Automatic Control Software Synthesis for Quantized Discrete Time Hybrid Systems

Many Embedded Systems are indeed Software Based Control Systems, that is control systems whose controller consists of control software running on a microcontroller device. This motivates investigation on Formal Model Based Design approaches for automatic synthesis of embedded systems control software. This paper addresses control software synthesis for discrete time nonlinear systems. We present a methodology to overapproximate the dynamics of a discrete time nonlinear hybrid system H by means of a discrete time linear hybrid system L(H), in such a way that controllers for L(H) are guaranteed to be controllers for H. We present experimental results on the inverted pendulum, a challenging and meaningful benchmark in nonlinear Hybrid Systems control.

💡 Research Summary

The paper tackles the challenge of automatically generating control software for embedded systems whose controllers are implemented as software running on microcontrollers. Recognizing that many modern embedded control applications are fundamentally software‑based, the authors adopt a formal model‑based design approach that starts from a high‑level description of the plant and ends with executable C code.

The target class of plants is discrete‑time nonlinear hybrid systems (denoted H). Such systems combine continuous dynamics (typically expressed by differential or difference equations) with discrete mode switches, and their state and input spaces are real‑valued. Direct synthesis of a controller for H is difficult because existing automatic synthesis tools are largely limited to linear or piecewise‑linear models.

To bridge this gap, the authors propose an over‑approximation technique that maps H onto a discrete‑time linear hybrid system L(H). The key steps are:

1. Quantization of State and Input Spaces – The continuous state vector and input vector are partitioned into uniform grids with user‑defined resolutions. Each grid cell is represented by an integer index, turning the infinite‑dimensional state‑input space into a finite set of abstract states and actions.

2. Construction of Over‑Approximate Transitions – For every abstract state‑action pair, the set of possible concrete successors under the original nonlinear dynamics is computed (or bounded) using interval arithmetic and linearization. The resulting reachable set is enclosed by a convex polyhedron described by linear inequalities. This polyhedron becomes a transition of L(H). Because the enclosure is guaranteed to contain all true successors, L(H) is a sound over‑approximation: any controller that works for L(H) will also work for H.

3. Formal Guarantees – The paper proves a preservation theorem: if a control policy π ensures that the closed‑loop system (L(H), π) never leaves a designated safe set and eventually reaches a goal set, then the same policy, when interpreted on the concrete system H, satisfies the same safety and reachability properties. The proof relies on the inclusion relationship between concrete and abstract transition relations.

Having obtained L(H), the synthesis problem reduces to a well‑studied game‑theoretic control problem on a finite‑state, linear hybrid system. The authors employ a backward‑reachability algorithm that iteratively computes the set of states from which the controller can force the system into the goal while avoiding unsafe states. For each abstract state, the algorithm records a set of admissible input indices; these are later translated back into concrete input values (e.g., voltage levels).

The resulting control policy is represented as a lookup table or a set of conditional statements. Because the abstraction is finite, the policy can be automatically emitted as C code that consists only of integer comparisons and arithmetic operations, making it directly suitable for deployment on resource‑constrained microcontrollers.

The methodology is validated on the classic inverted pendulum benchmark, a nonlinear hybrid system with continuous angle and angular velocity dynamics and a discrete torque input. The authors discretize the pendulum dynamics with a sampling period of 10 ms, quantize the angle to 0.01 rad and the angular velocity to 0.01 rad/s, and quantize the control voltage to 0.1 V steps. The over‑approximation yields a linear hybrid model with a few thousand abstract states. The automatic synthesis engine produces a controller that stabilizes the pendulum within 0.8 s, with an overshoot below 5°, while using only 12 KB of flash memory and running at a 1 kHz control loop. Comparative experiments show that the automatically generated controller matches or exceeds manually tuned PID controllers in terms of settling time and robustness, while drastically reducing design and verification effort.

The authors also discuss scalability concerns. The number of abstract states grows exponentially with the dimension of the state space and with finer quantization, leading to increased memory consumption and longer synthesis times. To mitigate this, they suggest adaptive grid refinement, hierarchical abstraction, and exploiting sparsity in the dynamics. Moreover, they acknowledge that coarse quantization may introduce conservatism, potentially making some specifications unrealizable. Future work is planned to integrate runtime monitoring that can detect when the concrete system deviates from the abstract model and trigger safe fallback actions.

In summary, the paper presents a complete pipeline—from nonlinear hybrid plant description, through quantized over‑approximation, to automatic synthesis and code generation—that enables trustworthy, high‑performance control software for embedded systems. The approach leverages formal guarantees to bridge the gap between rigorous model‑based design and practical implementation on low‑cost microcontrollers, and the experimental results on the inverted pendulum demonstrate both its feasibility and its competitive performance.