- Email: [email protected]
Admissible sets for slowly-varying discrete-time systems
Automatica xxx (xxxx) xxx
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Technical communique
Admissible sets for slowly-varying discrete-time systems✩ ∗
Magnus Nilsson a,b , , Emil Klintberg a,b , Philipp Rumschinski c , Lars Johannesson Mårdh a a
Zenuity AB, Lindholmspiren 2, SE-41756, Gothenburg, Sweden Qamcom Research and Technology AB, Falkenbergsgatan 3, SE-41275 Gothenburg, Sweden c Bosch Automotive Steering GmbH, Richard-Bullinger-Straße 77, 73527, Schwäbisch Gmünd, Germany b
article
info
Article history: Received 12 August 2019 Received in revised form 12 August 2019 Accepted 9 October 2019 Available online xxxx Keywords: Safety-critical Invariant systems Robust stability
a b s t r a c t This note describes a method to calculate admissible sets for dynamical systems with slowly-varying parameters. A set of initial states is said to be admissible if all state trajectories starting within this set respect safety-critical constraints for all future time instances. For many classes of systems, the Maximal Admissible Set (MAS) equals the Maximal Robust Positive Invariant (MRPI) set. Therefore, much of the literature focus on algorithms that produce (approximations of) the MRPI set. However, for slowly-varying systems it turns out that the MAS can be larger than the MRPI set. A property referred to as the M-proximal contraction property is defined for such systems to state sufficient conditions for sets to be admissible. It is then shown that Algorithm 2 produces an admissible set that is a superset of the MRPI set. © 2019 Elsevier Ltd. All rights reserved.
1. Introduction Set invariance has been a research topic within the control community for at least four decades (Blanchini & Miani, 2008). It can be used to analyze safety properties of dynamical systems and to synthesize robust controllers (Aubin, 1991; Kerrigan, 2000; Kothare, Balakrishnan, & Morari, 1996; Pluymers, 2006; Raković, Kerrigan, Mayne, & Kouramas, 2007). The techniques are attractive for safety-critical applications, but their worst-case nature may lead to conservative restrictions on the applications’ operational domains. Provided a dynamical-system description of a safety application, it is natural to search for sets of initial states whose state trajectories never violate safety constraints. Such sets are called admissible sets, and the largest such set is called the Maximal Admissible Set (MAS). Admissible set is the subject of study in many scientific contributions in the control community; see for example Blanchini and Miani (2008), Gilbert and Tan (1991) and Pluymers (2006). Related concepts include ultimate boundedness control (Blanchini, 1994), quasi-invariance, extended invariance (Lee, Cannon, & Kouvaritakis, 2005), and ✩ The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Graziano Chesi under the direction of Editor André L. Tits. ∗ Corresponding author at: Zenuity AB, Lindholmspiren 2, SE-41756, Gothenburg, Sweden. E-mail addresses: [email protected] (M. Nilsson), [email protected] (E. Klintberg), [email protected] (P. Rumschinski), [email protected] (L.J. Mårdh).
multi-step control invariance (Fiacchini & Alamir, 2017). Emphasis often lies on searching for the MAS, which for many classes of systems coincides with the Maximal Robust Positive Invariant (MRPI) set. Therefore, algorithms are traditionally constructed with the goal to find (approximations of) the MRPI set. Much of the literature focus on systems with only specified bounds on parameters and disturbances. However, in practical problems for safety-critical systems the derived system description may provide more information about parameters and disturbances than only their bounds. One case, which often occurs in the transport sector, is when bounds are also provided on their rate of change. For that case, we show that the MAS can be larger than the MRPI set. Systems with bounded rates of change on exogeneous parameters are in the literature called systems with slowly-varying parameters or simply slowly-varying systems. Lyapunov stability can be used to analyze slowly-varying systems (Khalil, 2002), and reference governors for slowly-varying systems are treated in Kalabić and Kolmanovsky (2014), but it seems like little attention has been paid to examine admissible sets for this class of systems. In this note, we are interested in finding admissible sets for discrete-time systems subject to a slowly-varying parameter. The rest of this paper is organized as follows: Section 2 describes the class of considered systems and associated useful definitions, and motivates the concept of admissible sets for slowly-varying systems. Section 3 then lists sufficient conditions for a set to be admissible and provides an algorithm that constructs an admissible set. The main message is then clarified through a numerical example in Section 4 before we summarize and conclude in Section 5.
https://doi.org/10.1016/j.automatica.2019.108676 0005-1098/© 2019 Elsevier Ltd. All rights reserved.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
2
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
Fig. 1. Illustration of the intervals and notations introduced. The union of the subintervals is identical to the parameter interval.
The main contribution of this paper is Algorithm 2, which for systems of the form (1) provides an admissible set that is a superset of the MRPI set.
Algorithm 1 provides a conceptual algorithm to calculate the MRPI set. For each subinterval P i we denote the corresponding i MRPI sets by O∞ and say that they are P i -MRPI. Note that neither the definition of one-step nor the definition of k-step robust backward-reachable set accommodates the time evolution of the parameters. Hence, the MRPI sets obtained with Algorithm 1 ignore the additional knowledge (1b), which justifies the consideration of less conservative sets as defined in the following. Definition 5 (Safe Initial Condition). We say that an initial condition is a safe initial condition for system (1a) if x(0) ∈ X ⇒ x(k) ∈ X for k ∈ Z+ . Definition 6 (Admissible Set). A set of safe initial conditions is called an admissible set.
2. Preliminaries This note restricts analysis to discrete-time dynamical systems of the form x(k + 1) = g(x(k), w (k), p(k)),
(1a)
where x(k) ∈ Rn is the state at time instance k ∈ Z+ , w (k) ∈ W ⊆ Rm is an exogenous disturbance, p(k) ∈ P = [pmin , pmax ] ⊆ R denotes an uncertain and time-varying bounded scalar parameter, and g: Rn × Rm × R → Rn is the state-transition mapping. The state-transition mapping has no explicit dependence on k, and by this we mean that the system is time invariant. The exogenous disturbance is bounded by the compact set W , and we assume that a set of safety-critical constraints need to be respected by the state vector; that is, (∀k ∈ Z+ ) x(k) ∈ X for some compact set X . The uncertain parameter is assumed to be slowly-varying according to (∀k ∈ Z+ ) |p(k + 1) − p(k)| ≤ ε.
Definition 7 (MAS). The largest admissible set is called the Maximal Admissible Set (MAS). Algorithm 1 Calculation of MRPI set. Input: g, X Here, g is of the form (1a), and X is compact. Output: O∞ (the MRPI set) let Ω0 ← X repeat k=k+1 Ωk ← Pre(Ωk−1 , W , P ) ∩ X until Ωk ⊇ Ωk−1 O∞ ← Ωk return O∞
(1b)
For a system of the form (1), we assume that 1/ϵ is an integer and divide the parameter interval into N overlapping subintervals, P i = [pi , pi+2 ] ⊆ P , pi+1 − pi = M ϵ , for i = 0, . . . , N − 1 with p0 = pmin and pN +1 = pmax , as illustrated in Fig. 1. The integer M is the minimum number of time steps required for the parameter value to cross the overlap M ϵ . The subintervals are ordered and their union equals the parameter interval. 2.1. Basic definitions and notation Definition 1 (One-step Backward-reachable Set). For system (1a), the one-step robust backward-reachable set to the set S is defined as Pre(S , W , P ) = {x ∈ Rn |(∀w ∈ W )(∀p ∈ P ) g(x, w, p) ∈ S }. For brevity we will write Prei (S) for Pre(S , W , P i ). Definition 2 (k-step Backward-reachable Set). For a given set S , the k-step robust backward-reachable set Kk (S , W , P ) of system (1a) is defined recursively as Kj (S , W , P ) = Pre(Kj−1 (S , W , P ), W , P ), j = 1, . . . , k, K0 (S , W , P ) = S . (k)
For brevity we will write Prei (S ) for Kk (S , W , P i ). Definition 3 (RPI Set). A set O ⊆ X is said to be robust positive invariant (RPI) for (1a) if x(0) ∈ O ⇒ x(k) ∈ O for k ∈ Z+ . For each subinterval P i we denote the corresponding invariant sets by Oi , and say that they are P i -RPI. Definition 4 (MRPI Set). A set O∞ ⊆ X is said to be the maximal robust positive invariant (MRPI) set for (1a) if it is invariant and contains all invariant sets.
2.2. On controllability and computational complexity We intentionally use the term backward-reachable instead of controllable in the above definitions, which is a way to emphasize that this note only deals with autonomous systems. One reason for this, and also why we focus on the one-dimensional case, is the computationally demanding nature of the algorithm presented in this note. Control invariance would add additional computational complexity to the one-step controllable set, since it requires a projection step that is demanding for high-dimensional problems. An approach to avoid computational complexity when computing controllable sets can be found in Fiacchini and Alamir (2017), but it cannot be directly applied to systems with state constraints and disturbances, such as system (1). 2.3. On the notion of admissibility The statement that the MAS can be larger than the MRPI set motivates clarification. By its nature, set invariance does not take bounded rates of change of non-state variables into account. A natural way to account for this is to augment the state space with the parameter as an additional state variable. The MRPI set for the extended system description can be calculated by iterating the predecessor set until convergence, as in Raković, Kerrigan, Mayne, and Lygeros (2006). While this approach is a valid alternative to the approach presented here, one should note that the parameter is then driven by a disturbance whose bounds depend on the parameter value itself. In Raković et al. (2006), it is shown that the resulting MRPI set in the extended state space is the union of polyhedra, which is in general non-convex. We also remark that the resulting MRPI set with the above approach is represented in terms of the parameter, which is
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
3
the M-proximal contraction property implies that (∀k ∈ Z+ )(∃i ∈ {0, . . . , N − 1}) x(k) ∈ C i ⊆ X , and hence that S is an admissible set. Given a collection of sets, C 0 , . . . , C N −1 , Theorem 1 provides ⋂N −1 sufficient conditions to determine if the intersection i=0 C i is an admissible set. But the theorem does not inform how to construct sequences of sets that meet these conditions. Constructing sets C i that satisfy the P i -RPI condition is in principle easy to accomplish by applying Algorithm 1. One can then hope that they will all simultaneously satisfy the M-proximal contraction property as well, but there is no guarantee for it. The next section explains how to take both conditions into consideration when constructing appropriate sets. Fig. 2. Illustration of the M-proximal contraction property.
3.2. Constructing admissible sets not necessarily observed in an application for which admissible sets can be used to monitor safety. When the slowly-varying parameter is not observable, additional steps are required to find admissible sets that can be represented in the observable state space. The approach taken in this note does not require the parameter to be observable, which is one of its selling points despite being computationally demanding. So, when this note uses the terminology MRPI sets and MAS, the reader should be aware that we mean sets that can be represented in the (observable) state space, although a priori knowledge about bounded rates of change of parameters that are not part of the state may be available. The next section shows by direct construction how to find admissible sets that are supersets of the corresponding MRPI set. A case when this applies is when it is known that (unobservable) disturbances or parameters are slowly-varying but may have large bounds. 3. Admissible sets In this section we assume a given collection of sets, C 0 , . . . , C N −1 , where each set C i is associated with subinterval P i for i = 0, . . . , N − 1. We are interested in the properties of their intersection. 3.1. Sufficient conditions for sets to be admissible The following concept of M-proximal contraction enables us to formulate conditions for a set to be admissible. Definition 8 (M-proximal Contraction Property). We say that the set C i satisfies the M-proximal contraction property if x(k) ∈ ⋂i+1 C i ∧ (∀j ∈ {k, . . . , k + M − 1})p(j) ∈ P i ⇒ x(k + M) ∈ ℓ=i−1 C ℓ . The corner cases i = 0 and i = N − 1 are treated by omitting ℓ = i − 1 and ℓ = i + 1 respectively. The M-proximal contraction property is illustrated in Fig. 2. To verify if sets satisfy the property, one can iterate the one-step backward-reachable set M times on the intersections and check for containment. Theorem 1. Assume that C i ⊆ X is P i -RPI and satisfies the Mproximal ⋂N −1 i contractive property, for i = 0, . . . , N − 1. Then, S = i=0 C is an admissible set.
The conditions in Theorem 1 can be built into an algorithm to explicitly construct an admissible set. A sufficient additional step in comparison to applying Algorithm 1 on the subintervals is to add an intersection step in each iteration of the algorithm. The resulting algorithm is listed in Algorithm 2. Algorithm 2 Calculation of admissible set Input: g, M, ϵ , X Here g is of the form (1a), N = 1/(M ϵ ) is an integer that determines how the parameter interval is partitioned, and X is compact. Output: SM (an admissible set) for i = 0, . . . , N − 1 do let Ω0i ← X end for repeat for i = 0, ⋂ . . . , N − 1 do j 1 Ψki ← ji+ =i−1 Ωk ,
Ωki +1 ← Ω0i ∩ Prei (Ωki ) (M) Ωki +1 ← Ωki +1 ∩ Prei (Ψki )
▷ Added step
end for k←k+1 until (∀i ∈ {0, . . . , N − 1}) Ωki ⊇ Ωki −1 for i = 0, . . . , N − 1 do Oi ← Ωki end for⋂ N −1 SM ← i=0 Oi return SM A number of properties can immediately be stated and confirmed for Algorithm 2. Most of the proofs of the following propositions are straightforward and are therefore omitted in favor of brevity. Proposition 1. Algorithm 2 converges in the sense that limk→∞ Ωki exists (it may be the empty set). Proposition 2. 0, . . . , N − 1.
The set Oi in Algorithm 2 is P i -RPI, for i =
Proposition 3. property.
The sets Oi satisfy the M-proximal contraction
Proof. Assume x(0) ∈ S . Then, (∃i ∈ {0, . . . , N − 1})(∀k ∈ {0, . . . , M }) x(k) ∈ C i . This follows from the slowly-varying property of the parameter and the fact that all C i are P i -RPI. Furthermore, invariance and
Corollary 1. The set SM is an admissible set. Proposition 4. The admissible set SM is a superset of the MRPI set for the system.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
4
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
motivated by explaining that the MRPI set is sometimes not the same as the MAS for practical applications involving slowlyvarying systems. The M-proximal contraction property was then defined to state sufficient conditions in Theorem 1 for a set to be admissible. Thereafter, it was shown that Algorithm 2 returns an admissible set that is a superset of the MRPI set. The presented analysis considers a scalar uncertain slowlyvarying parameter. When several parameters are uncertain and slowly-varying, the overlapping intervals are generalized into overlapping sets in the parameter space. The theoretical results are easily generalized to the multi-dimensional case, but it can be computationally demanding to pursue this case due to an exponential growth of overlapping sets as a function of the number of slowly-varying parameters. A computationally feasible extension in this direction can be made, however, for additive slowlyvarying disturbances in linear polytopic systems, but illustrating that is out of scope for this note. Fig. 3. The MRPI set contained in an admissible set for the example system.
Appendix Proof. The MRPI set is O∞ = limk→∞ Ωk with Ωk as defined by Algorithm 1. By construction, at ⋂ each iteration k it holds that Ωki ⊇ Ωk for i = 1, . . . , N − 1, so Ni=−01 Ωki ⊇ Ωk . From this it follows that SM ⊇ O∞ . The number of intervals, N, imposes a value of M and vice versa, and it is non-trivial to determine how M affects the resulting set. Experience indicates that large M results in less computations compared to a small M, at the cost of finding a smaller admissible set. Although a deeper discussion of how M affects the resulting set is out of the scope of this note, the following proposition indicates a natural choice to try in practical applications. Proposition 5. M = 1.
Algorithm 2 returns the largest admissible sets for
A proof of Proposition 5 is given in Appendix. Although M = 1 returns the largest admissible set for Algorithm 2, it can be shown that it is not necessarily the MAS for system (1a)–(1b).
To prove Proposition 5 we first associate each subinterval for M = 1 with a corresponding subinterval for larger M, with the condition that the subinterval for M = 1 must be a subset of the subinterval for larger M. This defines a function, f : Z → Z, with j = f (i) such that subinterval j (for large M) is the associated subinterval for subinterval i (for M = 1). Next, we label sets for M = 1 with an underline and sets and operations for any ⋂ ⋂ f (i) larger M with overlines. We want to prove that i Ω ik ⊇ i Ω k . f (i)
We prove this by induction over k, showing that Ω ik ⊇ Ω k for i = 0, . . . , N − 1 and k = 0, 1, 2, . . .. f (i) First, it holds that Ω i0 = X ⊇ X = Ω 0 for i = 0, . . . , N − 1. f (i)
Assume that Ω ik ⊇ Ω k , for i = 0, . . . , N − 1. Then,
Ω ik+1 = Ω i0 ∩ Prei (Ω ik ) ∩ Prei (Ψ ik )
= Ω i0 ∩ Prei (Ω ik ) ∩ Prei (Ω ik−1 ) ∩ Prei (Ω ki+1 ) f (i)
f (i−1)
Prei (Ω k
i Proposition 6. Let the collection of P i -MRPI sets {O∞ }Ni=−01 be i given. If O∞ satisfy the M-proximal contraction property for i = ⋂N −1 i 0, . . . , N − 1, then Algorithm 2 returns SM = i=0 O∞ .
⊇
[
p(k) x(k + 1) = 0
]
1 x(k) + w (k), 0.5
where X = {x | ∥x∥∞ ≤ 1}, W = {w | ∥w∥∞ ≤ 0.01}, P = {p | 0.1 ≤ p ≤ 0.9}, |p(k + 1) − p(k)| ≤ ε = 0.01. By neglecting the information about the slowly-varying parameter, the MRPI set can be calculated using for example the techniques described in Pluymers (2006). However, by applying Algorithm 2 with M = 1, an admissible set is found after five iterations that is a superset of this set. Both sets are depicted in Fig. 3. 5. Summary and conclusions This note has focused on admissible sets for dynamical systems with slowly varying parameters. Such admissible sets were
f (i) Ω0
f (i+1)
) ∩ Prei (Ω k
)
f (i) Pref (i) (Ω k ) f (i−1) f (i+1) Pref (i) (Ω k ) Pref (i) (Ω k )
∩
∩
∩
4. Academic example Although Algorithm 2 is computationally demanding, it has practical applications. A driving example has been to verify safety of autonomous vehicles with speed as an a priori uncertain slowly-varying parameter (that may not be observed with highenough integrity). Due to space restrictions, however, the algorithm is here illustrated through a simple academic example. Consider the system
f (i)
⊇ Ω 0 ∩ Prei (Ω k )∩
⊇ =
f (i) Ω0 f (i) Ω k+1
f (i)
f (i)
∩ Pref (i) (Ω k ) ∩ Pref (i) (Ψ k )
for i = 0, . . . , N − 1. The first inequality holds by assumption (the inductive step), the next one holds because Pref (i) operates with a parameter interval that is a superset of the one that Prei operates on. The last inequality holds because only further intersections are added to the formula. Invoking the induction principle now completes the proof that f (i) Ω ik ⊇ Ω k for i = 0, . . . , N − 1 and k = 0, 1, 2, . . ., and hence that
⋂
i
Ω ik ⊇
⋂
i
f (i)
Ωk .
References Aubin, J.-P. (1991). Viability theory. Birkhäuser. Blanchini, F. (1994). Ultimate boundedness control for uncertain discrete-time systems via set-induced lyapunov functions. IEEE Transactions on Automatic Control, 39(2), 428–433. Blanchini, F., & Miani, S. (2008). Set-theoretic methods in control. Birkhäuser. Fiacchini, M., & Alamir, M. (2017). Computing control invariant sets is easy. arXiv preprint arXiv:1708.0479. Gilbert, E. G., & Tan, K. T. (1991). Linear systems with state and control constraints: The theory and application of maximal output admissible sets. IEEE Transactions on Automatic Control, 36(9), 1008–1020.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx Kalabić, U., & Kolmanovsky, I. (2014). Reference and command governors for systems with slowly time-varying references and time-dependent constraints. In 53rd IEEE conference on decision and control (pp. 6701–6706), Los Angeles, USA. Kerrigan, E. C. (2000). Robust constraint satisfaction: Invariant sets and predictive control (Ph.D. thesis), UK: University of Cambridge. Khalil, H. K. (2002). Nonlinear systems (3rd ed.). Prentice Hall. Kothare, M., Balakrishnan, V., & Morari, M. (1996). Robust constrained model predictive control using linear matrix inequalities. Automatica, 32(10), 1361–1379.
5
Lee, Y. I., Cannon, M., & Kouvaritakis, B. (2005). Extended invariance and its use in model predictive control. Automatica, 41(12), 2163–2169. Pluymers, B. (2006). Robust model based predictive control - an invariant set approach (Ph.D. thesis), KU Leuven. Raković, S. V., Kerrigan, E. C., Mayne, D. Q., & Kouramas, K. I. (2007). Optimized robust control invariance for linear discrete-time systems: Theoretical foundations. Automatica, 43(5), 831–841. Raković, S. V., Kerrigan, E. C., Mayne, D. Q., & Lygeros, J. (2006). Reachability analysis of discrete-time systems with disturbances. IEEE Transactions on Automatic Control, 51(4), 546–561.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
Contents lists available at ScienceDirect
Automatica journal homepage: www.elsevier.com/locate/automatica
Technical communique
Admissible sets for slowly-varying discrete-time systems✩ ∗
Magnus Nilsson a,b , , Emil Klintberg a,b , Philipp Rumschinski c , Lars Johannesson Mårdh a a
Zenuity AB, Lindholmspiren 2, SE-41756, Gothenburg, Sweden Qamcom Research and Technology AB, Falkenbergsgatan 3, SE-41275 Gothenburg, Sweden c Bosch Automotive Steering GmbH, Richard-Bullinger-Straße 77, 73527, Schwäbisch Gmünd, Germany b
article
info
Article history: Received 12 August 2019 Received in revised form 12 August 2019 Accepted 9 October 2019 Available online xxxx Keywords: Safety-critical Invariant systems Robust stability
a b s t r a c t This note describes a method to calculate admissible sets for dynamical systems with slowly-varying parameters. A set of initial states is said to be admissible if all state trajectories starting within this set respect safety-critical constraints for all future time instances. For many classes of systems, the Maximal Admissible Set (MAS) equals the Maximal Robust Positive Invariant (MRPI) set. Therefore, much of the literature focus on algorithms that produce (approximations of) the MRPI set. However, for slowly-varying systems it turns out that the MAS can be larger than the MRPI set. A property referred to as the M-proximal contraction property is defined for such systems to state sufficient conditions for sets to be admissible. It is then shown that Algorithm 2 produces an admissible set that is a superset of the MRPI set. © 2019 Elsevier Ltd. All rights reserved.
1. Introduction Set invariance has been a research topic within the control community for at least four decades (Blanchini & Miani, 2008). It can be used to analyze safety properties of dynamical systems and to synthesize robust controllers (Aubin, 1991; Kerrigan, 2000; Kothare, Balakrishnan, & Morari, 1996; Pluymers, 2006; Raković, Kerrigan, Mayne, & Kouramas, 2007). The techniques are attractive for safety-critical applications, but their worst-case nature may lead to conservative restrictions on the applications’ operational domains. Provided a dynamical-system description of a safety application, it is natural to search for sets of initial states whose state trajectories never violate safety constraints. Such sets are called admissible sets, and the largest such set is called the Maximal Admissible Set (MAS). Admissible set is the subject of study in many scientific contributions in the control community; see for example Blanchini and Miani (2008), Gilbert and Tan (1991) and Pluymers (2006). Related concepts include ultimate boundedness control (Blanchini, 1994), quasi-invariance, extended invariance (Lee, Cannon, & Kouvaritakis, 2005), and ✩ The material in this paper was not presented at any conference. This paper was recommended for publication in revised form by Associate Editor Graziano Chesi under the direction of Editor André L. Tits. ∗ Corresponding author at: Zenuity AB, Lindholmspiren 2, SE-41756, Gothenburg, Sweden. E-mail addresses: [email protected] (M. Nilsson), [email protected] (E. Klintberg), [email protected] (P. Rumschinski), [email protected] (L.J. Mårdh).
multi-step control invariance (Fiacchini & Alamir, 2017). Emphasis often lies on searching for the MAS, which for many classes of systems coincides with the Maximal Robust Positive Invariant (MRPI) set. Therefore, algorithms are traditionally constructed with the goal to find (approximations of) the MRPI set. Much of the literature focus on systems with only specified bounds on parameters and disturbances. However, in practical problems for safety-critical systems the derived system description may provide more information about parameters and disturbances than only their bounds. One case, which often occurs in the transport sector, is when bounds are also provided on their rate of change. For that case, we show that the MAS can be larger than the MRPI set. Systems with bounded rates of change on exogeneous parameters are in the literature called systems with slowly-varying parameters or simply slowly-varying systems. Lyapunov stability can be used to analyze slowly-varying systems (Khalil, 2002), and reference governors for slowly-varying systems are treated in Kalabić and Kolmanovsky (2014), but it seems like little attention has been paid to examine admissible sets for this class of systems. In this note, we are interested in finding admissible sets for discrete-time systems subject to a slowly-varying parameter. The rest of this paper is organized as follows: Section 2 describes the class of considered systems and associated useful definitions, and motivates the concept of admissible sets for slowly-varying systems. Section 3 then lists sufficient conditions for a set to be admissible and provides an algorithm that constructs an admissible set. The main message is then clarified through a numerical example in Section 4 before we summarize and conclude in Section 5.
https://doi.org/10.1016/j.automatica.2019.108676 0005-1098/© 2019 Elsevier Ltd. All rights reserved.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
2
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
Fig. 1. Illustration of the intervals and notations introduced. The union of the subintervals is identical to the parameter interval.
The main contribution of this paper is Algorithm 2, which for systems of the form (1) provides an admissible set that is a superset of the MRPI set.
Algorithm 1 provides a conceptual algorithm to calculate the MRPI set. For each subinterval P i we denote the corresponding i MRPI sets by O∞ and say that they are P i -MRPI. Note that neither the definition of one-step nor the definition of k-step robust backward-reachable set accommodates the time evolution of the parameters. Hence, the MRPI sets obtained with Algorithm 1 ignore the additional knowledge (1b), which justifies the consideration of less conservative sets as defined in the following. Definition 5 (Safe Initial Condition). We say that an initial condition is a safe initial condition for system (1a) if x(0) ∈ X ⇒ x(k) ∈ X for k ∈ Z+ . Definition 6 (Admissible Set). A set of safe initial conditions is called an admissible set.
2. Preliminaries This note restricts analysis to discrete-time dynamical systems of the form x(k + 1) = g(x(k), w (k), p(k)),
(1a)
where x(k) ∈ Rn is the state at time instance k ∈ Z+ , w (k) ∈ W ⊆ Rm is an exogenous disturbance, p(k) ∈ P = [pmin , pmax ] ⊆ R denotes an uncertain and time-varying bounded scalar parameter, and g: Rn × Rm × R → Rn is the state-transition mapping. The state-transition mapping has no explicit dependence on k, and by this we mean that the system is time invariant. The exogenous disturbance is bounded by the compact set W , and we assume that a set of safety-critical constraints need to be respected by the state vector; that is, (∀k ∈ Z+ ) x(k) ∈ X for some compact set X . The uncertain parameter is assumed to be slowly-varying according to (∀k ∈ Z+ ) |p(k + 1) − p(k)| ≤ ε.
Definition 7 (MAS). The largest admissible set is called the Maximal Admissible Set (MAS). Algorithm 1 Calculation of MRPI set. Input: g, X Here, g is of the form (1a), and X is compact. Output: O∞ (the MRPI set) let Ω0 ← X repeat k=k+1 Ωk ← Pre(Ωk−1 , W , P ) ∩ X until Ωk ⊇ Ωk−1 O∞ ← Ωk return O∞
(1b)
For a system of the form (1), we assume that 1/ϵ is an integer and divide the parameter interval into N overlapping subintervals, P i = [pi , pi+2 ] ⊆ P , pi+1 − pi = M ϵ , for i = 0, . . . , N − 1 with p0 = pmin and pN +1 = pmax , as illustrated in Fig. 1. The integer M is the minimum number of time steps required for the parameter value to cross the overlap M ϵ . The subintervals are ordered and their union equals the parameter interval. 2.1. Basic definitions and notation Definition 1 (One-step Backward-reachable Set). For system (1a), the one-step robust backward-reachable set to the set S is defined as Pre(S , W , P ) = {x ∈ Rn |(∀w ∈ W )(∀p ∈ P ) g(x, w, p) ∈ S }. For brevity we will write Prei (S) for Pre(S , W , P i ). Definition 2 (k-step Backward-reachable Set). For a given set S , the k-step robust backward-reachable set Kk (S , W , P ) of system (1a) is defined recursively as Kj (S , W , P ) = Pre(Kj−1 (S , W , P ), W , P ), j = 1, . . . , k, K0 (S , W , P ) = S . (k)
For brevity we will write Prei (S ) for Kk (S , W , P i ). Definition 3 (RPI Set). A set O ⊆ X is said to be robust positive invariant (RPI) for (1a) if x(0) ∈ O ⇒ x(k) ∈ O for k ∈ Z+ . For each subinterval P i we denote the corresponding invariant sets by Oi , and say that they are P i -RPI. Definition 4 (MRPI Set). A set O∞ ⊆ X is said to be the maximal robust positive invariant (MRPI) set for (1a) if it is invariant and contains all invariant sets.
2.2. On controllability and computational complexity We intentionally use the term backward-reachable instead of controllable in the above definitions, which is a way to emphasize that this note only deals with autonomous systems. One reason for this, and also why we focus on the one-dimensional case, is the computationally demanding nature of the algorithm presented in this note. Control invariance would add additional computational complexity to the one-step controllable set, since it requires a projection step that is demanding for high-dimensional problems. An approach to avoid computational complexity when computing controllable sets can be found in Fiacchini and Alamir (2017), but it cannot be directly applied to systems with state constraints and disturbances, such as system (1). 2.3. On the notion of admissibility The statement that the MAS can be larger than the MRPI set motivates clarification. By its nature, set invariance does not take bounded rates of change of non-state variables into account. A natural way to account for this is to augment the state space with the parameter as an additional state variable. The MRPI set for the extended system description can be calculated by iterating the predecessor set until convergence, as in Raković, Kerrigan, Mayne, and Lygeros (2006). While this approach is a valid alternative to the approach presented here, one should note that the parameter is then driven by a disturbance whose bounds depend on the parameter value itself. In Raković et al. (2006), it is shown that the resulting MRPI set in the extended state space is the union of polyhedra, which is in general non-convex. We also remark that the resulting MRPI set with the above approach is represented in terms of the parameter, which is
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
3
the M-proximal contraction property implies that (∀k ∈ Z+ )(∃i ∈ {0, . . . , N − 1}) x(k) ∈ C i ⊆ X , and hence that S is an admissible set. Given a collection of sets, C 0 , . . . , C N −1 , Theorem 1 provides ⋂N −1 sufficient conditions to determine if the intersection i=0 C i is an admissible set. But the theorem does not inform how to construct sequences of sets that meet these conditions. Constructing sets C i that satisfy the P i -RPI condition is in principle easy to accomplish by applying Algorithm 1. One can then hope that they will all simultaneously satisfy the M-proximal contraction property as well, but there is no guarantee for it. The next section explains how to take both conditions into consideration when constructing appropriate sets. Fig. 2. Illustration of the M-proximal contraction property.
3.2. Constructing admissible sets not necessarily observed in an application for which admissible sets can be used to monitor safety. When the slowly-varying parameter is not observable, additional steps are required to find admissible sets that can be represented in the observable state space. The approach taken in this note does not require the parameter to be observable, which is one of its selling points despite being computationally demanding. So, when this note uses the terminology MRPI sets and MAS, the reader should be aware that we mean sets that can be represented in the (observable) state space, although a priori knowledge about bounded rates of change of parameters that are not part of the state may be available. The next section shows by direct construction how to find admissible sets that are supersets of the corresponding MRPI set. A case when this applies is when it is known that (unobservable) disturbances or parameters are slowly-varying but may have large bounds. 3. Admissible sets In this section we assume a given collection of sets, C 0 , . . . , C N −1 , where each set C i is associated with subinterval P i for i = 0, . . . , N − 1. We are interested in the properties of their intersection. 3.1. Sufficient conditions for sets to be admissible The following concept of M-proximal contraction enables us to formulate conditions for a set to be admissible. Definition 8 (M-proximal Contraction Property). We say that the set C i satisfies the M-proximal contraction property if x(k) ∈ ⋂i+1 C i ∧ (∀j ∈ {k, . . . , k + M − 1})p(j) ∈ P i ⇒ x(k + M) ∈ ℓ=i−1 C ℓ . The corner cases i = 0 and i = N − 1 are treated by omitting ℓ = i − 1 and ℓ = i + 1 respectively. The M-proximal contraction property is illustrated in Fig. 2. To verify if sets satisfy the property, one can iterate the one-step backward-reachable set M times on the intersections and check for containment. Theorem 1. Assume that C i ⊆ X is P i -RPI and satisfies the Mproximal ⋂N −1 i contractive property, for i = 0, . . . , N − 1. Then, S = i=0 C is an admissible set.
The conditions in Theorem 1 can be built into an algorithm to explicitly construct an admissible set. A sufficient additional step in comparison to applying Algorithm 1 on the subintervals is to add an intersection step in each iteration of the algorithm. The resulting algorithm is listed in Algorithm 2. Algorithm 2 Calculation of admissible set Input: g, M, ϵ , X Here g is of the form (1a), N = 1/(M ϵ ) is an integer that determines how the parameter interval is partitioned, and X is compact. Output: SM (an admissible set) for i = 0, . . . , N − 1 do let Ω0i ← X end for repeat for i = 0, ⋂ . . . , N − 1 do j 1 Ψki ← ji+ =i−1 Ωk ,
Ωki +1 ← Ω0i ∩ Prei (Ωki ) (M) Ωki +1 ← Ωki +1 ∩ Prei (Ψki )
▷ Added step
end for k←k+1 until (∀i ∈ {0, . . . , N − 1}) Ωki ⊇ Ωki −1 for i = 0, . . . , N − 1 do Oi ← Ωki end for⋂ N −1 SM ← i=0 Oi return SM A number of properties can immediately be stated and confirmed for Algorithm 2. Most of the proofs of the following propositions are straightforward and are therefore omitted in favor of brevity. Proposition 1. Algorithm 2 converges in the sense that limk→∞ Ωki exists (it may be the empty set). Proposition 2. 0, . . . , N − 1.
The set Oi in Algorithm 2 is P i -RPI, for i =
Proposition 3. property.
The sets Oi satisfy the M-proximal contraction
Proof. Assume x(0) ∈ S . Then, (∃i ∈ {0, . . . , N − 1})(∀k ∈ {0, . . . , M }) x(k) ∈ C i . This follows from the slowly-varying property of the parameter and the fact that all C i are P i -RPI. Furthermore, invariance and
Corollary 1. The set SM is an admissible set. Proposition 4. The admissible set SM is a superset of the MRPI set for the system.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
4
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx
motivated by explaining that the MRPI set is sometimes not the same as the MAS for practical applications involving slowlyvarying systems. The M-proximal contraction property was then defined to state sufficient conditions in Theorem 1 for a set to be admissible. Thereafter, it was shown that Algorithm 2 returns an admissible set that is a superset of the MRPI set. The presented analysis considers a scalar uncertain slowlyvarying parameter. When several parameters are uncertain and slowly-varying, the overlapping intervals are generalized into overlapping sets in the parameter space. The theoretical results are easily generalized to the multi-dimensional case, but it can be computationally demanding to pursue this case due to an exponential growth of overlapping sets as a function of the number of slowly-varying parameters. A computationally feasible extension in this direction can be made, however, for additive slowlyvarying disturbances in linear polytopic systems, but illustrating that is out of scope for this note. Fig. 3. The MRPI set contained in an admissible set for the example system.
Appendix Proof. The MRPI set is O∞ = limk→∞ Ωk with Ωk as defined by Algorithm 1. By construction, at ⋂ each iteration k it holds that Ωki ⊇ Ωk for i = 1, . . . , N − 1, so Ni=−01 Ωki ⊇ Ωk . From this it follows that SM ⊇ O∞ . The number of intervals, N, imposes a value of M and vice versa, and it is non-trivial to determine how M affects the resulting set. Experience indicates that large M results in less computations compared to a small M, at the cost of finding a smaller admissible set. Although a deeper discussion of how M affects the resulting set is out of the scope of this note, the following proposition indicates a natural choice to try in practical applications. Proposition 5. M = 1.
Algorithm 2 returns the largest admissible sets for
A proof of Proposition 5 is given in Appendix. Although M = 1 returns the largest admissible set for Algorithm 2, it can be shown that it is not necessarily the MAS for system (1a)–(1b).
To prove Proposition 5 we first associate each subinterval for M = 1 with a corresponding subinterval for larger M, with the condition that the subinterval for M = 1 must be a subset of the subinterval for larger M. This defines a function, f : Z → Z, with j = f (i) such that subinterval j (for large M) is the associated subinterval for subinterval i (for M = 1). Next, we label sets for M = 1 with an underline and sets and operations for any ⋂ ⋂ f (i) larger M with overlines. We want to prove that i Ω ik ⊇ i Ω k . f (i)
We prove this by induction over k, showing that Ω ik ⊇ Ω k for i = 0, . . . , N − 1 and k = 0, 1, 2, . . .. f (i) First, it holds that Ω i0 = X ⊇ X = Ω 0 for i = 0, . . . , N − 1. f (i)
Assume that Ω ik ⊇ Ω k , for i = 0, . . . , N − 1. Then,
Ω ik+1 = Ω i0 ∩ Prei (Ω ik ) ∩ Prei (Ψ ik )
= Ω i0 ∩ Prei (Ω ik ) ∩ Prei (Ω ik−1 ) ∩ Prei (Ω ki+1 ) f (i)
f (i−1)
Prei (Ω k
i Proposition 6. Let the collection of P i -MRPI sets {O∞ }Ni=−01 be i given. If O∞ satisfy the M-proximal contraction property for i = ⋂N −1 i 0, . . . , N − 1, then Algorithm 2 returns SM = i=0 O∞ .
⊇
[
p(k) x(k + 1) = 0
]
1 x(k) + w (k), 0.5
where X = {x | ∥x∥∞ ≤ 1}, W = {w | ∥w∥∞ ≤ 0.01}, P = {p | 0.1 ≤ p ≤ 0.9}, |p(k + 1) − p(k)| ≤ ε = 0.01. By neglecting the information about the slowly-varying parameter, the MRPI set can be calculated using for example the techniques described in Pluymers (2006). However, by applying Algorithm 2 with M = 1, an admissible set is found after five iterations that is a superset of this set. Both sets are depicted in Fig. 3. 5. Summary and conclusions This note has focused on admissible sets for dynamical systems with slowly varying parameters. Such admissible sets were
f (i) Ω0
f (i+1)
) ∩ Prei (Ω k
)
f (i) Pref (i) (Ω k ) f (i−1) f (i+1) Pref (i) (Ω k ) Pref (i) (Ω k )
∩
∩
∩
4. Academic example Although Algorithm 2 is computationally demanding, it has practical applications. A driving example has been to verify safety of autonomous vehicles with speed as an a priori uncertain slowly-varying parameter (that may not be observed with highenough integrity). Due to space restrictions, however, the algorithm is here illustrated through a simple academic example. Consider the system
f (i)
⊇ Ω 0 ∩ Prei (Ω k )∩
⊇ =
f (i) Ω0 f (i) Ω k+1
f (i)
f (i)
∩ Pref (i) (Ω k ) ∩ Pref (i) (Ψ k )
for i = 0, . . . , N − 1. The first inequality holds by assumption (the inductive step), the next one holds because Pref (i) operates with a parameter interval that is a superset of the one that Prei operates on. The last inequality holds because only further intersections are added to the formula. Invoking the induction principle now completes the proof that f (i) Ω ik ⊇ Ω k for i = 0, . . . , N − 1 and k = 0, 1, 2, . . ., and hence that
⋂
i
Ω ik ⊇
⋂
i
f (i)
Ωk .
References Aubin, J.-P. (1991). Viability theory. Birkhäuser. Blanchini, F. (1994). Ultimate boundedness control for uncertain discrete-time systems via set-induced lyapunov functions. IEEE Transactions on Automatic Control, 39(2), 428–433. Blanchini, F., & Miani, S. (2008). Set-theoretic methods in control. Birkhäuser. Fiacchini, M., & Alamir, M. (2017). Computing control invariant sets is easy. arXiv preprint arXiv:1708.0479. Gilbert, E. G., & Tan, K. T. (1991). Linear systems with state and control constraints: The theory and application of maximal output admissible sets. IEEE Transactions on Automatic Control, 36(9), 1008–1020.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.
M. Nilsson, E. Klintberg, P. Rumschinski et al. / Automatica xxx (xxxx) xxx Kalabić, U., & Kolmanovsky, I. (2014). Reference and command governors for systems with slowly time-varying references and time-dependent constraints. In 53rd IEEE conference on decision and control (pp. 6701–6706), Los Angeles, USA. Kerrigan, E. C. (2000). Robust constraint satisfaction: Invariant sets and predictive control (Ph.D. thesis), UK: University of Cambridge. Khalil, H. K. (2002). Nonlinear systems (3rd ed.). Prentice Hall. Kothare, M., Balakrishnan, V., & Morari, M. (1996). Robust constrained model predictive control using linear matrix inequalities. Automatica, 32(10), 1361–1379.
5
Lee, Y. I., Cannon, M., & Kouvaritakis, B. (2005). Extended invariance and its use in model predictive control. Automatica, 41(12), 2163–2169. Pluymers, B. (2006). Robust model based predictive control - an invariant set approach (Ph.D. thesis), KU Leuven. Raković, S. V., Kerrigan, E. C., Mayne, D. Q., & Kouramas, K. I. (2007). Optimized robust control invariance for linear discrete-time systems: Theoretical foundations. Automatica, 43(5), 831–841. Raković, S. V., Kerrigan, E. C., Mayne, D. Q., & Lygeros, J. (2006). Reachability analysis of discrete-time systems with disturbances. IEEE Transactions on Automatic Control, 51(4), 546–561.
Please cite this article as: M. Nilsson, E. Klintberg, P. Rumschinski et al., Admissible sets for slowly-varying discrete-time systems. Automatica (2019) 108676, https://doi.org/10.1016/j.automatica.2019.108676.