Parametrization of completeness in symbolic

abstraction of bounded input locally stabilizable

linear systems
Santosh Arvind Adimoolam
Abstract. A good state-time quantized symbolic abstraction of a con-
tinuous control system would satisfy three conditions- proximity, sound-
ness and completeness. But the extant approaches for symbolic abstrac-
tion of unstable systems limit to satisfying proximity and soundness but
not completeness. It seems that constructing fully complete state quan-
tized symbolic models for bounded input unstable systems in an ecient
way, even using supervisory feedback, is extremely dicult, if not im-
possible. In this paper, we come up with a way of parametrization of
completeness of the symbolic model through a quintessential notion of
Trimmed-Input Approximate Bisimulation. The amount of complete-
ness is specied by a parameter called trimming of set of input trajecto-
ries. We subsequently discuss a method of state-time quantized abstrac-
tion of open and bounded input possibly unstable but locally stabilizable
linear systems using supervisory feedback; such that sound models with
arbitrarily small proximity and trimming can be constructed.
1 Introduction
An ideal state-time quantized symbolic model abstracted from a continuous con-
trol system for its desired application in controller synthesis would satisfy the
following three conditions:
1. Zero deviation: The deviation between the output of a system state and the
related symbolic state would ideally be zero.
2. Soundness: Let s be a state of time-quantized model, and s
r
is its related
symbolic state in the state-time quantized model. Soundness holds if when-
ever s
r
transitions to s

r
by some input, then there is a corresponding input
by which s transitions to s

, such that s

is related to s

r
. The dierence
between soundness and a simulation
1
relation is that soundness does not
require the outputs of related states to be the same, but for a simulation rela-
tion to hold, it is necessary (not sucient) that the outputs of related states
are same.
3. Completeness: Completeness is dened as the converse of soundness as fol-
lows. Let s be a state of time-quantized model, and s
r
is its related symbolic
state in the state-time quantized model. Completeness holds if whenever s
transitions to s

by some input, then s

r
transitions to s

r
by a corresponding
1
Simulation and Bisimulation are dened in Milner [2].
input such that s

is related to s

r
. Completeness also does not require the
outputs of related states to be same, unlike a simulation
1
relation.
Simulation
1
of state-time quantized model by time-quantized model entails zero
deviation and soundness. A bisimulation relation between state-time quantized
model and time-quantized model entails completeness, soundness and zero devi-
ation. The soundness condition ensures that every control law synthesized from
the symbolic model is correct for the time-quantized system model. The com-
pleteness condition ensures that all control laws present in the time-quantized
system model have corresponding control laws in the state-time quantized sym-
bolic model; which means that we do not miss out any control laws of the
time-quantized system model from the symbolic model while doing controller
synthesis on symbolic model. The zero deviation condition ensures that there is
no error in the output of the synthesized control law from symbolic model when
compared with the actual output of the system for the same control law.
The soundness condition is indispensable because the control laws synthe-
sized from the symbolic model have to be correct for the actual system model.
But unlike the soundness condition, the zero deviation and completeness condi-
tions are not very imperative. In fact, satisfying the zero deviation condition is
very dicult if not impossible. So, the zero deviation condition may be relaxed
as:
Parametrized deviation: There is a parameter specifying an upper bound on
the deviation between the states of system model and related states of symbolic
model. We will call this parameter as proximity.
The extant methodology of approximately similar symbolic abstraction (dis-
cussed in [3, 4, 5, 6]) establishes soundness between symbolic model and sys-
tem model while also specifying the proximity parameter, which is the precision
bound of the approximate simulation relation [3, 4, 5, 6]. Parametrization of the
amount of deviation (proximity) between system model and the symbolic model
in addition to demonstrating soundness of the model is the advantage of ap-
proximately similar symbolic abstraction. Also, a good methodology of symbolic
abstraction allows for adjusting the proximity to a very small amount. In this
regard, the methodologies discussed in [3, 4, 5, 6] permit symbolic abstraction
of models with arbitrarily small proximity. A stronger method of abstraction,
introduced in [3], can construct approximately bisimilar (not just similar) sym-
bolic model to time-quantized system model of a globally asymptotically stable
system, in which case the abstraction is complete in addition to being sound and
proximate.
Although proximity has been parametrized through the notion of approx-
imate simulation, no attempt has been made until now to parametrize com-
pleteness [3, 4, 5, 6]. But parametrization of completeness would be useful be-
cause many bounded input unstable systems can not have fully complete (plus
sound) state-time quantized symbolic models. Our paper is concerned about
parametrization of completeness and nding a way of near-complete, sound, and
proximate state-time quantized abstraction of bounded and open input possibly
unstable but locally stabilizable linear control systems. We formalize near com-
pleteness, soundness and proximity by the notion of trimmed input approximate
bisimulation, which is introduced in our paper. We employ supervisory feedback
in the process of abstraction. Note that when the input space is bounded, then
locally stabilizable divergent linear systems are still not global stabilizable (refer
to Subsection 3.3 and Appendix). Therefore we make the distinction between
local stabilizability and global stabilizability of bounded input linear systems.
Before we explain our work, we would like to motivate it by discussing some
Related Work as follows.
Related Work
For globally asymptotically stable (GAS) continuous control systems, nite ap-
proximately bisimilar symbolic automata models with arbitrarily small approxi-
mation can be constructed by the procedure discussed in [3]. As such, soundness,
completeness and proximity conditions are met by the symbolic model of a GAS
system constructed by the procedure discussed in [3]. Regarding unstable sys-
tems and also those systems that meet a stabilizing condition [4, 5] but are
possibly unstable, there has been work on abstracting the systems into similar
symbolic models i.e. based on approximate simulation, but not on approximate
bisimulation [4, 5, 6]. In other words, these approaches [4, 5, 6] for abstract-
ing unstable systems meet the proximity and soundness conditions, but not the
completeness condition.
Since global asymptotic stability (GAS) seems crucial for complete symbolic
abstraction of control systems, it is tempting to use feedback to globally asymp-
totically stabilize the system. An idea of globally asymptotically stabilizing the
system for symbolic abstraction is discussed in [4]. But the approach in [4] has
the following discrepancies:
The symbolic abstraction procedure in [4] is concerned about sound and
proximate abstraction, but not a complete abstraction, because the abstrac-
tion is based on approximate simulation but not on bisimulation. No explicit
attempt is made for complete symbolic abstraction.
Any linear stabilizing supervisory
2
input will move out of bounds of a bounded
input space for certain values of original input. In other words, a supervisory
input function
2
like k(y, x, u) = u + C(y x) will translate the input space
by C(y x) which means that the supervisory input moves out of bounds
for certain values of u.
Global asymptotic stabilization through feedback may be possible if the in-
put space is unbounded. But when an everywhere divergent linear system
works on a bounded input space, then the system can not be globally asymp-
totically stabilized (proved in Appendix of our paper). So, the supervisory
feedback approach in [4] can not be directly applied for symbolic abstraction
of bounded input everywhere divergent linear systems.
2
Supervisory input is dened in the Appendix.
Our approach
Just like the notion of parametrized deviation (or proximity), it would be ben-
ecial to have a notion of parametrized completeness since there is no extant
method of constructing fully complete models for bounded input unstable sys-
tems. Our paper is concerned about parametrization of completeness in sym-
bolic abstraction by what we call trimming of input space, where the amount of
completeness is reected in the smallness of trimming. We achieve this by intro-
ducing the quintessential idea of trimmed input approximate bisimulation. We
subsequently discuss a methodology, employing supervisory feedback, of sym-
bolic abstraction by which we can construct sound models with arbitrarily small
proximity and trimming. The nicety of the procedure of abstraction is that sound
models with arbitrarily small trimming and proximity can be built.
A transition system T is -trimmed input -approximately simulated by T

if a restricted transition system obtained from T by trimming the input space

by a small margin is approximately simulated by the system T

whose input
space is however unchanged. Then trimmed-input approximate bisimulation is
a two way trimmed-input approximate simulation. We show that for locally
stabilizable linear systems with open and bounded input, given any arbitrarily
small proximity parameter , there exist state-time quantization parameters
(less than ) and and a trimming parameter proportional to such that
the state time quantized system is -trimmed approximately bisimilar to time-
quantized system. If T and T

are -trimmed input -approximately bisimilar,

then we prove that the -trimmed input transition system denoted as T

is
sound, 2. near complete and proximate with respect to T. Therefore, we
choose the nal symbolic model to be the -trimmed , state-time quantized
system that is 2-near complete, -proximate and sound with respect to the
time-quantized system model.
The nicety of our method is that we can construct sound symbolic models
with arbitrarily small proximity and trimming because the trimming is propor-
tional to precision bound. Many bounded input unstable linear systems can be
locally stabilized. Therefore our approach can have signicant use. Although the
motivation for this approach is the idea discussed in [4], but we overcome the
drawbacks of [4] mentioned earlier in the Related work as follows.
We parametrize the amount of completeness as smallness of trimming of
input space. In our paper, in addition to construting sound and proximate
symbolic models, we can construct near-complete symbolic models (arbi-
trarily small trimming) open and bounded input possibly unstable locally
stabilizable linear systems. But the completeness issue is ignored in [4].
Earlier we have noted that linear stabilizing supervisory input can move out
of bounds for certain values of original input. Therefore, we trim the input
space by a small amount proportional to precision bound while abstracting
the symbolic model, such that the supervisory input does not go out of
bounds of the actual input space. (Section 3.3).
The approach in our paper can handle everywhere divergent linear systems
with bounded input, provided the system is locally stabilizable. On the other
hand, the approach of [4] insists on global stabilizability. But everywhere di-
vergent linear systems with bounded input can not be globally asymptotically
stabilized as proved in the Appendix of our paper.
2 Notation
Apart from the general mathematical notations, we use the following notation.
R
+
refers to the set of positive real numbers. ]a, b[ denotes a left-right open
interval between real numbers a and b. Similarly, [a, b] is left-right closed, [a, b[
is left-closed right-open interval and ]a, b] is right-closed left-open interval. We
denote Z as the set of integers and N as the set of natural numbers. If X is
a set, then X
n
= X
1
X
2
...
n
X. If x X
n
, then for any i N, x
i
is
the i
th
component of x. If R
n
is the n-dimensional euclidean space, then for
a state quantization parameter > 0 we write [R
n
]

= x : k Z
n
.x =
(k
1
, k
2
, ..., k
n
). We use the L

norm everywhere in the paper denoted by [[.[[.

If X is a normed vector space and I being a connected interval of real line,
u : I X and v : I X are two functions on the same domain I, then the
distance norm between them is [[u v[[ = sup
tI
[[v(t) u(t)[[.
3 Locally stabilizable linear control systems and
trimming of space of input trajectories
A linear control system is a tuple = A
nn
, B
nm
, U, | where A
nn
and
B
nm
have all real entries, U R
m
and | is a subset of all piecewise continuous
input trajectories of the form u : [0, ] U, where > 0 can be any positive
real number. Additionally, we may also include piecewise continuous trajectories
until innite time of the form u : [0, [ U. We shall denote U
[0,]
as the set
of all piecewise continuous input trajectories until time instant .
If x R
n
, then we say that x is a point in the state space of the linear system
as above. A continuous function x : [0, ] R
n
is said to be a trajectory of
the linear system if there exists u | U
[0,]
such that at almost all t [0, ],
x(t) =
dx
dt
(t) = Ax(t) +Bu(t). Given the initial condition x(0) = x and an input
trajectory u | U
[0,]
, the state trajectory (which is continuous) x driven by
u is uniquely determined. Then we write x(x, t, u) as the point in state space
reached at time instant t by the trajectory x driven by u.
3.1 Local stabilizability
A linear system =

A
nn
, B
nm
, U,

tR
+
U
[0,t]
_
, where U is open and bounded
and

tR
+
U
[0,t]
is the set of all possible piecewise continuous input trajectories
until any arbitrary time instant, is said to be locally stabilizable if (x
eq
, u
eq
)
R
n
U satisfying Ax
eq
+ Bu = 0, there exists an open neighborhood Ngh
r
=
y R
n
: [[y x
eq
[[ < r and a matrix C
mn
such that y Ngh
r
we have
(u + Cy) U and the linear system y = (A + BC)y is asymptotically stable in
Ngh
r
.
When the input space of a linear control system does not have boundaries,
then it is well known that global stabilizability of linear systems is equivalent to
local stabilizability. But when the input space of an everywhere divergent linear
system is bounded, then the system can not be globally stabilized, as proved in
the Appendix. It could still be locally stabilized and we discuss an example in this
Section. Therefore we make the distinction between local stabilizability and global
stabilizability of bounded input linear systems.
Remark 3.11 is locally stabilizable if and only if there exists a matrix C such
that A + BC has all eigenvalues with negative real part. It is well known fact
that asymptotic stability of a system of linear dierential equations is equivalent
to the prex matrix of the system, in this case (A + BC), having all negative
eigenvalues. Then because U is open, the radius r of neighborhood Ngh
r
can be
chosen very small so that y Ngh
r
. (u +Cy) U.
We say that as above has a stabilization matrix C
mn
if (A + BC) has all
eigenvalues with negative real part. For example, a linear system
_
x
1
x
2
_
=
_
0 1
-1 2
_ _
x
1
x
2
_
+
_
0
u
_
u ] 5, 5[
where A =
_
0 1
-1 2
_
and B =
_
0
1
_
and u ] 5, 5[ is unstable because A =
_
0 1
-1 2
_
has both eigenvalues equal to +1. But the system has a stabilization
matrix C = [0 4] because (A + BC) =
_
0 1
-1 2
_
+
_
0
1
_
.[0 4] =
_
0 1
-1 2
_
has both eigenvalues equal to 1 which is negative. In fact, at the equilibrium
(x
eq
, u
eq
) = (0, 0) for constant input u
eq
= 0, take a neighborhood Ball
1
(0)
of radius 1 around x
eq
= 0 and then we get that y Ball
1
(0).[[u
eq
+ Cy[[ =
[[0+Cy[[ [[C[[[[y[[ = [[[0, 4][[.[[y[[ < 41. Hence the feedback input (u
eq
+Cy)
for y Ball
1
(0) will remain within the bounded input space ] 5, 5[ at all future
time instants.
However, for other values of input u, the feedback u+Cy may move out of the
bounded space ] 5, 5[. This is because the supervisory function k(y, u) = u+Cy
translates the bounded input space by Cy and therefore fall out of the original
input space for some values of u. In other words, we can not use linear stabilizing
feedback directly in symbolic abstraction when input space is bounded, because
the stabilizing feedback is specic to a certain constant input in a corresponding
neighborhood around the equilibrium only. Although the example here is locally
stabilizable as shown, but it is not globally stabilizable. The proof is in the
Appendix.
3.2 Trimming of open sets and corresponding trajectory space
If S is any normed vector space, then for any s S, we write an open ball
(square) of radius > 0 around any point s as Ball

(s) = s

S : |s

s| <
. Similarly, a closed ball (square) of radius > 0 around any point s as
Ball

(s) = s

S : |s

s| . Note that Ball

(s) denes a closed square of

side length because [[.[[ is the L

norm. We dene the notion of trimming of

any open subset of a metric space as follows.
Denition 3.21 Let S be a normed vector space. Then dene, for any open set
A S, A

= s A : Ball

(s) A.
Note that we used closed ball for trimming and not an open ball. We then derive
in the following Proposition that the trimmed set of an open set is open.
Proposition 3.22 If A is an open subset of a Banach space S, then for any
> 0, A

is open. Note that the same does not hold if in the Denition 3.21
of trimmed set , the closed ball is replaced by open ball.
Proof. Take any point a A

. This means Ball

(a) A by the denition

of trimming. For w > , dene X = Ball
w
(a) A. As w > a, so Ball

(a)
Ball
w
(a). Also we have Ball

(a) A. Therefore, Ball

(a) X = Ball
w
(a) A.
Ball

(a) is a strict subset of X because Ball

(a) is closed while X is open.

Let X be the boundary of X, which is compact because X is bounded and
S is Banach. As Ball

(a) X and X X = - X being open, so X

Ball

(a) X X = . Since X Ball

(a) = , so for every x X,

we have [[a x[[ > and therefore we can choose r
x
: 0 < r
x
< ([[a x[[ )
and
x
: 0 <
x
< ([[a x[[ r
x
). By reverse triangular inequality, if y
Ball

x
(x), then [[y a[[ > [[a x[[ [[y x[[ > [[a x[[
x
. Since
x
is
chosen such that
x
< ([[a x[[ r
x
), so by substituting we get [[y a[[ >
r
x
+ . Therefore all points y Ball

x
are at a distance of greater than
from a and so Ball

x
Ball
+r
x
(a) = . Consider the open cover of X as
Cov = Ball

x
(x) : x X. Because X is compact, so there exists a nite
subcover FinCov Cov covering X. Index sets in FinCov as FinCov =
Ball

x1
(x1), Ball

x2
(x2), ..., Ball

xk
(xk) for some k N. Let r = min
1ik
r
xi
where r
x
is chosen for any x X as described earlier. We earlier showed that
x X.Ball

x
Ball
+r
x
(a) = which means Ball
r+
(a) is disjoint from
each of the sets in FinCov which covers X since r = min
1ik
r
xi
. Therefore
Ball
r+
(a) is disjoint from X.
We now show that Ball
r+
(a) X. X is open and also [complement(X)/X]
is open by removing the boundary from complement(X). We have Ball
r+
(a) =
(Ball
r+
(a) X) (Ball
r+
(a) [complement(X)/X]) (Ball
r+
(a) X).
But earlier we proved Ball
r+
(a) X = by which we get
Ball
r+
(a) = (Ball
r+
(a) X) (Ball
r+
(a) [complement(X)/X])
(Ball
r+
(a) X) and (Ball
r+
(a) [complement(X)/X]) are both open. S
being a Banach space, all balls in the space are connected and so Ball
r+
(a) is
connected and can not be written as the disjoint union of two open sets. There-
fore either (Ball
r+
(a) X) or (Ball
r+
(a) [complement(X)/X]) is empty.
Also earlier we proved Ball
r+
(a) X = . As Ball

(a) Ball
+r
(a) and
Ball

(a) X, so Ball
+r
(a) X is non-empty. This means the other open
set in disjoint union Ball
r+
(a) [complement(X)/X] = (empty). So,
(Ball
r+
(a) X) = Ball
r+
(X) or equivalently Ball
r+
(a) X.
Consider any p Ball
r
(a). Then, q Ball

(p), we have by triangular

inequality [[qa[[ [[pa[[ +[[pq[[ < r+ substituting [[pa[[ < r while [[p
q[[ . So, q Ball
+r
(a). But, Ball
+r
(a) X A implies q A. Therefore
there exists an open neighborhood as Ball
r
(a) around a such that p Ball
r
(a),
Ball

(p) A or equivalently Ball

r
(a) A

by the denition of trimming.

Without loss of generality, for any a A

, we can nd a corresponding r > 0

such that Ball
r
(a) A

. Therefore A

is open.
Example of trimmed set: Consider a two dimensional open rectangle rect =
]2, 4[]9, 14[. Recall that Ball
0.3
(.) denes a closed square of side lenght 0.3 be-
cause we are considering L

norm. Therefore, after trimming the open rectangle

by an amount = 0.3, we get an open rectangle rect
0.3
=]2.3, 3.7[]9.3, 13.7[
because all closed squares of side length 0.3 attached to the boundary are re-
moved.
A

is the set obtained by trimming A by a margin of near the boundary,

since all points near the boundary within a margin of have at least one point
among their -distant neighbors outside A. Although the denition of trimming
can also extend to non-open sets, but in a practical sense, trimming is more
reasonable for open sets. To illustrate, consider a nite but large subset of a
normed vector space. Then trimming of the nite set by even an innitesimally
small margin will result in an empty set, because all the points of the nite set
are boundary points. To avoid this oddity, we restrict the denition of trimming
to open sets only.
Proposition 3.23 Let U be open subset of a normed vector space. It is easy to
see that > 0, U
[0,]
is also open. Then > 0 we have
_
U
[0,]
_

= (U

)
[0,]
Proof. We leave it to the reader to verify that given U is open, we have U
[0,]
as also open. We prove the main part of the Proposition as follows.
First we prove
_
U
[0,]
_

(U

)
[0,]
. Let u
_
U
[0,]
_

. Then we have to
prove that t [0, ].u(t) U

. For any t

[0, ] and for any v : [[u(t

)v[[ <
dene v : [0, ] U as

v(t

) = v
v(t) = u(t) if t ,= t

Since u and v dier at only one time point t

so [[u v[[ = [[u(t

) v(t

)[[ < .
This means v Ball

(u, U
[0,]
). As u
_
U
[0,]
_

, so v U
[0,]
. This means
v = v(t

) U. But v is any point inside Ball

(u(t), U). So, v Ball

(u(t), U)
we get v U. So, u(t) U

. This is true for all t [0, ]. Therefore u

[U

]
[0,]
. This proves
_
U
[0,]
_

(U

)
[0,]
. (1)
We shall now prove the converse (U

)
[0,]

_
U
[0,]
_

. Let u (U

)
[0,]
.
Take any v : [[u v[[ < . Then t [0, ].v(t) Ball

(u(t), U). u (U

)
[0,]
means t [0, ]u(t) U

. So, t [0, ]u(t) U

and t [0, ].v(t)

Ball

(u(t), U) means t [0, ].v(t) U or equivalently v U

[0,]
. So, v
Ball

(u, U
[0,]
).v U
[0,]
. Therefore u
_
U
[0,]
_

. This means that

(U

)
[0,]

_
U
[0,]
_

. (2)
From (1) and (2) we get that
_
U
[0,]
_

= (U

)
[0,]
.
In the next Subsection, we derive some results about trimming of space of input
trajectories.
3.3 Enabling of asymptotically stabilizing supervisory inputs
If x : [0, [ X is a trajectory of the linear system and C
mn
is a real
matrix, then write y
C,x
: [0, [ X satisfying y
C,x
(0) = y and
_
y
C,x
x
_
(t) = (A+BC)(y
C,x
(t) x(t)). (3)
Notice that if x is driven by an input trajectory u, then y
C,x
is driven by a super-
visory input trajectory in (4) but only until any time such that u
y,x
([0, ]) U
because U is bounded; in other words the image of [0, ] by the supervisory input
trajectory u
y,x
has to be inside U where u
y,x
is dened as follows.
u
y,x
= u +C.
_
y
C,x
x
_
(4)
For certain values of u(t), u
y,x
(t) may move out of the bounded input space,
because u
y,x
(t) is the translation of u(t) by an amount C.
_
y
C,x
x
_
(t). We
say that u admits u
y,x
of (4) until time at point y with reference to x if
u
y,x
[
[0,]
U
[0,]
or equivalently u
y,x
([0, ]) U. This is said because u
y,x
may
move out of the bounded input space U at some time instant greater than .
Denition 3.31 We denote In
C
(y, x, ) = u U
[0,]
: u
y,x
([0, ]) U
which means that In
C
(y, x, ) contains all input trajectories that admit corre-
sponding supervisory input trajectories of the form (4) until time at point y
taking x as the reference.
Theorem 3.32 Let =

A
nn
, B
nm
, U,

R
+
U
[0,]
_
be an open input (U
is open set) locally stabilizable linear system with a stabilization matrix C
mn
.
Let two points y and x in state space be such that for some > 0, [[y x[[ .
Then the following hold
1. , > 0,
_
U
(||C||+)
_
[0,]
In
C
(y, x, ).
2.
_
U
||C||
_
[0,]
In
C
(y, x, ). Equivalently
_
U
[0,]
_
||C||
In
C
(y, x, ) be-
cause
_
U
[0,]
_
||C||
=
_
U
|C||
_
[0,]
by Proposition 3.23.
Proof. 1. We prove the rst part of the theorem by contradiction. Assume that
there are , > 0 such that
_
U
(||C||+)
_
[0,]
In
C
(y, x, ). This means that
there exists an input u
_
U
(||C||+)
_
[0,]
such that the image of [0, ] by the
corresponding supervisory input trajectory u
y,x
is not contained inside U, i.e.
u
y,x
([0, ]) / U. Dene T = t 0 : u
y,x
([0, t]) / U. The set T is non-empty
because T. Let = inf T. This means that at the precise time instant ,
the supervisory input trajectory u
y,x
is at the boundary point of the set U, i.e.
u
y,x
() is at the boundary point of U.
By (4) we get that u
y,x
() = u() + C.
_
y
C,x
() x()
_
and from this
[[u
y,x
() u()[[ [[C[[[[y
C,x
() x()[[. But from (3) we get that
_
y
C,x
() x()
_
= (y x) exp((A+BC))
As (A+BC) has all eigenvalues with negative real part, so from previous equation
we get that [[y
C,x
() x()[[ [[y x[[ . Substituting this in what we got
earlier, we have
[[u
y,x
() u()[[ [[C[[ (5)
Using this we proceed to prove that u
y,x
is an interior point of U which shall be
a contradiction to an earlier conclusion that u
y,x
is a boundary point of U.
Consider a closed ball (square) Ball

(u
y,x
()) of radius around u
y,x
().
Consider any point p Ball

(u
y,x
()). Then
[[p u()[[ [[p u
y,x
()[[ +[[u
y,x
() u()[[.
By substituting from (5) we get that
[[p u()[[ [[p u
y,x
()[[ +[[C[[ < +[[C[[ (6)
because p Ball

(u
y,x
()).
But u
_
U
(||C||+)
_
[0,]
implies u() U
(||C||+)
, and then from (6) we
get that p U. This is true for all p Ball

(u
y,x
()) which means that u
y,x
()
is an interior point of U. This is contrary to an earlier conclusion that u
y,x
()
is the boundary point of U.
This means that the assumption we started with at the beginning is false.
Hence, , > 0.
_
U
(||C||+)
_
[0,]
In
C
(y, x, ).
2. The proof of second part of the Proposition is as follows. We shall rst
prove

>0
U
(||C||+)
= U
||C||
. Let u U
||C||
. Since U
||C||
is open by
Proposition 3.22, so
u
> 0.Ball

u
(u) U
||C||
. This means Ball

u
+||C||
(u)
U or equivalently u U
(||C||+
u
)
. So, for every u U
||C||
, there exists
u
> 0
such that u U
(||C||+
u
)
. Therefore U
||C||


>0
U
(||C||+)
. Also, it is
trivial to see that

>0
U
(||C||+)
U
||C||
because > 0, U
(||C||+)

U
||C||
. Therefore by sandwithching we get,

>0
U
(||C||+)
= U
||C||
.
From the theorem statement, , > 0,
_
U
(||C||+)
_
[0,]
In
C
(y, x, ). But
from Proposition 3.23 we derive the equivalent
_
U
[0,]
_
(||C||+)
In
C
(y, x, ).
As the theorem holds for all > 0 independently of , therefore we get that

>0
_
U
[0,]
_
(||C||+)
In
C
(y, x, ) Earlier we proved

>0
U
(||C||+)
=
U
||C||
. Therefore, (U
[0,]
)
||C||
In
C
(y, x, ). Equivalently,
_
U
[0,]
_
||C||

In(y, x, ) by Proposition 3.23.
4 Trimmed input approximate bisimulation
We dene a metric transition system (MTS) as follows.
Denition 4.03 (Metric transition system)
A Metric Transition System (MTS) is T = X, V, , Y, H where X is a state
space, V is the superset of all possible inputs at any point, [] X V X is
the transition relation, Y is a metric space and H : X Y is the output map.
Since trimming is only dened on open sets (Denition 3.21), therefore we iden-
tify an Open Input Metric Transition System (OIMTS) as follows, from which
a trimmed open input metric transition system may be derived after trimming
the input space.
Denition 4.04 (Open Input Metric Transition System)
An Open Input Metric Transition System (OIMTS) is an MTS T = X, V, , Y, H
with the additional condition that V is an open subset of a normed vector space.
Related to control systems, the set V in an OIMTS consists of any open set of
input trajectories.
Denition 4.05 (Trimmed open input metric transition system)
Let T = X, V, , Y, H be a open input metric transition system (OIMTS).
Then we dene the trimmed transition system T

X, V

, [
V

, Y, H
_
where V

is the obtained after trimming the open set V by near the boundary
and [
V

is the restriction of the original transition relation to V

.
4.1 Approximate bisimulation without trimming
We rst dene one version of -approximate simulation according to [4] which is
useful when supervisory feedback
3
is used in symbolic abstraction. A dierent
and more common version of approximate simulation is dened in [1] but the
denition in [1] is not suitable when supervisory feedback
3
is introduced in
symbolic abstraction, as will be explained in Remark 4.12.
The author of [4] actually denes a stronger approximate simulation,
having a -reexivity condition. But we restrict to the general -approximate
simulation leaving -reexivity.
Denition 4.11 Let T = X, V,
1
, Y, H and T

= X

, V

,
2
, Y, H

be two
MTS. Let Y be equipped by the metric d : Y Y R
0
. Note that the output
range Y is same for both the MTS but the input spaces V and V

may be dierent.
We say that a non-empty relation R X X

is an -approximate simulation
relation of T by T

, i (x, x

) R all the following hold

1. d (H(x), H

(x

)) .
2. y X u V , if x
u

1
y then there exist y

and u

such that
x

2
y

and (y, y

) R. Note that u and u

may be dierent.
Approximate bisimulation: Consequently, we say that T and T

are -bisimilar
to each other i a non-empty relation R such that R -approximately simulates
T by T

and R
1
-approximately simulates T

by T.
Remark 4.12 The more common denition of -approximate simulation in [1]
requires that one transition may simulate another only if both the transitions
are driven by the same input. But when supervisory feedback
3
is used, then
it may happen that one transition simulated by another transition is such that
the driving input of former transition is a feedback supervisory function
3
of the
input of latter transition and may not be equal to the input of latter transition.
As such the denition in [1] is restrictive in the sense that it can not be used to
analyze symbolic abstraction involving supervisory feedback. On the other hand,
the Denition 4.11 of our paper, which is also previously stated in [4], allows us
to interpret symbolic abstraction involving supervisory feedback.
4.2 Trimmed-input approximate bisimulation for OIMTS
Denition 4.21 (Trimmed input approximate simulation)
Let T = X, V,
1
, Y, H and T = X

, V

,
2
, Y, H be two OIMTS. For any
, > 0, we say that a relation R X X

is a -trimmed -approximate
simulation of the OIMTS T by T

by i the relation R is an -approximately

simulation of T

by T

, where T

is the -trimmed OIMTS obtained from T

according to Denition 4.05.
Denition 4.22 (Trimmed-input approximate bisimulation)
Consequently, R is a -trimmed -approximate bisimulation between T and T

i R -approximately simulates T

by T

and R
1
-approximately simulates
T

by T.
5 Interpretation of trimmed input approximate
bisimulation
Let T and T

be two OIMTS such that they are -trimmed input -approximately

bisimilar. Then we demonstrate that the -trimmed OIMTS T

is -proximate,
3
The general denition of supervisory feedback function is given in the Appendix,
but in the paper we shall only discuss locally stabilizing linear supervisory feedback.
sound, and 2. near complete with respect to T. We demonstrate this by a
cascading eect as described below. In a vague sense, when and are very
small, then something like T

transpires as the reasonably good abstraction of

T after established trimmed input approximate bisimulation between T and T

.
Disambiguation. It is to be noted that T

may not be sound with respect to

T. Instead we shall demonstrate that T

is sound with respect to T along with

2. near-completeness and proximity.
Proposition 5.03 Let A and C be two subsets of a normed vector space S such
that A

C. Then A
2.
C

.
Proof. Let x A
2.
. For the above proposition to be true, by the denition of
C

(S), we have to prove that for every point y Ball

(x, S) we have y C.
This would be true if we prove that y A

because A

C. By the
denition of A

, y A

is true if for every point w Ball

(y, S) we have
w A. So the proposition reduces to proving that w A. As y Ball

(x, S)
and w Ball

(y, S), so by simple geometry we have w Ball

2.
(x, S). But
x A
2.
(S) and w Ball
2.
(x, S) means that w A. Hence proved.
The following results hold for the trimmed transition system T

.
-Proximity: The distance between two related states of T and T

is less
than since T and T

are -trimmed input -approximately bisimilar.

Soundness: T

is -approximately simulated by T since T and T

are -
trimmed input -approximately bisimilar. This means that T

is sound with
respect to T.
Disambiguation. It is to be noted that T

may not be sound with respect to

T. Instead we demonstrated that T

is sound with respect to T.

2.-Near completeness: Since T and T

are -trimmed input -approximately

bisimilar, so T

is -approximately simulated by T

. Then by using Propo-

sition 5.03, we get that T
2.
is approximately simulated by T

. This
means that T

is 2.-near complete with respect to T.

6 State and time quantization
Denition 6.04 (Time quantized transition relation of control system)
For a linear control system and two points x and y in state space and
u U
[0,]
, we write x
u
y i x(x, , u) = y. For any x in state space and
u U
[0,]
, dene Reach(x,
u
) = y R
n
: x
u
y
Let an open input linear control system =

A
nn
, B
nm
, U,

tR
+
U
[0,t]
_
where U is open. Then for any > 0, the time quantized open input metric
transition system (OIMTS) T

(, X) is dened as
T

() =
_
R
n
, U
[0,]
, , R
n
, id
_
where id is the identity output map and is the transition relation according
to Denition 6.04. We leave it to the reader to verify that since U is open, so
U
[0,]
is also open and hence the MTS T

() is also an OIMTS. Therefore,

T

() shall admit the notion of trimming.

For any > 0 and u U
[0,]
, we dene a transition relation
u

[R
n
]

[R
n
]

as follows. x
u

y if and only if y

Reach(x,
u
).[[y y

[[ /2. Then the

state-time quantized OIMTS T
,
() is dened as
T
,
() =
_
[R
n
]

, U
[0,]
,

, R
n
, id
_
.
Corollary 6.05 Let =

A
nn
, B
nm
, U,

tR
+
U
[0,t]
_
be a locally stabilizable
linear control system with open and bounded input space U and a stabilization
matrix C. Then > 0 and : 0 < < , there exists > 0 such that, if
y, x : [[y x[[ and u (U
||C||
)
[0,]
and x
u
x

, then y

.y
u
y,x
y

satisfying [[y

[[ < /2.
Proof. Firstly, we have to show that for any chosen , > 0, if u (U
||C||
)
[0,]
and [[yx[[ , then u
y,x
is enabled until the chosen > 0. If u (U
||C||
)
[0,]
and [[yx[[ , then by Theorem 3.32 we get that u In(y, x, ) or equivalently
u
y,x
([0, ]) U. Therefore, u
x,y
is enabled until time . This means there exists
a y

.y
u
y,x
y

.
From (3),(4) we have that (x

) = (xy) exp((A+BC)). Since (A+BC)

has all eigenvalues with negative real part, so [[(xy)[[[[ exp((A+BC))[[ tends
exponentially to zero as . Therefore, we can choose suciently large
such that [[x

[[ < /2.
Result 6.06 Let =

A
nn
, B
nm
, U,

tR
+
U
[0,t]
_
be a locally stabilizable
linear control system with open and bounded input space U and a stabilization
matrix C. Then for all > 0 and : 0 < /2, there exists a > 0 such that
T

() is [[C[[-trimmed -approximately bisimilar to T

,
().
Proof. On the basis of Corollary 6.05, we choose a > 0 such that y, x : [[y
x[[ , if u (U
||C||
)
[0,]
and x
u
x

, then y

.y
u
y,x
y

and [[y

[[ < /2.
Choose a relation R R
n
[R
n
]

as (x, y) R if and only if [[x y[[ .

We shall prove that R is the required ([[C[[ +)-trimmed -approximate bisim-
ulation relation. For this we have to prove, by the Denition of trimmed-input
approximate bisimulation, both the following (i) R -approximately simulates
T

||C||
(, X) by T
,
() by R. (ii) R
1
-approximately simulates T
,
||C||
()
by T

().
The proof of (i) is as follows. Let (y, x) R. The transitions in T

||C||
(, X)
are driven by inputs in (U
[0,]
)
||C||
= (U
||C||
)
[0,]
(refer to denition of
trimmed OIMTS and Proposition 3.23). Let (x, y) R and x
u
x

be a tran-
sition in T

||C||
(). (x, y) R implies [[y x[[ and hence by the choice
of as stated in at the beginning of this proof, we have that there exists y

such that y
u
y,x
y

and [[y

[[ < /2. Choose any y

[R
n
]

such that
[[y

[[ /2. It is easy to see that such a point y

exists on the grid [R

n
]

.
Then by the way the state-quantized transition relation

is dened, we get that

y
u
y,x

because y
u
y,x
y

, [[y

[[ /2 and y

[R
n
]

. By triangular
inequality, [[y

[[ [[y

[[ +[[y

[[ /2 +/2 = which means

that (x, y

) R. Also, by the way R was chosen earlier, it is an proximate

relation. This completes the proof of (i).
We prove (ii) as follows. Let (y, x) R
1
. The transitions in T
,
||C||
are
driven by input trajectories in (U
[0,]
)
||C||
= (U
||C||
)
[0,]
by the denition of
the trimmed OIMTS. If for any u (U
||C||
)
[0,]
we have y
u

, then there
exists y

R
n
such that [[y

[[ < /2 and y
u
y

, by the denition of
the state-quantized transition relation

. Since u (U
||C||
)
[0,]
, so by the
choice of at the beginning of this proof, we have an x

such that x
u
x,y
x

and [[x

[[ < /2. So, by triangular inequality we get that [[x

[[
[[x

[[ +[[y

[[ /2 + /2 = . Therefore, (y

, x

) R
1
. Also, by
the way R was chosen earlier, R
1
is an proximate relation. This completes
the proof of (ii).
7 The nal symbolic model
Let =

A
nn
, B
nm
, U,

tR
+
U
[0,t]
_
be a locally stabilizable linear control
system with open and bounded input space U and a stabilization matrix C. Then
for any desired precision > 0, we can choose a state-quantization parameter
: 0 < < and > 0 such that T

() is [[C[[-trimmed -approximately
bisimilar to T
,
() by Result 6.06.
With , chosen as above for a given , the nal symbolic model is the [[C[[
trimmed , quantized OIMTS T
,
||C||
(). Note that the trimming of [[C[[ is
necessary for the symbolic model to be sound with respect to T

().
Soundness, proximity and near-completeness: By the results we de-
rived in Section 5 about soundness, proximity and near-completeness, the nal
symbolic model T
,
||C||
() is sound, -proximate and 2[[C[[-near complete with
respect to T

() since T
,
() is [[C[[-trimmed approximately bisimilar to
T

(). Note that the nal symbolic model is T

,
||C||
() but not T
,
() be-
cause the latter may not be sound with respect to T

().
Thus the [[C[[ trimmed , quantized OIMTS T
,
||C||
() transpires as the
nal symbolic model which is sound, -proximate and 2[[C[[-near complete with
respect to T

(). The goodness of such abstraction is that we can choose ar-

bitrarily small to obtain a symbolic model which is arbitrarily close to being
complete because the 2[[C[[-near-completeness of nal symbolic model is pro-
portional to .
Although the nal state-time quantized symbolic model has innite inputs,
but the bounded and open set of time bounded input trajectories can be approxi-
mated by any reasonable nite subset of input trajectories. An example is worked
out in Section 8. Although quantization of input space will make controller syn-
thesis more accurate and a procedure of quantization is discussed in [3], but such
quantization is not practically easy because it involves computation of reach sets
(this is also stated in [3]). Therefore we have limited to state-time quantized ab-
straction of control system with possibly dense inputs; because the inputs may
be conveniently restricted to any reasonable nite subset while doing controller
synthesis. For unstable linear systems with open and bounded input space, we
are able to build sound symbolic models with arbitrarily small proximity and
trimming (near-completeness). Also parametrization of completeness makes our
method more rigorous than other extant approaches.
8 Example
To be complete.
Appendix
Denition 8.07 Let U R
m
for some m N. Then for n N, a function
k : R
n
R
n
U is called a supervisory function i all the following hold.
1. k is continuously dierentiable on R
2n
where = (x, x) : x R
n
;
2. k(y, x, u) = u (y, x) ;
We say that a supervisory function is linear if it is of the form k(y, x, u) =
u + C(y x) for some matrix C. It is easy to see that (u +C(y x)) moves
out of any bounded input space because the supervisory function translates the
original input space by an amount C(y x). Therefore, there can not be a linear
supervisory function on a bounded input space.
We now state the general global asymptotic stabilizability assumption and
prove that everywhere divergent linear systems with bounded input space can
not be globally asymptotically stabilized by any kind of supervisory function.
Notation: A function : R
0
R
0
R
0
is called a //

function if
(r, .) is increasing function in r such that (0, .) = 0; and (., t) asymptotically
tends to zero as t .
The following stabilizability assumption, which we call the global asymptotic
stabilizability assumption, was discussed in [4].
Denition 8.08 A control system with input space U and state space R
n
is
said to be globally asymptotically stabilizable if there exists a supervisory function
k : R
n
R
n
U U enforcing the following estimate for all x, y R
n
, u |
and t R
+
0
[[x(t, x, u) y(t, y, k(y, x, u))[[ ([[x y[[, t). (7)
where is a //

function.
A linear system = A
nn
, B
nm
, U, | is everywhere divergent if all the
eigenvalues of A have positive real part. Consider
min
as the eigenvalue of A
with minimum real part. Consider as everywhere divergent and so Re(
min
)
is positive. We proceed to demonstrate that for the everywhere divergent linear
system , if the input space U is bounded such that [[u[[ < M u U, then
any two state trajectories starting at a distance greater than
4||B||M
Re(
min
)
can never
come arbitrarily close, irrespective of what pair of input trajectories drives the
two state trajectories. This would mean that the system can not be globally
asymptotically stabilized. The proof is as follows.
We know for a linear system
x(x, , u) y(y, , v) = (x y) exp(A) +
_

0
exp(A( t))B(u v)(t)dt (8)
By using reverse triangular inequality on (8) we get
[[x(x, , u) y(y, , v)[[
[[(x y) exp(A)[[

_

0
exp(A( t)B(u v)(t)

(9)
For all possible pairs of trajectories u and v, we have that [[u v[[ 2M
since the norm of inputs is bounded by M.
Then choose x, y such that [[x y[[ >
4M||B||
Re(
min
)
. Putting these bounds in (9)
we get
[[x(x, , u) y(y, , v)[[
2M[[B[[

exp(A)
_
2
Re(
min
)

_

0
exp(At)dt
_

(10)
Again using reverse triangular inequality we get
[[x(x, , u) y(y, , v)[[
2M[[B[[[[ exp(A)[[
_
2
Re(
min
)

_

0
exp(At)dt

_
(11)
Since

0
exp(At)dt

0
[[ exp(At)[[dt So
_
2
Re(
min
)

_

0
exp(At)dt

_

_
2
Re(
min
)

_

0
[[ exp(At)[[dt
_
.
Furthermore, we have that [[ exp(At)[[ exp(Re(
min
)t) since
min
is
the eigenvalue with minimum real part. Substituting we get
_
2
Re(
min
)

_

0
exp(At)dt

_

_
2
Re(
min
)

_

0
exp(Re(
min
)t)dt
_

_
2
Re(
min
)

1
Re(
min
)
_
since
_

0
exp(Re(
min
)t)dt = 1/Re(
min
).
Substituting in (11) we get
[[x(x, t, u) y(y, t, v)[[
2M[[B[[[[ exp(A)[[
Re(
min
)
(12)
2M||B|||| exp(A)||
Re(
min
)
keeps increasing in because A has all eigenvalues with
positive real part.
This means that, the linear system being everywhere divergent with norm
of inputs upper bounded by M > 0, if the starting points x and y are such
that [[x y[[ >
4M||B||
Re(
min
)
where Re(
min
) is the eigenvalue with minimum real
part (which is positive), then x and y can not come arbitrarily close for any
possible input trajectories u and v inside the bounded input space driving x
and y respectively. This completes the proof.
Hence an everywhere divergent linear system whose input space is bounded
can not be globally asymptotically stabilized. But such a system may still be
locally stabilizable and an example was shown in Section 3. However if the input
space has no boundaries, then global stabilizability of linear systems is equivalent
to local stabilizability.
References
1. Antoine Girard and George J. Pappas. Approximation metrics for discrete and
continuous systems. IEEE Transactions on Automatic Control, 52(5):782 798,
2007.
2. Robin Milner. A calculus of communicating systems. Springer-Verlag New York,
Inc., 1982.
3. Giordano Pola, Antoine Girard, and Paulo Tabuada. Approximately bisimilar sym-
bolic models for nonlinear control systems. Automatica, 44(10):25082516, 2008.
4. Paulo Tabuada. An approximate simulation approach to symbolic control. Auto-
matic Control, IEEE Transactions on, 53(6):14061418, 2008.
5. Yuichi Tazaki and Jun-ichi Imura. Discrete abstractions of nonlinear systems
based on error propagation analysis. Automatic Control, IEEE Transactions on,
57(3):550564, 2012.
6. Majid Zamani, Giordano Pola, Manuel Mazo Jr., and Paulo Tabuada. Symbolic
models for nonlinear control systems without stability assumptions. IEEE Trans-
actions on Automatic Control, 57(7):1804 1809, 2012.