Keywords

figure a
figure b

1 Introduction

Reachability analysis involves the computation of reachable sets, which are sets of states achieved either through trajectories originating in a given initial set (i.e., forward reachable sets) or through the identification of initial states from which a system can reach a specified target set (i.e., backward reachable sets) [23]. This problem is fundamental and finds motivation in various applications such as formal verification, controller synthesis, and estimation of regions of attraction. As a result, it has garnered increasing attention from both industrial and academic communities, leading to the development of numerous theoretical results and computational approaches [2]. For many systems, exact reachability analysis is shown to be undecidable [14], particularly in the case of nonlinear systems. Hence, approximation methods are often employed. However, in order to use these approximations as a basis for formal reasoning about the system, it is crucial that they possess certain guarantees. Specifically, it is desirable for the computed approximation to either contain or be contained by the true reachable set, resulting in what are known as outer-approximations and inner-approximations.

This paper focuses on inner-approximate reachability analysis, which calculates an inner-approximation of the reachable set for systems described by ordinary differential equations (ODEs). The inner-approximate reachability analysis has various applications. For instance, it can be used to falsify a safety property by performing forward inner-approximate reachability analysis, which computes an inner-approximation of the forward reachable set [21]. If the computed inner-approximation includes states that violate the safety property, then the safety property is not satisfied. On the other hand, it can be used to find a set of initial states that satisfy a desired property by performing backward inner-approximate reachability analysis [20]. Recently, it has been applied to path-planning problems with collision avoidance [30]. Several methods have been proposed for the inner-approximate reachability analysis, such as Taylor models [7], intervals [12], and polynomial zonotopes [18].

In the computation of inner-approximations, the accumulation of computational errors, known as the wrapping effect [25], becomes pronounced with the propagation of the initial set. To overcome this, a common approach is to partition the initial set into smaller subsets, enabling independent computations on each subset. However, this widely used method often results in an excessively large number of subsets, causing burdensome computation. Consequently, in [18, 33], set-boundary reachability methods were developed based on a meticulous examination of the topological structure. These methods contract a pre-computed outer-approximation by excluding the reachable set from the boundary of the initial set, resulting in an inner-approximation. Compared to the partition of the entire initial set, set-boundary methods alleviate the computational burden and enhance the tightness of results by focusing on splitting only the boundary of the initial set. Hence, the precision of extracting and refiningFootnote 1 the boundary of initial set significantly influences the non-conservativeness of inner-approximation aimed to compute. However, existing boundary operations have limitations that impact the precision and application of set-boundary reachability methods, either restricting the initial sets to be interval-formed [18] or utilizing interval sets to outer-approximate the set boundary [33], which leads to an overly conservative inner-approximation and hinders the application of set-boundary reachability methods.

On this concern, this paper proposes a novel set-boundary reachability method focusing on efficient extraction and refinement of the initial set’s boundary, along with flexible inner-approximation generations. We adopt zonotopes as the abstract representation of states due to their remarkable advantages: the facets of a zonotope remain zonotopes and can be split into non-overlapping subsets while preserving their zonotopic nature. Based on the symmetric property of zonotope’s boundary, we propose an algorithm which can efficiently extract all facets of zonotopes. To further refine the extracted boundary, a fundamental algorithm is developed to partition a zonotope into smaller, non-overlapping zonotopes, termed tiling algorithm. This algorithm leverages two innovative data structures, named as boundary and tiling matrices, providing a clear and efficient implementation of the partition procedure. Complexity analysis demonstrates the superior advantages of the tiling algorithm in computational complexity compared to the existing method [17]. Finally, we contract a pre-computed outer-approximation of reachable set to obtain an inner-approximation, which is achieved by excluding the outer-approximation of the reachable set from the refined boundary of the initial set. In contrast to proportionally shrinking the shape of computed outer-approximation utilized in existing method [33], we provide a more flexible strategy that allows an adaptive modification on the configuration of zonotopic outer-approximations, leading to more non-conservative inner-approximations.

The main contributions of this paper are as follows:

  • A Non-overlapping Zonotope Splitting Algorithm. We present a novel algorithm that efficiently splits a zonotope into non-overlapping subsets, while preserving their zonotopic properties. By utilizing boundary and tiling matrices, our algorithm offers a more straightforward implementation with improved computational complexity compared to existing methods.

  • An Adaptive Contraction Strategy. We put forward an adaptive contraction strategy for computing a zonotopic inner-approximation of the reachable set. This strategy, compared to existing methods, provides a more flexible approach for the contraction of the pre-computed outer-approximations, generating less conservative inner-approximations.

  • A Prototype Tool - BdryReach. We have developed a prototype tool named BdryReach to implement our proposed approach, which is available from https://github.com/ASAG-ISCAS/BdryReach. Numerous evaluations on various benchmarks demonstrate that BdryReach outperforms state-of-the-art tools in terms of efficiency and accuracy.

Related Work

Inner-Approximation Analysis. The methods for inner-approximation computation are generally categorized into two main groups: constraint solving methods and set-propagation methods. Constraint solving methods avoid the explicit computation of reachable sets, but have to address a set of quantified constraints, which are generally constructed via Lyapunov functions [6], occupation measures [19] and equations relaxation [32, 34]. However, solving these quantified constraints is usually computationally intensive (except the case of polynomial constraints for which there exists advanced tools such as semi-definite programming).

The set propagation method is an extension of traditional numerical methods for solving ODEs using set arithmetic rather than point arithmetic. While this method is simple and interesting, a major challenge is the propagation and accumulation of approximation errors over time. To ease this issue efficiently, various methods employing different representations have been developed. [28] presented a Taylor model backward flowpipe method that computes inner-approximations by representing them as the intersection of polynomial inequalities. However, this approach relied on a computationally expensive interval constraint propagation technique to ensure the validity of the representation. In [12], an approach is proposed to compute interval inner-approximations of the projection of the reachable set onto the coordinate axes for autonomous nonlinear systems. This method is later extended to systems with uncertain inputs in [13]. However, they cannot compute an inner-approximation of the entire reachable set, as studied in the present work. [33] proposed a set-boundary reachability method which propagates the initial set’s boundary to compute an polytopic inner-approximation of the reachable set. However, it used computationally expensive interval constraint satisfaction techniques to compute a set of intervals which outer-approximates the initial set’s boundary. Recently, inspired by the computational procedure in [18, 33] introduced a promising method based on polynomial zonotopes to compute inner-approximations of reachable sets for systems with an initial set in interval form. The method presented in this work is also inspired by the in [33]. However, we propose efficient and accurate algorithms for extracting and refining the boundary of the initial set represented by zonotopes and an adaptive strategy for contracting outer-approximations, facilitating the computation of non-conservative inner-approximations.

Splitting and Tiling of Zonotopes. To mitigate wrapping effect [25] and enhance computed results, it is a common way to split a zonotope into smaller zonotopes during computation. Despite zonotopes being special convex polytopes with centrally symmetric faces in all dimensions [36], traditional polytope splitting methods such as [4, 15] cannot be directly applied. The results obtained through these approaches are polytopes, not necessarily zonotopes. In the works [3, 31], they split a zonotope by bisecting it along one of its generators. However, the sub-zonotopes split by this way often have overlap parts, resulting in loss of precision and heavy computation burden. Hence, there is a pressing need for methods that split a zonotope into non-overlapping sub-zonotopes. The problem of zonotopal tiling, i.e., paving a zonotope by tiles (sub-zonotopes) without gaps and overlaps, is an important topic in combinatorics and topology [5, 36]. In the realm of zonotopal tiling, Bohne-Dress theorem [27] plays a crucial role by proving that a tiling of a zonotope can be uniquely represented by a collection of sign vectors or oriented matroid. Inspired by this theorem, [17] developed a tiling method by enumerating the vertices of the tiles as sign vectors of the so-called hyperplane arrangement [22] corresponding to a zonotope. However, in this paper we provide a novel and more accessible method for constructing a zonotopal tiling, which has better computational complexity.

The remainder of this paper is organized as follows. The inner-approximate reachability problem of interest is presented in Sect. 2. Then, we elucidate our reachability computational approach in Sect. 3 and evaluate it in Sect. 4. Finally, we summarize the paper in Sect. 5. Due to space limitations, proofs, examples, some tables and figures are omitted and can be found in the extended version [26], the “Appendix” appeared in this paper is referred to the appendix in [26].

2 Preliminaries

2.1 Notation

The notations and operations concerning space, vectors, matrices, and sets utilized in this paper are presented in Table 1, where the symbols and descriptions for operations on vectors, matrices, and sets are mainly illustrated with specific examples of a vector \(\boldsymbol{x}\), a matrix \(\boldsymbol{M}\), and a set \(\varDelta \).

Table 1. Notations utilized in the paper
Full size table

2.2 Problem Statement

This paper considers nonlinear systems which are modelled by ordinary differential equations of the following form:

$$\begin{aligned} \dot{\boldsymbol{x}} = \boldsymbol{f}(\boldsymbol{x}) \end{aligned}$$
(1)

where \(\boldsymbol{x} \in \mathbb {R}^n\) and \(\boldsymbol{f}\) is a locally Lipschitz continuous function. Thus, given an initial state \(\boldsymbol{x}_0\), there exists an unique solution \(\phi (\cdot ;\boldsymbol{x}_0): [0,T_{\boldsymbol{x}_0})\rightarrow \mathbb {R}^n\) to system (1), where \([0,T_{\boldsymbol{x}_0})\) is the maximal time interval on which \(\phi (\cdot ;\boldsymbol{x}_0)\) is defined.

Given a set \(\mathcal {X}_0\) of initial states, the reachable set is defined as follows:

Definition 1

(Reachable Set). Given system (1) and an initial set \(\mathcal {X}_0\), the reachable set at time \(t>0\) is

$$\begin{aligned} \varPhi (t;\mathcal {X}_0) \triangleq \{ \phi (t;\boldsymbol{x}_0) \mid \boldsymbol{x}_0 \in \mathcal {X}_0 \}. \end{aligned}$$

The exact reachable set \(\varPhi (t;\mathcal {X}_0)\) is usually impossible to be computed, especially for nonlinear systems. Outer-approximations and inner-approximations are often computed for formal reasoning on the system.

Definition 2

Given an initial set \(\mathcal {X}_0\) and a time instant \(t> 0\), an outer-approximation \(O(t;\mathcal {X}_0)\) of the reachable set \(\varPhi (t;\mathcal {X}_0)\) is a superset of the set \(\varPhi (t;\mathcal {X}_0)\), i.e.,

$$\begin{aligned} \varPhi (t;\mathcal {X}_0)\subseteq O(t;\mathcal {X}_0); \end{aligned}$$

an inner-approximation \(U(t;\mathcal {X}_0)\) of the reachable set \(\varPhi (t;\mathcal {X}_0)\) is a subset of the set \(\varPhi (t;\mathcal {X}_0)\), i.e.,

$$\begin{aligned} U(t;\mathcal {X}_0) \subseteq \varPhi (t;\mathcal {X}_0). \end{aligned}$$

In this paper, we focus on the computation of an inner-approximation represented by zonotopes. Zonotope is a special class of convex polytopes with the centrally symmetric nature. It can be viewed as a Minkowski sum of a finite set of line segments, known as G-representation, which is defined as the following.

Definition 3

(Zonotope). A zonotope Z with p generators is a set

$$\begin{aligned} \begin{aligned} Z&=\left\{ \boldsymbol{x} \in \mathbb {R}^{n} \Big | \boldsymbol{x}=\boldsymbol{c}+\sum \nolimits _{i=1}^{p} \alpha _{i} \cdot \boldsymbol{g_i}, -1 \le \alpha _{i} \le 1\right\} \\ &=\left\{ \boldsymbol{x} \in \mathbb {R}^{n} \Big | \boldsymbol{x}=\boldsymbol{c}+\boldsymbol{G\alpha }, -\boldsymbol{1} \le \boldsymbol{\alpha } \le \boldsymbol{1}\right\} , \end{aligned} \end{aligned}$$

denoted by \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \), where \(\boldsymbol{c}\in \mathbb {R}^n\) is referred as center and \(\boldsymbol{g}_1, \cdots , \boldsymbol{g}_p \in \mathbb {R}^n\) as generators of zonotope. \(\boldsymbol{G} = (\boldsymbol{g}_i)_{1 \le i\le p} \in \mathbb {R}^{n,p}\) is called generator matrix.

For a zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \) in space \(\mathbb {R}^n\), it is called k-dimensional if \(\mathop {\textrm{rank}}\limits (\boldsymbol{G}) = k, k \le n\). A k-dimensional zonotope can be reduced into space \(\mathbb {R}^k\) without altering its shape. Furthermore, the facets of a k-dimensional (\(k\ge 1\)) zonotope are \((k-1)\)-dimensional zonotopes. If an n-dimensional zonotope has n independent generators, then it’s called parallelotope. Additionally, If there is a zonotope \(Z^\prime \) such that \(Z^\prime \subsetneqq Z\), \(Z^\prime \) is called a sub-zonotope of Z.

3 Methodology

In this section we introduce our set-boundary reachability method to compute inner-approximations of reachable sets. Firstly, the framework of our method is presented in Subsect. 3.1. Then, we introduce the algorithm of extracting the exact boundary of a zonotope in Subsect. 3.2, the tiling algorithm for boundary refinement in Subsect. 3.3 and the strategy for computing an inner-approximation via contracting an outer-approximation in Subsect. 3.4.

3.1 Inner-Approximation Computation Framework

The framework of computing inner-approximations in this paper follows the one proposed in [33], but with minor modifications.

Given system (1) with an initial set \(\mathcal {X}_0\), represented by a zonotope, and a time duration \(T = Nh\), where \(h>0\) is the time step and N is a non-negative integer, we compute a zonotopic inner-approximation \(U((k+1)h;\mathcal {X}_0)\) of the reachable set \(\varPhi ((k+1)h;\mathcal {X}_0)\) for \(k\in \{0,1,\cdots ,N\}\). The inner-approximation \(U_{k+1}=U((k+1)h;\mathcal {X}_0)\) is computed based on \(U_{k}=U(kh;\mathcal {X}_0)\) (\(U_{0}:= \mathcal {X}_0)\) with the following procedures:

  1. 1.

    extract and refine the boundary \(\partial U_{k}\) of \(U_{k}\) ;

  2. 2.

    compute a zonotopic outer-approximation \(O(h;U_{k})\) of reachable set \(\varPhi (h;U_{k})\), and an outer-approximation \(O(h;\partial U_{k})\) of reachable set \(\varPhi (h;\partial U_{k})\). These outer-approximations can be computed using existing zonotope-based approaches such as [3];

  3. 3.

    contract \(O(h;U_k)\) to obtain a zonotopic inner-approximation candidate \(U'_{k+1}\) by excluding the set \(O(h;\partial U_k)\), i.e., let \(U'_{k+1} \cap O(h;\partial U_k) = \emptyset \);

  4. 4.

    compute an outer-approximation of the reachable set \(O(h;\boldsymbol{c})\) of the time-inverted system \(\dot{\boldsymbol{x}}=-\boldsymbol{f}(\boldsymbol{x})\) with the single initial state \(\boldsymbol{c}\), where \(\boldsymbol{c}\) is the center of the zonotope \(U'_{k+1}\). If the computed outer-approximation \(O(h;\boldsymbol{c})\) is included in the set \(U_k\), then \(U_{k+1}:=U'_{k+1}\) is an inner-approximation of the reachable set \(\varPhi ((k+1)h;\mathcal {X}_0)\);

Fig. 1.
figure 1

Illustration of inner-approximation computation framework

Full size image

The overall computational workflow is visualized in Fig. 1. There are three computational procedures that affect the efficacy (i.e., accuracy and efficiency) of inner-approximation computation in the aforementioned framework: the extraction and refinement of the boundary \(\partial U_k\), reachability analysis for computing outer-approximations \(O(h;U_k), O(h;\partial U_k)\), and contraction of \(O(h;U_k)\) to obtain an inner-approximation candidate \(U_{k+1}^\prime \). Since there are well-developed reachability algorithms in existing literature for computing outer-approximations such as [3, 11], we in the following focus on other two computational procedures. For the first one, as the outer-approximation computed \(O(h;\partial U_k)\) would be excluded from \(O(h;U_k)\), the accuracy of \(O(h;\partial U_k)\) significantly affects the one of \(U_{k+1}\). Additionally, the accuracy of \(O(h;\partial U_k)\) strongly correlates with the size of \(\partial U_k\). To improve the accuracy of \(U_{k+1}\), two algorithms are proposed: one for extracting and the other for tiling the boundary of a zonotope (i.e., splitting the boundary into sub-zonotopes without overlaps). As for the third one, an adaptive strategy is developed to make the inner-approximation \(U_{k+1}\) much tighter. This is achieved by contracting \(O(h;U_k)\) in a flexible way, deviating from the proportional reduction of the size of \(O(h;U_k)\) in the existing methods [33].

3.2 Extraction of Zonotopes’ Boundaries

In this subsection we introduce the algorithm for extracting the exact boundary of a zonotope. The concept of cross product of a matrix provided by [24] will be utilized herein, which is formulated below.

Definition 4

(Cross Product). Given a matrix \(\boldsymbol{M} \in \mathbb {R}^{n,n-1}\) in which the column vectors are linearly independent. The cross product of \(\boldsymbol{M}\) is a vector of the following form:

$$\texttt{CP}(\boldsymbol{M}) = \left( {\text {det}}\left( \boldsymbol{M}^{[1]}\right) , \cdots ,(-1)^{i+1} {\text {det}}\left( \boldsymbol{M}^{[i]}\right) , \cdots ,(-1)^{n+1} {\text {det}}\left( \boldsymbol{M}^{[n]}\right) \right) ^\intercal ,$$

where \({\text {det}}(\cdot )\) is the determinant of a matrix.

The cross product of \(\boldsymbol{M} \in \mathbb {R}^{n,n-1}\) can be viewed as the normal vector of the hyperplane spanned by \(n-1\) linearly independent column vectors in \(\boldsymbol{M}\).

Fig. 2.
figure 2

Illustration of boundary extraction algorithm

Full size image

The boundary extraction algorithm is established on the fact that a zonotope is centrally symmetric and each facet, which is a zonotope, has congruent facets on the opposite side of the center (e.g., two dark blue facets in Fig. 2).

Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \), where \(\boldsymbol{c}\in \mathbb {R}^n\) and \(\boldsymbol{G} = (\boldsymbol{g}_i)_{1 \le i\le p} \in \mathbb {R}^{n,p}\), for each two symmetric facets, they lie in parallel hyperplanes and share the same generators. The two parallel hyperplanes are spanned by a part of generators of Z, which can form a submatrix of \(\boldsymbol{G}\) with rank \(n-1\). In boundary extraction algorithm, i.e., Algorithm 1, we firstly enumerate all potential \(n \times (n-1)\) submatrices of \(\boldsymbol{G}\) which are able to span a hyperplane. For a certain hyperplane spanned by a submatrix \(\boldsymbol{B}_b\), to confirm the center and generators of its corresponding facets, we compute its normal vector by the cross product operator \(\texttt{CP}(\cdot )\), then the center of the two symmetric facets can be respectively determined by moving the center \(\boldsymbol{c}\) along the positive and negative directions of generators which are not perpendicular to \(\texttt{CP}(\boldsymbol{B}_b)\), and the generator matrix of these corresponding facets can be represented by \(\boldsymbol{B}_b\) appending generators parallel to the hyperplane. The visible operations stated above are shown in Fig. 2.

Algorithm 1
figure c

. Boundary Extraction Algorithm

Full size image

The computation of a zonotope’s boundary is summarized in Algorithm 1. Its soundness, i.e., the set computed by Algorithm 1 is equal to the boundary \(\partial Z\) of the zonotope Z, is justified in Theorem 1, whose proof is available in Appendix A. In order to enhance the understanding of Algorithm 1, we provide a simple example, Example 1 in Appendix B, to illustrate the computational process of Algorithm 1.

Remark 1

In space \(\mathbb {R}^n\), if a zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \) isn’t n-dimensional, i.e., \(\mathop {\textrm{rank}}\limits (\boldsymbol{G}) < n\), then the boundary of this zonotope is itself.

Theorem 1

(Soundness of boundary extraction algorithm). Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \) with p generators, the set computed by Alg. 1 is equal to its boundary \(\partial Z\).

The Complexity of Boundary Extraction Algorithm. For an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle , \boldsymbol{G} \in \mathbb {R}^{n, p}\), it has M facets, where \(M \le \left( {\begin{array}{c}p\\ n-1\end{array}}\right) \). The number of \(n\times (n-1)\) submatrices of \(\boldsymbol{G}\) is \(\left( {\begin{array}{c}p\\ n-1\end{array}}\right) \), and the computation of the rank of an \(n \times (n-1)\) matrix has the complexity \(O(n(n-1)^2)\) (using QR decomposition), then the computation in Line 2 has the complexity \(O(n(n-1)^2\left( {\begin{array}{c}p\\ n-1\end{array}}\right) )\). In “while” Loop (Line 3–22), it has \(\frac{M}{2}\) iterations. For the operation \(\texttt{CP}(\cdot )\) on an \(n \times (n-1)\) matrix, its complexity is \(n\mathop {\textrm{DET}}\limits (n-1)\), where \(\mathop {\textrm{DET}}\limits (n)\) denote the complexity of computing a determinant of an \(n\times n\) square matrix. By LU-decomposition, \(\mathop {\textrm{DET}}\limits (n)\) is \(O(n^3)\), however by Coppersmith-Winograd algorithm [10], it can reach \(O(n^{2.373})\). For each \(\boldsymbol{B}_b \in \mathcal {B}\), checking the inner product between \(\boldsymbol{v}\) and remaining generators has \(p-n+1\) loops, and the inner product has complexity O(n). Thus, the complexity of Algorithm 1 is \(\frac{M}{2}\left( n\mathop {\textrm{DET}}\limits (n-1)+n(p-n+1)\right) +O(n(n-1)^2\left( {\begin{array}{c}p\\ n-1\end{array}}\right) ) = O\left( Mn(\mathop {\textrm{DET}}\limits (n-1)+p)+n(n-1)^2\left( {\begin{array}{c}p\\ n-1\end{array}}\right) \right) \).

3.3 Zonotopal Tiling and Boundary Refinement

This subsection introduces our tiling algorithm which can split a zonotope into sub-zonotopes without overlaps and then elaborates how this tiling algorithm is employed to refine the boundaries of zonotopes.

The boundary matrix, which is constructed according to Algorithm 1, plays an important role in our tiling algorithm. Its entries are able to characterize the centers and generators for all facets of a zonotope.

Definition 5

(Boundary Matrix). Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \) with M facets, where \(\boldsymbol{c} \in \mathbb {R}^n\) and \(\boldsymbol{G} \in \mathbb {R}^{n,p}\), its boundary matrix \(\boldsymbol{B} \in \mathbb {R}^{M,p}\) is a matrix whose each entry is 0,1,or -1, where

  1. 1.

    \(\boldsymbol{B}(i,j)=0\) implies that the j-th generator \(\boldsymbol{g}_j\) is a generator of the i-th facet (corresponding to Line 8 in Algorithm 1);

  2. 2.

    \(\boldsymbol{B}(i,j)=-1\) implies that in order to obtain the center of the i-th facet, the MINUS operator is applied to the j-th generator \(\boldsymbol{g}_j\) (corresponding to Line 10 and 12 in Algorithm 1);

  3. 3.

    \(\boldsymbol{B}(i,j)=1\) implies that in order to obtain the center of the i-th facet, the PLUS operator is applied to the j-th generator \(\boldsymbol{g}_j\) (corresponding to Line 10 and 12 in Algorithm 1).

From the boundary matrix of a zonotope, one can obtain all its facets. Appendix B provides an example (Example 2) to illustrate this claim.

Another matrix, tiling matrix, is constructed to store the outcomes of the tiling algorithm, i.e., all the non-overlapping sub-zonotopes whose union covers the original zonotope. Similar to the boundary matrix, a row of tiling matrix represents a sub-zonotope.

Definition 6

(Tiling Matrix). Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \), where \(\boldsymbol{c} \in \mathbb {R}^n\) and \(\boldsymbol{G} \in \mathbb {R}^{n,p}\), its tiling matrix \(\boldsymbol{T} \in \mathbb {R}^{s,p}\) is a matrix satisfying the following conditions:

  1. 1.

    its each entry is 0,1 or -1, which has the same meaning with the one in the boundary matrix;

  2. 2.

    each row defines a sub-zonotope \(Z_i\) such that \(\bigcup _{i=1}^s Z_i=Z\) and \(Z^{\circ }_i\cap Z^{\circ }_j=\emptyset \) for \(i\ne j\).

Our tiling algorithm is based an intuitive observation: for a zonotope, moving its one-sided facets towards to the opposite side along the direction of a generator results in a new zonotope with this generator removed, simultaneously, several sub-zonotopes are generated by adding this generator to all these facets. This process, which is visualized in Fig. 3, can be iteratively conducted, until a parallelotope remains. At this point, the tiling algorithm terminates, yielding a collection of tiles denoted as zonotopes that tile the original zonotope.

Fig. 3.
figure 3

Illustration of one-step tiling

Full size image

The tiling algorithm leverages operations on boundary matrix \(\boldsymbol{B}\) to implement the facets’ movement and sub-zonotopes generation aforementioned. The results of each step, namely the sub-zonotopes after one-step tiling, are recorded in the tiling matrix \(\boldsymbol{T}\).

Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle ,\) where \(\boldsymbol{G} = (\boldsymbol{g}_i)_{1 \le i\le p} \in \mathbb {R}^{n,p}\), we require that the right-most \(n\times n\) submatrix of \(\boldsymbol{G}\) is full rank to ensure that the sub-zonotopes with one generator removed after one-step tiling remain n-dimensional. For the specific j-th column of boundary matrix \(\boldsymbol{B}\), where \( 1\le j\le (p-n)\), we process the following operations to its entries:

  1. 1.

    if there exist i’s such that \(\boldsymbol{B}(i,j)=-1\), we add these rows in the boundary matrix \(\boldsymbol{B}\) into the tiling matrix \(\boldsymbol{T}\) as new rows, but change their j-th entry to 0 in the tiling matrix \(\boldsymbol{T}\). Meanwhile, the j-th entries of these rows in the boundary matrix \(\boldsymbol{B}\) are modified into 1, i.e., \(\boldsymbol{B}(i,j)=1\);

  2. 2.

    if there exist i’s such that \(\boldsymbol{B}(i,j)=0\), we delete these rows from the boundary matrix \(\boldsymbol{B}\).

After the j-th iteration, the updated boundary matrix \(\boldsymbol{B}\) characterizes the boundary of a new zonotope. This new zonotope is derived by removing the first through the j-th generators from the original zonotope Z. Simultaneously, the sub-zonotopes generated by adding the generator \(\boldsymbol{g}_j\) to the facets are incorporated into the tiling matrix \(\boldsymbol{T}\). Finally, after \(p-n\) iterations, there remains one parallelotope, whose generator matrix is the right-most \(n\times n\) submatrix of \(\boldsymbol{G}\), we put this parallelotope into the tiling matrix \(\boldsymbol{T}\) and then output the result.

The above computational procedures are summarized in Algorithm 2. Its soundness is justified by Theorem 2, whose proof is available in Appendix A. Moreover, Appendix B supplements an example (Example 3) to illustrate the main steps tiling a zonotope using Algorithm 2.

Remark 2

For an n-dimensional parallelotope, Algorithm 2 only return itself since there is no generator to remove while keeping it n-dimensional. However, one can use some simple methods to tile it such as parallelepiped grid.

Algorithm 2
figure d

. Tiling Algorithm

Full size image

Remark 3

The sub-zonotopes obtained by Algorithm 2 aren’t necessarily parallelotopes. To make the results of tiling are exclusively paralletopes, one can recursive applying Alg. 2 on each sub-zonotope in tiling matrix \(\boldsymbol{T}\) until each sub-zonotope has n generators. Additionally, Algorithm 2 allows terminating at any iteration, and the result of each iteration can serve as a tiling of the original zonotope. This flexibility is valuable for controlling the number of partitioned sub-zonotopes. Therefore, our proposed tiling algorithm is particularly well-suited for the inner-approximation computation scenario outlined in this paper, it enables a balance between the computational burden and precision of evaluating \(O(h;\partial U_k)\) by constraining the number of sub-zonotopes in the tiling.

Theorem 2

(Soundness of tiling algorithm). Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle \) with p generators, the tiling matrix \(\boldsymbol{T}\) obtained by Algorithm 2 satisfies the conditions in Def. 6.

The Complexity of Tiling Algorithm. For an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle , \boldsymbol{G} = (\boldsymbol{g}_i)_{1 \le i\le p} \in \mathbb {R}^{n,p}\), where \(\mathop {\textrm{rank}}\limits ((\boldsymbol{g}_i)_{i\in \mathbb {N}_{[p-n+1,p]}}) = n\), assume Z has M facets. The calling of Algorithm 1 is \(O\left( Mn(\mathop {\textrm{DET}}\limits (n-1)+p)+n(n-1)^2\right. \left. \left( {\begin{array}{c}p\\ n-1\end{array}}\right) \right) \). The size of boundary matrix \(\boldsymbol{B}\) is \(M\times p\), the two-layer “for” Loop (Line 3–15) has iterations less than \(M(p-n)\), thus the calling of Algorithm 1 is dominant in the complexity of tiling algorithm. Consequently, the complexity of Algorithm 2 is \(O\left( Mn(\mathop {\textrm{DET}}\limits (n-1)+p)+n(n-1)^2\left( {\begin{array}{c}p\\ n-1\end{array}}\right) \right) \).

Complexity Comparison. Here we compare the complexity of tiling algorithm proposed in [17] with ours. For an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle , \boldsymbol{G} \in \mathbb {R}^{n,p}\), assume Z has M facets and N vertexes. The main computation procure of algorithm in [17] is computing \(\varSigma \) (a set of sign vectors of cells of the arrangement), which is equivalent to enumerate the sign vectors of all the vertexes of Z. The computation of \(\varSigma \), utilizing a reverse search algorithm [9], owns the complexity of \(O(np \mathop {\textrm{LP}}\limits (p,n) \vert \varSigma \vert ) = O(Nnp \mathop {\textrm{LP}}\limits (p,n))\) (the number of sign vectors in \(\varSigma \) is equal to N), where \(\mathop {\textrm{LP}}\limits (p,n)\) is the time to solve a linear programming (LP) with p inequalities in n variables. There are various algorithms for solving LPs including simplex algorithm, interior point method and their variants. The state-of-the-art algorithms for solving LPs take complexity around \(O(n^{2.37})\) [8]. As for the complexity of our algorithm, we have clarified that dominant part in complexity is the procure extracting the boundary of a zonotope, which has the complexity \(O\left( Mn(\mathop {\textrm{DET}}\limits (n-1)+p)+n(n-1)^2\left( {\begin{array}{c}p\\ n-1\end{array}}\right) \right) \). Additionally for zonotope Z, the number of its vertexes N is usually much larger than the one of its facets M, particularly in high dimension (for example, a hypercube in \(\mathbb {R}^n\) has \(2^n\) vertexes and 2n facets). According to the analysis above, we can conclude the complexity of our tiling algorithm is better than the one of algorithm (\(O(Nnp \mathop {\textrm{LP}}\limits (p,n))\)) in [17].

Fig. 4.
figure 4

Illustration of boundary refinement

Full size image

Boundary Refinement via Tiling Algorithm. Given an n-dimensional zonotope \(Z=\left\langle \boldsymbol{c},\boldsymbol{G} \right\rangle , \boldsymbol{G}\in \mathbb {R}^{n, p}\), for one of its facet \(F = \left\langle \boldsymbol{c}_b,\boldsymbol{G}_b \right\rangle \), we transform it into the space \(\mathbb {R}^{n-1}\) with transformation matrix \(\boldsymbol{B}_b^\intercal \), where \(\boldsymbol{B}_b\) is the \(n\times (n-1)\) submatrix of \(\boldsymbol{G}_b\) with rank \(n-1\), then the \((n-1)\)-dimensional transformed zonotope can be denoted as \(\tilde{F}=\left\langle \boldsymbol{B}_b^\intercal \boldsymbol{c}_b,\boldsymbol{B}_b^\intercal \boldsymbol{G}_b \right\rangle \). Using tiling algorithm, \(\tilde{F}\) can be split into some smaller sub-zonotopes \(\{\tilde{F}^{(1)}, \tilde{F}^{(2)}, \cdots , \tilde{F}^{(M)}\}\). For each of \((n-1)\)-dimensional sub-zonotopes such as \(\tilde{F}^{(1)} = \left\langle \tilde{\boldsymbol{c}}_{(1)},\tilde{\boldsymbol{G}}_{(1)} \right\rangle \), an inverse transformation recovers it to the zonotope in the space \(\mathbb {R}^n\), i.e., \(F^{(1)}=\left\langle \boldsymbol{c}_{(1)},\boldsymbol{G}_{(1)} \right\rangle \), where \(\boldsymbol{c}_{(1)} = [\boldsymbol{B}_b^\intercal ; \texttt{CP}(\boldsymbol{B}_b)^\intercal ]^{-1}[\tilde{\boldsymbol{c}}_{(1)};\texttt{CP}(\boldsymbol{B}_b) \cdot \boldsymbol{c}_b]\), \(\boldsymbol{G}_{(1)} = [\boldsymbol{B}_b^\intercal ;\texttt{CP}(\boldsymbol{B}_b)^\intercal ]^{-1}[\tilde{\boldsymbol{G}}_{(1)};\boldsymbol{0}^\intercal ]\). The main steps of boundary refinement are visualized in Fig. 4.

3.4 Contracting Computed Outer-Approximation

In this subsection we present our contraction method, yielding the inner approximation candidate \(U_{k+1}^\prime \) by contracting \(O(h; U_k)\). In contrast to the approaches in [33], which contracts \(O(h; U_k)\) by reducing size proportionally, our contraction method offers a more flexible way. Specifically, the length of each generator of \(O(h; U_k)\) can be adjusted and some generators can be removed. The incorporation of this adaptive contraction method enhances the tightness of the computed inner-approximation.

By extracting and refining of boundary \(\partial U_{k}\) of \(U_{k}\), we get a collection of sub-zonotopes, i.e., \(\{\partial U_k^{(i)}\}_{i \in \mathbb {N}_{[1,s]}}\), where \(\bigcup _{i=1}^s \partial U_k^{(i)} = \partial U_k\). Then \(O(h;\partial U_k)\) can be obtained by uniting all the out-approximations \(\partial O_{k+1}^{(i)} := O(h;\partial U_k^{(i)}), i \in \mathbb {N}_{[1,s]}\), i.e., \(O(h;\partial U_k) = \bigcup _{i=1}^s \partial O_{k+1}^{(i)}\).

Noticing that the shape of every outer-approximation \(\partial O_{k+1}^{(i)}=\left\langle \boldsymbol{c}_o,\boldsymbol{G}_o \right\rangle \) is usually long and narrow (refer to Fig. 1), we choose the top \(n-1\) independent generators by norm (such as Euclidean norm) to span a hyperplane, which can be seen as an \((n-1)\)-dimensional form approximating \(\partial O_{k+1}^{(i)}\). Then we compute the cross product \(\texttt{CP}(\cdot )\) of this hyperplane as its normal vector to represent the attitude of \(\partial O_{k+1}^{(i)}\), denoted by \(\texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \) (i.e. \(\texttt{CP}(\hat{\boldsymbol{G}}_o)\), where \(\hat{\boldsymbol{G}}_o\) contains top \(n-1\) indenpent generators of \(\boldsymbol{G}_o\) by norm).

Initially, we set the inner-approximation candidate \(U_{k+1}^\prime := O(h;U_k)\). Subsequently, we iteratively reduce the length of generators and adjust the position (by changing the center) of \(U_{k+1}^\prime \) until the intersections between \(U_{k+1}^\prime \) and all outer-approximations \(\partial O_{k+1}^{(i)}\) become empty sets. For each outer-approximation \(\partial O_{k+1}^{(i)}\), we begin by shortening the length of generators that are most likely to yield collisions between \(U_{k+1}^\prime \) and \(\partial O_{k+1}^{(i)}\), which would prevent the unnecessary contraction of \(U_{k+1}^\prime \) and make the result tighter. Heuristically, the generators with directions closest to \(\texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \), or in other words, those most likely to “perpendicular” to \(\partial O_{k+1}^{(i)}\) (precisely, perpendicular to hyperplane spanned by column vectors of \(\hat{\boldsymbol{G}}_o\)) should be given priority considerations. When encountering a generator that dose not need to be shortened, indicating that \(U_{k+1}^\prime \) and \(\partial O_{k+1}^{(i)}\) have no overlapping parts, we turn to the next outer-approximation \(\partial O_{k+1}^{(i+1)}\). The details of contraction method proposed is summarized below.

  1. 1.

    Initialize inner-approximation candidate \(U_{k+1}^\prime :=\left\langle \boldsymbol{c}_u,\boldsymbol{G}_u \right\rangle = O(h;U_k)\).

  2. 2.

    For every boundary outer-approximations \(\partial O_{k+1}^{(i)}=\left\langle \boldsymbol{c}_o,\boldsymbol{G}_o \right\rangle , i \in \mathbb {N}_{[1,s]}\), carry out the following processing steps.

    1. 2a.

      Sort the generators \(\{\boldsymbol{g}_l\}_{1\le l\le \mathop {\textrm{cols}}\limits (\boldsymbol{G}_u)}\) of \(U_{k+1}^\prime \) according the angle with \(\texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \) from small to large (i.e., \(\Vert \textrm{cos} \theta \Vert = \frac{\Vert \boldsymbol{g}_l\cdot \texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \Vert }{\Vert \boldsymbol{g}_l \Vert \Vert \texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \Vert }\) from large to small).

    2. 2b.

      Loop all the generators according to the sorted order, for the generator \(\boldsymbol{g}_l\), compute its domain \([\underline{\alpha _l}, \overline{\alpha _l}]\) which intersects with \(\partial O_{k+1}^{(i)}\) by LPs (2) and (3) (using approach in [16, Chapter 4.2.5]), where \(\boldsymbol{\alpha } = (\alpha _1, \cdots , \alpha _l, \cdots , \alpha _{\mathop {\textrm{cols}}\limits (\boldsymbol{G}_u)})^\intercal \), \(\boldsymbol{\beta } = (\beta _1, \cdots , \beta _{\mathop {\textrm{cols}}\limits (\boldsymbol{G}_o)})^\intercal \).

      $$\begin{aligned} \begin{aligned} \min \quad & \alpha _l \\ s.t.\quad &\boldsymbol{c}_u + \boldsymbol{G}_u \boldsymbol{\alpha } = \boldsymbol{c}_o + \boldsymbol{G}_o \boldsymbol{\beta }\\ &-\boldsymbol{1} \le \boldsymbol{\alpha }\le \boldsymbol{1}, -\boldsymbol{1} \le \boldsymbol{\beta } \le \boldsymbol{1} \end{aligned} \end{aligned}$$
      (2)
      $$\begin{aligned} \begin{aligned} \max \quad & \alpha _l \\ s.t.\quad &\boldsymbol{c}_u + \boldsymbol{G}_u \boldsymbol{\alpha } = \boldsymbol{c}_o + \boldsymbol{G}_o \boldsymbol{\beta }\\ &-\boldsymbol{1} \le \boldsymbol{\alpha }\le \boldsymbol{1}, -\boldsymbol{1} \le \boldsymbol{\beta } \le \boldsymbol{1} \end{aligned} \end{aligned}$$
      (3)

      When the optimal value of (2) or (3) can’t be found, then terminate this loop and continue for the next boundary outer-approximation \(\partial O_{k+1}^{(i+1)}\).

    3. 2c.

      If \([\underline{\alpha _l}, \overline{\alpha _l}]=[-1,1]\), then delete \(\boldsymbol{g}_l\) from generator matrix \(\boldsymbol{G}_u\). Else, update the range of \(a_l \in \max \{[-1,\underline{a_l} - \epsilon ],[\overline{a_l} +\epsilon ,1]\} \triangleq [\underline{\gamma }, \overline{\gamma }]\), where the operation \(\max \{\cdot ,\cdot \}\) means choosing the interval with maximum length and \(\epsilon \) is a user-defined small positive number.

    4. 2d.

      Update \(\boldsymbol{c}_u := \boldsymbol{c}_u + 0.5 (\overline{\gamma }+\underline{\gamma }) \boldsymbol{g}_l\) and \(\boldsymbol{g}_l := 0.5 (\overline{\gamma }-\underline{\gamma }) \boldsymbol{g}_l\).

Remark 4

The introducing of the user-defined small positive number \(\epsilon \) is to ensure \(U_{k+1}^\prime \cap \partial O_{k+1}^{(i)} = \emptyset \).

Remark 5

In practice, it is a common case that \([\underline{\alpha _l}, \overline{\alpha _l}]=[-1,1]\), thus the number of generators of inner-approximation candidate \(U_{k+1}^\prime \) is usually less than \(O(h;U_k)\)’s, which shows that this contraction method has the advantage for zonotope order reduction [35].

Appendix B provides an example (Example 4) to illustrate the procedure of the contraction method and why is necessary to sort the generators \(\{\boldsymbol{g}_l\}_{1\le l\le \mathop {\textrm{cols}}\limits (\boldsymbol{G}_u)}\) of \(U_{k+1}^\prime \) according to the angle with \(\texttt{AT}\left( \partial O_{k+1}^{(i)}\right) \).

Verification of Inner-Approximation Candidate. According to Theorem 1 and 3 in [18], after obtaining inner-approximation candidate \(U_{k+1}^\prime \), it’s crucial to check whether the outer-approximation \(O(h;\boldsymbol{c})\) (\(\boldsymbol{c}\) is the center of \(U'_{k+1}\)) of the time-inverted system \(\dot{\boldsymbol{x}} = -\boldsymbol{f}(\boldsymbol{x})\) is within \(U_k\), which confirms the correctness of computed inner-approximation \(U_{k+1}\). Since both \(U_{k+1}^\prime \) and \(O(h;\boldsymbol{c})\) are zonotopes, this verification reduces a zonotope containment problem. In our approach, we leverage a sufficient condition outlined in [29], which can be encoded into LP to perform the inclusion verification.

4 Experiments

In this section we demonstrate the performance of our approach on various benchmarks. Our implementation utilizes the floating point linear programming solver GLPK and C++ library Eigen. We adopt the approach outlined in [3] to compute outer-approximations appeared in our method. All experiments herein are run on Ubuntu 20.04.3 LTS in virtual machine with CPU 12th Gen Intel Core i9-12900K \(\times \) 8 and RAM 15.6 GB.

To evaluate the precision of the computed inner-approximations, we use the minimum width ration \(\gamma _{min}\) similar to [18], which is defined as

$$\begin{aligned} \begin{aligned} &\gamma _{\min }=\min _{\boldsymbol{v} \in \mathcal {V}} \frac{\left| \gamma _i(\boldsymbol{v})\right| }{\left| \gamma _o(\boldsymbol{v})\right| } \\ \text {with}~~&\gamma _i(\boldsymbol{v}) =\max _{x \in U_k} \boldsymbol{v}^{\intercal } x+\max _{x \in U_k}-\boldsymbol{v}^{\intercal } x \\ &\gamma _o(\boldsymbol{v}) =\max _{x \in O_k} \boldsymbol{v}^{\intercal } x+\max _{x \in O_k}-\boldsymbol{v}^{\intercal } x \end{aligned} \end{aligned}$$
(4)

where \(U_k\) and \(O_k\) are the inner-approximation and outer-approximation of the reachable set at k step respectively. \(\boldsymbol{v} \in \mathcal {V} \subset \mathbb {R}^n\), and \(\mathcal {V}\) is the set consisting of n axis-aligned unit-vectors. To ensure a fair comparison, the \(O_k\) is chosen to be the interval enclosure of 1000 random points at the final time instant simulated via ode45 in MATLAB. Intuitively, the larger this ratio, the better the approximation.

Our approach is systematically compared with the state-of-the-art method presented in [18], which is publicly available in the reachability analysis toolbox CORA [1]. Benchmarks with system’s dimension from 2 to 12 are utilized to show the the comprehensive advantages of our approach. Their configurations including dimensions, initial sets and references are listed in Table 2.

Table 2. Benchmarks and their dimensions, initial sets and references
Full size table

4.1 Advantage in Efficiency and Precision

For each benchmark stated in Table 2, we compute the inner-approximations at the time instant T using our approach and the one in CORA. Table 3 demonstrates the time cost and \(\gamma _{min}\) for tow methods. The advantages of our approach are evident from low dimensional scenario (2-dimensional) to high dimensional scenario (12-dimensional), showcasing improved efficiency and precision, particularly in higher dimensions. Taking the benchmark Tank12 as an instance, our approach achieves nearly \(38\%\) improvement in precision while requiring only \(12\%\) of the time compared to CORA. The visualization of the inner-approximations computed by our approach and CORA is illustrated in Fig. 7 provided in Appendix C, together with the outer-approximations computed by CORA in this figure for sake of convenient comparison.

Table 3. Comparison between our approach and CORA for each benchmark
Full size table

4.2 Advantage in Long Time Horizons

Further, we extend the time horizon in Table 3 and compare the performance of inner-approximation computation between our approach and CORA. As evidenced by the results in Table 4, our approach demonstrates the reliable capability to compute inner-approximations in relatively longer time horizons compared to CORA. It shows that our approach can consistently compute all inner-approximations while maintaining benign efficiency and precision. In contrast, the approach in CORA fails to compute inner-approximations for all benchmarks. The visualization of the inner-approximations computed by our approach and CORA is illustrated in Fig. 8 provided in Appendix C.

Table 4. Comparison between our approach and CORA for each benchmark in relatively longer time horizons
Full size table

4.3 Advantage in Big Initial Sets

We also expand the initial sets as listed in Table 2 to highlight our advantage in computing inner-approximations from larger initial sets. For each benchmark, we set both a short and a long time instant to compute inner-approximations using our approach and CORA. As shown in Table 5, our approach can accomplish all the inner-approximation computations while maintaining high levels of efficiency and precision. In contrast, for the short time instant scenario, the performance of CORA is worse than ours in both computation time and accuracy, and CORA fails to compute inner-approximations at long time instant for all benchmarks. The visualization of the inner-approximations computed by our approach and CORA is illustrated in Fig. 9 and Fig. 10 provided in Appendix C.

Table 5. Comparison between our approach and CORA for each benchmark in big initial sets.
Full size table

5 Conclusion

In this paper we propose a novel approach to compute inner-approximations of reachable sets for nonlinear systems based on zonotopic boundary analysis. To enhance the efficiency and precision of the computed inner-approximations, we introduce three innovative and efficient methods, including the algorithm of extracting boundaries of zonotopes, the algorithm of tiling zonotopes for boundary refinement, and contraction strategy for obtaining inner-approximations from pre-computed outer-approximations. In comparison to the state-of-the-art methods for inner-approximation computation, our approach demonstrates superior performance in terms of efficiency and precision, particularly within high dimensional cases. Moreover, our proposed approach exhibits a remarkable capability to compute inner-approximations for scenarios with long time horizons and large initial sets, where the inner-approximations are usually failed to be computed by existing methods.