On a Strong Notion of Viability for Switched Systems Ievgen Ivanov Taras Shevchenko National University of Kyiv, Ukraine ivanov.eugen@gmail.com Abstract. We propose a strong notion of viability for a set of states of a nonlinear switched system. This notion is defined with respect to a fixed region of the state space and can be interpreted as a condition under with a system can be forced to stay in a given safe set by applying a specific control strategy only when its state is outside the fixed region. When the state of the system is inside the fixed region, the control can be kept constant without the risk of driving the system into unsafe set (the complement of the safe set). We investigate and give a convenient sufficient condition for strong vi- ability of the complement of the origin for a nonlinear switched system with respect to a fixed region. Keywords. dynamical system, switched system, viability, global-in-time trajectories, control system. Key Terms. Mathematical Model, Specification Process, Verification Process 1 Introduction A subset of the state space of a control system is called viable, if for any initial point in this set there exists a solution of the control system which stays for- ever in this set. Usual problems associated with viability are checking if a given set is viable, finding a solution (and/or the corresponding control input) which stays forever in this set (viable solution), designing a viable region [2]. Viability was studied in many works on the theory of differential equations and inclusions and the control theory [20, 5, 2, 3, 9, 19, 24, 21, 7, 10, 1, 16, 6]. The corresponding results can be straightforwardly applied to control and verification problems for hybrid (discrete-continuous) systems [11] and other models of cyber-physical systems [22, 4, 17, 23], assuming that viable sets are interpreted as safety re- gions. However, this interpretation suggests certain natural generalizations of the notion of viability. We propose and investigate one such generalization in this paper. Let n ≥ 1 be a natural number, I be a non-empty finite set, and fi : R → Rn , i ∈ I be an indexed family of vector fields. Let T = [0, +∞), I be the set of all functions from T to I which are piecewise- constant on each compact segment [a, b] ⊂ T , and k∙k denote the Euclidean norm on Rn . Consider a switched dynamical system [18] of the form ẋ(t) = fσ(t) (t, x(t)) (1) where, σ ∈ I, t ≥ 0. Assume that for each i ∈ I: 1. fi is continuous and bounded on [0, +∞) × Rn ; 2. there exists a number L > 0 such that kfi (t, x1 ) − fi (t, x2 )k ≤ L kx1 − x2 k for all x1 , x2 ∈ Rn , t ∈ T , and i ∈ I (Lipschitz-continuity). Under these conditions Caratheodory existence theorem [8] implies that for each t0 ∈ T and x0 ∈ Rn , and σ ∈ I the problem d x(t) = fσ(t) (t, x(t)) (2) dt x(t0 ) = x0 (3) has a Caratheodory solution defined for all t ≥ t0 , i.e. a function t 7→ x(t; t0 ; x0 ; u) which is absolutely continuous on every segment [a, b] ⊂ [t0 , +∞), satisfies the equation (2) a.e. (almost everywhere in the sense of Lebesgue measure), and satisfies (3). Moreover, this solution is unique in the sense that for any function x : [t0 , t1 ) → Rn , which is absolutely continuous on every segment [a, b] ⊂ [t0 , t1 ), satisfies (2) a.e. on [t0 , t1 ) and satisfies (3), x(t) = x(t; t0 ; x0 ; u) holds for t ∈ [t0 , t1 ). For any X ⊆ Rn and x0 ∈ X denote by V S(X, x0 ) (set of viable switchings) the set of all σ ∈ I such that x(t; 0; x0 ; σ) ∈ X for all t ≥ 0; If V S(X, x0 ) 6= ∅ for each x0 ∈ X, then X is a viable set of (1) and functions t 7→ x(t; 0; x0 ; σ), σ ∈ V S(X, x0 ) are viable solutions for X. Let Y ⊆ Rn be a set. Let us say that a set X ⊆ Rn is Y -strongly viable, if for each x0 ∈ X there exists σ ∈ V S(X, x0 ) such that σ(t) is constant on each interval (t1 , t2 ) ⊂ [0, +∞) such that x(t; 0; x0 ; σ) ∈ Y for all t ∈ (t1 , t2 ). In particular, X is viable if and only if X is ∅-strongly viable. Thus strong viability is a generalization of viability. This notion has the following natural interpretation: the state of the system (1) can be forced to stay in a given “safe” set X by applying a specific control strategy (σ) only when its state is outside Y . When the state of the system is inside Y , one can keep the control constant (i.e. do not make any switchings) without the risk of driving the system into the “unsafe” region Rn \X. Then Y can be interpreted as a set of states where “nothing specific needs to be done” to ensure safety of the system and the complement of Y can be interpreted as a set of states upon reaching which “something may need to be done” to ensure safety. In this paper we will consider the case when X is the complement of the origin (i.e. the origin may be interpreted as a safety hazard) and propose a convenient sufficient condition which can be used to verify that for a given system, X, and Y , X is Y -strongly viable. To do this we will use the notion of a Nondeterministic Complete Markovian System (NCMS) [14] which is based on the notion of a solution system by O. Hájek [12]. More specifically, we will represent the system (1) using a suitable NCMS and reduce the problem of Y -strong viability of a set X to the problem of the existence of global-in-time trajectories of NCMS which was investigated in [14, 15] and apply a theorem about the right dead-end path in NCMS [15] in order to obtain a condition of Y -strong viability. To make the paper self-contained, in Section 2 we give the necessary defi- nitions and facts about NCMS. In Section 3 we formulate and prove the main result of the paper. 2 Preliminaries 2.1 Notation We will use the following notation: N = {1, 2, 3, ...}, N0 = N ∪ {0}, R is the set of real numbers, R+ is the set of nonnegative real numbers, f : A → B is a total function from a set A to a set B, f : A→B ˜ denotes a partial function from a set A to a set B. We will denote by 2A the power set of a set A and by f |A the restriction of a function f to a set A. If A, B are sets, then B A will denote the set of all total functions from A to B and A B will denote the set of all partial function from A to B. For a function f : A→B ˜ the symbol f (x) ↓ (f (x) ↑) mean that f (x) is defined, or, respectively, undefined on the argument x. We will not distinguish the notions of a function and a functional binary relation. When we write that a function f : A→B ˜ is total or surjective, we mean that f is total on the set A specifically (f (x) is defined for all x ∈ A), or, respectively, is onto B (for each y ∈ B there exists x ∈ A such that y = f (x)). We will use the following notations for f : A→B:˜ dom(f ) = {x | f (x) ↓}, i.e. the domain of f (note that in some fields like category theory the domain of a partial function is defined differently), and range(f ) = {y | ∃x f (x) ↓ ∧ y = f (x)}. We will use the same notation for the domain and range of a binary relation: if R ⊆ A × B, then dom(R) = {x | ∃ y (x, y) ∈ R} and range(R) = {y | ∃ x (x, y) ∈ R}. We will denote by f (x) ∼= g(x) the strong equality (where f and g are partial functions): f (x) ↓ if and only if g(x) ↓, and f (x) ↓ implies f (x) = g(x). We will denote by f ◦ g the functional composition: (f ◦ g)(x) ∼ = f (g(x)). For any set X and a value y we will denote by X 7→ y a constant function defined on X which takes the value y. Also, we will denote by T the non-negative real time scale [0, +∞) and assume that T is equipped with a topology induced by the standard topology on R. The symbols ¬, ∨, ∧, ⇒, ⇔ will denote the logical operations of negation, disjunction, conjunction, implication, and equivalence respectively. 2.2 Nondeterministic Complete Markovian Systems (NCMS) The notion of a NCMS was introduced in [13] for studying the relation between the existence of global and local trajectories of dynamical systems. It is close to the notion of a solution system by O. Hájek [12], however there are some differences between these two notions [14]. Denote by T the set of all intervals (connected subsets) in T which have the cardinality greater than one. Let Q be a set (a state space) and T r be some set of functions of the form s : A → Q, where A ∈ T. The elements of T r will be called (partial) trajectories. Definition 1. ([13, 14]) A set of trajectories T r is closed under proper restric- tions (CPR), if s|A ∈ T r for each s ∈ T r and A ∈ T such that A ⊆ dom(s). Definition 2. ([13, 14]) (1) A trajectory s1 ∈ T r is a subtrajectory of s2 ∈ T r (denoted as s1 v s2 ), if dom(s1 ) ⊆ dom(s2 ) and s1 = s2 |dom(s1 ) . (2) A trajectory s1 ∈ T r is a proper subtrajectory of s2 ∈ T r (denoted as s1 @ s2 ), if s1 v s2 and s1 6= s2 . (3) Trajectories s1 , s2 ∈ T r are incomparable, if neither s1 v s2 , nor s2 v s1 . The set (T r, v) is a (possibly empty) partially ordered set. Definition 3. ([13, 14]) A CPR set of trajectories T r is (1) Markovian (Fig. 2), if for each s1 , s2 ∈ T r and t ∈ T such that t = sup dom(s1 ) = inf dom(s2 ), s1 (t) ↓, s2 (t) ↓, and s1 (t) = s2 (t), the following function ( s belongs to T r: s1 (t), t ∈ dom(s1 ) s(t) = s2 (t), t ∈ dom(s2 ) (2) complete, if each non-empty chain in (T r, v) has a supremum. Fig. 1. Markovian property of NCMS. If one trajectory ends and another begins in the state q at time t, then their concatenation is a trajectory. Definition 4. ([13, 14]) A nondeterministic complete Markovian system (NCMS) is a triple (T, Q, T r), where Q is a set (state space) and T r (trajectories) is a set of functions s : T →Q ˜ such that dom(s) ∈ T, which is CPR, complete, and Markovian. An overview of the class of all NCMS can be given using the notion of an LR representation [13–15]. Definition 5. ([13, 14]) Let s1 , s2 : T →Q. ˜ Then s1 and s2 coincide: (1) on a set A ⊆ T , if s1 |A = s2 |A and A ⊆ dom(s1 ) ∩ dom(s2 ) (this is denoted . as s1 =A s2 ); (2) in a left neighborhood of t ∈ T , if t > 0 and there exists t0 ∈ [0, t) such that . . s1 =(t0 ,t] s2 (this is denoted as s1 =t− s2 ); . (3) in a right neighborhood of t ∈ T , if there exists t0 > t, such that s1 =[t,t0 ) s2 . (this is denoted as s1 =t+ s2 ). Let Q be a set. Denote by ST (Q) the set of pairs (s, t) where s : A → Q for some A ∈ T and t ∈ A. Definition 6. ([13, 14]) A predicate p : ST (Q) → Bool is . (1) left-local, if p(s1 , t) ⇔ p(s2 , t) whenever {(s1 , t), (s2 , t)} ⊆ ST (Q) and s1 =t− s2 hold, and, moreover, p(s, t) holds whenever t is the least element of dom(s); (2) right-local, if p(s1 , t) ⇔ p(s2 , t) whenever {(s1 , t), (s2 , t)} ⊆ ST (Q) and . s1 =t+ s2 hold, and, moreover, p(s, t) holds whenever t is the greatest el- ement of dom(s). Let LR(Q) be the set of all pairs (l, r), where l : ST (Q) → Bool is a left-local predicate and r : ST (Q) → Bool is a right-local predicate. Definition 7. ([14]) A pair (l, r) ∈ LR(Q) is called a LR representation of a NCMS Σ = (T, Q, T r), if T r = {s : A → Q | A ∈ T ∧ (∀t ∈ A l(s, t) ∧ r(s, t))}. The following theorem gives a representation of NCMS using predicate pairs. Theorem 1. ([14, Theorem 1]) (1) Each pair (l, r) ∈ LR(Q) is a LR representation of a NCMS with the set of states Q. (2) Each NCMS has a LR representation. 2.3 Existence global-in-time trajectories of NCMS The problem of the existence of global trajectories of NCMS was considered in [13, 14] and was reduced to a more tractable problem of the existence of locally defined trajectories. Informally, the method of proving the existence of a global trajectory in NCMS consists of guessing a “region” (subset of trajectories) which presumably contains a global trajectory and has a convenient representation in the form of (another) NCMS and proving that this region indeed contains a global trajectory by finding or guessing certain locally defined trajectories independently in a neighborhood of each time moment. Below we briefly state the main results about the existence of global trajec- tories of NCMS described in [15]. Let Σ = (T, Q, T r) be a fixed NCMS. Definition 8. ([15]) Σ satisfies (1) local forward extensibility (LFE) property, if for each s ∈ T r of the form s : [a, b] → Q (a < b) there exists a trajectory s0 : [a, b0 ] → Q such that s0 ∈ T r, s v s0 and b0 > b. (2) global forward extensibility (GFE) property, if for each trajectory s of the form s : [a, b] → Q there exists a trajectory s0 : [a, +∞) → Q such that s v s0 . Definition 9. ([15]) A right dead-end path (in Σ) is a trajectory s : [a, b) → Q, where a, b ∈ T , a < b, such that there is no s0 : [a, b] → Q, s ∈ T r such that s @ s0 (i.e. s cannot be extended to a trajectory on [a, b]). Definition 10. ([15]) An escape from a right dead-end path s : [a, b) → Q (in Σ) is a trajectory s0 : [c, d) → Q (where d ∈ T ∪ {+∞}) or s0 : [c, d] → Q (where d ∈ T ) such that c ∈ (a, b), d > b, and s(c) = s0 (c). An escape s0 is called infinite, if d = +∞. Definition 11. ([15]) A right dead-end path s : [a, b) → Q in Σ is called strongly escapable, if there exists an infinite escape from s. Definition 12. ([15]) (1) A right extensibility measure is a function f + : R × R→R ˜ such that A = {(x, y) ∈ T × T | x ≤ y} ⊆ dom(f + ), f (x, y) ≥ 0 for all (x, y) ∈ A, f + |A is strictly decreasing in the first argument and strictly increasing in the second argument, and for each x ≥ 0, f + (x, x) = x , limy→+∞ f + (x, y) = +∞. (2) A right extensibility measure f + is called normal, if f + is continuous on {(x, y) ∈ T × T | x ≤ y} and there exists a function α of class K∞ (i.e. the function α : [0, +∞) → [0, +∞) is continuous, strictly increasing, and α(0) = 0, limx→+∞ α(x) = +∞) such that α(y) < y for all y > 0 and the function y 7→ f + (α(y), y) is of class K∞ . An example of a right extensibility measure is f1+ (x, y) = 2y − x. Let f + be a right extensibility measure. Definition 13. ([15]) A right dead-end path s : [a, b) → Q is called f + -escapable, if there exists an escape s0 : [c, d] → Q from s such that d ≥ f + (c, b). Theorem 2. ([15], About right dead-end path) Assume that f + is a normal right extensibility measure and Σ satisfies LFE. Then each right dead-end path is strongly escapable if and only if each right dead-end path is f + -escapable. Lemma 1. ([15]) Σ satisfies GFE if and only if Σ satisfies LFE and each right dead-end path is strongly escapable. Theorem 3. ([15], Criterion of the existence of global trajectories of NCMS) Let (l, r) be a LR representation of Σ. Then Σ has a global trajectory if and only if there exists a pair (l0 , r0 ) ∈ LR(Q) such that (1) l0 (s, t) ⇒ l(s, t) and r0 (s, t) ⇒ r(s, t) for all (s, t) ∈ ST (Q); (2) ∀t ∈ [0, ] l0 (s, t) ∧ r0 (s, t) holds for some  > 0 and a function s : [0, ] → Q; (3) if (l0 , r0 ) is a LR representation of a NCMS Σ 0 , then Σ 0 satisfies GFE. 3 Main result Let I, I, and fi , i ∈ I, and x(t; t0 ; x0 ; σ) be defined as in Section 1. Let X = Rn \{0} and Y ⊂ Rn be a set. Let denote D = Rn \Y . Let us state the main result: Theorem 4. Assume that: (1) for each t ∈ T there exist i1 , i2 ∈ I such that fi1 (t, 0) and fi2 (t, 0) are noncollinear; (2) {0} is a path-component of {0} ∪ Y . Then X is Y -strongly viable. We will need several lemmas to prove this theorem. Let us fix an element x∗0 ∈ X. Let Q = Rn × I. Denote by pr1 : Q → Rn , pr2 : Q → I the projections on the first and second component, i.e. pr1 ((x0 , i)) = x0 and pr2 ((x0 , i)) = i. Let T r be the set of all functions s : A → Q, where A ∈ T, such that the following conditions are satisfied, where x = pr1 ◦ s and σ = pr2 ◦ s: 1) σ is piecewise-constant on each segment [a, b] ⊆ A (a < b); 2) x is absolutely continuous on each segment [a, b] ⊆ A (a < b) and satisfies d the equation dt x(t) = fi (t, x(t)) a.e. on A; 3) x(t) 6= 0 for all t ∈ A; 4) for each non-maximal t ∈ A such that x(t) ∈ / D there exists t0 ∈ (t, +∞)∩A 00 00 0 such that σ(t ) = σ(t) for all t ∈ [t, t ); 5) for each non-minimal t ∈ A such that x(t) ∈ / D there exists t0 ∈ (0, t) ∩ A 00 00 0 such that σ(t ) = σ(t) for all t ∈ (t , t]; 6) if 0 ∈ A, then x(0) = x∗0 . It follows straightforwardly from this definition that Σ(x∗0 ) = (T, Q, T r) is a NCMS (i.e. T r is a CPR, Markovian, and complete set of trajectories). Let us find a sufficient condition which ensures that Σ has a global trajectory. Lemma 2. (1) Σ(x∗0 ) satisfies the LFE property. (2) There exists s ∈ T r and ε > 0 such that dom(s) = [0, ε]. Proof. (1) Let s : [a, b] → Q be a trajectory, x = pr1 ◦ s, and u = pr2 ◦ s. Let σ 0 : [a, +∞) → I be a function such that σ 0 (t) = σ(t), if t ∈ [a, b] and σ 0 (t) = σ(b), if t > b. Then σ = σ 0 |[a,b] , σ 0 is piecewise-constant on each segment in its domain, and x(t) = x(t; a; x(a); σ 0 ) for all t ∈ [a, b]. Let b0 = b + 1 and x0 : [a, b0 ] → Rn be a function such that x0 (t) = x(t; a; x(a); σ 0 ) for t ∈ [a, b0 ]. Then x = x0 |[a,b] . Because x0 (t) 6= 0 for all t ∈ [a, b] and x0 is continuous, there exists b00 ∈ (b, b0 ] such that x0 (t) 6= 0 for all t ∈ [a, b00 ]. Let s0 : [a, b00 ] → Q be a function such that s0 (t) = (x0 (t), σ 0 (t)) for all t ∈ [a, b00 ]. Then it follows immediately that s0 ∈ T r. Besides, svs0 . Thus Σ satisfies LFE. (2) Let us choose any i0 ∈ I and define x : T → Rn as x(t) = x(t; 0; x∗0 ; σ0 ) for all t ∈ T , where σ0 (t) = i0 for all t. Then x is continuous and x(0) = x∗0 6= 0, so there exists ε > 0 such that x(t) 6= 0 for all t ∈ [0, ε]. Let s : [0, ε] → Q be a function s(t) = (x(t), i0 ), t ∈ [0, ε]. Then s ∈ T r. t u Lemma 3. Assume that: (1) for each t ∈ T there exist i1 , i2 ∈ I such that fi1 (t, 0), fi2 (t, 0) are (nonzero) noncollinear vectors, i.e. k1 fi1 (t, 0) + k2 fi2 (t, 0) 6= 0 whenever k1 , k2 ∈ R are not both zero; (2) for each s ∈ T r defined on a set of the form [t1 , t2 ), if limt→t2 − (pr1 ◦s)(t) = 0, then pr1 (s(t)) ∈ D for some t ∈ [t1 , t2 ). Then each right dead-end path in Σ(x∗0 ) is f1+ -escapable, where f1+ (x, y) = 2y −x is a right extensibility measure. Proof. Let M 0 = 1 + sup{kfi (t0 , x0 )k |(t0 , x0 ) ∈ T × Rn , i ∈ I}. Then 0 < M 0 < +∞, because f is bounded. Let s : [a, b) → Q be a right dead-end path and x = pr1 ◦s, σ = pr2 ◦s. Let σ 0 : [a, +∞) → I be a function such that σ 0 (t) = σ(t), if t ∈ [a, b) and σ 0 (t) = σ(a), if t ≥ b. Then σ = σ 0 |[a,b) , σ 0 is Lebesgue-measurable, and x(t) = x(t; a; x(a); σ 0 ) for all t ∈ [a, b). Then there exists a limit xl = limt→b− x(t) = x(b; a; x(a); σ 0 ) ∈ Rn . Firstly, consider the case when xl 6= 0. Then kxl k > 0. Let us choose an arbitrary t0 ∈ (a, b) such that b − t0 < kxl k /(4M 0 ) and kx(t0 ) − xl k < kxl k /2 (this is possible, because xl = limt→b− x(t)). Let σ 00 : [t0 , +∞) → I and x00 : [t0 , +∞) → Rn be functions such that σ 00 (t) = σ(t0 ) for all t ≥ t0 and x00 (t) = x(t; t0 ; x(t0 ); σ 00 ) for all t ≥ t0 . Then kx00 (t0 )k = kx(t0 ) − xl + xl k ≥ kxl k − kx(t0 ) − xl k > kxl k /2 > 2M 0 (b − t0 ). Then for all t ≥ t0 we have Z t 00 00 kx (t)k = x (t0 ) + fσ00 (t) (t, x00 (t))dt ≥ t0 Z t ≥ kx00 (t0 )k − fσ00 (t) (t, x00 (t)) dt > t0 > 2M 0 (b − t0 ) − M 0 (t − t0 ) = M 0 (2b − t0 − t). Let d = 2b − t0 . Then d > t0 because t0 < b. Then x00 (t) 6= 0 for all t ∈ [t0 , d]. Let s∗ : [t0 , d] → Q be a function such that s∗ (t) = (x00 (t), σ 00 (t)) for all t ∈ [t0 , d]. It follows immediately that s∗ ∈ T r. Also, s∗ (t0 ) = s(t0 ) and d = 2b − t0 = f1+ (t0 , b). Then s∗ is an escape from s and s is f1+ -escapable. Now consider the case when xl = 0. Let us choose i1 , i2 ∈ I such that v1 = fi1 (b, 0) and v2 = fi2 (b, 0) are noncollinear (this is possible by the assumption 1 of the lemma). Then the function h(k1 , k2 ) = kk1 v1 + k2 v2 k attains some minimal value M > 0 on {(k1 , k2 ) ∈ R × R | |k1 | + |k2 | = 1}. Then for all k1 , k2 such that k1 6= 0 or k2 6= 0, h(k1 , k2 ) = (|k1 | + |k2 |)h(k1 (|k1 | + |k2 |)−1 , k2 (|k1 | + |k2 |)−1 ) ≥ M (|k1 | + |k2 |). Let ε = M/2 > 0. Because f is continuous, there exists δ > 0 such that for each j = 1, 2, t ∈ T , and x0 ∈ Rn such that |b − t| + kx0 k < δ we have fij (t, x0 ) − vj = fij (t, x0 ) − fij (b, 0) < ε. Let R = δ/4, t1 = max{b − R, a}, and t2 = b + R. Then R > 0, a ≤ t1 < b < t2 and for all j = 1, 2, t ∈ [t1 , t2 ] and x0 such that kx0 k ≤ R, fij (t, x0 ) − vj < ε. Let us choose an arbitrary c ∈ (t1 , b) such that b − c < min{R/(2M 0 ), R/2}. Then s|[c,b) ∈ T r by the CPR property and limt→t2 − (pr1 ◦ s|[c,b) )(t) = xl = 0, so by the assumption 2 there exists t0 ∈ [c, b) such that pr1 (s(t0 )) = x(t0 ) ∈ D. Let x1 : [t0 , t2 ] → Rn and x2 : [t0 , t2 ] → Rn be functions such that x1 (t) = x(t; t0 ; x(t0 ); σ1 ) and x2 (t) = x(t; t0 ; x(t0 ); σ2 ) for all t ∈ [t0 , t2 ], where σj (t) = ij for all t. Denote dj (t) = fij (t, xj (t)) − vj for each j = 1, 2 and t ∈ [t0 , t2 ]. Then the following two cases are possible. a) There exists j ∈ {1, 2} such that 0 ∈ / range(xj ). Let us choose any d ∈ (max{2b − t0 , t0 }, t2 ) (this is possible, because t0 < b < t2 and 2b − t0 ≤ 2b − c < b + R/2 < b + R = t2 ). Then let s∗ : [t0 , d] → Q be a function such that s∗ (t0 ) = s(t0 ) = (x(t0 ), σ(t0 )) and s∗ (t) = (xj (t), ij ) for all t ∈ (t0 , d]. Because xj (t0 ) = x(t0 ) ∈ D and xj (t) 6= 0 for all t ∈ [t0 , t2 ] ⊃ [t0 , d], we have that s∗ ∈ T r. Besides, s∗ (t0 ) = s(t0 ) and d > 2b − t0 = f1+ (t0 , b), so s∗ is an escape from s and s is f1+ -escapable. b) 0 ∈ range(x1 )∩range(x2 ). Then because x1 , x2 are continuous, there exist t0j = min{t ∈ [t0 , t2 ] | xj (t) = 0} for j = 1, 2. Moreover, t0j ∈ (t0 , t2 ] for j = 1, 2, because x1 (t0 ) = x2 (t0 ) = x(t0 ) 6= 0. If we suppose that kxj (t)k < R for each j = 1, 2 and t ∈ [t0 , t0j ], then kdj (t)k = fij (t, xj (t)) − vj < ε for each j = 1, 2 and t ∈ [t0 , t0j ], whence k0 − 0k = kx1 (t01 ) − x2 (t02 )k = Z t01 Z t02 = x(t0 ) + fi1 (t, x1 (t))dt − x(t0 ) − fi2 (t, x2 (t))dt = t0 t0 Z t01 Z t02 = v1 + d1 (t)dt − v2 + d2 (t)dt = t0 t0 Z t01 Z t02 = v1 (t01 − t0 ) − v2 (t02 − t0 ) + d1 (t)dt − d2 (t)dt ≥ t0 t0 Z t01 Z t02 ≥ kv1 (t01 − t0 ) − v2 (t02 − t0 )k − kd1 (t)k dt − kd2 (t)k dt ≥ t0 t0 M 0 ≥ M (|t01 − t0 | + |t02 − t0 |) − ε(t01 − t0 ) − ε(t02 − t0 ) = (t − t0 + t02 − t0 ) > 0. 2 1 We have a contradiction, so there exists j ∈ {1, 2} and t00 ∈ [t0 , t0j ] such that kxj (t00 )k ≥ R. This implies that Z t0j R ≤ kxj (t00 )k = xj (t0j ) − xj (t00 ) = fij (t, xj (t))dt ≤ M 0 (t0j − t00 ). t00 Then t0j − t0 ≥ t0j − t00 ≥ R/M 0 > 2(b − c) ≥ 2(b − t0 ), so t0j > 2b − t0 . Let us choose any d ∈ (max{2b − t0 , t0 }, t0j ). Let s∗ : [t0 , d] → Q be a function such that s∗ (t0 ) = s(t0 ) = (x(t0 ), σ(t0 )) and s∗ (t) = (xj (t), ij ) for all t ∈ (t0 , d]. Because xj (t0 ) = x(t0 ) ∈ D and xj (t) 6= 0 for all t ∈ [t0 , t0j ) ⊃ [t0 , d], we have s∗ ∈ T r. Besides, s∗ (t0 ) = s(t0 ) and d > 2b − t0 = f1+ (t0 , b), so s∗ is an escape from s and s is f1+ -escapable. t u Lemma 4. Assume that: (1) for each t ∈ T there exist i1 , i2 ∈ I such that fi1 (t, 0) and fi2 (t, 0) are noncollinear; (2) {0} is a path-component of {0} ∪ Y . Then Σ(x∗0 ) has a global trajectory. Proof. Let us show that the assumption 2 of Lemma 3 holds. Let s ∈ T r, dom(s) = [t1 , t2 ) (t1 < t2 ), limt→t2 − (pr1 ◦ s)(t) = 0. Denote x = pr1 ◦ s. Suppose that x(t) ∈/ D for all t ∈ [t1 , t2 ). Let γ : [0, 1] → {0} ∪ (Rn \D) be a function such that γ(ε) = x(t1 + ε(t2 − t1 )), if ε ∈ [0, 1) and γ(1) = 0. Then γ is continuous, so there is a path from γ(0) = x(t1 ) 6= 0 to 0 in {0}∪(Rn \D) = {0}∪Y (considered as a topological subspace of Rn ). This contradicts the assumption that {0} is a path-component of {0} ∪ Y . Thus x(t) ∈ D for some t ∈ [t1 , t2 ). The assumption 1 of Lemma 3 also holds, so by Lemma 2, Lemma 3, Lemma 1, Theorem 2, Σ satisfies GFE. Besides, by Lemma 2 there exists s ∈ T r with dom(s) = [0, ε] for some ε > 0, so by the GFE property, Σ has a global trajectory. t u Proof (of Theorem 4). Follows straightforwardly from Lemma 4, because the statement of Lemma 4 holds for any x∗0 ∈ X. 4 Conclusion We have proposed the notion of an Y -strongly viable set X for nonlinear switched systems. This notion follows naturally from interpretation of viable sets as safety regions. We have considered the case when X is the complement of the origin (i.e. the origin may be interpreted as a safety hazard) and proposed a convenient sufficient condition which can be used to verify that for a given system, X, and Y , X is Y -strongly viable. In the forthcoming papers we plan to investigate other cases give the corresponding conditions. References 1. D. Angeli and E. D. Sontag. Forward completeness, unboundedness observability, and their lyapunov characterizations. Systems & Control Letters, 38(4):209–217, 1999. 2. J.-P. Aubin. Viability Theory (Modern Birkhauser Classics). Birkhauser Boston, 2009. 3. J. P. Aubin and A. Cellina. Differential inclusions: set-valued maps and viability theory. Springer-Verlag GmbH, 1984. 4. R. Baheti and H. Gill. Cyber-physical systems. The Impact of Control Technology, pages 161–166, 2011. 5. J. Bebernes and J. Schuur. The wazewski topological method for contingent equa- tions. Annali di Matematica Pura ed Applicata, 87(1):271–279, 1970. 6. O. Cârjă, M. Necula, and I. I. Vrabie. Viability, invariance and applications, volume 207. Elsevier Science Limited, 2007. 7. E. A. Coddington and N. Levinson. Theory of Ordinary Differential Equations. Krieger Pub Co, 1984. 8. A. Filippov. Differential Equations with Discontinuous Righthand Sides: Control Systems (Mathematics and its Applications). Springer, 1988. 9. H. Frankowska and S. Plaskacz. A measurable upper semicontinuous viability theorem for tubes. Nonlinear analysis, 26(3):565–582, 1996. 10. Y. E. Gliklikh. Necessary and sufficient conditions for global-in-time existence of solutions of ordinary, stochastic, and parabolic differential equations. In Abstract and Applied Analysis, volume 2006, pages 1–17. MANCORP PUBLISHING, 2006. 11. R. Goebel, R. G. Sanfelice, and A. Teel. Hybrid dynamical systems. 29(2):28–93, 2009. 12. O. Hájek. Theory of processes, i. Czechoslovak Mathematical Journal, 17:159–199, 1967. 13. I. Ivanov. A criterion for existence of global-in-time trajectories of non- deterministic Markovian systems. Communications in Computer and Information Science (CCIS), 347:111–130, 2013. 14. I. Ivanov. On existence of total input-output pairs of abstract time systems. Com- munications in Computer and Information Science (CCIS), 412:308–331, 2013. 15. I. Ivanov. On representations of abstract systems with partial inputs and outputs. In T. Gopal, M. Agrawal, A. Li, and S. Cooper, editors, Theory and Applications of Models of Computation, volume 8402 of Lecture Notes in Computer Science, pages 104–123. Springer International Publishing, 2014. 16. G. Labinaz and M. Guay. Viability of Hybrid Systems: A Controllability Operator Approach. Springer Netherlands, 2012. 17. E. A. Lee and S. A. Seshia. Introduction to embedded systems: A cyber-physical systems approach. Lulu.com, 2013. 18. D. Liberzon. Switching in Systems and Control (Systems & Control: Foundations & Applications). Birkhauser Boston Inc., 2003. 19. M. D. M. Marques. Viability results for nonautonomous differential inclusions. Journal of Convex Analysis, 7(2):437–443, 2000. 20. M. Nagumo. Über die Lage der Integralkurven gewöhnlicher Differentialgleichun- gen. 1942. 21. S. W. Seah. Existence of solutions and asymptotic equilibrium of multivalued differ- ential systems. Journal of Mathematical Analysis and Applications, 89(2):648–663, 1982. 22. J. Shi, J. Wan, H. Yan, and H. Suo. A survey of cyber-physical systems. In Wireless Communications and Signal Processing (WCSP), 2011 International Conference on, pages 1–6. IEEE, 2011. 23. J. Sifakis. Rigorous design of cyber-physical systems. In Embedded Computer Systems (SAMOS), 2012 International Conference on, pages 319–319. IEEE, 2012. 24. I. I. Vrabie. A Nagumo type viability theorem. An. Stiint. Univ. Al. I. Cuza Iasi. Mat.(NS), 51:293–308, 2005.