Abstract
Koopman operator linearization approximates nonlinear systems of differential equations with higherdimensional linear systems. For formal verification using reachability analysis, this is an attractive conversion, as highly scalable methods exist to compute reachable sets for linear systems. However, two main challenges are present with this approach, both of which are addressed in this work. First, the approximation must be sufficiently accurate for the result to be meaningful, which is controlled by the choice of observable functions during Koopman operator linearization. By using random Fourier features as observable functions, the process becomes more systematic than earlier work, while providing a higheraccuracy approximation. Second, although the higherdimensional system is linear, simple convex initial sets in the original space can become complex nonconvex initial sets in the linear system. We overcome this using a combination of Taylor model arithmetic and polynomial zonotope refinement. Compared with prior work, the result is more efficient, more systematic and more accurate.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Despite recent advances, systems described by nonlinear ordinary differential equations are still hard to analyze, control, and verify. On the other hand, a powerful body of methods and theories exists for linear systems making analysis, control, and verification much easier, even for highdimensional systems. The efficiency of techniques related to reachability analysis for linear systems [4, 6, 15] motivates the use of Koopman operator linearization, where a higherdimensional linear system approximates the dynamic behavior of a nonlinear system. Koopman operator techniques are also wellsuited for datadriven approaches since the Koopman linearized system can be directly created from measurements, bypassing a potentially complex modeling step. The Koopman framework has been successfully applied to many applications, including control [26, 28], state estimation [31] and recently, formal verification [5].
The main contribution of this paper is to advance the stateoftheart in formal verification using reachability analysis on Koopman operator linearized systems. First, we improve the accuracy of the finite Koopman linearization by employing random Fourier features [29]. In contrast with an ad hoc, finitedimensional feature space, random Fourier features leverage the powerful kernel trick from machine learning [36, 38] to generate a computationally tractable mapping over an infinitedimensional feature space. Second, we improve speed. Instead of using an SMT solver to reason over nonconvex initial sets, we propose combining Taylor models with polynomial zonotope refinement. A comparison on the same nonlinear system benchmarks used in the earlier Koopman verification work [5] demonstrates both the improved accuracy and the improved verification speed.
1.1 Related Work
The concept of Koopman operator linearization was originally introduced in 1931 [22]. Instead of investigating the dynamic evolution of the original system state, the Koopman approach considers the evolution of socalled observable functions or observables defined by nonlinear transformations of the original system state. Since the set of all possible observables defines a vector space, it then holds that the dynamic behavior of every nonlinear system can be equivalently represented by an infinite dimensional linear system. Because it is obviously infeasible to handle infinite dimensions, a finite set of observables is used in practice. Given such a set, the system matrix resulting in the most accurate linear approximation of the original system behavior can be determined using extended dynamic mode decomposition [41].
Many different methods for determining good observables have been proposed: Carleman linearization [7] equivalently represents the dynamic behavior of polynomial systems with an infinite dimensional linear system. The corresponding observables are multivariate monomials, which are determined by repeatedly computing the timederivative of the current observables. Terminating this iteration after a certain number of steps yields a finite set of observables. Carleman linearization can be extended to general nonlinear systems by using a Taylor series expansion. A finite set of observables defines an exact linear representation of the original system if the vector space spanned by the observables is closed under the operation of Liederivatives [34]. Consequently, a natural approach is to refine an initial set of observables by removing observables that violate the condition [34]. This concept can be extended to obtain polynomial instead of linear representations for the original nonlinear system [35]. Another class of approaches uses neural networks as observables [16, 43], where the weights of the network are trained on traces of the real system. Since these approaches usually train the system matrix together with neural networks, they circumvent the subsequent application of dynamic mode decomposition. If one aims to reason about the original system based on the Koopman linearization, some quantification of the approximation error is required. Several approaches derive error bounds for truncated Carleman linearization [3, 12, 24] considering quadratic systems [24], polynomial systems [12], as well as general nonlinear systems [3].
The main motivation for using the Koopman framework for reachability analysis is that reachable sets for linear systems can be computed efficiently [11, 15, 23] even for highdimensional systems [2, 4, 6], while reachability analysis for nonlinear systems [1, 8, 27] is often computationally demanding and potentially results in large overapproximations. Another advantage is that the Koopman approach can also be applied to datadriven systems where no model is available. Due to the nonlinear transformation of the initial state defined by the observables, reachability analysis for Koopman operator linearized system represents a special type of reachability problem. To the best of our knowledge only two approaches exist for far: The first approach [13] utilizes the error bounds for quadratic systems [24] to compute an enclosure of the reachable set for weakly nonlinear systems based on a finite Carleman linearization, where interval arithmetic [17] is applied to enclose the image of the initial set through the observables. The second approach [5], which represents the work closest to our method, presents two different verification strategies: 1) Direct encoding of the nonlinear transformation defined by the observables using a SMT solver, and 2) zonotope domain splitting, where the initial set is recursively split into smaller sets until the specification can be verified or falsified.
1.2 Overview
In this work we address the two main bottlenecks of formal verification for Koopman operator linearized systems, which are the selection of observables and the computation of the image of the initial set through the nonlinear transformation defined by the observables. In particular, while currently observables often have to be selected manually by the user, we generate observables in a systematic fashion using random Fourier features. As we demonstrate with numerical experiments, these observables yield highaccuracy approximations of the real system behavior. Moreover, while previous approaches either compute very conservative convex enclosures of the image through the observables [13] or have to split the initial set in order to achieve a desired precision [5], we calculate tight nonconvex enclosures of the image by combining Taylor model arithmetic with polynomial zonotopes. To conduct collision checks between the resulting nonconvex reachable set enclosures and unsafe regions we then use a novel polynomial zonotope refinement strategy, which is significantly faster than the previous SMT solver and zonotope domain splitting approaches [5].
The remainder of the paper is structured as follows: We first recapitulate some preliminary results that are required throughout the paper in Sect. 2. In the main part we then describe the systematic generation of observables using random Fourier features in Sect. 3, before we present our proposed verification algorithm in Sect. 4. Finally, we demonstrate the superior performance of random Fourier feature observables and our verification algorithm in comparison with existing techniques on various benchmark systems in Sect. 5.
1.3 Notation
In the remainder of this paper, we will use the following notations: Sets are denoted by calligraphic letters, matrices by uppercase letters, vectors by lowercase letters, and lists by bold uppercase letters. Given a vector \(b \in \mathbb {R}^n\), \(b_{(i)}\) refers to the ith entry. Given a matrix \(A \in \mathbb {R}^{n \times m}\), \(A_{(i,\cdot )}\) represents the ith matrix row, \(A_{(\cdot ,j)}\) the jth column, and \(A_{(i,j)}\) the jth entry of matrix row i. Given a discrete set of positive integer indices \(\mathcal {H} = \{h_1,\dots ,h_{w} \}\) with \(1 \le h_i \le m ~ \forall i \in \{ 1, \dots , w \}\), \(A_{(\cdot ,\mathcal {H})}\) is used for \([ A_{( \cdot ,h_1 )} ~ \dots ~ A_{( \cdot , h_{w} )} ]\), where [C D] denotes the concatenation of two matrices C and D. The symbols \(\textbf{0}\) and \(\textbf{1}\) represent matrices of zeros and ones of proper dimension, the empty matrix is denoted by [ ], and \(I_n \in \mathbb {R}^{n \times n}\) is the identity matrix. Given an ordered list \(\textbf{L} = (l_1,\dots ,l_n)\), \(\textbf{L}_{(i)} = l_i\) refers to the ith entry and \(\textbf{L} = n\) denotes the number of elements in the list. Moreover, the concatenation of two lists \(\textbf{L}_1\) and \(\textbf{L}_2\) is denoted by \((\textbf{L}_1, \textbf{L}_2)\). The left multiplication of a matrix \(M \in \mathbb {R}^{m \times n}\) with a set \(\mathcal {S} \subset \mathbb {R}^n\) is defined as \(M \mathcal {S} = \{ M s \,  \, s \in \mathcal {S} \}\), and the Cartesian product of two sets is denoted by the \(\times \) operator. We further introduce an ndimensional interval as \(\mathcal {I} = [l,u],~ \forall i ~ l_{(i)} \le u_{(i)},~ l,u \in \mathbb {R}^n\).
2 Preliminaries
Our approach utilizes several existing techniques and concepts, which we shortly recapitulate here. We use the nonlinear system
in combination with the initial set \(\mathcal {X}_0 = [2,2] \times [0,4]\) as a running example throughout this section.
2.1 Koopman Operator Linearization
First, we describe the general concept of Koopman operator linearization [22]. Given a nonlinear system
our goal is to find observables \(g_i: \mathbb {R}^n \rightarrow \mathbb {R}\) such that the dynamics of the resulting new variables \(g_i(x)\) is linear:
where \(g(x) = [g_1(x)~\dots ~g_m(x)]^T\) is the observable function. Since the new variables \(g_i(x)\) are functions of the original system state x, the linear system (3) defines an equivalent representation of the dynamic behavior of the original system (2). Usually, the number of observables m is significantly larger than the dimension n of the original system.
Let us demonstrate Koopman linearization for our exemplary system in (1). By choosing the observables \(g_1(x) = x_1\), \(g_2(x) = x_2\), and \(g_3(x) = x_1^4\) we obtain the linear system
since \(\partial g_1(x)/\partial t = \dot{x}_1 = x_1\), \(\partial g_2(x)/\partial t = \dot{x}_2 = x_2  x_1^4 = g_2(x)  g_3(x)\), and \(\partial g_3(x)/\partial t = 4\, x_1^3 \, \dot{x}_1 = 4 \, x_1^4 = 4 \, g_3(x)\).
The exact linearization using a finite number of observables demonstrated by the example above is unfortunately only possible for a small number of special systems. In practice one therefore usually aims to instead determine a linear system (3) that approximates the dynamic behavior of the nonlinear system (2) well enough. Given observables \(g_i(x)\), the system matrix A resulting in the best approximation can be determined by applying extended dynamic mode decomposition [41] to traces of the original system. Since those traces can also be generated by simulating blackbox systems or by measuring the real system behavior, we do not necessarily require a model (2) of the original system. This is one of the biggest advantages of the Koopman framework making it well suited for datadriven approaches. The approach we present in this work verifies Koopman linearized systems using reachability analysis:
Definition 1
(Reachable set) Given an initial set \(\mathcal {X}_0 \subset \mathbb {R}^n\), the reachable set for a Koopman linearized system is
where \(\xi (t,g(x_0))\) is the solution to (3) at time \(t \in \mathbb {R}_{\ge 0}\) for the initial state \(g(x_0)\).
Consequently, to compute the reachable set for a Koopman linearized system one first needs to propagate the initial set through the nonlinear transformation defined by the observables, followed by the calculation of the reachable set for the linear system in (3) using a reachability algorithm. This procedure is visualized in Fig. 1. Definition 1 defines the reachable set for the observables \(g_i(x)\). However, since safety specifications are typically defined on the original system state x rather than on g(x), we usually require the reachable set for the original state \(\mathcal {R}_x(t)\) for verification. This issue can easily be resolved by using the original system state x for the first n observables \(g_i(x) = x_{(i)}\), \(i = 1,\dots ,n\), in which case \(\mathcal {R}_x(t)\) can be obtained via projection: \(\mathcal {R}_x(t) = [I_n~\textbf{0}]\, \mathcal {R}(t)\).
2.2 Taylor Model Arithmetic
Taylor model arithmetic [25] can be utilized to compute tight nonconvex enclosures for the image through a nonlinear function. It is based on a set representation called Taylor models:
Definition 2
(Taylor model) Given a polynomial function \(p:~\mathbb {R}^s\rightarrow \mathbb {R}^n\), an interval domain \(\mathcal {D} \subset \mathbb {R}^s\), and an interval remainder \(\mathcal {Y} \subset \mathbb {R}^n\), a Taylor model \(\mathcal {T}(x)\) is defined as
The Taylor order \(\kappa \in \mathbb {N}\) defines an upper bound for the polynomial degree of the polynomial p(x). The set defined by a Taylor model is
For a concise notation we use the shorthand \(\mathcal {T}(x) = \langle p(x),\mathcal {Y},\mathcal {D}\rangle _T\).
The general concept of Taylor model arithmetic is to define rules on how to perform the arithmetic operations \(+\), −, \(\cdot \), and / as well as elementary functions such as \(\sin (x)\) or \(\sqrt{x}\) on Taylor models [25, Sec. 2]. Since every nonlinear function represents a composition of arithmetic operations and elementary functions, the image through the function can then be computed by successively evaluating those rules. Given two onedimensional Taylor models \(\mathcal {T}_1(x) = \langle p_1(x),\mathcal {Y}_1,\mathcal {D} \rangle _T\) and \(\mathcal {T}_2(x) = \langle p_2(x),\mathcal {Y}_2,\mathcal {D}\rangle _T\) the rules for addition and multiplication are for example given as
where \(\mathcal {I}_1 = \{p_1(x)~~ x \in \mathcal {D} \}\) and \(\mathcal {I}_2 = \{ p_2(x)~~ x \in \mathcal {D} \}\). The rules for elementary functions are obtained using a finite Taylor series expansion, where the order of the Taylor series is equal to the Taylor order \(\kappa \). For \(\sin (x)\) we for example obtain with \(\kappa = 2\) the rule
where the expansion point c is chosen as \(c = p_1(c_d)\) with \(c_d\) being the center of the domain \(\mathcal {D}\), and the interval \(\mathcal {Y}\) computed according to [25, Sec. 2] encloses the remainder of the Taylor series. Due to the finite Taylor series approximation, Taylor model arithmetic yields a tight enclosure rather than the exact image. The accuracy of the enclosure can be improved by choosing a larger Taylor order.
For our verification approach we apply Taylor model arithmetic to compute the image of the initial set through the observable function. The initial set \(\mathcal {X}_0 = [2,2] \times [0,4]\) for the exemplary system in (1) can be represented by the Taylor model \(\mathcal {T}(x) = \langle x,\emptyset ,\mathcal {X}_0 \rangle _T\). Applying Taylor model arithmetic to the observable function g(x) defined by the observables \(g_1(x) = x_1\), \(g_2(x) = x_2\), and \(g_3(x) = x_1^4\) then yields the Taylor model
which represents the exact image in this case since the observables contain polynomial functions only.
2.3 Set Representations
In this work we use polynomial zonotopes to represent reachable sets, polytopes to represent unsafe sets, and zonotopes for efficient collision checking. Let us first introduce polytopes, for which we consider the halfspace representation:
Definition 3
(Polytope) Given a matrix \(H\in \mathbb {R}^{s\times n}\) and vector \(d\in \mathbb {R}^{s}\), the halfspace representation of a polytope \(\mathcal {P} \subset \mathbb {R}^n\) is defined as
We use the shorthand \(\mathcal {P} = \langle H,d\rangle _{P}\).
A halfspace \(\mathcal {H} \subset \mathbb {R}^n\) is a special case of a polytope consisting of a single inequality constraint \(h^T \, x \le d\) with \(h\in \mathbb {R}^n\), \(d\in \mathbb {R}\). We use the shorthand \(\mathcal {H} = \langle h,d\rangle _H\). Another special type of polytopes are zonotopes, which can be stored efficiently using socalled generators:
Definition 4
(Zonotope) Given a center vector \(c \in \mathbb {R}^n\) and a generator matrix \(G \in \mathbb {R}^{n \times p}\), a zonotope \(\mathcal {Z} \subset \mathbb {R}^n\) is defined as
where the scalars \(\alpha _i\) are called factors. We use the shorthand \(\mathcal {Z} = \langle c,G \rangle _Z\).
Polynomial zonotopes are a novel nonconvex set representation that has been originally introduced for reachability analysis of nonlinear systems [1]. We use the sparse representation of polynomial zonotopes [20]^{Footnote 1}:
Definition 5
(Polynomial zonotope) Given a constant offset \(c \in \mathbb {R}^n\), a generator matrix of dependent generators \(G \in \mathbb {R}^{n \times h}\), a generator matrix of independent generators \(G_I \in \mathbb {R}^{n \times q}\), and an exponent matrix \(E \in \mathbb {N}_{0}^{p \times h}\), a polynomial zonotope \(\mathcal {P}\mathcal {Z} \subset \mathbb {R}^n\) is defined as
The scalars \(\alpha _k\) are called dependent factors since a change in their value affects multiplication with multiple generators. Consequently, the scalars \(\beta _j\) are called independent factors because they only affect multiplication with one generator. We use the shorthand \(\mathcal {P}\mathcal {Z} = \langle c,G, G_I, E \rangle _{PZ}\).
Using polynomial zonotopes for verification has two main advantages:

1.
Due to the similarity with Taylor models the set defined by a Taylor model can be equivalently represented as a polynomial zonotope [20, Prop. 4].

2.
Due to the similarity with zonotopes tight enclosing zonotopes can be computed efficiently for polynomial zonotopes [20, Prop. 5].
For verification we therefore convert the Taylor model representing the image of the initial set through the observable function to a polynomial zonotope, for which collision checks with the unsafe sets can be efficiently realized using zonotope enclosures that are iteratively refined by splitting the polynomial zonotope.
The conversion of the Taylor model in (4) corresponding to our running example in (1) yields the following polynomial zonotope
where the highlevel idea of the conversion is to represent the interval domain \(\mathcal {D}\) with dependent zonotope factors \(\alpha _i \in [1,1]\).
3 Linearization via Fourier Features
We now present the automated generation of observables using random Fourier features [10]. Let us first motivate why Fourier features are a good choice for observables. For Koopman linearization, the observables g(x) define a transformation to a highdimensional space. One commonly used approach to handle such highdimensional spaces efficiently is the kernel trick: In many algorithms the data points \(x,y \in \mathbb {R}^n\) only appear in the form of inner products \(g(x)^T g(y)\). In this case it suffices to define a kernel function k(x, y) that represents the similarity measure \(g(x)^T g(y)\) between data points in the highdimensional feature space, rather than explicitly defining a transformation g(x) to this space. Kernel functions can also represent more general features that are not vectors and even infinite dimensional features, which motivates their application in the Koopman framework. The kernel trick is mainly applied for machine learning techniques [36], such as regression [38], clustering [18], and classification [39]. However, also the extended dynamic mode decomposition algorithm [41] can be formulated in terms of innerproducts [42], so that the kernel trick can be applied for Koopman linearization. Rather than explicitly choosing observables g(x) we can therefore select a kernel function instead, which implicitly defines the observable function g(x) through the kernel’s relation to an inner product space. Commonly used kernels are radial basis function kernels, polynomial kernels, and spline kernels.
The kernel trick cannot be applied directly to our reachability technique since we require an explicit formulation of the observables g(x). We therefore first select a kernel function k(x, y), and then determine observables g(x) that yield a good approximation of the kernel function \(k(x,y) \approx g(x)^T g(y)\). Random Fourier features are a common technique to approximate kernel functions [10, 29]. They are based on Bochner’s theorem [33, Sec. 1.4.3], which links a weakly stationary kernel function to a Fourier transform:
where the function \(\mu :~\mathbb {R}^n \rightarrow [0,1]\) defines a probability distribution, \(\mathbb {E}_\omega (\cdot )\) denotes the expected value with respect to \(\omega \), \(j\) is the imaginary unit, and \(\overline{a}\) denotes the complex conjugate for a complex number \(a \in \mathbb {C}\). The distribution \(\mu (\mathbf \omega )\) associated with a specific kernel can be obtained by taking the inverse Fourier transform of k(x, y) [29]. We can collect m samples from the distribution \(\mu (\omega )\) to approximate the expected value in (5), which finally yields
The random Fourier features are the resulting observables \(g_i(x)\) that approximate the kernel function. Note that we can omit the constant factor \(\frac{1}{m}\) since extended dynamic mode decomposition will automatically scale the observables accordingly. We consider realvalued kernels only, so we use Euler’s formula \(e^{j\,x} = \cos (x) + j\, \sin (x)\) to simplify the random Fourier features to
where the shift \(b_i\) is selected uniformly from the interval \([0,2 \pi ]\) and \(\omega _i\) is drawn randomly from the probability distribution \(\mu (\omega )\) corresponding to the kernel that is used. While this random selection might appear to be a disadvantage at first sight, it is guaranteed that the random Fourier feature approximation converges to the exact kernel function when increasing the number of observables [29]. Moreover, we observed from our numerical experiments that changes in the values for \(b_i\) and \(\omega _i\) do not significantly influence the accuracy of the resulting linear approximation.
In summary, the random Fourier features presented above represent a systematic method for selecting a finite set of accurate observables, which requires only few hyperparameters. These hyperparameters include the type of kernel that is used, the kernel parameters, and the number of observables. For the numerical experiments in this paper we use a radial basis function kernel
which contains the lengthscale \(\ell \) as the only parameter. The probability distribution \(\mu (\omega )\) for this kernel is the multivariate normal distribution with covariance matrix \(\ell ^2 \cdot I_n\) centered at the origin [29, Fig. 1].
4 Verification Using Reachability Analysis
We now present our novel verification algorithm for Koopman linearized systems, which is summarized in Algorithm 1. For simplicity we assume that the specification we aim to verify is described by a single unsafe set \(\mathcal {U}\), but the extension to multiple unsafe sets is straightforward. We first apply Taylor model arithmetic (see Sect. 2.2) to compute a tight nonconvex enclosure for the image of the initial set \(\mathcal {X}_0\) through the observable function g(x) in Line 3. Since it simplifies the computation of the zonotope enclosures required later on, we then convert the resulting Taylor model to a polynomial zonotope in Line 4. This polynomial zonotope is used as the initial set for the computation of the reachable set for the Koopman linearized system as performed in Line 5, for which we can use any reachability algorithm for linear systems. For simplicity we assume here that the obtained reachable sets are exact. In the general case where the exact reachable set cannot be computed one can for example incorporate the error measures from [14] and [40] into the verification algorithm.
The problem we are facing now is that the reachable sets \(\mathcal {R}_0,\dots ,\mathcal {R}_{t_F/\varDelta t}\) are represented by polynomial zonotopes, a set representation for which exact collision checks with the unsafe set \(\mathcal {U}\) are computationally demanding. We resolve this issue by applying a novel polynomial zonotope refinement procedure in lines 6–19, where we recursively split the polynomial zonotopes until we can either verify or falsify the specification using zonotope enclosures of the split sets. In particular, we first enclose each polynomial zonotope in the queue \(\textbf{L}\) with a zonotope in Line 9. For a zonotope \(\mathcal {Z} = \langle c,G\rangle _Z\) collision checks with an unsafe set as performed in Line 10 are very efficient: If the unsafe set is a halfspace \(\mathcal {U} = \langle h, d\rangle _H\), we have according to [15, Sec. 5.1]
For general polytopes \(\mathcal {U} = \langle H,d\rangle _P\) collision checks can be realized using linear programming:
where
If the specification cannot be verified, we next try to falsfy it in lines 11–13 by extracting the initial point \(x_0\) that is expected to violate the specification the most from \(\mathcal {Z}\). For a halfspace \(\mathcal {U} = \langle h,d\rangle _H\) the vector of zonotope factors \(\alpha = [\alpha _1 ~\dots ~\alpha _p]^T\) resulting in the largest violation is given as \(\alpha = \text {sign}(h^T G)\), where the signum function is interpreted elementwise. Since the factors \(\alpha \) of the zonotope enclosure are related to the dependent factors of the original polynomial zonotope and since polynomial zonotopes preserve dependencies during reachability analysis [21], we can then directly extract the initial point \(x_0\) corresponding to \(\alpha \) from the polynomial zonotope. For general polytopes we can use the optimal \(\alpha \) from the linear program in (9) to estimate the most critical initial point. If we can neither verify nor falsify the specification we have a so called spurious counterexample that arises due to the overapproximation introduced by the zonotope enclosure. We therefore split the polynomial zonotope in this case in Line 15 since splitting reduces the overapproximation in the zonotope enclosure (see Fig. 2). The split sets are then added to the queue in Line 16, where we use a firstin, firstout scheme for the queue to detect easy falsifications fast before excessively splitting the sets.
One remaining issue we are facing is that Taylor model arithmetic is not exact. Due to the overapproximation in the initial set it can therefore happen that we can neither verify nor falsify the specification by splitting the polynomial zonotope. To solve this issue we embed our whole algorithm into a repeatuntilloop that iteratively increases the order \(\kappa \) used for Taylor model arithmetic (see Line 20). Since Taylor model arithmetic converges to the exact result if the order goes to infinity, we obtain a complete algorithm that is guaranteed to terminate. In practice we can often prevent computational expensive iterations of the outer loop by choosing the initial order \(\kappa _0\) large enough. It remains to decide when to stop splitting the polynomial zonotopes and increase the Taylor order instead (see Line 19). The simplest method is to just use an upper bound for the number of recursive splits that are performed. A more sophisticated approach is to abort splitting if the distance between the most critical point \([I_n~\textbf{0}] \, e^{At}g(x_0)\) and the unsafe set \(\mathcal {U}\) is smaller than the overapproximation in the polynomial zonotope \(\mathcal {P}\mathcal {Z}\), which is given by the independent generators.
Finally, we provide a closedform expression for splitting a polynomial zonotope since this operation is not specified in the original work [20]:
Proposition 1
(Split) Given a polynomial zonotope \(\mathcal {P}\mathcal {Z} = \langle c,G,G_I,E \rangle _{PZ} \subset \mathbb {R}^n\) and the index \(r\in \{1,\dots ,p\}\) of one dependent factor, the operation \({ \texttt {split}}(\mathcal {P}\mathcal {Z},r)\) returns two polynomial zonotopes \(\mathcal {P}\mathcal {Z}_1\), \(\mathcal {P}\mathcal {Z}_2\) satisfying \(\mathcal {P}\mathcal {Z}_1 \cup \mathcal {P}\mathcal {Z}_2 = \mathcal {P}\mathcal {Z}\):
with
where \(x\, \textrm{mod} \, y\), \(x,y \in \mathbb {N}_0\) is the modulo operation and \({w} \atopwithdelims (){z}\), \(w,z \in \mathbb {N}_0\) denotes the binomial coefficient. To remove redundancies we subsequently apply the compact operation as defined in [20, Prop. 2] to \(\mathcal {P}\mathcal {Z}_1\) and \(\mathcal {P}\mathcal {Z}_2\).
Proof
The split operation is based on the substitution of the selected dependent factor \(\alpha _r\) with two new dependent factors \(\alpha _{r,1}\) and \(\alpha _{r,2}\):
Inserting this substitution into the definition of polynomial zonotopes in Definition 5 yields
Finally, with
we obtain the equations above.
The split operation for polynomial zonotopes is not exact, meaning that the resulting sets usually overlap (see Fig. 2). To minimize the size of the overlapping region we split the dependent factor with index \(r\) that maximizes the following heuristic:
where \(G \in \mathbb {R}^{n \times h}\) and \(E \in \mathbb {N}_{0}^{p \times h}\) are the generator and exponent matrix of the polynomial zonotope. Moreover, since the goal of splitting in Algorithm 1 is to verify a certain specification, it is advisable to first project the polynomial zonotope onto the halfspace normal directions of the unsafe set \(\mathcal {U}\) before evaluating the heuristic (11) in order to direct the splitting process towards directions that are beneficial for verification.
Note that the polynomial zonotope refinement technique presented in this section is not restricted to verification of Koopman linearized systems, but can equally be applied for collision checks of polynomial zonotopes or Taylor models with halfspaces and polytopes in general. Moreover, by inverting the inequality constraints polynomial zonotope refinement can also be applied to check if a Taylor model or polynomial zonotope is contained in a halfspace or polytope.
5 Experimental Results
We now evaluate the performance of random Fourier feature observables and our novel reachability algorithm on various benchmark systems. For this, we compare our approach with the closest method from the literature [5]. Since the algorithms presented there are implemented in Julia, we also implemented our approach in Julia to obtain a fair comparison of the computation time. In our implementation we use the package TaylorModels.jl^{Footnote 2} for Taylor model arithmetic and the package DataDrivenDiffEq.jl^{Footnote 3} for extended dynamic mode decomposition. All computations are carried out on a 3.2 GHz 8core AMD Ryzen 7 5800H processor with 16 GB memory. We published our implementation together with a repeatability package that reproduces the results shown in this paper as a CodeOcean compute capsule^{Footnote 4}.
5.1 Benchmarks
Let us first define all benchmarks that we use for the evaluation. Again, we consider the same systems and specifications as in [5] for a fair comparison:
Roessler Attractor: The dynamic equations for the Roessler attractor [32] are
and we consider the initial set \(\mathcal {X}_0 = [0.05,0.05] \times [8.45,8.35] \times [0.05,0.05]\), the final time \(t_F = 6\), and the unsafe region \(x_2 \ge 6.375  0.025 \cdot i\) parameterized by \(i \in [0, 20]\).
Steam Governor: The dynamic equations for the steam governor [37] are
and we consider the initial set \(\mathcal {X}_0 = [0.95,1.05] \times [0.05,0.05] \times [0.95,1.05]\), the final time \(t_F = 3\), and the unsafe set \(x_2 \le 0.25 + 0.01 \cdot i\) parameterized by \(i \in [0, 10]\).
Coupled VanderPol Oscillator: The dynamic equations for the coupled VanderPol oscillator [30] are
and we consider the initial set \(\mathcal {X}_0 = [0.025,0.025] \times [0.475,0.525] \times [0.025,0.025] \times [0.475,0.525]\), the final time \(t_F = 2\), and the unsafe set \(x_1\ge 1.25  0.05 \cdot i\) parameterized by \(i \in [1,16]\).
Biological System: The dynamic equations for the biological system [19] are
and we consider the initial set \(\mathcal {X}_0 = [0.99,1.01] \times \dots \times [0.99,1.01]\), the final time \(t_F = 2\), and the unsafe set \(x_4\le 0.883 + 0.002 \cdot i\) parameterized by \(i \in [0, 20]\).
5.2 Approximation Error
We first investigate the accuracy of the Koopman linearized system with respect to the original nonlinear dynamics, where we compare our random Fourier feature observables with the ad hoc observables from [5]. These ad hoc observables consist of multivariate polynomials of the system state x up to a fixed order, trigonometric functions of the time t, and combinations of these (e.g., \(x_1\,x_2 \sin ^2(t) \cos (t)\)). To obtain the data traces required for extended dynamic mode decomposition we simulate the original nonlinear systems for 500 points sampled from the corresponding initial set, where a Sobol sequence is used for sampling. For the generation of the random Fourier feature observables according to (6) we use the parameter \(\ell = 0.3\) and \(m=71\) for the Roessler attractor, \(\ell = 1.62\) and \(m = 72\) for the steam governor, \(\ell = 1.24\) and \(m = 132\) for the coupled VanderPol oscillator, and \(\ell = 1.81\) and \(m = 105\) for the biological system, where \(\ell \) is the lengthscale parameter of the kernel and the number of observables m is chosen identical to the one used for the ad hoc observables [5]. As a measure for the accuracy we use the Euclidean distance between simulated trajectories for the original nonlinear system and the Koopman linearized system. The initial points for these trajectories are the center and the vertices of the initial set. According to Fig. 3 random Fourier feature observables are for the steam governor and the Roessler attractor more accurate than than the ad hoc observables used in earlier work [5]. Moreover, while for the short time horizons considered in Fig. 3 it seems that the ad hoc observables are more precise for the coupled VanderPol oscillator and the biological system, over longer time horizons the error of the ad hoc observables is exploding. This is visualized in Fig. 4, where the trajectory corresponding to the ad hoc observables progresses into a completely different direction than the original system, while random Fourier features stay accurate. In this way, random Fourier features are not only a more systematic approach for choosing observables, but also improve the precision of the resulting Koopman linearized system.
5.3 Verification Using Reachability Analysis
We now compare our novel verification algorithm for Koopman linearized systems with the verification strategies presented in [5]. In particular, we compare to verification of the original nonlinear system using Flow* [9], direct encoding of nonlinear constraints using a SMT solver [5, Sec. 4.1], and zonotope domain splitting [5, Sec. 4.4]. Both approaches from [5] consider discretetime safety, where the system is considered to be safe if the specification is satisfied at time points \(0,\varDelta t,2\varDelta t, \dots , t_F\) with \(\varDelta t = 0.05\). While our verification algorithm also supports continuoustime safety, we consider discretetime safety here to obtain a fair comparison. Note that for discretetime safety the reachable set computation in Line 5 of Algorithm 1 simplifies to \(\mathcal {R}_i = [I_n~\textbf{0}]\, e^{A i \varDelta t} \, \mathcal {X}_0\), \(i = 0,\dots ,t_F/\varDelta t\). For the comparison we consider both, the ad hoc observables used in [5] as well as the random Fourier feature observables presented here.
The resulting computation times for verification are summarized in Table 1. For all benchmark instances our novel verification algorithm has the lowest computation time, and is often even magnitudes faster than the other verification approaches. The main reason for this is that with our polynomial refinement strategy we can completely avoid the computational expensive calls to SMT solvers used by the other methods. Moreover, while the computation time for the other approaches often depends on how difficult it is to verify or falsify the specification, our algorithm exhibits roughly equal runtimes for all specifications. The explanation for this is that the polynomial zonotope refinement approach that we use for the collision checks with unsafe sets is very efficient, so that the majority of the runtime is spent on the computation of the image through the observable function using Taylor model arithmetic, a task which is independent from the specification. Interestingly, using random Fourier features instead of ad hoc observables can either prolong or accelerate the verification process, depending on the benchmark instance and verification approach used. However, even if they prolong the time required for verification in some cases, the usage of random Fourier feature observables can be justified by their superior accuracy demonstrated in Sect. 5.2. Yet another observation is that direct encoding and zonotope domain splitting are not able to verify or falsify the highdimensional biological model at all if random Fourier feature observables are used. The reason for this is that both of these approaches apply an SMT solver for verification, which do not scale to highdimensions and are not wellsuited for handling the trigonometric functions as well as the high coupling between variables used for random Fourier feature observables. So in summary our proposed verification algorithm outperforms all exiting verification techniques for Koopman linearized systems in terms of runtime. In addition, it handles different types of observables well and scales to highdimensional systems.
6 Conclusion
We presented two major improvements for reachability analysis of Koopman operator linearized systems: First, we use random Fourier features as observable functions, which yields a systematic approach requiring much less user insight than previous methods. Second, we handle the nonlinear transformation of the initial state by combining Taylor model arithmetic with polynomial zonotope refinement. As demonstrated on several nonlinear system benchmarks, the combination of these two techniques is both extremely accurate and extremely fast.
The main tradeoff with Koopman linearized systems is that the guarantees are on the system approximation, not the original system. Despite this, we believe the method could still be useful for verification in systems engineering, where the goal is to produce evidence that the system meets its requirements. It could also be effective for finding unsafe counterexamples—falsification—or to analyze systems where only simulation code is provided, or even realworld systems where sensor measurements could be used to create a Koopman linearized model for analysis. As such systems do not have models given with symbolic differential equations, most traditional reachability methods cannot be applied.
Notes
 1.
 2.
 3.
 4.
References
Althoff, M.: Reachability analysis of nonlinear systems using conservative polynomialization and nonconvex sets. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 173–182 (2013)
Althoff, M.: Reachability analysis of large linear systems with uncertain inputs in the Krylov subspace. Trans. Autom. Control 65(2), 477–492 (2019)
Amini, A., et al.: Error bounds for Carleman linearization of general nonlinear systems. In: Proceedings of the International Conference on Control and its Applications, pp. 1–8 (2021)
Bak, S., et al.: Numerical verification of affine systems with up to a billion dimensions. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 23–32 (2019)
Bak, S., et al.: Reachability of blackbox nonlinear systems after Koopman operator linearization. In: Proceedings of the International Conference on Analysis and Design of Hybrid Systems, pp. 253–258 (2021)
Bogomolov, S., et al.: Reach set approximation through decomposition with lowdimensional sets and highdimensional matrices. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 41–50 (2018)
Carleman, T.: Application de la théorie des équations intégrales linéaires aux systèmes d’équations différentielles non linéaires. Acta Math. 59, 63–87 (1932)
Chen, X., et al.: Taylor model flowpipe construction for nonlinear hybrid systems. In: Proceedings of the RealTime Systems Symposium, pp. 183–192 (2012)
Chen, X., Ábrahám, E., Sankaranarayanan, S.: Flow*: an analyzer for nonlinear hybrid systems. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 258–263. Springer, Heidelberg (2013). https://doi.org/10.1007/9783642397998_18
DeGennaro, A.M., Urban, N.M.: Scalable extended dynamic mode decomposition using random kernel approximation. SIAM J. Sci. Comput. 41(3), 1482–1499 (2019)
Duggirala, P.S., Viswanathan, M.: Parsimonious, simulation based verification of linear systems. In: Proceedings of the International Conference on Computer Aided Verification, pp. 477–494 (2016)
Forets, M., Pouly, A.: Explicit error bounds for Carleman linearization. arXiv preprint arXiv:1711.02552 (2017)
Forets, M., Schilling, C.: Reachability of weakly nonlinear systems using Carleman linearization. In: Bell, P.C., Totzke, P., Potapov, I. (eds.) RP 2021. LNCS, vol. 13035, pp. 85–99. Springer, Cham (2021). https://doi.org/10.1007/9783030897161_6
Frehse, G., et al.: SpaceEx: scalable verification of hybrid systems. In: Proceedings of the International Conference on Computer Aided Verification, pp. 379–395 (2011)
Girard, A.: Reachability of uncertain linear systems using zonotopes. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 291–305 (2005)
Han, Y., et al.: Deep learning of Koopman representation for control. In: Proceedings of the International Conference on Decision and Control, pp. 1890–1895 (2020)
Jaulin, L., Kieffer, M., Didrit, O., Walter, E.: Interval analysis. In: Applied Interval Analysis, pp. 11–43. Springer (2001)
Kim, D.W., et al.: Evaluation of the performance of clustering algorithms in kernelinduced feature space. Pattern Recogn. 38(4), 607–611 (2005)
Klipp, E., et al.: Systems Biology in Practice: Concepts, Implementation and Application. Wiley, Hoboken (2005)
Kochdumper, N., Althoff, M.: Sparse polynomial zonotopes: a novel set representation for reachability analysis. Trans. Autom. Control 66(9), 4043–4058 (2021)
Kochdumper, N., et al.: Utilizing dependencies to obtain subsets of reachable sets. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control (2020)
Koopman, B.O.: Hamiltonian systems and transformation in Hilbert space. Proc. Natl. Acad. Sci. U.S.A. 17(5), 315–318 (1931)
Kurzhanski, A.B., Varaiya, P.: Ellipsoidal techniques for reachability analysis. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 202–214 (2000)
Liu, J.P., et al.: Efficient quantum algorithm for dissipative nonlinear differential equations. Proc. Natl. Acad. Sci. U.S.A. 118(35), e2026805118 (2021)
Makino, K., Berz, M.: Taylor models and other validated functional inclusion methods. Int. J. Pure Appl. Math. 4(4), 379–456 (2003)
Mauroy, A., Mezić, I., Susuki, Y. (eds.): The Koopman Operator in Systems and Control. LNCIS, vol. 484. Springer, Cham (2020). https://doi.org/10.1007/9783030357139
Mitchell, I.M., et al.: A timedependent HamiltonJacobi formulation of reachable sets for continuous dynamic games. Trans. Autom. Control 50(7), 947–957 (2005)
Otto, S.E., Rowley, C.W.: Koopman operators for estimation and control of dynamical systems. Annu. Rev. Control Robot. Auton. Syst. 4, 59–87 (2021)
Rahimi, A., Recht, B.: Random features for largescale kernel machines. In: Proceedings of the International Conference on Neural Information Processing Systems, pp. 1177–1184 (2007)
Rand, R., Holmes, P.: Bifurcation of periodic motions in two weakly coupled Van der Pol oscillators. Int. J. NonLinear Mech. 15(4–5), 387–399 (1980)
Rauh, A., et al.: Carleman linearization for control and for state and disturbance estimation of nonlinear dynamical processes. In: Proceedings of the International Conference on Methods and Models in Automation and Robotics, pp. 455–460 (2009)
Rössler, O.E.: An equation for continuous chaos. Phys. Lett. A 57(5), 397–398 (1976)
Rudin, W.: Fourier Analysis on Groups. Courier Dover Publications, Mineola (2017)
Sankaranarayanan, S.: Automatic abstraction of nonlinear systems using change of bases transformations. In: Proceedings of the International Conference on Hybrid Systems: Computation and Control, pp. 143–152 (2011)
Sankaranarayanan, S.: Changeofbases abstractions for nonlinear hybrid systems. Nonlinear Anal. Hybrid Syst. 19, 107–133 (2016)
Schölkopf, B., Smola, A.J.: Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond. MIT Press, Cambridge (2018)
Sotomayor, J., et al.: Bifurcation analysis of the Watt governor system. Comput. Appl. Math. 26(1), 19–44 (2007)
Takeda, H., et al.: Kernel regression for image processing and reconstruction. Trans. Image Process. 16(2), 349–366 (2007)
Tuia, D., et al.: Learning relevant image features with multiplekernel classification. Trans. Geosci. Remote Sens. 48(10), 3780–3791 (2010)
Wetzlinger, M., et al.: Adaptive parameter tuning for reachability analysis of linear systems. In: Proceedings of the International Conference on Decision and Control, pp. 5145–5152 (2020)
Williams, M.O., et al.: A datadriven approximation of the Koopman operator: extending dynamic mode decomposition. J. Nonlinear Sci. 25(6), 1307–1346 (2015)
Williams, M.O., et al.: A kernelbased method for datadriven Koopman spectral analysis. J. Comput. Dyn. 2(2), 247–265 (2015)
Yeung, E., et al.: Learning deep neural network representations for Koopman operators of nonlinear dynamical systems. In: Proceedings of the American Control Conference, pp. 4832–4839 (2019)
Acknowledgements
This material is based upon work supported by the Air Force Office of Scientific Research, the DARPA Assured Autonomy program under the United States Air Force, and the Office of Naval Research under award numbers FA95501910288, FA95502110121, FA95502210450, FA23861714065, FA875019C0092, and N000142212156. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force, DARPA, or the United States Navy. Distribution Statement A: Approved for Public Release; Distribution is Unlimited. PA: AFRL20221356.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this paper
Cite this paper
Bak, S., Bogomolov, S., Hencey, B., Kochdumper, N., Lew, E., Potomkin, K. (2022). Reachability of Koopman Linearized Systems Using Random Fourier Feature Observables and Polynomial Zonotope Refinement. In: Shoham, S., Vizel, Y. (eds) Computer Aided Verification. CAV 2022. Lecture Notes in Computer Science, vol 13371. Springer, Cham. https://doi.org/10.1007/9783031131851_24
Download citation
DOI: https://doi.org/10.1007/9783031131851_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 9783031131844
Online ISBN: 9783031131851
eBook Packages: Computer ScienceComputer Science (R0)