of 49/49
24: Model Checking & Reachability Analysis 15-424: Foundations of Cyber-Physical Systems Goran Frehse Andr´ e Platzer Verimag [1] Laurent Doyen, Goran Frehse, George J. Pappas, Andr´ e Platzer. Verification of Hybrid Systems. In Edmund M. Clarke, Thomas A. Henzinger and Helmut Veith, editors, Handbook of Model Checking. Springer, 2017. Goran Frehse, Andr´ e Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36

24: Model Checking & Reachability Analysissymbolaris.com/course/fcps16/reachability.pdf · 24: Model Checking & Reachability Analysis ... editors, Handbook of Model Checking. Springer,

  • View
    218

  • Download
    0

Embed Size (px)

Text of 24: Model Checking & Reachability Analysissymbolaris.com/course/fcps16/reachability.pdf · 24:...

  • 24: Model Checking & Reachability Analysis15-424: Foundations of Cyber-Physical Systems

    Goran Frehse Andre Platzer

    Verimag

    [1] Laurent Doyen, Goran Frehse, George J. Pappas, Andre Platzer.Verification of Hybrid Systems.In Edmund M. Clarke, Thomas A. Henzinger and Helmut Veith,editors, Handbook of Model Checking. Springer, 2017.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36

    http://www.springer.com/us/book/9783319105741http://www.springer.com/us/book/9783319105741

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 1 / 36

  • Example: Ball on String

    m

    Fs

    Fg

    xr

    xr + L

    x

    (a) extension

    m

    Fgxr

    xr + L

    x

    (b) freefall

    dynamics in freefall when x xr , with mass mmx = Fg = mg

    dynamics in extension when x xr , spring constant k , damping dmx = Fg + Fs = mg + kxr kx dx

    transition when x = xr + L, collision factor c [0, 1] x+ = cx

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 2 / 36

  • Example: Ball on String

    m

    Fs

    Fg

    xr

    xr + L

    x

    (c) extension

    m

    Fgxr

    xr + L

    x

    (d) freefall

    dynamics in freefall when x xr , with mass mmx = Fg = mg

    dynamics in extension when x xr , spring constant k , damping dmx = Fg + Fs = mg + kxr kx dx

    transition when x = xr + L, collision factor c [0, 1] x+ = cxGoran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 2 / 36

  • Hybrid Automaton Model: Ball on String

    auxiliary variable v = x , so v = x

    clip from SpaceEx Model Editor1

    1G. Frehse, C. L. Guernic, A. Donze, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang,and O. Maler, Spaceex: Scalable verification of hybrid systems, in CAV11, ser. LNCS,Springer, 2011.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 3 / 36

  • Simulation

    0 0.5 1 1.5 2 2.5

    1

    0

    1

    x0

    x1

    x2

    x3x4

    x5

    t

    positionx

    0 0.5 1 1.5 2 2.5

    5

    0

    5

    v0

    v1

    v2

    v2

    v3

    v4

    v5

    t

    velocity

    v

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 4 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 4 / 36

  • Hybrid Automata (Alur, Henzinger, 95)[2][3]

    locations Loc = {1, . . . , m} and variables X = {x1, . . . , xn}define the state space Loc RX

    transitions Edg Loc Lab Loc define location changes withsynchronization labels Lab

    evolution domain alias invariant Inv Loc RX ,flow relation Flow, where Flow() RX RX , e.g.,

    x = f (x);

    jump relation Jump, where Jump(e) RX RX+ , e.g.,

    Jump(e) = {(x, x+) | x G x+ = r(x)}

    initial states Init Inv

    Except: all described by semialgebraic sets (often polyhedra)

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 5 / 36

  • Hybrid Automata (Alur, Henzinger, 95)[2][3]

    locations Loc = {1, . . . , m} and variables X = {x1, . . . , xn}define the state space Loc RX

    transitions Edg Loc Lab Loc define location changes withsynchronization labels Lab

    evolution domain alias invariant Inv Loc RX ,flow relation Flow, where Flow() RX RX , e.g.,

    x = f (x);

    jump relation Jump, where Jump(e) RX RX+ , e.g.,

    Jump(e) = {(x, x+) | x G x+ = r(x)}

    initial states Init InvExcept: all described by semialgebraic sets (often polyhedra)

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 5 / 36

  • Run Semantics

    (0, x0)0,0 (0, 0(0))

    0 (1, x1)1,1 (1, 1(1)) . . .

    with (0, x0) Init, i Lab {}, and for i = 0, 1, . . .:

    1 Trajectories: ((t), (t)) Flow() and i(t) Inv(i)for all t [0, i ].

    2 Jumps: (i(i), xi+1) Jump(ei), ei = (i , i , i+1) Edg, andxi+1 Inv(i+1).

    A state (, x) is reachable if there exists a run with (i , xi) = (, x)for some i .

    Usually: Flow() is ODE and trajectory (t) its solution

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 6 / 36

  • Run Semantics

    (0, x0)0,0 (0, 0(0))

    0 (1, x1)1,1 (1, 1(1)) . . .

    with (0, x0) Init, i Lab {}, and for i = 0, 1, . . .:

    1 Trajectories: ((t), (t)) Flow() and i(t) Inv(i)for all t [0, i ].

    2 Jumps: (i(i), xi+1) Jump(ei), ei = (i , i , i+1) Edg, andxi+1 Inv(i+1).

    A state (, x) is reachable if there exists a run with (i , xi) = (, x)for some i .

    Usually: Flow() is ODE and trajectory (t) its solution

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 6 / 36

  • Example: Ball on String

    1 0.8 0.6 0.4 0.2 0 0.2 0.4 0.6 0.8 1

    5

    0

    5

    x0

    0(0) = x1

    3(3) = x41(1)

    x2

    2(2) = x3

    4(4) = x5

    position x

    velocity

    v

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 7 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 7 / 36

  • Set-Based Reachability

    Extending numerical simulation from numbers to sets

    account for nondeterminism

    exhaustive

    infinite time horizon

    Downsides:

    only approximate for complex dynamics

    generally not scalable in number of variables

    trade-off between runtime and accuracy

    may not terminate or degenerate to system could be anywhere

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 8 / 36

  • Reachability Algorithm

    One-step successors by time elapse from set of states S ,

    PostC (S) ={(, ())

    (, x) S : (, x) , (, ())}One-step successors by jump from set of states S ,

    PostD(S) ={(, x)

    (, x) S , Lab{}:(, x) (, x)}R0 := PostC (Init),

    Ri+1 := Ri PostC (PostD(Ri)).

    If Ri+1 = Ri , then Ri = reachable states.

    may not terminate if states unbounded (counter)

    problem undecidable in general2

    2T. A. Henzinger, P. W. Kopke, A. Puri, and P. Varaiya, Whats decidable about hybridautomata? Journal of Computer and System Sciences, vol. 57, pp. 94124, 1998.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 9 / 36

  • Ball on String: Reachable States

    (clip from SpaceEx output)

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 10 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 10 / 36

  • HA of piecewise constant dynamics (PCDA,LHA)

    initial states and invariants are conjunctions of linear constraints

    xr x x xr + L

    flows are conjunctions of linear constraints over derivatives X

    x = 5 v = 1 2 z z 5

    jumps are conjunctive linear constraints over X X+,where X+ denote the variables after the jump.

    x = xr + L v > 0 v+ = 0.5 v

    One-step successors of PCDA can be computed exactly.Often: assume all constraints are compact or at least closed.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 11 / 36

  • Polyhedra in Constraint Form

    Conjunctive linear constraints are polyhedra

    H-polyhedron (constraint form)

    P ={x m

    i=1aTi x bi

    },

    with facet normals ai Rn and inhomogeneous coefficients bi R.vector-matrix notation:

    P ={x Ax b}, with A = ( aT1...

    aTm

    ),b =

    ( b1...bm

    ).

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 12 / 36

  • Time Elapse with Polyhedra

    For PCDA, it suffices to consider straight-line trajectories:3

    Lemma (Constant Derivatives)

    There is a trajectory (t) from x = (0) to x = (), > 0, iff(t) = x+ qt with q = (x x)/ is a trajectory from x to x.

    Proof Idea: Average slope is enough by mean-value theorem

    3P.-H. Ho, Automatic analysis of hybrid systems, Technical Report CSD-TR95-1536,PhD thesis, Cornell University, Aug. 1995.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 13 / 36

  • Time Elapse with Polyhedra

    For PCDA, it suffices to consider straight-line trajectories:3

    Lemma (Constant Derivatives)

    There is a trajectory (t) from x = (0) to x = (), > 0, iff(t) = x+ qt with q = (x x)/ is a trajectory from x to x.

    Proof Idea: Average slope is enough by mean-value theorem

    3P.-H. Ho, Automatic analysis of hybrid systems, Technical Report CSD-TR95-1536,PhD thesis, Cornell University, Aug. 1995.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 13 / 36

  • Time Elapse with Polyhedra

    Given polyhedra P = {x | Ax b}, Q = {q | Aq b}Time successors with constant slope Q (ignores evolution domain):

    PQ = {x | x P ,q Q, t R0, x = x+ qt}.

    Eliminating q = xxt

    for t > 0, plug into Q, and multiplying with t:

    PQ ={x Ax b A(x x) b t t 0}.

    Quantifier elimination of t squares the number of constraints. FMMore general union of two polyhedra if Q not compact.Subsequently intersect with evolution domain Inv:

    postC ( P) = (PFlow()

    ) Inv().

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 14 / 36

  • Time Elapse with Polyhedra Geometric Version

    x1

    x2

    Qpos(Q)

    (a) cone pos(Q)

    x1

    x2

    P

    Q

    P Q

    (b) P Q

    x1

    x2

    P

    P pos(Q)

    (c) PQ = P pos(Q)

    cone around Q pos(Q) = {q t | q Q, t 0}Minkowski sum P Q = {p+ q | p P ,q Q}convex hull chull(Q) =

    {qiQ i qi

    i 0,i i = 1}

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 15 / 36

  • Polyhedra in Generator Form

    H-polyhedron (constraint form)

    P ={x Ax b}, with A = ( aT1...

    aTm

    ),b =

    ( b1...bm

    ).

    V-polyhedron (generator form)

    P = (V ,R) = chull (V ) pos(chull(R)).

    with vertices V Rn and rays R RnIf P = (V ,R) and Q = (V ,R ) in generator form and closed, then

    PQ = (V ,R)(V ,R ) = (V ,R V R )

    But: conversion between H- and V-polyhedra is expensivecube: 2n constraints, 2n verticescross-polytope (diamond): 2n vertices, 2n constraints

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 16 / 36

  • Discrete Successors

    Edge e = (, , ) with guard x G and nondeterministic assignmentx+ = Cx+w, w W ,

    postD( P) = (C (P G)W

    ) Inv().

    If constant matrix C invertible and everything in constraint form

    CP = {x | AC1x b} where P ={x Ax b}

    Otherwise requires quantifier elimination

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 17 / 36

  • Computational Cost

    polyhedraoperation m constraints k generators

    cone pos() m2 kMinkowski sum exp k2linear map Ax+b m / exp kintersection 2m exp

    Generator form good for continuous successors PQ = P pos(Q)Constraint form is better for discrete successors if no uncertaintyConversion is expensive

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 18 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 18 / 36

  • Piecewise Affine Dynamics

    Hybrid automata with piecewise affine dynamics (PWA)

    initial states and invariants are conjunctive linear constraintsover X alias polyhedra

    xr x x xr + L

    flows are affine ODEs with compact convex polyhedra U

    x = Ax+ Bu, u U ,

    jumps have a guard set and assignments

    x+ = Cx+w, w W .

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 19 / 36

  • Continuous successors

    x = Ax+ Bu, u U ,

    trajectory (t) from (0) = x0 for integrable input signal (t) U :

    x0,(t) = eAtx0 +

    t0

    eA(ts)B(s)ds

    superposition withbackdated impact eA(ts) of input (s) at s

    reachable states from set X0 for any input signal:

    Xt = eAtX0 Yt

    Yt = t0

    eAsUds = eAtX0 lim0

    t/k=0

    eAkU

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 20 / 36

  • Computing a Convex Cover

    X00

    X

    1

    X2

    2

    Compute 0,1, . . . for fixed time horizon T such that0tT

    Xt 0 1 . . . .

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 21 / 36

  • Time Discretization at Step-size

    X00

    X

    1

    X2

    2

    Semi-group property: (Xk) = X(k+1)Time discretization: X(k+1) = eAXk YGiven initial approximations 0 and for the first such that

    0t

    Xt 0, Y ,

    Xt is covered by the sequence

    k+1 = eAk .

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 22 / 36

  • Initial Approximations

    X0

    X

    0

    (a) convex hull and pushing facets (b) convex hull and bloating

    By Taylor approximation or by solving optimization problems

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 23 / 36

  • Initial Approximations Forward Bloating

    Bloating based on norms bounding Taylor approximation error:4

    0 = chull(X0 eAX0) ( + )B, = B, = (X0) (eA 1 A), =

    1A(BU) (e

    A 1),

    with radius (X ) = maxxXx and unit ball B.

    4A. Girard, Reachability of uncertain linear systems using zonotopes, in HSCC, 2005,pp. 291305.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 24 / 36

  • Initial Approximations Forward Bloating

    X0

    0

    X

    1

    X2

    2

    Forward bloating is tight on X0 and bloated on X.Improvements:

    intersect forward bloating with backward bloating

    bloat based on interpolation error

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 25 / 36

  • Wrapping Effect: Error Accumulation

    X0

    eAX0

    Appr(eAX0)

    Appr(eAAppr(eAX0))

    (a) with wrapping effect

    X0

    eAX0

    Appr(eAX0)Appr(eA2X0)

    (b) with wrapping-free algorithm

    Avoid increasing complexity through deliberate over-approximation

    k+1 = Appr(eAk ).

    Example: bounding box over-approximation is fast

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 26 / 36

  • Wrapping Effect: Wrapping-free Cases

    Idea: Over-approximate each image of initial approximation separatelySolution: Split sequence5

    k+1 = Appr(eAk) k with 0 = {0},

    k = Appr(eAk0) k from initial 0

    satisfies k = Appr(k) (wrapping-free) if

    Appr(P Q) = Appr(P) Appr(Q),

    e.g., bounding box.

    5A. Girard, C. L. Guernic, and O. Maler, Efficient computation of reachable sets of lineartime-invariant systems with inputs, in HSCC, 2006, pp. 257271.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 27 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 27 / 36

  • Polyhedra

    X00

    X

    1

    X2

    2

    polyhedraoperation m constr. k gen.

    convex hull chull exp 2kMinkowski sum exp k2linear map Ax+b m / exp kintersection 2m exp

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 28 / 36

  • Ellipsoids6

    X00

    X

    1

    X2

    2

    polyhedra ellipsoidsoperation m constr. k gen. n n matrix

    convex hull chull exp 2k approxMinkowski sum exp k2 approxlinear map Ax+b m / exp k O(n3)intersection 2m exp approx

    6A. B. Kurzhanski and P. Varaiya, Dynamics and Control of Trajectory Tubes. Springer,2014.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 29 / 36

  • Zonotopes

    v1v2

    v3

    v4c

    Zonotope with center c Rn and generators v1, . . . , vk Rn

    P ={c+

    ki=1

    ivi

    i [1, 1]}.linear map: (Ac, Av1, . . . ,Avk)Minkowski sum: P Q = (c+ d, v1, . . . , vk ,w1, . . . ,wm)Not closed under chull or so need approximations

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 30 / 36

  • Zonotopes7

    X00

    X

    1

    X2

    2

    polyhedra ellipsoids zonotopesoperation m constr. k gen. n n matrix k generators

    convex hull chull exp 2k approx approxMinkowski sum exp k2 approx 2klinear map Ax+b m / exp k O(n3) kintersection 2m exp approx approx

    7A. Girard, Reachability of uncertain linear systems using zonotopes, in HSCC, 2005,pp. 291305.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 31 / 36

  • Support Functions of Compact Convex Set P

    dP(d)

    P

    0

    (a) support function in direction d

    d3

    d4

    d1

    d2

    P

    PD

    (b) outer approximation

    support function P() by linear optimization (efficient!)

    P(d) = max{dTx | x P}

    computed values define polyhedral outer approximation

    PD =dD

    {dTx P(d)

    }Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 32 / 36

  • Support Functions

    dP(d)

    P

    0

    (a) support function in direction d

    d3

    d4

    d1

    d2

    P

    PD

    (b) outer approximation

    linear map: AX () = X (AT) O(mn)

    convex hull: chull(PQ)() = max{P(), Q()} O(1)Minkowski sum: XY() = X () + Y() O(1)Intersection: expressible as optimization problem

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 33 / 36

  • Support Functions (Le Guernic, Girard,09)[9]

    X00

    X

    1

    X2

    2X0

    0

    X

    1

    X2

    2

    support functions: lazy approximation on demand

    polyhedra ellipsoids zonotopes support f.operation m constr. k gen. n n matrix k generators

    convex hull chull exp 2k approx approx O(1)Minkowski sum exp k2 approx 2k O(1)linear map Ax+b m / exp k O(n3) k O(n2)intersection 2m exp approx approx opt. / approx

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 34 / 36

  • Outline

    1 Hybrid AutomataExampleDefinition and Semantics

    2 Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    3 Conclusions

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 34 / 36

  • Conclusions

    Hybrid automata are challenging for model checking.

    Set-based reachability is exhaustive, sufficient for safety andbounded liveness.

    expensive, scalable for piecewise affine dynamics

    Abstraction lifts reachability to more complex systems

    progress with approximate simulation relations

    Verification by numerical simulation extends properties fromtraces to sets of states

    sampling of initial states limited to low dimensional sets

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 35 / 36

  • References

    [2] R. Alur, C. Courcoubetis, N. Halbwachs, T. Henzinger, P.-H. Ho, X. Nicollin, A. Olivero,J. Sifakis, and S. Yovine, The algorithmic analysis of hybrid systems, TheoreticalComputer Science, vol. 138, pp. 334, 1995.

    [3] T. A. Henzinger, The theory of hybrid automata., in LICS, Los Alamitos: IEEEComputer Society, 1996, pp. 278292.

    [9] C. Le Guernic and A. Girard, Reachability analysis of linear systems using supportfunctions, Nonlinear Analysis: Hybrid Systems, vol. 4, no. 2, pp. 250262, 2010.

    Goran Frehse, Andre Platzer () FCPS / 24: Model Checking & Reachability Analysis 36 / 36

    Hybrid AutomataExampleDefinition and Semantics

    Set-Based ReachabilityPiecewise Constant DynamicsPiecewise Affine DynamicsSet Representations

    Conclusions