## Section: Research Program

### Background on non-standard analysis

Non-Standard analysis plays a central role in our research on hybrid systems modeling [3] , [6] , [15] , [14] . The following text provides a brief summary of this theory and gives some hints on its usefulness in the context of hybrid systems modeling. This presentation is based on our paper [3] , a chapter of Simon Bliudze's PhD thesis [21] , and a recent presentation of non-standard analysis, not axiomatic in style, due to the mathematician Lindström [41] .

Non-standard numbers allowed us to reconsider the semantics of hybrid
systems and propose a radical alternative to the *super-dense
time semantics* developed by Edward Lee and his team as part of the
Ptolemy II project, where cascades of successive instants can occur in
zero time by using ${\mathbb{R}}_{+}\times \mathbb{N}$ as a time index. In the non-standard
semantics, the time index is defined as a set
$\mathbb{T}=\{n\partial \mid n\in {}^{*}\mathbb{N}\}$, where $\partial $ is an
*infinitesimal* and ${}^{*}\mathbb{N}$ is the set of *non-standard
integers*. Remark that 1/ $\mathbb{T}$ is dense in ${\mathbb{R}}_{+}$, making it
“continuous”, and 2/ every $t\in \mathbb{T}$ has a predecessor in $\mathbb{T}$ and a
successor in $\mathbb{T}$, making it “discrete”. Although it is not effective from
a computability point of view, the *non-standard semantics*
provides a framework that is familiar to the computer
scientist and at the same time efficient as a symbolic
abstraction. This makes it an excellent candidate for the development
of provably correct compilation schemes and type systems for hybrid
systems modeling languages.

Non-standard analysis was proposed by Abraham Robinson in the 1960s to allow the explicit manipulation of “infinitesimals” in analysis [48] , [35] , [10] . Robinson's approach is axiomatic; he proposes adding three new axioms to the basic Zermelo-Fraenkel (ZFC) framework. There has been much debate in the mathematical community as to whether it is worth considering non-standard analysis instead of staying with the traditional one. We do not enter this debate. The important thing for us is that non-standard analysis allows the use of the non-standard discretization of continuous dynamics “as if” it was operational.

Not surprisingly, such an idea is quite ancient. Iwasaki et al. [37] first proposed using non-standard analysis to discuss the nature of time in hybrid systems. Bliudze and Krob [22] , [21] have also used non-standard analysis as a mathematical support for defining a system theory for hybrid systems. They discuss in detail the notion of “system” and investigate computability issues. The formalization they propose closely follows that of Turing machines, with a memory tape and a control mechanism.

The introduction to non-standard analysis in [21] is very pleasant and we take the liberty to borrow it. This presentation was originally due to Lindstrøm, see [41] . Its interest is that it does not require any fancy axiomatic material but only makes use of the axiom of choice — actually a weaker form of it. The proposed construction bears some resemblance to the construction of $\mathbb{R}$ as the set of equivalence classes of Cauchy sequences in $\mathbb{Q}$ modulo the equivalence relation $\left({u}_{n}\right)\approx \left({v}_{n}\right)$ iff ${lim}_{n\to \infty}({u}_{n}-{v}_{n})=0$.

#### Motivation and intuitive introduction

We begin with an intuitive introduction to the construction of the non-standard reals. The goal is to augment $\mathbb{R}\cup \{\pm \infty \}$ by adding, to each $x$ in the set, a set of elements that are “infinitesimally close” to it. We will call the resulting set ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$. Another requirement is that all operations and relations defined on $\mathbb{R}$ should extend to ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$.

A first idea is to represent such additional numbers as convergent sequences of reals. For example, elements infinitesimally close to the real number zero are the sequences ${u}_{n}=1/n$, ${v}_{n}=1/\sqrt{n}$ and ${w}_{n}=1/{n}^{2}$. Observe that the above three sequences can be ordered: ${v}_{n}>{u}_{n}>{w}_{n}>0$ where 0 denotes the constant zero sequence. Of course, infinitely large elements (close to $+\infty $) can also be considered, e.g., sequences ${x}_{u}=n$, ${y}_{n}=\sqrt{n}$, and ${z}_{n}={n}^{2}$.

Unfortunately, this way of defining ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$ does not yield a total order
since two sequences converging to zero cannot always be
compared: if ${u}_{n}$ and ${u}_{n}^{\text{'}}$ are two such sequences, the three sets
$\{n\mid {u}_{n}>{u}_{n}^{\text{'}}\}$, $\{n\mid {u}_{n}={u}_{n}^{\text{'}}\}$, and $\{n\mid {u}_{n}<{u}_{n}^{\text{'}}\}$
may even all be infinitely large. The beautiful idea of Lindstrøm is to
enforce that *exactly one of the above sets is important and the
other two can be neglected*. This is achieved by fixing once and for
all a finitely additive positive measure $\mu $ over the set $\mathbb{N}$ of
integers with the following properties: (The existence of such
a measure is non trivial and is explained later.)

Now, once $\mu $ is fixed, one can compare any two sequences: for the above case, exactly one of the three sets must have $\mu $-measure 1 and the others must have $\mu $-measure 0. Thus, say that $u>{u}^{\text{'}},u={u}^{\text{'}}$, or $u<{u}^{\text{'}}$, if $\mu (\{n\mid {u}_{n}>{u}_{n}^{\text{'}}\}=1)$, $\mu \left(\{n\mid {u}_{n}={u}_{n}^{\text{'}}\}\right)=1$, or $\mu \left(\{n\mid {u}_{n}<{u}_{n}^{\text{'}}\}\right)=1$, respectively. Indeed, the same trick works for many other relations and operations on non-standard real numbers, as we shall see. We now proceed with a more formal presentation.

#### Construction of non-standard domains

For $I$ an arbitrary set, a *filter* $\mathcal{F}$ over $I$ is a family of subsets of $I$ such that:

Consequently, $\mathcal{F}$ cannot contain both a set $P$ and its complement
${P}^{c}$. A filter that contains one of the two for any subset
$P\subseteq I$ is called an *ultra-filter*. At this point we
recall Zorn's lemma, known to be equivalent to the axiom of choice:

**Lemma 1 (Zorn's lemma)**
*Any partially ordered set $(X,\le )$ such that any chain in $X$
possesses an upper bound has a maximal element.*

A filter $\mathcal{F}$ over $I$ is an ultra-filter if and only if it is maximal with
respect to set inclusion.
By Zorn's lemma, any filter $\mathcal{F}$ over $I$ can be extended to an
ultra-filter over $I$.
Now, if $I$ is infinite, the family of sets $\mathcal{F}=$
$\{P\subseteq I\mid {P}^{c}\phantom{\rule{4.pt}{0ex}}\text{is}\phantom{\rule{4.pt}{0ex}}\text{finite}\}$ is a *free*
filter, meaning it contains no finite set. It can thus be extended to
a free ultra-filter over $I$:

**Lemma 2**
Any infinite set has a free ultra-filter.

Every free ultra-filter $\mathcal{F}$ over $I$ uniquely defines, by setting
$\mu \left(P\right)=1$ if $P\in \mathcal{F}$ and otherwise 0, a finitely additive
measure (Observe that, as a consequence, $\mu $ cannot be
sigma-additive (in contrast to probability measures or Radon
measures) in that it is *not* true that $\mu \left({\bigcup}_{n}{A}_{n}\right)={\sum}_{n}\mu \left({A}_{n}\right)$ holds for an infinite denumerable sequence
${A}_{n}$ of pairwise disjoint subsets of $\mathbb{N}$.) $\mu :{2}^{I}\mapsto \{0,1\}$, which satisfies

Now, fix an infinite set $I$ and a finitely additive measure $\mu $ over $I$ as above. Let $\mathbb{X}$ be a set and consider the Cartesian product ${\mathbb{X}}^{I}={\left({x}_{i}\right)}_{i\in I}$. Define $\left({x}_{i}\right)\approx \left({x}_{i}^{\text{'}}\right)$ iff $\mu \{i\in I\mid {x}_{i}\ne {x}_{i}^{\text{'}}\}=0$. Relation $\approx $ is an equivalence relation whose equivalence classes are denoted by $\left[{x}_{i}\right]$ and we define:

$\begin{array}{c}\hfill {}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{X}={\mathbb{X}}^{I}/\approx \end{array}$ | (1) |

$\mathbb{X}$ is naturally embedded into ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{X}$ by mapping every $x\in \mathbb{X}$ to the constant tuple such that ${x}_{i}=x$ for every $i\in I$. Any algebraic structure over $\mathbb{X}$ (group, ring, field) carries over to ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{X}$ by almost point-wise extension. In particular, if $\left[{x}_{i}\right]\ne 0$, meaning that $\mu \{i\mid {x}_{i}=0\}=0$ we can define its inverse ${\left[{x}_{i}\right]}^{-1}$ by taking ${y}_{i}={x}_{i}^{-1}$ if ${x}_{i}\ne 0$ and ${y}_{i}=0$ otherwise. This construction yields $\mu \{i\mid {y}_{i}{x}_{i}=1\}=1$, whence $\left[{y}_{i}\right]\left[{x}_{i}\right]=1$ in ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{X}$. The existence of an inverse for any non-zero element of a ring is indeed stated by the formula: $\forall x\phantom{\rule{0.166667em}{0ex}}(x=0\vee \exists y\phantom{\rule{0.166667em}{0ex}}(xy=1\left)\right)$. More generally:

**Lemma 3 (Transfer Principle)**
Every first order formula is true over ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{X}$ iff it is true over $\mathbb{X}$.

The above general construction can simply be applied to $\mathbb{X}=\mathbb{R}$ and
$I=\mathbb{N}$.
The result is denoted ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$; it is a field according to the transfer
principle.
By the same principle, ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$ is totally ordered by $\left[{u}_{n}\right]\le \left[{v}_{n}\right]$
iff $\mu \{n\mid {u}_{n}>{v}_{n}\}=0$.
We claim that, for any finite $\left[{x}_{n}\right]\in {}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{R}$, there exists a unique
$\mathrm{\mathit{s}\mathit{t}}\left(\left[{x}_{n}\right]\right)$, call it the *standard part* of $\left[{x}_{n}\right]$, such that

$\begin{array}{c}\hfill \mathrm{\mathit{s}\mathit{t}}\left(\left[{x}_{n}\right]\right)\in \mathbb{R}\phantom{\rule{0.277778em}{0ex}}\phantom{\rule{0.277778em}{0ex}}\text{and}\phantom{\rule{0.277778em}{0ex}}\phantom{\rule{0.277778em}{0ex}}\mathrm{\mathit{s}\mathit{t}}\left(\left[{x}_{n}\right]\right)\approx \left[{x}_{n}\right]\phantom{\rule{0.166667em}{0ex}}.\end{array}$ | (2) |

To prove this, let $x=sup\{u\in \mathbb{R}\mid \left[u\right]\le \left[{x}_{n}\right]\}$, where $\left[u\right]$ denotes the constant sequence equal to $u$. Since $\left[{x}_{n}\right]$ is finite, $x$ exists and we only need to show that $\left[{x}_{n}\right]-x$ is infinitesimal. If not, then there exists $y\in \mathbb{R},y>0$ such that $y<|x-[{x}_{n}\left]\right|$, that is, either $x<\left[{x}_{n}\right]-\left[y\right]$ or $x>\left[{x}_{n}\right]+\left[y\right]$, which both contradict the definition of $x$. The uniqueness of $x$ is clear, thus we can define $\mathrm{\mathit{s}\mathit{t}}\left(\left[{x}_{n}\right]\right)=x$. Infinite non-standard reals have no standard part in $\mathbb{R}$.

It is also of interest to apply the general construction
(1 ) to $\mathbb{X}=I=\mathbb{N}$, which results in the set ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{N}$ of
*non-standard natural numbers*.
The non-standard set ${}^{*\phantom{\rule{-0.166667em}{0ex}}}\phantom{\rule{0.166667em}{0ex}}\mathbb{N}$ differs from
$\mathbb{N}$ by the addition of *infinite natural numbers*, which are
equivalence classes of sequences of integers whose essential limit is
$+\infty $.