours 0.4 hours 4.7x HW28.1 hours 3.2 hours 2.5x
We run the implementation on different HW configurations. We use a lo-
cal machine and instances from Amazon Web Services (AWS) cloud computing
services. Table 1 summarizes those configurations. We also run two different ex-
periments. For the first one (denoted by EX1), the goal is to only avoid the crash
with the obstacle. We use a smaller version of the original state set X:= [0,
50] ×[0,6] ×[0.18,0.8] ×[11,19] ×[0.5,0.5] ×[0.8,0.8] ×[0.1,0.1]. The
second one (denoted by EX2) targets the full-sized highway window (84 meters),
and the goal is to avoid colliding with the obstacle and get back to the right
lane. Table 2 reports the obtained results. The reported times are for construct-
ing finite abstractions of the vehicle and synthesizing symbolic controllers. Note
that our results outperform easily the initial kernels in pFaces which itself out-
performs serial implementations with speedups up to 30000x as reported in [4].
The speedup in EX1is higher as the obstacle consumes a relatively bigger vol-
ume in the state space. This makes [G(Z)] \Zsmaller and, hence, faster for our
6 Conclusion and Future Work
A unified approach that utilizes sparsity of the interconnection structure in dy-
namical systems is introduced for the construction of finite abstractions and
synthesis of their symbolic controllers. In addition, parallel algorithms are de-
signed to target HPC platforms and they are implemented within the framework
of pFaces. The results show remarkable reductions in computation times. We
showed the effectiveness of the results on a 7-dimensional model of a BMW 320i
car by designing a controller to keep the car in the travel lane unless it is blocked.
The technique still suffers from the memory inefficiency as inherited from
pFaces. More specifically, the data used during the computation of abstraction
and the synthesis of symbolic controllers is not encoded. Using raw data requires
larger amounts of memory. Future work will focus on designing distributed data-
structures that achieve a balance between memory size and access time.
16 M. Khaled, E. S. Kim, M. Arcak, and M. Zamani
1. Althof, M.: Commonroad: Vehicle models (version 2018a). Tech. rep., Techni-
cal University of Munich, 85748 Garching, Germany (October 2018), https:
2. Gruber, F., Kim, E.S., Arcak, M.: Sparsity-aware finite abstraction. In: Proceedings
of 56th IEEE Annual Conference on Decision and Control (CDC). pp. 2366–2371.
IEEE, USA (Dec 2017).
3. Khaled, M., Rungger, M., Zamani, M.: SENSE: Abstraction-based syn-
thesis of networked control systems. In: Electronic Proceedings in The-
oretical Computer Science (EPTCS), 272. pp. 65–78. Open Publishing
Association (OPA), 111 Cooper Street, Waterloo, NSW 2017, Australia
(June 2018).,
4. Khaled, M., Zamani, M.: pFaces: An acceleration ecosystem for symbolic con-
trol. In: Proceedings of the 22nd ACM International Conference on Hybrid Sys-
tems: Computation and Control. HSCC ’19, ACM, New York, NY, USA (2019).
5. Maler, O., Pnueli, A., Sifakis, J.: On the synthesis of discrete controllers for timed
systems. In: Mayr, E.W., Puech, C. (eds.) 12th Annual Symposium on Theoretical
Aspects of Computer Science (STACS 95). pp. 229–242. Springer Berlin Heidelberg,
Berlin, Heidelberg (1995). 76
6. Mazo, M., Davitian, A., Tabuada, P.: Pessoa: A tool for embedded controller
synthesis. In: Touili, T., Cook, B., Jackson, P. (eds.) Computer Aided Ver-
ification. pp. 566–569. Springer Berlin Heidelberg, Berlin, Heidelberg (2010). 49
7. Mouelhi, S., Girard, A., G¨ossler, G.: Cosyma: A tool for controller synthesis using
multi-scale abstractions. In: Proceedings of 16th International Conference on Hy-
brid Systems: Computation and Control. pp. 83–88. HSCC ’13, ACM, New York,
NY, USA (2013).
8. Reissig, G., Weber, A., Rungger, M.: Feedback refinement relations for the syn-
thesis of symbolic controllers. IEEE Transactions on Automatic Control 62(4),
1781–1796 (April 2017).
9. Rungger, M., Zamani, M.: Scots: A tool for the synthesis of symbolic controllers.
In: Proceedings of the 19th International Conference on Hybrid Systems: Compu-
tation and Control. pp. 99–104. HSCC ’16, ACM, New York, NY, USA (2016).
10. Tabuada, P.: Verification and control of hybrid systems, A symbolic approach.
Springer, USA (2009).
11. Zamani, M., Pola, G., Mazo Jr., M., Tabuada, P.: Symbolic models for nonlinear
control systems without stability assumptions. IEEE Transactions on Automatic
Control 57(7), 1804–1809 (July 2012).
... While this can potentially reduce the overall product system size, it does not directly provides a reduction in the size of the specification. There are other approaches that focus on system decomposition [21], hierarchical abstractions [22] and parallel computation [23], but not at the specification level. Motivated by this, we pre-process the DBA before applying the proposed control synthesis algorithm. ...
Full-text available
This paper proposes a specification-guided framework for control of nonlinear systems with linear temporal logic (LTL) specifications. In contrast with well-known abstraction-based methods, the proposed framework directly characterizes the winning set, i.e., the set of initial conditions from which a given LTL formula can be realized, over the continuous state space of the system via a monotonic operator. Following this characterization, an algorithm is proposed to practically approximate the operator via an adaptive interval subdivision scheme, which yields a finite-memory control strategy. We show that the proposed algorithm is sound for full LTL specifications, and robustly complete for specifications recognizable by deterministic B\"uchi automata (DBA), the latter in the sense that control strategies can be found whenever the given specification can be satisfied with additional bounded disturbances. Without having to compute and store the abstraction and the resulting product system with the DBA, the proposed method is more memory efficient, which is demonstrated by complexity analysis and performance tests. A pre-processing stage is also devised to reduce computational cost via a decomposition of the specification. We show that the proposed method can effectively solve real-world control problems such as jet engine compressor control and motion planning for manipulators and mobile robots.
... Abstract controller for Phase 1 Abstract controller for Phase 2 1 2 Fig. 5: Approximately optimal controller for quantitative two-phase reach-avoid problems on sampled-data systems. The switch moves in the order "1-2-off " according (13), where "off " occurs when µ ′ 2 signals stopping. ...
Full-text available
The present work deals with quantitative two-phase reach-avoid problems on nonlinear control systems. This class of optimal control problem requires the plant's state to visit two (rather than one) target sets in succession while minimizing a prescribed cost functional. As we illustrate, the naive approach, which subdivides the problem into the two evident classical reach-avoid tasks, usually does not result in an optimal solution. In contrast, we prove that an optimal controller is obtained by consecutively solving two special quantitative reach-avoid problems. In addition, we present a fully-automated method based on Symbolic Optimal Control to practically synthesize for the considered problem class approximately optimal controllers for sampled-data nonlinear plants. Experimental results on parcel delivery and on an aircraft routing mission confirm the practicality of our method.
ion-based techniques are an attractive approach for synthesizing correct-by-construction controllers to satisfy high-level temporal requirements. A main bottleneck for successful application of these techniques is the memory requirement, both during controller synthesis (to store the abstract transition relation) and in controller deployment (to store the control map). We propose memory-efficient methods for mitigating the high memory demands of the abstraction-based techniques using neural network representations . To perform synthesis for reach-avoid specifications, we propose an on-the-fly algorithm that relies on compressed neural network representations of the forward and backward dynamics of the system. In contrast to usual applications of neural representations, our technique maintains soundness of the end-to-end process. To ensure this, we correct the output of the trained neural network such that the corrected output representations are sound with respect to the finite abstraction. For deployment, we provide a novel training algorithm to find a neural network representation of the synthesized controller and experimentally show that the controller can be correctly represented as a combination of a neural network and a look-up table that requires a substantially smaller memory. We demonstrate experimentally that our approach significantly reduces the memory requirements of abstraction-based methods. We compare the performance of our approach with the standard abstraction-based synthesis on several models. For the selected benchmarks, our approach reduces the memory requirements respectively for the synthesis and deployment by a factor of 1.31× 10 ⁵ and 7.13× 10 ³ on average, and up to 7.54× 10 ⁵ and 3.18× 10 ⁴ . Although this reduction is at the cost of increased off-line computations to train the neural networks, all the steps of our approach are parallelizable and can be implemented on machines with higher number of processing units to reduce the required computational time.
Conference Paper
Full-text available
The correctness of control software in many safety-critical applications such as autonomous vehicles is crucial. One technique to achieve correct control software is called "symbolic control", where complex systems are approximated by fnite-state abstractions. Then, using those abstractions, provably-correct digital controllers are algorithmically synthesized for concrete systems, satisfying complex high-level requirements. Unfortunately, the complexity of synthesizing such controllers grows exponentially in the number of state variables. However, if distributed implementations are considered, high-performance computing platforms can be leveraged to mitigate the effects of the state-explosion problem. We propose pFaces, an extensible software-ecosystem, to accelerate symbolic control techniques. It facilitates designing parallel algorithms and supervises their executions to utilize available computing resources. To demonstrate its capabilities, novel parallel algorithms are designed for abstraction-based controller synthesis. Then, they are implemented inside pFaces and dispatched, for parallel execution, in different heterogeneous computing platforms, including CPUs, GPUs and Hardware Accelerators (HWAs). Results show remarkable reduction in the computation time by several orders of magnitudes as number of processing elements (PEs) increases, which easily outperforms all the existing tools.
Full-text available
While many studies and tools target the basic stabilizability problem of networked control systems (NCS), nowadays modern systems require more sophisticated objectives such as those expressed as formulae in linear temporal logic or as automata on infinite strings. One general technique to achieve this is based on so-called symbolic models, where complex systems are approximated by finite abstractions, and then, correct-by-construction controllers are automatically synthesized for them. We present tool SENSE for the construction of finite abstractions for NCS and the automated synthesis of controllers. Constructed controllers enforce complex specifications over plants in NCS by taking into account several non-idealities of the communication channels. Given a symbolic model of the plant and network parameters, SENSE can efficiently construct a symbolic model of the NCS, by employing operations on binary decision diagrams (BDDs). Then, it synthesizes symbolic controllers satisfying a class of specifications. It has interfaces for the simulation and the visualization of the resulting closed-loop systems using OMNETPP and MATLAB. Additionally, SENSE can generate ready-to-implement VHDL/Verilog or C/C++ codes from the synthesized controllers.
Full-text available
We present an abstraction and refinement methodology for the automated controller synthesis to enforce general predefined specifications. The designed controllers require quantized (or symbolic) state information only and can be interfaced with the system via a static quantizer. Both features are particularly important with regard to any practical implementation of the designed controllers and, as we prove, are characterized by the existence of a feedback refinement relation between plant and abstraction. Feedback refinement relations are a novel concept of system relations introduced in this paper. Our work builds on a general notion of system with set-valued dynamics and possibly non-deterministic quantizers to permit the synthesis of controllers that robustly, and provably, enforce the specification in the presence of various types of uncertainties and disturbances. We identify a class of abstractions that is canonical in a well-defined sense, and provide a method to efficiently compute canonical abstractions of perturbed nonlinear sampled systems. We demonstrate the practicality of our approach on two examples -- a path planning problem for a mobile robot and an aircraft landing maneuver. --- This paper has received the 2019 George S Axelby Award of the IEEE Control Systems Society. ---
Technical Report
Full-text available
In the past years several different abstraction techniques were developed to facilitate the analysis and design of hybrid systems. In this paper we complement the theoretical work underlying abstractions based on approximate simulations and bisimulations by moving from theory to practice. We introduce a tool, named Pessoa, for the synthesis of correct-by-design embedded control software. We describe the the-oretical underpinnings of Pessoa, its algorithmic implemen-tation, and illustrate its use on the synthesis of control soft-ware for several examples.
Conference Paper
Full-text available
)Oded Maler1Amir Pnueli2Joseph Sifakis11Spectre -- Verimag, Miniparc-zirst, 38330 Montbonnot, France,Oded.Maler@imag.fr2Dept. of Computer Science, Weizmann Inst. Rehovot 76100, Israel, This paper presents algorithms for the automatic synthesisof real-time controllers by finding a winning strategy for certain gamesdefined by the timed-automata of Alur and Dill. In such games, theoutcome depends on the players" actions as well as...
Full-text available
Finite-state models of control systems were proposed by several researchers as a convenient mechanism to synthesize controllers enforcing complex specifications. Most techniques for the construction of such symbolic models have two main drawbacks: either they can only be applied to restrictive classes of systems, or they require the exact computation of reachable sets. In this paper, we propose a new abstraction technique that is applicable to any nonlinear sampled-data control system as long as we are only interested in its behavior in a compact set. Moreover, the exact computation of reachable sets is not required. The effectiveness of the proposed results is illustrated by synthesizing a controller to steer a vehicle.
Conference Paper
We introduce SCOTS a software tool for the automatic controller synthesis for nonlinear control systems based on symbolic models, also known as discrete abstractions. The tool accepts a differential equation as the description of a nonlinear control system. It uses a Lipschitz type estimate on the right-hand-side of the differential equation together with a number of discretization parameters to compute a symbolic model that is related with the original control system via a feedback refinement relation. The tool supports the computation of minimal and maximal fixed points and thus natively provides algorithms to synthesize controllers with respect to invariance and reachability specifications. The atomic propositions, which are used to formulate the specifications, are allowed to be defined in terms of finite unions and intersections of polytopes as well as ellipsoids. While the main computations are done in C++, the tool contains a Matlab interface to simulate the closed loop system and to visualize the abstract state space together with the atomic propositions. We illustrate the performance of the tool with two examples from the literature. The tool and all conducted experiments are available at
Conference Paper
We introduce CoSyMA, a tool for automatic controller synthesis for incrementally stable switched systems based on multi-scale discrete abstractions. The tool accepts a description of a switched system represented by a set of differential equations and the sampling parameters used to define an approximation of the state-space on which discrete abstractions are computed. The tool generates a controller - if it exists - for the system that enforces a given safety or time-bounded reachability specification. We illustrate by examples the synthesized controllers and the significant performance gains during their computation.
Hybrid systems describe the interaction of software, modeled by finite-state systems such as finite-state machines, with the physical world, described by infinite-state systems such as differential equations. Verification and Control of Hybrid Systems provides a unique systematic exposition of several classes of hybrid systems, admitting symbolic models along with the relationships between them. The text outlines several key verification and control synthesis results for hybrid systems, guided by the concept of bisimulation, and illustrated by numerous examples. The book is divided into four parts: Part I presents basic concepts centered on a notion of system that is general enough to describe finite-state, infinite-state, and hybrid systems. Part II discusses the ways in which systems relate to other systems, such as behavioral inclusion/equivalence and simulation/bisimulation, using these relationships to study verification and control synthesis problems for finite-state systems. Part III draws inspiration from timed automata to present several classes of hybrid systems, with richer continuous dynamics, that can be related to finite-state symbolic systems. Once such relationships are established, verification and control synthesis problems for these hybrid systems can be immediately solved by resorting to the techniques described in Part II for finite-state systems. Part IV follows the same strategy by generalizing simulation/bisimulation relationships to approximate simulation/bisimulation relationships that can be used for a wider class of hybrid systems. This comprehensive treatment will appeal to researchers, engineers, computer scientists, and graduate students in the areas of formal methods, verification, model checking, and control and will undoubtedly inspire further study of the specialized literature. © Springer Science+Business Media, LLC 2009. All rights reserved.