Recursive Feasibility

In any control strategy with a finite look-ahead, a fundamental paradox exists: how can we be sure that a series of locally optimal decisions will not lead to a long-term dead end? This is the central challenge for Model Predictive Control (MPC), where a controller repeatedly plans the best course of action over a limited future horizon. Without a guarantee of future viability, a plan that seems brilliant now might steer the system into a state from which no safe move is possible, causing a catastrophic failure.

This article tackles this problem by introducing the core concept of ​​recursive feasibility​​. It provides an ironclad promise that if a feasible plan exists now, a feasible plan will exist at every moment in the future. We will explore how this powerful guarantee is constructed and why it is the bedrock of safe and stable predictive control. The article is divided into two main parts. In "Principles and Mechanisms," we will dissect the theoretical machinery behind recursive feasibility, including the critical roles of the terminal set and terminal cost. Following that, "Applications and Interdisciplinary Connections" will demonstrate how this elegant theory is adapted to solve complex real-world problems and builds bridges to diverse fields like economics, robotics, and artificial intelligence.

Imagine you are captaining a ship through a treacherous archipelago, with a map that only shows you the next few miles. At every moment, you plot what seems to be the "optimal" course for the next hour—the fastest, most fuel-efficient path you can find. But here's the catch: what if that locally optimal path leads you into a dead-end strait, from which no safe passage exists? Your brilliant short-term plan has led to long-term disaster. This is the central dilemma of any predictive controller with a finite "sight" into the future. How can we trust a myopic planner to navigate a world of constraints without eventually trapping itself?

In the language of Model Predictive Control (MPC), this dilemma highlights a crucial distinction. For any given starting position, or ​​state​​, we can define the set of all states from which it's possible to plot at least one safe course over our short prediction horizon. Let's call this the ​​Set of Feasible Initial States​​. It feels like a good start; if you're in this set, you can at least make your next move.

However, there's a more exclusive, and far more important, club: the ​​Region of Attraction (ROA)​​. This is the set of all starting states from which our MPC-piloted ship is guaranteed to reach its final destination (the origin) safely, without ever running aground (violating constraints) along the way.

Why are these two sets not the same? The reason is profound and lies at the very heart of receding-horizon control. Just because you can find a feasible plan now doesn't mean that after you take the first step of that plan, you will still be able to find a feasible plan from your new position. You might have navigated yourself onto a proverbial sandbar. The initial plan was feasible, but it led to a state of future infeasibility. The Region of Attraction, therefore, excludes all those tempting but ultimately treacherous starting points.

The guarantee that feasibility at one moment implies feasibility at the next, and the next, and so on forever, is the solution to our paradox. It’s a property so vital that it has its own name: ​​recursive feasibility​​. It's the promise that our controller will never, ever get stuck. But how can we make such a powerful promise?

The genius of modern MPC lies in a simple but powerful idea: ensure that every short-term plan, no matter what, ends in a pre-defined "safe harbor." This safe harbor is a region in the state space known as the ​​terminal set​​, denoted $\mathcal{X}_f$. Think of it as a designated base camp for a mountain climber. No matter what route you plan for the next hour, it absolutely must end at this known, safe location.

What makes a set "safe"? It must obey a few commonsense rules. Let's imagine we have a very simple, reliable backup plan for when we're in this base camp: a simple feedback controller, say $u = Kx$. This is our ​​terminal controller​​. For the terminal set $\mathcal{X}_f$ to be a true safe harbor, it must satisfy three conditions:

1. ​​It must be within bounds.​​ The terminal set must be a subset of the overall allowed state space, $\mathcal{X}_f \subseteq \mathcal{X}$. (Your base camp must actually be on the mountain).

2. ​​The backup plan must be usable.​​ For any state $x$ inside the terminal set $\mathcal{X}_f$, our simple terminal controller must produce a control input $u = Kx$ that respects the input constraints, $Kx \in \mathcal{U}$. (The path leading from the base camp must be easy enough for you to follow without special equipment).

3. ​​The backup plan must keep you safe.​​ For any state $x$ inside the terminal set $\mathcal{X}_f$, applying the terminal controller must result in a next state that is also inside $\mathcal{X}_f$. This property is called ​​positive invariance​​. Mathematically, $(A+BK)x \in \mathcal{X}_f$. (Following the marked path from the base camp guarantees you stay on safe trails).

Choosing such a set is not trivial. Consider a simple system where we want to define a terminal set as a square, $\mathcal{X}_f = \{x \in \mathbb{R}^2 : \|x\|_{\infty} \le c\}$ for some constant $c$. If we choose $c$ too large, say $c=1.5$, we might find a state on the boundary of this square where our simple controller $u=Kx$ demands an input that violates its limits (e.g., requires an input of norm $0.9$ when the limit is $0.6$). This "safe harbor" turns out to have a cliff at its edge! Only by choosing a smaller square, say with $c=1$, can we ensure all three conditions hold, creating a truly valid terminal set. This careful construction is the first step toward our guarantee.

Now we can connect the dots. How does having a terminal set guarantee recursive feasibility? Through an elegant inductive argument known as the ​​"shift-and-append"​​ strategy.

Suppose at time $k$, we are at state $x(k)$ and our MPC optimizer finds a beautiful, optimal plan—a sequence of inputs $\{u_{0|k}^\star, u_{1|k}^\star, \dots, u_{N-1|k}^\star\}$. This plan is feasible by definition, and its last state, $x_{N|k}^\star$, lands squarely in our terminal set $\mathcal{X}_f$. We apply the first input, $u(k) = u_{0|k}^\star$, and the system moves to a new state, $x(k+1)$.

Now it's time $k+1$. The world has changed. Do we know for sure that a feasible plan exists from $x(k+1)$? Yes! We can prove it by constructing one. We don't need to be clever; we just need to show that at least one feasible plan exists. Here’s the recipe:

1. ​​Shift:​​ Take the tail of our previous optimal plan: $\{u_{1|k}^\star, \dots, u_{N-1|k}^\star\}$. This sequence is already known to be feasible in terms of state and input constraints.

2. ​​Append:​​ We have a one-step gap at the end. We fill it using our simple, reliable terminal controller. Since the state at the end of the shifted sequence is $x_{N|k}^\star$, which is in the safe harbor $\mathcal{X}_f$, we append the input $u_{N-1|k+1}^c = K x_{N|k}^\star$.

This newly constructed "candidate" sequence is guaranteed to be feasible. Why? The "shift" part is feasible because it was part of a feasible plan a moment ago. The "append" part is feasible because our terminal set was specifically designed to ensure that for any $x \in \mathcal{X}_f$, the control $Kx$ is admissible and the next state $(A+BK)x$ lands back in $\mathcal{X}_f$.

So, at time $k+1$, we hand this perfectly valid, if perhaps a bit clumsy, plan to our optimizer. The optimizer is guaranteed to find a solution that is at least as good as this one, and likely much better. The key is, it will always find a solution. The chain of feasibility is never broken. This is the simple, beautiful mechanism that provides the ironclad guarantee of recursive feasibility.

We've ensured our ship never runs aground. But we also want to ensure it actually reaches its destination. This is the role of the cost function, and in particular, the ​​terminal cost​​, $V_f(x_N) = x_N^\top P x_N$. This isn't just an arbitrary penalty tacked on at the end; it's a proxy for the entire cost of the journey from the edge of our map to the final destination.

What is the "right" terminal cost? In a stroke of mathematical elegance, it turns out that the perfect choice for the matrix $P$ is the solution to the ​​Discrete-time Algebraic Riccati Equation (DARE)​​ from the unconstrained infinite-horizon LQR problem. This is a deep result. It means that the terminal cost $x_N^\top P x_N$ is not an approximation—it is the exact optimal cost-to-go from state $x_N$ to the origin, assuming no constraints are active from that point on. Our myopic planner, upon reaching the terminal set, is suddenly imbued with the wisdom of an infinite-horizon planner. This aligns the short-term objective with the true long-term goal, dramatically improving performance.

This choice of terminal cost, paired with the terminal set, does something remarkable: it turns the MPC's optimal cost into a ​​Lyapunov function​​ for the closed-loop system. The logic is a beautiful extension of our shift-and-append argument. When we compare the optimal cost at time $k+1$ with the optimal cost at time $k$, we find that the cost is guaranteed to decrease at every step. The decrease comes from the fact that our "backup plan" (rolling out the terminal controller) is guaranteed to decrease the terminal cost. Since the true optimizer can do at least as well as the backup plan, the total cost must go down.

This dual role is the cornerstone of stabilizing MPC: the ​​terminal set​​ $\mathcal{X}_f$ guarantees we can always keep playing the game (recursive feasibility), and the ​​terminal cost​​ $V_f(x)$ guarantees we are always winning it (asymptotic stability).

Our discussion so far has assumed a perfect world—our ship moves exactly as our model predicts. What happens when a disturbance hits, like a gust of wind or an ocean current?

Imagine we used a very rigid terminal constraint: our plan must end at a single point, $x_N = 0$. This seems reasonable. But if a disturbance knocks our ship slightly off course, the new position might be one from which it's physically impossible to reach the target point in the remaining time with our limited engine power. The optimization becomes infeasible; our controller throws up its hands and fails.

The remedy, once again, is to build in flexibility. Instead of aiming for a single point, we must aim for a region. But not just any region. In a stormy world, we need a ​​robustly positively invariant (RPI) set​​. This is a special kind of terminal set designed to be a safe harbor against the worst-case disturbance. For any state inside this set, and for any possible disturbance from the bounded set $\mathcal{W}$, our terminal controller can keep the next state within the set.

By forcing our predictive plan to terminate inside this "fattened," robust set, we can once again construct a candidate solution for the next time step that is feasible no matter what the disturbance was. We have recovered our guarantee of recursive feasibility, but now it's a much stronger promise—a promise kept not just in calm weather, but in a storm. This robust approach, often realized through "tube-based MPC," shows the beautiful unity and adaptability of the core principle: to ensure long-term success, every short-term plan must end in a provably safe region, designed with the challenges of the real world in mind.

In the previous chapter, we explored the beautiful, almost philosophical principle of recursive feasibility. At its heart, it’s a simple, profound idea: to ensure a journey is successful, it’s not enough to make a good first move. You must ensure that your first move leads you to a position from which another good move is possible, and so on, ad infinitum. It's the strategy of a chess grandmaster, who looks not just at the next capture, but ensures that every move preserves the possibility of winning. In the world of engineering and science, this foresight isn't just a matter of winning a game; it's the key to stability, safety, and efficiency.

Now, let's embark on a journey to see how this single elegant idea blossoms into a powerful toolkit for solving an astonishing variety of real-world problems. We will see how it forms the backbone of modern control, adapts to the messiness of the real world, and builds bridges to fields as diverse as economics, artificial intelligence, and network science.

Imagine you are captaining a supertanker aiming for a distant port. Out in the open ocean, you have immense freedom. You can optimize your route for fuel, weather, or speed, solving a complex navigation problem with many possible solutions. This is the essence of Model Predictive Control (MPC)—using a model of your system to plan an optimal sequence of actions over a finite horizon. But what happens when you approach the narrow channel of the destination port? Your freedom vanishes. You can no longer afford to "explore" optimal paths; you need a simple, surefire, pre-approved plan to guide you safely to the dock.

This is precisely how recursive feasibility is put into practice in standard MPC. The "open ocean" is where the MPC controller shines, performing complex optimizations. The "narrow channel" is a small, well-understood region around the target state called the ​​terminal set​​, $\mathcal{X}_f$. Within this "safe harbor," we don't need the powerful MPC anymore. We can use a much simpler, pre-computed ​​terminal controller​​—often derived from classical Linear Quadratic Regulator (LQR) theory—that is mathematically guaranteed to steer the system to its final destination while respecting all constraints.

The genius of the design is this: the MPC's only job is to find a path into this terminal set. Once the predicted trajectory enters $\mathcal{X}_f$, recursive feasibility is guaranteed. Why? Because the plan for the "rest of the way" is already known and certified to be safe and stable. At each step, the MPC finds a new optimal path. The candidate for the next step's plan is simply the tail of the current plan, with the guaranteed terminal controller appended at the end. As long as we can always find a path into the safe harbor, we are guaranteed to remain feasible forever. This beautiful marriage of a complex, far-sighted optimizer with a simple, locally-infallible controller is the workhorse of modern industrial process control, enabling everything from chemical plants to aerospace vehicles to operate efficiently and reliably.

The world, of course, is rarely as clean as our ideal models. Our actions can be delayed, our systems can behave in wild, nonlinear ways, and unknown forces can push us off course. The true power of a scientific principle is measured by its ability to adapt to such complexities. Recursive feasibility passes this test with flying colors.

Dealing with Delays

What happens when there's a delay between your command and its effect, like the minutes-long lag in communicating with a Mars rover? Planning becomes a headache. The state of your system is no longer just its current position and velocity; it's also the string of commands you've sent that are still "in transit." The principle of recursive feasibility inspires a wonderfully elegant trick: if the state isn't telling you everything you need to know, simply redefine the state! We can create an ​​augmented state​​ that includes not just the physical variables but also the sequence of past inputs that have yet to take effect. By bundling this "memory" into our state description, the delayed system magically transforms into a larger, non-delayed one. We can then apply the standard recipe of MPC with a terminal set directly to this augmented system. We haven't changed the world, but we've changed our perspective, allowing a single, unified theory to conquer a new, practical challenge.

Taming Nonlinearity

Most real systems are nonlinear; their behavior can be complex, even chaotic. Does our "safe harbor" concept still work? The answer is yes, at least locally. While a nonlinear system might be unpredictable on a global scale, we can often find a small region around our desired operating point where its behavior is tame and approximately linear. Inside this region, we can again design a terminal controller and a terminal set, $\mathcal{X}_f$, that guarantee stability. The task of the MPC then becomes to navigate the wild, nonlinear dynamics of the "open ocean" to guide the system into this small pocket of predictability. It's a pragmatic and powerful strategy: acknowledging complexity where it exists, and exploiting simplicity where it can be found.

Embracing Uncertainty

Perhaps the biggest departure from the ideal is the presence of uncertainty and disturbances. A gust of wind hits a drone, a sudden change in demand affects a power grid. We can no longer plan for a single future trajectory; we must have a plan that works no matter what disturbance hits us (within a certain bound, of course). This leads to the idea of ​​Robust MPC​​.

A beautiful way to visualize this is with "Tube MPC". Instead of planning a single line-like trajectory, we plan a nominal trajectory and wrap it in a "tube" that represents the possible deviations the system might experience due to disturbances. The job of the controller is twofold: a nominal controller plans the path of the center of the tube, while a local feedback controller works constantly to keep the actual state within the tube's walls. To guarantee recursive feasibility, we must ensure that the entire tube remains within the system constraints. This means we must solve the planning problem in a set of "tightened" constraints, leaving a margin of safety for the unpredictable disturbances. The guarantee is now much stronger: if we have a feasible plan today, we are guaranteed to have a feasible plan tomorrow, for all possible disturbance sequences. This is the epitome of robust engineering.

The foresight embedded in recursive feasibility is so fundamental that its applications extend far beyond simply keeping a system stable. It provides a framework for optimizing complex processes and ensuring safety in a variety of domains.

The Economics of Foresight

Consider managing a national power grid. The goal isn't just to keep the frequency at 50 or 60 Hz (a stability task). The primary goal is economic: to meet demand using the cheapest combination of power sources (solar, wind, gas, etc.) at every moment. This is the domain of ​​Economic MPC​​. The cost function is no longer about penalizing deviation from a setpoint; it's a direct measure of economic cost. How can we ensure recursive feasibility here? The core idea remains. We need a "safe landing" for our economic plan. This could be a terminal constraint that forces the system to end in a known, sustainable steady-state, or a terminal set representing a desirable region of operation where we know we can continue to operate economically for the foreseeable future. This connects the mathematical machinery of control theory directly to economics and operations research, allowing us to optimize dynamic, resource-constrained systems for maximum efficiency.

Guarantees from Data

In the age of artificial intelligence, we often have vast amounts of data from a system but no perfect first-principles model. Can we still provide the hard guarantees of recursive feasibility? The answer is a resounding yes. Using modern techniques from system identification and machine learning, we can analyze data to create not a single estimated model, but a whole set of models that are consistent with the observed behavior. We can then design our controller and our terminal set to be robustly feasible for every single model in that set. This is a profound fusion of data-driven learning and rigorous control theory. It allows us to build controllers that learn from experience while still retaining the mathematical certainty that they will always have a plan and never fail—a crucial step towards building truly trustworthy autonomous systems.

Safety First: Barriers to Danger

For a self-driving car or a surgical robot, ensuring safety—never hitting an obstacle, never damaging tissue—is non-negotiable. This has led to the development of ​​Control Barrier Functions (CBFs)​​, which are mathematical functions that define a "safe set" for the system. A CBF acts like a force field around a dangerous region; the value of the function tells you how close you are to the boundary. By adding a constraint to our MPC problem that forces the CBF value to always stay positive (or even increase), we command the system to actively stay away from danger. To ensure this safety guarantee holds forever, we must again ensure recursive feasibility. This requires an extra condition on our terminal set: the local terminal controller must also be certified to respect the CBF constraint. This synergy between goal-seeking MPC and safety-enforcing CBFs is at the frontier of robotics and autonomous systems, providing a principled way to balance performance with ironclad safety guarantees.

Orchestrating the Many

Finally, consider challenges of a massive scale: coordinating a swarm of delivery drones, managing traffic flow in a city, or balancing a continental power grid. These are ​​distributed systems​​, composed of many individual agents that must work together. No single computer can control them all. Instead, they must cooperate by solving their own local problems and communicating with their neighbors. A powerful algorithm for this is the Alternating Direction Method of Multipliers (ADMM). However, in practice, these algorithms are stopped early, before they find the perfect coordinated solution. This "inexactness" acts like a disturbance. How do we ensure the fleet as a whole remains feasible? Once again, the idea is to robustify. Each agent pretends its own constraints are a little tighter than they really are, creating a collective buffer that can absorb the small disagreements arising from the imperfect coordination. This allows the entire network to maintain feasibility, even when computation and communication are limited. It's a beautiful example of how the principle of robust foresight can be scaled up to design resilient, large-scale engineered systems.

From a simple recipe for stability, we have seen the idea of recursive feasibility grow to handle the complexities of the real world and provide the foundation for economic optimization, data-driven control, safety-critical systems, and distributed networks. It is a testament to the power of a simple, elegant idea, reminding us that the art of always having a plan is the first step toward building a truly intelligent world.