figure a
figure b

1 Introduction

Fig. 1.
figure 1

Reachability analysis based on set propagation techniques.

Full size image

Reachability analysis, which mainly involves the computation of reachable sets, is an essential tool for rigorously determining the behavior of dynamical systems across different scenarios. It serves as the foundation for applications such as formal verification [6, 23, 36], controller synthesis [29, 34], and state estimation [1]. While the precise reachable set can be characterized using sublevel sets of solutions to Hamilton-Jacobi (HJ) equations [13, 27], the necessity of discretizing state space for numerical solving, limit their applicability to high-dimensional dynamic systems due to the escalating computational expenses linked to dimensionality. These limitations have led the control community to prefer using approximate strategies for reachability analysis, such as set propagation techniques [4].

The set propagation method, depicted in Fig. 1, extends the numerical solution of ordinary differential equations (ODEs) by using sets to represent solutions rather than precise numerical values. This method commences from an initial state set and iteratively computes sets to encompass all possible system states, thus supports the verification of specific properties like safety [3, 9, 12, 16, 17, 22, 30]. To expedite set operations, the method employs representations such as intervals, polytopes, and zonotopes to over-approximate the exact reachable set. However, the cumulative error from successive iterations, known as the wrapping effect [28], can lead to overly conservative state estimations, particularly for large initial sets or large time periods, potentially causing verification failures. While partitioning the initial set or adjusting the step size can mitigate wrapping effect errors, this simple strategy often incurs substantial computational expenses, rendering it impractical for refining the conservative estimates of existing reachability analysis algorithms. On the other hand, the shared algorithmic structure of set-propagation methods often allows further advancements to be built upon improving specific steps rather than overhauling the entire design. However, implementing such customized algorithms often deviate from the primary objective of existing reachability analysis tools, which prioritize user-friendly interfaces over the creation of developer-centric platforms conducive to innovative algorithmic research and development.

In this work, we introduce PyBDR, our prototype toolkit for set-boundary-based reachability analysis, developed in Python. PyBDR includes advanced set-boundary propagation methods designed to enhance reachability analysis capabilities, particularly for large initial sets and long time horizons. Based on the homeomorphism property of the solution mapping for ODEs satisfying Lipschitz conditions, the set-boundary propagation method propagates only the boundary of the initial set rather than the entire initial set itself to conduct reachability analysis [37, 38]. Because the measure (or, volume) of the boundary is much smaller than the one of the entire initial set, the set-boundary propagation method will induce a smaller wrapping effect efficiently. Furthermore, to support algorithm development, we envision a paradigm where developers are empowered with a suite of accessible, modular, and versatile building blocks, such as the design of Interval Tensors. These crafted blocks aim to facilitate and streamline the iterative refinement of innovative reachability analysis algorithms. As illustrated in Fig. 2, the architecture of PyBDR features the following three core modules:

  • geometric module: The geometric module enriches the toolkit by incorporating established conventional set representations such as intervals, polytopes, and zonotopes. It innovatively advances interval arithmetic to the tensor level with the aid of a broadcasting mechanism. This advancement enables the parallelization of operations and provides a unified framework for manipulating vector intervals, matrix intervals, and interval matrices.

  • dynamic module: In addition to supporting linear systems, the dynamic module is specifically designed to manage nonlinear systems. It facilitates arbitrary-order derivative evaluation through symbolic computation, thereby enabling the approximation of nonlinear systems using Taylor series expansions to arbitrary degrees.

  • utility module: To assist in the implementation of reachability analysis algorithms, we have encapsulated interfaces for commonly used optimization methods and included a visualizer module for displaying computational results.

In addition to a modular architectural design, we also conducted a comprehensive evaluation of potential programming languages aligned with our objectives. Matlab, despite its prowess in matrix and symbolic computations, was dismissed due to its reliance on commercial licensing conflicting with our commitment to open-source principles. Similarly, while C/C++ offer high performance exemplified by tools like HyPro [33] and Flow* [16], their limited flexibility in supporting academic research prototypes made them less suitable for our needs. Although Julia shows promise in scientific computation, its relatively nascent community and ecosystem compared to Python persuaded us to explore other options. Ultimately, Python emerged as our choice not only for its user-friendly syntax and support for rapid prototyping but also for its extensive community and interoperability, crucial for integrating third-party resources in the development of reachability analysis algorithms.

Related Work. Recent developments in reachability analysis have led to a range of tools emphasizing different strengths. C/C++-based tools such as SpaceEx [17] and Flow* [16] excel in efficient algorithms for both linear and/or nonlinear hybrid systems. SpaceEx integrates diverse algorithms for linear systems, while HyPro [33] focuses on convex set representation similar to LazySets. Flow* distinguishes itself with Taylor model approximation for nonlinear dynamics. However, these tools often require compilation, which can slow down rapid prototyping cycles.

In contrast, tools like CORA [3] do not require pre-run compilation, offering a wide range of algorithms for linear and nonlinear systems, including methods based on zonotopes and interval arithmetic. Attempts to port CORA’s capabilities to C++ have resulted in tools like CORA/SX and SymReach, which demonstrate significant speed improvements in specific scenarios.

Python has also gained popularity in reachability analysis tools. HyLAA [8] provides discrete-time reachability algorithms for linear hybrid systems, while CommonRoad-Reach [24] combines a Python interface with a C++ core to compute reachable sets and driving corridors for autonomous vehicles in dynamic traffic, suitable for real-time applications.

Julia, known for its prowess in scientific computing, is exemplified by tools like JuliaReach [11], which provides efficient algorithms for sophisticated, high-dimensional problems. Despite Julia’s performance comparable to compiled languages, its ecosystem is still developing and not as extensive as Python’s.

The shift towards JIT-compiled or interpreted languages such as CORA, JuliaReach, and HyLAA reflects their flexibility in prototyping, crucial for the iterative development of algorithms. This trend underscores the community’s preference for platforms that balance ease of use with computational efficiency.

The remainder of this paper is structured as follows. We in Sect. 2 detail the architecture and features of PyBDR. In Sect. 3, we illustrate the performance of our tool PyBDR. Finally, we conclude this work in Sect. 4.

2 Architecture and Features

2.1 Architecture

In this section, we present an integrated framework of our prototype tool designed to enhance the computational processes involved in reachability analysis. The framework revolves around three core modules: the geometric module, the dynamic module, and the utility module, as illustrated in Fig. 2. By leveraging the functionality of these three modules, we have integrated the implementation of several reachability analysis algorithms [2, 7, 37, 38]. These implementations not only facilitate code reuse for the development of advanced methods but also showcase the tool’s potential in supporting the creation of innovative algorithms.

Fig. 2.
figure 2

Hierarchical module design in PyBDR. Solid arrows indicate functional dependencies and essential modules are highlighted with a light blue fill. (Color figure online)

Full size image

Geometric Module. The geometric module of PyBDR offers various set representations, including intervals, polytopes, and zonotopes, aiming to strike a balance between computational efficiency and the precision of reachable set computations. This module provides essential operations for arithmetic operations among sets, such as Minkowski addition [21] and linear transformations. Moreover, the module supports geometric operations for converting between different set representations and computing their enclosures. A significant feature highlighted in Fig. 3 is the boundary extraction interface. This interface enables the over-approximation of the boundary of an entire set using a collection of smaller geometric entities, thereby facilitating set-boundary propagation based reachability analysis. To our knowledge, PyBDR is the first reachability analysis toolkit to offer interfaces for boundary over-approximation of convex sets like zonotopes, intervals, and polytopes.

Dynamic Module. The dynamic module of PyBDR supports the definition of various types of systems, including continuous time-invariant linear systems, continuous nonlinear systems, and network-structured nonlinear systems. A notable capability of this module is its ability to analyze the behavior of Neural Ordinary Differential Equations (Neural ODEs) [14]. These systems adhere to homeomorphic mappings and can incorporate control inputs, expanding the scope of traditional reachability analysis methods.

Utility Module. The design of the utility module in PyBDR aims to offer interfaces for convex optimization problems tailored to diverse algorithmic requirements. Additionally, this module provides visualization functionalities that allow for graphical display of computed reachable sets. These visualizations enable users to intuitively analyze and evaluate the performance of the algorithm.

To provide a comprehensive overview of the advancements introduced by our tool PyBDR in reachability analysis, we present a comparative summary in Table 1. This table outlines the key characteristics of state-of-the-art reachability analysis tools alongside those of PyBDR, emphasizing the unique features and capabilities of our toolkit.

Table 1. Comparison of reachability analysis tools
Full size table

2.2 Features

Boundary Analysis. ODEs satisfying Lipschitz conditions ensure the uniqueness of evolutionary trajectories from initial states. This property, illustrated in Fig. 3, guarantees a boundary correspondence between the initial set and its reachable set throughout the system’s evolution [37,38,39]. That is, the set reachable from the initial set’s boundary is equal to the boundary of the initial set’s reachable set. Therefore, the boundary of the reachable set is determined by the boundary of the initial set. A significant feature of our tool is its capability to enhance existing reachability analysis methods by focusing on the boundary analysis of the initial set. To support this capability, we have developed boundary extraction features for various common set representations.

Fig. 3.
figure 3

Illustration of reachability analysis utilizing boundary analysis.

Full size image

We offer two methods for boundary extraction, one of which utilizes the intrinsic boundary solving algorithms internally to handle the extraction of intrinsic boundaries for intervals and zonotopes [31], such as extracting 4 edges of a rectangle characterizing a two-dimensional interval.

Additionally, we incorporate the method in Realpaver [18] for boundary extraction. This method can construct a series of smaller boxes to closely enclose the exact boundary of the initial set, as depicted in Fig. 3. By strategically reducing the size of these boxes, we aim to minimize errors introduced by the wrapping effect. This meticulous selection of smaller boxes allows for a higher precision characterization of the reachable set’s boundary, thereby reducing discrepancies between the computed reachable set and the actual evolution of the system. Figure 4c demonstrates that computing the reachable set using these smaller entities provides a more precise boundary approximation compared to results obtained from analyzing the entire initial set directly. This approach offers a more accurate solution for verification problems.

figure c
figure d

Interval Tensors. Interval arithmetic is an important tool in many reachability analysis algorithms to incorporate considerations for errors during calculations. Traditionally applied to intervals, it has been extended to handle more complex data structures such as interval matrices, which represent linear systems with parametric uncertainties. This extension requires the ability to perform interval arithmetic operations in a broader context when computing reachable sets. To address this need, we have developed the Interval Tensor data structure in PyBDR. Built upon NumPy’s broadcasting mechanism [19], Interval Tensor provides a versatile representation that seamlessly integrates various interval computations within a unified framework. This includes operations on interval vectors, vector intervals, interval matrices, and matrix intervals.

Table 2. Comparative evaluation of PyBDR and CORA for interval arithmetic operations.
Full size table

The Interval Tensor in PyBDR is designed to optimize computational efficiency by leveraging vectorized operations that are executed at a lower level in C, thereby minimizing the use of Python’s for loops. This approach significantly enhances computational efficiency. Moreover, Interval Tensor relaxes strict shape requirements on data during computations, allowing for operations like simultaneous interval matrix multiplication with scalar matrices, as demonstrated in Listing 3. By harnessing NumPy’s broadcasting mechanism, Interval Tensor improves ease of programming and enhances code readability. Compared to traditional approaches that rely heavily on explicit loops, PyBDR’s implementation, as illustrated in Listings 1 and 2, demonstrates efficient computation of complex tasks such as computing the Lagrange remainder term of the third order [2]. This showcases the practical advantages of Interval Tensor in managing intricate calculations while bolstering code readability and maintainability.

In summary, Interval Tensor not only optimizes computational efficiency through vectorization but also enhances the clarity and maintainability of algorithms in PyBDR.

figure e

In addition to enhancing code writing and readability, we compare the performance of PyBDR and CORA in different computational tasks to examine the average time consumption and accuracy of Interval Tensor in performing interval arithmetic operations. CORA was specifically chosen as a baseline due to its use of MATLAB, an interpretive language, and its focus on supporting reachability analysis. It’s important to note that INTLAB [32], a closed-source interval arithmetic library, was not included in our comparison. Benchmarking CORA against INTLAB can be found in [5]. All tests were conducted within the identical physical environment as described in Sect. 3. The time consumption for each operation was measured by averaging the processing time for \(N=10^4\) sets of data randomly sampled from uniform distributions. The interval data used in the tests were defined as \([I,I+I_{\delta }]\), where I and \(I_{\delta }\) are sampled from intervals \([\underline{I}, \overline{I}]\) and \([\underline{I}_{\delta }, \overline{I}_{\delta }]\), respectively. Both PyBDR and CORA utilized the double-precision data type compliant with the IEEE 754 standard [41]. The experimental settings and test results for all supported interval arithmetic operations by Interval Tensor in PyBDR are summarized in Table 2, with the maximum relative error \(\epsilon \) for each test defined as:

$$\begin{aligned} \epsilon =\max (\mu _{1}, \dots , \mu _{N}), \ \ \mu _{j}=\frac{\max {|\underline{I}_{P,j}-\underline{I}_{C,j}|, |\overline{I}_{P,j}-\overline{I}_{C,j}|}}{\overline{I}_{P,j}-\underline{I}_{P,j}} \end{aligned}$$
(1)

where \([\underline{I}_{P,j}, \overline{I}_{P,j}]\) and \([\underline{I}_{C,j}, \overline{I}_{C,j}]\) refer to the bounds for the \(j^{th}\) test in PyBDR and CORA, respectively.

Table 3. Performance evaluation of derivative computations in PyBDR.
Full size table

Symbolic Derivatives. Many continuous dynamical systems are typically described by Ordinary Differential Equations (ODEs), which depict their evolution within a state space [20, 40]. Higher-order derivatives are frequently employed to provide more accurate approximations of system behaviors within local state neighborhoods. These derivatives often manifest as high-dimensional data structures. For instance, for a vector-valued function \(\boldsymbol{f}: \mathbb {R}^n \rightarrow \mathbb {R}^m\), the second-order derivatives of \(\boldsymbol{f}\) involve tensors of size \(m \times n \times n\). As many set-based reachability analysis algorithms strive to approximate system behaviors, computing derivatives at specific time points becomes crucial for accurate approximations. Higher-order derivatives play a significant role in this process, allowing for more accurate approximations within local state neighborhoods. However, the computational overhead associated with calculating derivatives increases exponentially with their order, necessitating careful consideration in practical implementations. Unlike real-valued derivative evaluations, reachability analysis algorithms often rely on interval arithmetic. This approach is essential for estimating bounds that encompass exact values, accommodating potential errors inherent in real-world systems, and ensuring rigorous formal guarantees in analysis. Existing reachability analysis tools typically provide limited data structures for managing these complex operations efficiently. This limitation can lead to challenges in implementing theoretically straightforward operations, introducing unnecessary complexity and potentially compromising code readability and maintainability.

In response to the computational challenges posed by reachability analysis and the limitations of existing tools, our toolkit PyBDR integrates SymPy [26], providing a streamlined interface for evaluating and differentiating vector-valued functions effortlessly. This integration allows for precise handling of higher-order derivatives essential for accurate system behavior approximation. Moreover, our methodology leverages the interval tensor discussed earlier, enabling evaluations and derivatives within the framework of interval arithmetic, thereby enhancing operational convenience and adaptability. To assess the effectiveness of our approach, we provide detailed performance evaluations in Table 3 when handling data of varying scales across different systems.

3 Evaluation

To illustrate the advancements facilitated by the set-boundary propagation technique implemented in PyBDR for reachability analysis, we conducted two sets of case studies. In the first category of case studies, we compared the performance of PyBDR when computing reachable sets using the set-boundary propagation technique against a baseline method employing a simple partitioning on the entire initial set. This comparison aimed to demonstrate the efficiency gains and accuracy improvements achieved through the set-boundary propagation technique. In the second category of case studies, we benchmarked PyBDR against CORA, a tool developed in MATLAB that also utilizes set propagation techniques for reachability analysis. This benchmarking focused on scenarios involving large initial sets and long time horizons, specifically in the context of safety verification for nonlinear systems. We ensured experimental fairness and parameter consistency by employing conservative linearization method [7] across all computations.

All experiments were performed on a Windows system equipped with an i7-13700H 2.1 GHz CPU with 32 GB RAM. Parallel operations were performed using 4 cores.

3.1 Comparative Studies on the Use of Boundary Analysis

Consider a Lotka-Volterra model of 2 variables [15] as follows,

$$\begin{aligned} \dot{x_{0}} & = 1.5 x_{0} - x_{0} x_{1} \end{aligned}$$
(2)
$$\begin{aligned} \dot{x_{1}} &= -3 x_{1} + x_{0} x_{1} \end{aligned}$$
(3)
Fig. 4.
figure 4

Reachable sets via simple partition (blue), boundary analysis (green), and baseline method without partition or boundary analysis (orange); N–number of cells, T–runtime in seconds. (Color figure online)

Full size image

When starting with an initial set \([2.5,3.5]\times [2.5,3.5]\) and step size 0.005, the reachable set over time horizon [0, 2.2] using different levels of partitioning over the initial set and based on boundary analysis is illustrated in Fig. 4. It is evident that as the simple partitioning method is applied to the initial set with increasing precision, smaller subsets are used for reachability analysis. This reduction in volume effectively reduces the error introduced by the wrapping effect, thereby mitigating the divergence of the reachable set over the specified time horizon. In contrast, the set-boundary propagation technique achieves a comparable improvement in the conservatism of reachability analysis using a limited number of cells that specifically enclose the boundary of the initial set. This approach provides a computationally efficient alternative to simple partitioning, demonstrating its effectiveness in advancing reachability analysis methods.

3.2 Comparative Studies on Reachability Analysis

We benchmarked our performance against CORA on various continuous nonlinear dynamic systems, including Neural ODEs (NODEs), as listed in Table 4. Similarly, we applied the simple partition technique as in Subsect. 3.1 to improve the performance of CORA in reachability analysis. In our setup, PyBDR runs on 4 cores in parallel for specific operations, while CORA is single-threaded by its design. The runtimes in Table 4 refer to wall time, including I/O and other overheads, to compare overall performance in reachable set computation. For each system, we present an initial setup that can lead to a set explosion due to the wrapping effect during computation. On this basis, we reduce the conservativeness of the reachable set by using a more refined boundary characterization in PyBDR, and by partitioning the initial set into smaller cells in CORA. It is noteworthy that since the boundary of sets is dimensionally degenerate relative to the sets themselves, we constrained cell’s maximum width in both methods to keep the error introduced by the wrapping effect for each cell within the same scale.

Fig. 5.
figure 5

Reachable sets obtained with CORA (orange) and PyBDR (blue). (Color figure online)

Full size image
Table 4. Reachability analysis comparison on continuous benchmarks
Full size table

In Table 4, we observe that for systems with relatively large initial sets and long time horizons, both PyBDR and CORA suffer from significant errors from the wrapping effect, which leads to an overestimation of reachable sets. By reducing cell size, both tools yield more accurate over-approximations of reachable sets within specified time horizons. Moreover, as shown in Fig. 4, we can always obtain a more accurate estimation. Notably, despite Python’s inherent limitations in iterative computations when compared to MATLAB, by processing each cell in parallel, our toolkit still significantly outperforms CORA in terms of overall computation time, as particularly evidenced by the results presented in Fig. 5d. In particular, the analysis of the VanderPol system with an initial set \([0.9,1.9]\times [1.9,2.9]\) indicates a requirement for finer cell granularity to accurately approximate the reachable set as the time horizon extends. This refinement leads to a pronounced increase in computational time for CORA compared to PyBDR. And this trend persists across different initial set within [0, 7], where the need for precision intensifies to maintain valid reachable set estimations.

4 Conclusion

In this paper, we presented PyBDR, a Python-based toolkit that enhances the reachability analysis through set-boundary propagation analysis. Its key features include advanced set-boundary analysis to mitigate the wrapping effect and the integration of tensor-level interval arithmetic for efficient computations. Besides, PyBDR offers a diverse range of set representations and supports symbolic computation of derivatives, crucial for precise system behavior analysis. Built with Python’s user-friendly environment in mind, PyBDR facilitates rapid prototyping and accommodates complex computational tasks effectively. Its capabilities are demonstrated through benchmarking across various nonlinear dynamics scenarios.

For future development, our focus will expand to include support for additional dynamical systems, particularly hybrid systems. We also plan to incorporate a broader array of set representations, including nonconvex forms such as polynomial zonotopes. Enhancing user interaction through a user-friendly and interactive visualization module is another pivotal aspect of our roadmap.