Functional sets with typed symbols: Framework and mixed Polynotopes for hybrid nonlinear reachability and filtering
FFunctional sets with typed symbols: Framework and mixedPolynotopes for hybrid nonlinear reachability and filtering. (cid:63)
C. Combastel a a Univ. Bordeaux, CNRS, IMS, UMR 5218, 33405 Talence, France
Abstract
Verification and synthesis of Cyber-Physical Systems (CPS) are challenging and still raise numerous issues so far. In thispaper, an original framework with mixed sets defined as function images of symbol type domains is first proposed. Syntaxand semantics are explicitly distinguished. Then, both continuous (interval) and discrete (signed, boolean) symbol types areused to model dependencies through linear and polynomial functions, so leading to mixed zonotopic and polynotopic sets.Polynotopes extend sparse polynomial zonotopes with typed symbols. Polynotopes can both propagate a mixed encoding ofintervals and describe the behavior of logic gates. A functional completeness result is given, as well as an inclusion methodfor elementary nonlinear and switching functions. A Polynotopic Kalman Filter (PKF) is then proposed as a hybrid nonlinearextension of Zonotopic Kalman Filters (ZKF). Bridges with a stochastic uncertainty paradigm are outlined. Finally, severaldiscrete, continuous and hybrid numerical examples including comparisons illustrate the effectiveness of the theoretical results.
Key words:
Functional sets; Polynomial dependencies; Mixed encoding; Logic; Hybrid dynamic systems; Reachability;Robust state estimation; Kalman filters; Zonotopes; Polynotopes;
Uncertainty management undoubtedly remains a greatchallenge when designing, observing, controlling andverifying systems with stringent safety, reliability andaccuracy requirements. Trials and errors are inherentto any innovation process, even if correct-by-designmethodologies tend to reduce the number of iterations.Common industrial practice still makes intensive use ofMonte-Carlo simulations [34] and design of experiments[56] to check for robustness, perform sensitivity analysisand optimize tuning. Meanwhile, given some model ofthe available knowledge, which is by essence subject touncertainties, formal methods [7] provide verificationand synthesis tools likely to ensure a full coverage wrt tothe range of specified behaviors, including off-nominaland worst cases. Dealing with complex dynamics such as (cid:63)
This paper was not presented at any IFAC meeting. Cor-responding author: C. Combastel. Tel: +33 5 40 00 25 25.
Email address: [email protected] (C. Combastel). This study has been carried out with financial supportfrom the French State, managed by the French NationalResearch Agency (ANR) in the frame of the “Investmentsfor the future” Programme IdEx Bordeaux - SysNum (ANR-10-IDEX-03-02). nonlinear and hybrid ones remains challenging and theachieved trade-off between computation time and accu-racy heavily depends on underlying set representations.
Within the set-membership literature, intervals [51,29],ellipsoids [66,43,36] and polytopes [74,26] have initiateda growing body of research works addressing the coreproblem of reachability [52,23,39,42,61,15,68,3,5,41,6,25],but also possibly distributed [54,53,17] state estimation[57,1,9,10,11,37,71,13,14,44,59,64,2,60,19,18], identifi-cation [47,8], computation of invariant sets [20,46,72],fault diagnosis [16,73,12,69,58,55], among others. Inter-vals (resp. ellipsoids) are not closed under linear maps(resp. Minkowski sum) and basic polytope computa-tions do not scale very well. Those sets, and convex setsin general, can be represented by support functions [38].Dealing with non convex and/or non-connected sets isstill possible through pavings [29] and/or bundles [50,4]but costly since related algorithms often rely on bisec-tions yielding an exponential complexity. Level sets [49]also constitute an alternative which suffers from thecurse of dimensionality. Moreover, a direct use of set-membership techniques is often subject to the so-calleddependency problem due to the loss of variable multi-occurrences when overloading basic operators like sum,
Preprint submitted to Automatica 17 September 2020 a r X i v : . [ ee ss . S Y ] S e p ifference, product, etc. This may yield pessimistic eval-uations leading to the so-called wrapping effect [35,40]when uncertainty propagation through dynamic sys-tems is considered. This has motivated the use of affinearithmetic [21,65] and other set representations of in-termediate complexity between interval/ellipsoids andpolytopes/level sets, like zonotopes. Zonotopes form aclass of convex and centrally symmetric polytopic setsdefined as the affine image of a unit hypercube [35,9,24].Then, affine function transforms correspond to implicitset operations and the evaluation of bounds can be de-layed (lazy evaluation [70]), to the benefit of a bettermanagement of (linear) dependencies.At this step, an analogy can be noticed between suchaffine function transforms and the manipulation of sym-bolic expressions at a syntactic level (e.g. x − x simpli-fied as 0 before substituting the unit interval [ − , +1]for x in x − x ). In addition, a distinction can be madebetween syntax (e.g. formal transformation rules) andsemantics (e.g. the set-valued interpretation of some ex-pression). This important distinction is not always visi-ble with sets, notably if, e.g., the zonotope (cid:104) c, R (cid:105) = { x = c + Rs, s ∈ [ − , +1] p } ⊂ R n is identified with the pair( c, R ) and/or the formal expression c + Rs defining anaffine function of symbolic variables in s . This motivatedthe recent introduction of symbolic zonotopes and USP(Unique Symbol Provider) in [17]. To summarize, a cleardistinction between syntax and semantics appears as akey point to struggle against the dependency problem inset-membership computations. This distinction, usual inother fields like mathematical logic [62], will serve as aguideline to set-up the generic framework of image-setsintroduced in this paper.Though zonotopic sets catch some linear dependencieswith their generators (i.e. columns of R ), their convex,connected, and centrally symmetric nature still imposerestrictions to address the reachability of nonlinear andhybrid (i.e. mixed continuous/discrete) dynamic sys-tems. To overcome these restrictions, Taylor models[42], polynomial zonotopes [3] and sparse polynomialzonotopes (spz) [32] rely on sets defined as polynomialimages rather than affine/linear ones. Constraints canbe also introduced in the set representation as with con-strained zonotopes [69] and, very recently, constrainedpolynomial zonotopes [33]. Note that the evaluationof bounds under constraints, even if delayed, may becostly and involve iterative algorithms (e.g. linear pro-gramming with constrained zonotopes). In this paper, after preliminaries (section 2), a differ-ent approach is explored to gather in a single datastructure the representation of possibly non-convex andnon-connected sets: Symbol typing, while keeping thegeneral idea of defining sets as the image of a domain by a function.Indeed, the proposed framework of functional sets withtyped symbols (section 3) does not impose a priori re-strictions on the class of functions which may be linear(zonotopes), polynomial (polynotopes) or any others.As already mentioned, the distinction between syntaxand semantics will be explicitly formalized (notation: ι for “interpretation of”). Moreover, the definition do-main of the function used to define an image set willdepend on the type of the symbolic variables formal-izing the function inputs. A compact and dependencypreserving representation of mixed sets is so obtained.Symbol types are not imposed in the general frameworkand may include random variables.Then, special attention is paid to the types unit in-terval ( ∈ [ − , +1]), signed ( ∈ {− , +1 } ) and boolean( ∈ { , } ) under linear and polynomial dependen-cies in section 4. For example, { x = c + Rs, s ∈ [[ − , +1] c ; {− , +1 } d ] } defines a mixed zonotope. Mixedpolynotopes and mixed image sets are defined as well.Also, an original mixed encoding of intervals is pro-posed, making it possible to tune the granularity levelof the discrete/symbolic part of a mixed representationwhile avoiding the need for costly bissections/splittingin reachability computations.In section 5, modeling tools for nonlinear hybrid sys-tems are given with emphasis placed on a compositionalapproach relying on basic logic gates and basic nonlin-ear continuous and switching functions. The polynomialrepresentation of logic functions defined on {− , +1 } (signed logic) or { , } (boolean logic) is analyzed and afunctional completeness result is given for polynotopes.Inclusion methods are also given.Then, a Polynotopic Kalman Fiter (PKF) extendingZonotopic Kalman Filters (ZKF) to hybrid nonlin-ear systems is developed in section 6. Through basicoperators/functions overloading, its implementationcan benefit from the proposed dependency preservingcompositional inclusion methods. Moreover, the linksbetween PKF, ZKF and the basic stochastic KalmanFilter KF [30] are made explicit.In section 7, several numerical examples including com-parisons illustrate the effectiveness of the proposedscheme, and concluding remarks are given in section 8. To begin with, a definition of sets from functions (im-set) and a definition of inclusion functions are given anddiscussed in a classical (non-symbolic) framework.
Definition 1 (imset)
Given a function f : X → Y ,x (cid:55)→ y = f ( x ) and a set X ⊂ X , the imset of X by f is: f ( X ) = { f ( x ) | x ∈ X } . Definition 2 (Inclusion function)
The function g :[[ X ]] → [[ Y ]] , X (cid:55)→ Y = g ( X ) is an inclusion function forthe function f : X → Y , x (cid:55)→ y = f ( x ) if X ∈ [[ X ]] and: X ∈ [[ X ]] , f ( X ) ⊂ g ( X ) ,where f ( X ) is the imset of X ⊂ X by f . Corollary 3
Since [[ X ]] must satisfy ∀ X ∈ [[ X ]] , X ⊂ X , g is an inclusion function for f if: ( X ∈ [[ X ]]) ∧ ∀ X ∈ [[ X ]] , (( X ⊂ X ) ∧ ( f ( X ) ⊂ g ( X ))) .Notice that x ∈ X is not necessarily set-valued, whereas X ∈ [[ X ]] is. For instance, [[ X ]] may be the set of intervalsincluded in an interval X defined on some continuousand/or discrete domain. In the continuous case, the def-inition 2 is equivalent to that classically used for intervalarithmetic. Corollary 4 imset f : [[ X ]] → [[ Y ]] , X (cid:55)→ Y = f ( X ) ismonotone wrt inclusion: X ⊂ X ⇒ imset f ( X ) ⊂ imset f ( X ) . However, it is not required that g has tobe monotone wrt inclusion to be an inclusion function.Even without this requirement, it can be inferred that: ∀ X ∈ [[ X ]] , f ( X ) ⊂ g ( X ) .Indeed, from the definition 2, ∀ X ∈ [[ X ]] , X ⊂ X ,and the monotony of imset f wrt inclusion gives: ∀ X ∈ [[ X ]] , f ( X ) ⊂ f ( X ) . Also, since X ∈ [[ X ]] , f ( X ) ⊂ g ( X ) . Thus, ∀ X ∈ [[ X ]] , f ( X ) ⊂ g ( X ) , with-out requiring the additional statement that g must bemonotone wrt inclusion to be an inclusion function. A framework for functional sets, that is, sets defined andoperated through functions is introduced in this section.With the ultimate goal of better managing dependen-cies that constitute a key for an accurate propagationof uncertainties, an explicit distinction between syntaxand semantics is considered. Whereas syntax refers torules defining symbol combinations that are correct insome language, semantics refers to the interpretationor meaning of related sentences. In other words, syntaxrefers to how writing correct statements, semantics indi-cates what they mean. The proposed framework intro-duces the so-called image-sets as set-valued interpreta-tions/evaluations (semantics) of functions defined fromsymbolic expressions (syntax) on some domains. Thesedomains which may be continuous, discrete or mixed, arebuilt from different types of symbolic variables. More-over, following [17], each of these symbols are uniquelyidentified in order to preserve dependencies.
Let I and S be two sets, namely a set of identifiers anda set of distinct symbols (symbolic variables). Let s bea bijective function such that s : I → S , i (cid:55)→ s i = s ( i ).This establishes a family of unique symbols in S each in-dexed by a unique identifier in I . Moreover, s − ( s i ) = i ,that is, the inverse function s − returns the unique iden-tifier of any symbol in S . Let I ⊂ I , s I denotes the col-umn vector [ s i ] i ∈ I made of the symbolic variables iden-tified by I . In terms of syntax, each symbol in S has a type in T . Thetype assignment function (taf) τ : S → T , v (cid:55)→ τ ( v ) as-signs a type, possibly empty if unspecified, to each sym-bol in S i.e. to each symbolic variable v ∈ S .In terms of semantics, each type in T can be interpretedas a domain (of possible values) in D . The interpreta-tion of a type t ∈ T as a domain is formalized througha bijective function ι T shortly denoted ι and defined as ι : T → D , t (cid:55)→ ι ( t ).Similarly, an interpretation/evaluation of any symbolin S as a (possibly set-)value in V is formalized througha function ι S shortly denoted ι and defined as ι : S → V , s i (cid:55)→ ι ( s i ).A single-valued (resp. set-valued) interpretation ι S ofsymbols in S remain consistent with the interpretation ι T of their types in T if : ∀ i ∈ I , ι ( s i ) ∈ ι ( τ ( s i )) for single-valued, ∀ i ∈ I , ι ( s i ) ⊂ ι ( τ ( s i )) for set-valued.In each case, the left (resp. right) occurrence of ι refersto the interpretation of symbols ι S (resp. types ι T ). Thesingle-valued or set-valued nature of a symbol interpre-tation depends on whether the elements of V are ele-ments or subsets of T . Shorthand notation: ιs i = ι ( s i ). Example 5
Let I = N , that is, the natural integers areused as unique identifiers for symbols (symbolic vari-ables) in S . Let T = {∅ , i , s , b } define a set of typeswhere ∅ , i , s , b respectively refer to unspecified, inter-val, signed, boolean. Let shorthand notations for basicdomains be defined as (cid:3) = [ − , +1] , |±| = {− , +1 } , | | = { , } . Let D = {∅ , (cid:3) , |±| , | |} denote a set of do-mains used to interpret the symbol types in T throughthe bijective interpretation function ι defined as: ι ( ∅ ) = ∅ , ι ( i ) = (cid:3) , ι ( s ) = |±| , ι ( b ) = | | .Given a unique identifier i ∈ N for the unique sym-bol s i and assuming that the type τ ( s i ) of the sym-bolic variable s i is b for boolean i.e. τ ( s i ) = b , then ιτ ( s i ) = | | = { , } is the interpretation ι as a domainof the type τ of the symbolic variable s i . Indeed, | | isthe domain of possible values for the boolean variablenamed as s i when some value is assigned to it. Similarly, ιτ s − ( i ) denotes the domain of possible values for thesymbolic variable uniquely identified by i , such domaindepending on the type of s i . A Unique Symbols Provider (USP) is assumed to be im-plemented as a global function (or service) named !( . )and such that !( n, t ) with ( n, t ) ∈ N × T returns an n -dimensional vector I ∈ I n of unique identifiers such thateach related unique symbolic variable in the symbol vec-tor s I ∈ S n is of type t i.e. ∀ i ∈ I, τ ( s i ) = t .Notice that when the unique identifiers are integers i.e. I = N , a basic implementation of !( n, t ) is “ l = l + n , here understood similarly to valuation in mathematicallogic, e.g., as a (truth) value assignment to variables (inpropositional logic). Since s is bijective, ∀ s i ∈ S and ∀ i ∈ I are analog. h ( t ) n + 2 n h [ l − n + 1 , ..., l ])” where n denotesa vector of n ones, l is a persistent counter initialized to0 at startup, and h : T → N assigns to each type t ∈ T aunique integer encoded with at most n h bits, which re-quires | T | ≤ n h . For example, T = {∅ , i , s , b } has a car-dinality | T | = 4. Then, n h = 2 and h ( T ) = { , , , } is apossible choice. Extensions include an overflow checkingor an implementation (possibly distributed) as a servicein a CPS (Cyber-Physical System) : see [17] for details. In order to transform and evaluate expressions based on(typed) symbols while preserving an explicit distinctionbetween syntax and semantics, the notion of symbolicfunction or, shortly, s-function, is introduced. The aim isto disambiguate different interpretations of a function.Informally, let f be a function of s and s defined as f ( s , s ) = s + s which is assumed to be a syntacti-cally correct expression. Then, depending on the typeof s and s , the possible values of s and s may differas well as the concrete evaluation of the + operator e.g.sum of reals or sum of intervals, sum of scalars or sum ofmatrices, sum of crisp values or Minkowski sum of sets,concatenation of strings, etc. All the items in this enu-meration are among the many possible interpretations ofthe same s-function f assigning the symbolic expression s + s to the pair of parameters symbolized by ( s , s ).Such interpretations may range from purely mathemat-ical objects such as, e.g., f : R → R , ( s , s ) (cid:55)→ s + s ,to very concrete algorithmic implementations used toevaluate the image of some input parameter values.In the proposed symbolic framework, a distinction isexplicitly made between s-function definitions (sfd), s-function interpretations (sfi), and s-function evaluations(sfe) based on a given sfi. Whereas sfd refers to syntax ,sfi and sfe refer to semantics.Let f = (cid:104) f (cid:105) s,τ denote an s-function of s I , I ⊂ I , withsymbols typed by τ . Let F ( s I ) be the set of well-formedformulas/expressions/equations (wff) based on a lan-guage involving the (typed) symbols in s I . Definition 6 (s-function: sfd/sfi/sfe) : • s-function definition (sfd) : f = ( I, F ( s I )) ∈ I × F ( s I ) . F ( s I ) is a wff involving the (typed) symbolic variablesin s I which become bound in the formula: indeed, F ( s I )depends on s I , at least from a syntactical viewpoint. • s-function interpretation (sfi) : denoted as ιf = ι ( f ) or, possibly, [ ιf ]( . ) = [ ι ( f )]( . ) to emphasize the func-tional nature of an interpretation of the s-function f ,an sfi of f has the ability to define and/or return outputvalue(s) from input values corresponding to an interpre-tation/valuation of the symbols in s I . i.e. symbolically/formally/syntactically correct definitions • s-function evaluation (sfe) : [ ιf ]( ιs I ) or, shortly , ιf ( ιs I ) , where ιs I (resp. ιf ) stands for an interpreta-tion/valuation of the symbolic vector s I (resp. s-function f = ( I, F ( s I )) ). sfe refers to the result of a transforma-tion process related to the semantic of symbolic terms. Remark 7
Notice some analogy between the definitionof sfd and the rule of abstraction in λ -calculus ( λx.M )[27,63,67]. Indeed, this rule also corresponds to the defi-nition of an (anonymous) function based on a variable x and a wff M called λ -term, so that x becomes bound in theexpression of M . That notion of being bound is essentialto adequately handle dependencies. There are howeverat least two differences: firstly, the precise meaning of awff is left open in the definition of sfd to allow for dealingwith complex constructs more easily than with basic λ -calculus. Secondly, the symbolic variable(s) are referredto through unique identifiers which simplify some com-position algorithms keeping trace of dependencies. i ) In theory, an interpretation ιf of the s-function f may refer to a classical mathematical function ιf de-fined as ιf : ιτ s I → ι ˜ τ F ( τ s I ) , ιs I (cid:55)→ ιf ( ιs I ), wherethe codomain is an interpretation of an output type in-ferred by ˜ τ as a formal propagation of the input types τ s I through F ( . ). The output type (resp. codomain) ispossibly, but not necessarily, based on the basic symboltypes in T (resp. D ). ii ) In practice, an interpretation ιf of the s-function f may be the execution of a syntactically correct algorithmrelated to the wff F ( s I ), and ιs I may be interpreted asthe input value substituted for the symbolic input vec-tor s I in the code to perform the execution.By this way, a clear distinction is made between syntax( f , s I ) and semantics ( ιf , ιs I ), as is usually the case inmathematical logic. It is motivated by the need to trulyformalize/catch non-trivial interactions between formalexpressions, their mathematical interpretations, and re-lated computations based on algorithms manipulatingdedicated data structures. Remark 8 i ) The interpretation of a formula like F ( . ) to build [ ιf ]( . ) may involve, or not, a (co)recursive eval-uation of the operators in its structure, so that a non-strict/lazy/delayed evaluation is possible. Non-strictrefers to an evaluation strategy where the arguments of afunction are not immediately evaluated, as in functionalprograming languages. Lazy-evaluation, also namedcall-by-need, has connections with graph reduction, andmakes it possible to work with potentially infinite datastructures, which looks appealing to further deal withhybrid systems and model reduction. ii ) Even if not mandatory, an s-function evaluation may A priori, ιf ( ιs I ) may refer to either ι ( f )( ιs I ) or ι ( f ( ιs I ))which might be ambiguous. eturn an s-function definition e.g. [ ιf ]( ιs I ) = ( J, G ( s J )) where J identifies the symbols in the sfd resulting fromthe evaluation (with possibly I ∩ J (cid:54) = ∅ ), G ( s J ) is awff, and global dependencies can be preserved through s .Taking the identity for f shows that any symbol may beinterpreted as a function, as in λ -calculus and a purelyfunctional paradigm. Since random variables are nothingelse but functions from a set of outcomes to a set of pos-sible values, the proposed framework of image-sets withtyped symbols is fully open to stochastic descriptions.3.3 Image-sets The (classical) notions of imset and inclusion function as defined in the preliminaries (section 2) are extendedto the proposed symbolic framework through the defini-tions of image-sets and inclusion s-functions : Definition 9 (Image-set)
The image-set (cid:104) f (cid:105) s,τ,ι ofthe s-function f = (cid:104) f (cid:105) s,τ = ( I, F ( s I )) , under an inter-pretation ι F of f and ι T of the typing function τ ( . ) , isthe imset of the domain ιτ s I by ιf : (cid:104) f (cid:105) s,τ,ι = { ιf ( σ ) | σ ∈ ιτ s I } = ιf ( ιτ s I ) ,where σ refers to a generic interpretation/value ιs I of s I and ιf ( σ ) is a shorthand notation for [ ι ( f )]( σ ) . Remark 10
The domain ιτ s I is a set related to the typesof the symbols in s I . Definition 11 (Inclusion s-function)
The s-function g = ( J, G ( s J )) is an inclusion s-function for f =( I, F ( s I )) under given interpretations ι F , ι G , ι T of f , g ,and the symbol typing function τ ( . ) , if ιg is an inclusionfunction for ιf defined on the domain ιτ s I . Notably, ιf ( . ) and ιg ( . ) being shorthands for [ ι ( f )]( . ) and [ ι ( g )]( . ) , ∀ Σ ∈ [[ ιτ s I ]] , { ιf ( σ ) | σ ∈ Σ } = ιf (Σ) ⊂ ιg (Σ) . (1) Corollary 12
From the definition 2 and its corollary 4, ιf (Σ) being the imset of Σ by ιf , and ιg ( ιτ s I ) being theimage of ιτ s I by ιg , it comes: ∀ Σ ∈ [[ ιτ s I ]] , ιf (Σ) ⊂ ιg ( ιτ s I ) . (2) Definition 13 (Reduction)
A reduction is an opera-tor ↓ q transforming an s-function f = ( I, F ( s I )) into ans-function ¯ f = ↓ q f = ( ¯ I, ¯ F ( s ¯ I )) such that ¯ f is an inclu-sion s-function for f depending on at most q generatorsymbols: card ( ¯ I ) ≤ q ∈ N and card ( . ) gives the cardinal.Remark: ¯ I ∩ I (cid:54) = ∅ is not mandatory but often usefulto limit the inclusion conservatism while controlling thecomplexity of ¯ f through its input dimension. Notice that the validity of the inclusion in (1) now de-pends on explicitly given interpretations of f , g , τ ( . ).In the following, the interpretation ιf of f in the defini-tion 11 will be always as a ‘ m athematical function’ as indicated by the subscript m in ιf = ι m f . It may referto some basic m odel of a system. By contrast, at leasttwo possible interpretations of g may coexist: i ) ι ¯ m : interpretation as a ’set-valued m athematicalfunction’. Then, ιg = ι ¯ m g = [ ι ¯ m ( g )]( . ) refers to someset-valued m odel that may be qualified as robust if itpreserves inclusion. (1) becomes: ∀ Σ ∈ [[ ιτ s I ]], { ι m f ( σ ) | σ ∈ Σ } ⊂ ι ¯ m g (Σ).This inclusion refers to a first kind of potential conser-vatism, the one possibly induced by rewriting mathe-matical functions while preserving inclusion e.g. simpli-fications, model reduction, etc. ii ) ι a : interpretation as the ‘execution of an inclu-sion a lgorithm’ used as a practical implementation.Then, ι a g ( . ) = [ ι a ( g )]( . ) refers to how some concrete a bstractions of image domains can be obtained soas to further manipulate them as efficiently as possi-ble from a computational perspective, while preservingan inclusion property. Applying the definition 11 with f = g (same symbolic expressions) under the interpre-tation ι m for f and ι a for g particularizes (1) as: ∀ Σ ∈ [[ ιτ s I ]], { ι m f ( σ ) | σ ∈ Σ } ⊂ ι a g (Σ).Since ι m f is interpreted as a mathematical functionand f = g , the imset (definition 1) of Σ by ι m g and thecorollary 4 with X = ιτ s I give: ∀ Σ ∈ [[ ιτ s I ]], ι m g (Σ) ⊂ ι a g ( ιτ s I ).This inclusion refers to a second kind of potential con-servatism, the one induced by the practical need tocompute over finite abstractions based on domainsrather than over all the possible concrete individualcrisp values and subsets (infinite cardinal on continuousdomains, highly combinatorial on discrete domains).Bissection/splitting can be used to struggle against thatsecond kind of conservatism, but often at the price ofan exponential complexity.To summarize, two kinds of conservatism induced byinclusion preservation have been distinguished : i ) the one related to some problem (re)formulation andmodeling through mathematical functions, ii ) the one related to practical algorithmic computa-tions over domains.Each kind of conservatism has been related to particularinterpretations of symbolic well-formed formulas. Example 14 I = N , S = { s i = s ( i ) , i ∈ I } where s is a (global) function. I = [1; 2] ⊂ I , s I = [ s ; s ] is avector of symbols of type (unit) interval: τ ( s I ) = [ i ; i ] ,leading to the domain ιτ s I = (cid:3) ⊂ R . Let f be the s-function f = ( I, F ( s I )) based on the wff F ( s I ) = [1+ s + s − . s ; s ] where + , − , [ ; ] are operator symbols forplus, minus, vertical concatenation, respectively. f canbe interpreted as a (punctual) mathematical function e.g. Whereas ι m g : ιτ s J → ι ˜ τ G ( τ s J ), σ (cid:55)→ ι m g ( σ ) may notbe set-valued, ι ¯ m g : [[ ιτ s I ]] → [[ ι ˜ τ F ( τ s I )]], Σ (cid:55)→ ι ¯ m g (Σ)necessarily is. The need for abstraction is motivated by the nature of suchimage domains: possibly infinite in continuous cases and/orhighly combinatorial in discrete cases. m f : (cid:3) → R , [ v ; v ] (cid:55)→ [1 + v + v − . v ; v ] where R refers to the real field equipped with usual operations.Let g (cid:54) = f i.e. g and f have distinct symbolic expressions: J = [1; 3] , τ ( s J ) = [ i ; i ] , and G ( s J ) = [1+0 . s + s ; s ] .One possible interpretation ι ¯ m of g as a set-valued math-ematical function is ι ¯ m g : [[ (cid:3) ]] → [[ R ]] , V (cid:55)→ { [1 +0 . v + v ; v ] | [ v ; v ] ∈ V ∧ v ∈ (cid:3) } , where [[ D ]] de-notes a set of subsets of D . Another interpretation ι a of g as the execution of an inclusion algorithm may bebased on the so-called natural interval extension giving ι a g ([ v ; v ]) = [1 ⊕ . v ⊕ (cid:3) ; v ] , where ⊕ and (cid:9) refer tointerval arithmetic operators for plus and minus. Then, i ) Case of ι ¯ m g . g is an inclusion s-function for f un-der the interpretations ι ¯ m g , ι m f , ιτ since ∀ Σ ∈ [[ (cid:3) ]] , ι m f (Σ) = { [1+ σ + σ − . σ ; σ ] | σ ∈ Σ } ⊂ ι ¯ m g (Σ) = { [1 + 0 . σ + σ ; σ ] | σ ∈ Σ ∧ σ ∈ (cid:3) } , where Σ is theprojection of Σ along the 1st dimension ( { } = I ∩ J ).Notice that when Σ ⊂ (cid:3) is a 2D interval, then ι ¯ m g (Σ) is an enclosing zonotope for the imset of Σ by ι m f . ii ) Case of ι a g . g is an inclusion s-function for f un-der the interpretations ι a g , ι m f , ιτ since ∀ Σ ∈ [[ (cid:3) ]] , ι m f (Σ) = { [1+ σ + σ − . σ ; σ ] | σ ∈ Σ } ⊂ ι a g (Σ) =[1 ⊕ . ⊕ (cid:3) ; Σ ] ⊂ [1 ⊕ . (cid:3) ⊕ (cid:3) ; (cid:3) ] = [1 ± .
2; 0 ± ⊂ R , where the second inclusion comes from the corol-lary 4, and c ± r denotes the interval [ c − r, c + r ] .A natural interval extension ι a directly applied to f wouldgive the interval ± . instead of ± . for the firstcomponent: the improved accuracy obtained with f (cid:54) = g has been obtained by rewriting the initial wff F ( s I ) of f as G ( s J ) . The later exhibits a reduced number of sym-bol multi-occurrences, while the principle underlying thealgorithmic interpretation ι a remains identical. The proposed framework is exemplified with, but not atall restricted to, interval arithmetic and related naturalextensions. It is indeed much more general.The example 14 outlines and motivates the strategy fur-ther developed to reduce conservatism in a generic way: i ) Rewrite the symbolic expression (wff) F ( s I ) of f as G ( s J ) in an inclusion s-function g , by elimination ofsymbol multi-occurrences and, possibly, by reducing thenumber of symbols in s J compared to s I . The trade-off between enclosure accuracy and computational com-plexity requires that such a reduction preserves the moreimportant symbols/dependencies i.e. the ones which sig-nificantly contribute to shaping the graph of the math-ematical function symbolized by the s-function f . ii ) Delay as much as possible (i.e. lazy-evaluation/call-by-need) the use of interval computations ι a because,once applied, the dependencies on the individual ele-ments in the domain ιτ s I may be lost, especially if anatural interval extension is used.Moreover, the framework of image-sets with typed sym-bols proposed in this work is well-suited by design tonaturally handle mixed, continuous and discrete sets: Definition 15 (Mixed, continuous, discrete)
Let { T c , T d , T o } be a partition of the types in T into continuous ( T c ), discrete ( T d ), and other ones( T o ). Let I ⊂ I and T I = ∪ i ∈ I { τ s i } . The sym-bolic vector s I is mixed (resp. continuous, discrete) if ( T I ∩ T c (cid:54) = ∅ ) ∧ ( T I ∩ T d (cid:54) = ∅ ) (resp. T I ⊂ T c , T I ⊂ T d ).By extension, any formula F ( s I ) , s-function, image-set, (s-)zonotope, (s-)polynotope, etc can be qualified asmixed, continuous or discrete accordingly. The symbol types T = {∅ , i , s , b } , thedomains D = {∅ , (cid:3) , |±| , | |} and the related interpretationfunction ι T previously considered in the example 5 areconsidered by default in the following with T c = { i } , T d = { s , b } , T o = {∅} . By default, basic scalar valuesare assumed to be interpreted in the real field R equippedwith the usual sum and product operators. Corollary 17
In an entirely continuous case, followingthe assumption 16, all the symbols in s I are of type (unit)interval: ∀ i ∈ I , τ s i = i , that is, ∀ i ∈ I , ιτ s i = (cid:3) =[ −
1; +1] . As a result, for any vector I of n unique iden-tifiers only referring to continuous symbols, any single-valued interpretation ιs I of the symbolic vector s I be-longs to the unit interval (cid:3) n : ∀ ι S , ιs I ∈ [ −
1; +1] n .4.1 Affine s-functions and zonotopes Definition 18 (Affine/linear wff )
The wff F ( s I ) isaffine in s I if it can be written as c + Rs I where thevector c and the matrix R do not depend on the symbolicvariables in s I . In particular, it is linear when c is nullor can be omitted i.e. F ( s I ) = Rs I . Shortly,Affine wff: F ( s I ) = c + Rs I . Definition 19 (s-zonotope)
A symbolic zonotope (s-zonotope) is an s-function f = (cid:104) f (cid:105) s,τ = ( I, F ( s I )) suchthat the wff F ( . ) is affine in the symbolic variables in s I . Definition 20 (e-zonotope)
The e-zonotope relatedto the s-zonotope (cid:104) f (cid:105) s,τ is the image-set (cid:104) f (cid:105) s,τ,ι of f = (cid:104) f (cid:105) s,τ under an affine interpretation ιf of f . Ane-zonotope is thus a set-valued evaluation (semantics)related to a given s-zonotope (syntax). One possible data structure to store a symbolic zono-tope is ( c, R, I ). The related s-function defined by a wffdenoted (cid:104) c, R, I (cid:105) s,τ is f = ( I, c + Rs I ), and the relatede-zonotope is in (4): (cid:104) c, R, I (cid:105) s,τ = c + Rs I ( syntax ) (3) (cid:104) c, R, I (cid:105) s,τ,ι = { c + Rσ | σ ∈ ιτ s I } ( semantics ) (4) Regarding functions, continuous refers here to a propertyof the input domain and not to continuity as in analysis. as long as it is consistent with the type (unit) interval. (cid:104) c, R (cid:105) = { c + Rs | s ∈ [ − , +1] n } are twofold:Firstly, the interplay between syntax and semantics isnot catch by the classical definition, whereas it playsa key role in the management of the so-called depen-dency problem. For example, assuming an entirely con-tinuous case as in corollary 17 i.e. all the symbols s i are of type (unit) interval, let consider the sum S (resp.Minkowski sum S ι ) of the s-zonotopes (cid:104) , , (cid:105) s,τ and (cid:104) , − , (cid:105) s,τ (resp. (cid:104) , , (cid:105) s,τ,ι and (cid:104) , − , (cid:105) s,τ,ι ). Then, S = 0+ s − s = 0 (resp. S ι = (cid:3) + (cid:3) = 2 (cid:3) = [ − , +2]),and the set-valued interpretation ιS = { } of S is muchless conservative than S ι = [ − , +2] while preserving theinclusion property under the considered semantics. In-deed, some uncertainty cancellation has been made pos-sible by formal/symbolic transformations respecting op-erators syntactic rules, whereas this is no more possiblethrough the Minkowski sum following a set-valued evalu-ation. One strategy to improve accuracy thus consists indelaying such set-valued evaluations. Moreover, whereas ∀ i ∈ I , (cid:104) , , i (cid:105) s,τ,ι = (cid:104) , (cid:105) = [ −
1; +1], (cid:104) , , i (cid:105) s,τ = s i isdistinct from (cid:104) , , j (cid:105) s,τ = s j as long as i (cid:54) = j .From a computational perspective, Matrices with La-belled Columns (MLC) featuring a column-wise sparsityas first introduced in [17] lead to efficient implementa-tions of s-zonotope operators such as sum, linear image,interval/box hull, etc. The reader is referred to [17] fora detailed description, especially in the sections 4 “Ma-trices with Labeled Columns (MLC)” and 6 “Symboliczonotopes”. Notice that the definition of symbolic zono-topes in [17] only considers one type of symbols inter-preted as random variables with support in the unit in-terval [ − , +1]. This outlines how the general frameworkdescribed in section 3 can also be used in a stochas-tic paradigm: Indeed, it suffices to consider other typesof symbols interpreted as random variables (which arethemselves functions, so emphasizing the relevance ofcross-connections with functional paradigms). In orderto give a flavor about MLC, an informal definition anda sum example are provided. An MLC M | I is a pair( M, I T ) where M is an n × p matrix and I ∈ I p is a vectorsuch that each scalar I j for j = 1 , . . . , p , uniquely iden-tifies the j th column M : ,j of M . Shortly, the column of M | I labeled as I j refers to M : ,j . An example illustratingthe sum of two MLC, M | I + N | J = P | K is: + = . (5) here, the s-function is identified to the wff used to define it. s s s s s = s s s + s s s s (6) As shown in (5), an equal number of columns/generatorsof the operands is not mandatory, and the labels are re-ported on the first lines (e.g. I T = [2 , , (cid:104) , P, K (cid:105) s,τ = (cid:104) , M, I (cid:105) s,τ + (cid:104) , N, J (cid:105) s,τ . Indeed, M | I + N | J = P | K ⇒ M s I + N s J = P s K . K ⊂ I ∪ J results from merging theunique identifiers in I and J while removing those pos-sibly related to null generators. The vertical concatena-tion [ M | I ; N | J ] = [ M | I ; 0] + [0; N | J ] also illustrates closelinks between sum and concatenation of MLC.Secondly, another main difference with classical zono-topes is the introduction of symbol typing. This makesit possible to combine several kinds of interpretations.Following the assumption 16, this paper mainly fo-cuses on mixed, continuous and discrete values in aset-membership paradigm, though the framework de-scribed in section 3 is more general. For example, letconsider five symbols s i , i = 1 , . . . ,
5, such that s , s , s are of type s (signed) i.e. s , s , s take their valuesin the discrete set {− , +1 } , and s , s are of type i (interval) i.e. s , s take their values in the unit inter-val [ − , +1] ⊂ R . Let I = [1 , ,
3] and I = [4 ,
5] bevectors of unique identifiers gathering symbols accord-ing to their type: Following the definition 15, s I isdiscrete, s I is continuous, and s I with I = [ I ; I ] ismixed. Let R = [3 , , −
3; 6 , − , R = [4 ,
2; 2 , − R = [ R , R ]. Then, the (discrete) e-zonotope (cid:104) , R , I (cid:105) s,τ,ι is a set of eight points which are thelinear images by R of the vertices of a 3D unit hy-percube since ιs I ∈ ιτ s I = {− , +1 } . The (continu-ous) e-zonotope (cid:104) , R , I (cid:105) s,τ,ι is the classical zonotope (cid:104) , R (cid:105) i.e. the linear image by R of a 2D unit hyper-cube since ιs I ∈ ιτ s I = [ − , +1] . More interestingly,the (mixed) e-zonotope (cid:104) , R, I (cid:105) s,τ,ι is the linear im-age by R = [ R , R ] of ιτ s I = [ {− , +1 } ; [ −
1; +1] ].It is also the Minkowski sum of the (discrete) e-zonotope (cid:104) , R , I (cid:105) s,τ,ι and the (continuous) e-zonotope (cid:104) , R , I (cid:105) s,τ,ι . The resulting set is neither convex norconnected, as shown in Fig. 1, where the dashed line isthe border of the classical (continuous) zonotope (cid:104) , R (cid:105) .This example illustrates that mixed zonotopes can pro-vide a very compact representation (Fig.1: R ∈ R × and 5 bits encoding the symbol types) for the unionof a same (continuous) zonotopic shape centered on It could be less if some image points are identical. Relaxing this constraint is among the motivations to the ig. 1. Example of mixed e-zonotope (cid:104) , R, I (cid:105) s,τ,ι . each point of a discrete set possibly containing a highnumber of configurations (Fig. 1: 2 = 8 = cardinal of {− , +1 } ). The notion of mixed encoding is introduced in the samespirit as the example illustrated in Fig. 1. It also pro-vides a framework for a hierarchical modeling of depen-dencies making it possible to tune the granularity levelof the description. Notation: Let (cid:3) i (resp. |±| i , | | i ) de-note the symbol s i provided it is of type interval (resp.signed, boolean) i.e. τ s i = i (resp. s , b ). Under the as-sumption 16, a compact notation for typed symbols isso obtained, each being uniquely identified by i . Also,let ρ (0) = 1, ρ ( n + 1) = [1 , ρ ( n )] for n ∈ N . Then, ∀ n , ρ ( n ) = [( ) , . . . , ( ) n , ( ) n ] ∈ R × ( n +1) . By induction,the row sum of ρ ( n ) is 1. Definition 21 (Mixed encoding of basic intervals)
The s-zonotope Z ns ( I ) is an n -level signed-interval mixedencoding of the unit interval [ − , +1] if Z ns ( I ) = (cid:104) , ρ ( n ) , I (cid:105) s,τ = ( (cid:80) nj =1 ( ) j |±| I j )+( ) n (cid:3) I n +1 .The s-zonotope Z nb ( I ) is an n -level boolean-intervalmixed encoding of the interval [0 , if Z nb ( I ) = (cid:104) , ρ ( n ) , I (cid:105) s,τ = ( (cid:80) nj =1 ( ) j | | I j )+( ) n (cid:3) I n +1 . Corollary 22 (Mixed encoding of intervals)
Let Z ns ( I ) be a mixed encoding of [ − , +1] . Then, c + rZ ns ( I ) is a mixed encoding of c ± r = [ c − r, c + r ] .Let Z nb ( I ) be a mixed encoding of [0 , . Then, a + ( b − a ) Z nb ( I ) is a mixed encoding of [ a, b ] . Corollary 23 (Related e-zonotopes)
Following thedefinition 21, the e-zonotope related to the s-zonotope Z ns ( I ) (resp. Z nb ( I ) ) is [ − , +1] (resp. [0 , ). Conversely,there is no unique mixed encoding for a given interval.The e-zonotope ( c + rZ ns ( I )) ι related to the s-zonotope c + rZ ns ( I ) satisfies ( c + rZ ns ( I )) ι ⊆ ( c ± r ) (intervalhull). The equality holds in the scalar case or for r = 0 . The surjective nature of mixed encoding gives freedomdegrees to model dependencies in a hierarchical way. The polynomial extension in § discrete parts feature close analogies with the usual bi-nary encoding of integers. Moreover, the coverage of con-tinuous domains is achieved through remainder terms.The width of the set-valued interpretation of these termsis related to the granularity of the mixed-encoding. Itcan be refined or reduced by adapting the level value n .Since affine s-functions and zonotopes essentially pro-vide operators managing affine dependencies only, andsince this yields some restrictions on the possible uses ofmixed encoding (among others: see, e.g., footnote 12),an extension to polynomial dependencies is considered. Let ( (cid:1) , (cid:2) ) denote a generic matrix product: M ( (cid:1) , (cid:2) ) N = (cid:1) pj =1 ( M ij (cid:2) N jk ), where p both refers to the number ofcolumns of M and the number of rows of N . For exam-ple, M N = M (+ , . ) N is the classical matrix product.+, . , ^ respectively denote sum, product, power. Definition 24 (Monomial matrix notation)
Themonomial matrix θ E is ( θ T ( ., ^ ) E ) T , where θ (resp. E )is a so-called variable matrix (resp. exponent matrix) ofdimension compatible with the generic matrix product ( ., ^ ) . The operator T refers to transposition. Examples: Taking θ = [ s ; s ] and E = [1 , ,
2; 0 , , θ E = [ s ; s ; s s ]. θ I = θ with I = identity. Definition 25 (Polynomial wff )
The wff F ( s I ) ispolynomial in s I if it can be written as c + Rs EI wherethe vector c and the matrices R and E do not depend onthe symbolic variables in s I . Shortly,Polynomial wff: F ( s I ) = c + Rs EI . Then, c , R , s I , E , s EI are respectively the so-called con-stant vector, coefficient/generator matrix, symbol(icvariable) vector, exponent matrix, monomial vector. Definition 26 (s-polynotope)
A symbolic polynotope(s-polynotope) is an s-function f = (cid:104) f (cid:105) s,τ = ( I, F ( s I )) such that the wff F ( . ) is polynomial in the symbolic vari-ables in s I . Definition 27 (e-polynotope)
The e-polynotope re-lated to the s-polynotope (cid:104) f (cid:105) s,τ is the image-set (cid:104) f (cid:105) s,τ,ι of f = (cid:104) f (cid:105) s,τ under a polynomial interpretation ιf of f . Ane-polynotope is thus a set-valued evaluation (semantics)related to a given s-polynotope (syntax). The name polynotope introduced in this work originatesfrom a contraction of polynomial and zonotope. Follow-ing [31], it is also willingly close to polytope. So, polyno-tope gathers, at least partially, the Greek roots of poly-nomial (from polus :numerous and nomos :division) andpolytope (from polus and topos :location).8 ig. 2. Example of continuous e-polynotope (cid:104) c, R, I, E (cid:105) s,τ,ι . One possible data structure to store a symbolic polyno-tope is ( c, R, I, E ). The related s-function defined by awff denoted (cid:104) c, R, I, E (cid:105) s,τ is f = ( I, c + Rs EI ), and therelated e-polynotope is in (8): (cid:104) c, R, I, E (cid:105) s,τ = c + Rs EI ( syntax ) (7) (cid:104) c, R, I, E (cid:105) s,τ,ι = { c + Rσ E | σ ∈ ιτ s I } ( semantics ) (8)Polynotopes as in (7)-(8) generalize zonotopes as in (3)-(4). Indeed, zonotopes are obtained for E = I (identitymatrix) which is highly sparse and can thus be storedvery efficiently. Using a sparse E with integer entries in N leads to a data structure similar to sparse polynomialzonotopes (spz) in [32], where no typing of symbols isconsidered (continuous case only). The sparsity of E ex-tends the column-wise sparsity of MLC to polynomial(rather than affine) dependencies with a compact de-scription of monomials featuring (almost) no restrictionon the highest degree. The example (9)-(10) shows howthe s-polynotope related to (10) can be compactly en-coded using ( c, R, I, E ) as in (9). See also Fig. 2. I Ec R = −
11 2 0 4 , (9) (cid:34) s s (cid:35) (cid:55)→ (cid:34) s + 3 s − s s s + 4 s s (cid:35) . (10)The implementation of continuous polynotopes opera-tions used in this work is close to the one described in[32] for spz. In particular, each time monomial redun-dancies might occur, they are removed by summing therelated generators: all the columns of E remain distinct.The main differences are:1) The case of independent generators is not treatedseparately i.e. all the generators are possibly dependent(provided they share some common symbol),2) The implementation of a symbolic addition is consid-ered and optimized by taking into account the fact thatmonomials/generators involving at least one own vari-able from an operand can be simply copied in the result since no similar monomial exists in the other operand,3) A vertical concatenation extends the one of MLC,4) An element-wise product is used as a special case ofquadratic map and the reduction extends the one in [17].Our implementation of polynotopes also supports dis-crete and mixed operations through symbol typing asdescribed in section 3 and assumption 16. Compared toa strictly continuous case as in [32], the main differenceis the introduction of rewriting rules taking the specificnature of signed and boolean symbols into account. Re-lated substitutions ( → ) are implemented very efficientlyusing the ( c, R, I, E ) attributes with sparse E , e.g.( |±| i ) n → ( |±| i ) mod ( n, , (11)( | | i ) n → ( | | i ) max ( n, . (12) Definition 28 (Rewriting rules and inclusion)
Arewriting rule is inclusion preserving if: ( (cid:104) f (cid:105) s,τ → (cid:104) g (cid:105) s,τ ) ⇒ ( (cid:104) f (cid:105) s,τ,ι ⊆ (cid:104) g (cid:105) s,τ,ι ) .It is inclusion neutral if: ( (cid:104) f (cid:105) s,τ → (cid:104) g (cid:105) s,τ ) ⇒ ( (cid:104) f (cid:105) s,τ,ι = (cid:104) g (cid:105) s,τ,ι ) . Proposition 29
The rewriting rules in (11) and (12)are inclusion neutral under the assumption 16.
Notice the syntactical (resp. semantic) nature of thepremises (resp. conclusions) of the implications ( ⇒ ) inthe definition 28. To give insight into the proposition 29,let x be a possible value of any signed symbol: x ∈{− , +1 } ⊂ R . Thus, ( x + 1)( x −
1) = 0 i.e. x = 1. Byinduction, x n = x for odd n , x n = 1 for even n , that is x n = x mod ( n, which shows the inclusion neutrality of(11). Similarly, let x be a possible value of any booleansymbol: x ∈ { , } ⊂ R . Thus, ( x − x −
1) = 0 i.e. x = x . By induction, x n = x if n > x n = 1 if n = 0,that is x n = x max ( n, which shows the inclusion neu-trality of (12).The rewriting rules (11)-(12) apply for operations mod-ifying the monomial degrees like product; the numberof distinct monomials induced by discrete operations isdrastically reduced compared to continuous ones, sincethe exponent in the right term of (11)-(12) is either 0or 1 instead of any n ∈ N . Thanks to inclusion neutral-ity, such simplifications of formal expressions induce noconservatism in the related set-valued interpretations.Other rewriting rules are only inclusion preserving: Proposition 30
The rewriting rules in (13), (14) and(15) are inclusion preserving under the assumption 16. ( | | i ) → / |±| j ) / , (13)( |±| i ) → ( (cid:3) j ) , (14)( (cid:3) i ) → / (cid:3) j ) / , ( (cid:3) i )( (cid:3) j ) → ( (cid:3) k ) . (15)913)-(15) apply before computing the zonotope/intervalenclosure of a (possibly mixed) polynotope. Notice that(13) is inclusion neutral if applied globally i.e. withoutgenerating new symbol multi-occurrences. (14) is theformal/syntactical counterpart of {− , +1 } ⊂ [ − , +1]which can be viewed as a prototype of the most basicinclusion of two discrete modes/configurations ( − This paragraph shows how signed (resp. boolean) sym-bolic variables can be used in a polynomial framework,like the one of polynotopes under the assumption 16, toexpress any propositional logic formula where symbolicvariables are interpreted on a bi-valued real domain: |±| = {− , +1 } ⊂ R (resp. | | = { , } ⊂ R ). This gives anatural interface between continuous variables (definedon a (real) domain with infinite cardinal) and discreteones (defined on a (real) domain with finite cardinal). Proposition 31 (Multi-affine decomposition)
Let f : R p → R n be any function between finite dimensionalreal domains. Let x ∈ R and z ∈ R p − so that ( x, z ) ∈ R p refers to any input vector of f where a scalar input x isdistinguished from the others. Let introduce four partialfunctions of f defined as: f Ax ( z ) = f (+1 ,z )+ f ( − ,z )2 : Average of f wrt x , f Hx ( z ) = f (+1 ,z ) − f ( − ,z )2 : Half-gap of f wrt x , f Gx ( z ) = f (0 , z ) : Ground of f wrt x , f Ux ( z ) = f (1 , z ) − f (0 , z ) : Unit-gap of f wrt x ,Then, an affine decomposition of f wrt x under a signed(resp. boolean) x is respectively given by (16) and (17).Moreover, if all the scalar entries of z are signed (resp.boolean), a recursive application of (16) (resp. (17)) re-sults in a (polynomial) multi-affine decomposition of f . x ∈ {− , +1 } ⇒ f ( x, z ) = f Ax ( z ) + xf Hx ( z ) , (16) x ∈ {− , +1 } ⇒ f ( x, z ) = f Gx ( z ) + xf Ux ( z ) . (17)Proof: (16) comes from f (+1 , z ) = f Ax ( z ) + f Hx ( z ) and f ( − , z ) = f Ax ( z ) − f Hx ( z ). Similarly, (17) comes from Table 1Signed and Boolean logic functions related to basic operatorsexpressed in the ring of multivariate polynomials R [ s I ] withcoefficients in the real field ( R , + , . ).( a, b ) ∈ {− , +1 } ∈ { , } Op. Symb. Signed Booleannot ¬ − a − a and ∧ − a + b + ab ab or ∨ +1+ a + b − ab a + b − ab nand ↑ , (cid:90) +1 − a − b − ab − ab nor ↓ , (cid:89) − − a − b + ab − a − b + ab imp ⇒ , ≤ +1 − a + b + ab − a + ab eqv ⇔ , = + ab − a − b + 2 ab xor (cid:60) , (cid:54) = − ab a + b − ab pow a n , n ∈ N a mod ( n, a max ( n, true (cid:62) +1 1false ⊥ − f (0 , z ) = f Gx ( z ) and f (1 , z ) = f Gx ( z ) + f Ux ( z ). (cid:3) The multi-affine decomposition of basic propositionallogic operators is reported in Table 1 both in the signedand boolean cases. At least three noticeable facts emergefrom Table 1: a ) The equivalence eqv in the signed case features thesame multi-affine decomposition as the logical and inthe boolean case, and both reduce to a simple product. b ) The multi-affine decompositions with signed operandslook more “balanced” in terms of involved monomials,compared to the boolean case. This is visible right fromthe basic affine decompositions in (16) and (17). Indeed,the average of both alternatives (resp. the 0 alternative)serve as reference to express the impact of a switchingcontrolled by x in the signed (resp. boolean) case. c ) Interpreting in R the polynomial expression of amulti-affine decomposition yields some interpolationbetween discrete configurations initially expressed in a(bi-valued) propositional logic framework. Proposition 32 (Logical ordering)
Let ( a, b ) be apair of signed (resp. boolean) symbolic variables. Defin-ing the operator > such that ( a > b ) = ¬ ( a ≤ b ) holdstrue with operators as in table 1, then ( a < b ) = ( b > a ) and ( a ≤ b ) = (( a < b ) ∨ ( a = b )) also hold true. Moregenerally, the operators ≤ (i.e. implication ), ≥ , > , < follow similar rules as classical order relation operatorsover reals when signed (resp. boolean) symbols are inter-preted with values in {− , +1 } ⊂ R (resp. { , } ⊂ R ). Theorem 33 (Functional completeness)
Under theassumption 16, let I ⊂ N be a finite set of unique symbolidentifiers ( I = N ) with at least p elements of type signed(resp. boolean). s-polynotopes based on wff interpreted Notice that contraposition writes as ( a ≤ b ) = ( ¬ b ≤ ¬ a ). s multivariate polynomials R [ s I ] with coefficients in thereal field ( R , + , . ) can describe any function f : |±| p → |±| (resp. f : | | p → | | ), where |±| = {− , +1 } ⊂ R (resp. | | = { , } ⊂ R ). PROOF.
Theorem 33 follows from the functional com-pleteness of the nand (or nor) logical operator and thefact that the composition of polynomials in R [ s I ] re-sult in polynomials in R [ s I ]. Indeed, the nand operatoris defined as a polynomial function with signed (resp.boolean) operands and codomain in Table 1. Thus, thecomposition of any number of such nand operations onsigned (resp. boolean) symbolic variables evaluated in |±| (resp. | | ) result in a polynomial s-function i.e. a s-polynotope according to the definition 26. Corollary 34
Given any pair ( a, b ) ∈ R satisfying a
Let [ x ] = [ x, x ] =ˆ x ± ˚ x ⊂ R . Let µ : [ x ] → (cid:3) , x (cid:55)→ δ = x − ˆ x ˚ x if ˚ x (cid:54) = 0 , δ = 0 otherwise. µ − ( δ ) = ˆ x + ˚ xδ . Unless ˚ x = 0 (degeneratepunctual case), the unit range mapping µ (or µ [ x ] ) of [ x ] is linear and bijective: It maps the interval range [ x ] of x to the unit interval (cid:3) containing any δ = µ ( x ) , x ∈ [ x ] . Given an interval [ x ] ⊂ R , let f : [ x ] → R , x (cid:55)→ y = f ( x )be a function that does not satisfy a property π (i.e. ¬ π ( f ) is true) required for a given class of image-setsto be closed under the (element-wise) application of f to the underlying s-functions. For example: π being theproperty of being linear (resp. polynomial), the class ofe-zonotopes (resp. e-polytopes) are closed under the ap-plication of linear (resp. polynomial) functions to theunderlying s-zonotopes (resp. s-polytopes). ¬ π ( f ) thenmeans that f is non-linear (resp. non-polynomial) forzonotopes (resp. polynotopes). The considered struc-tural property π is assumed to be preserved throughfunction composition. Lemma 36 (Generic inclusion method)
Given aninterval [ x ] ⊂ R and f : [ x ] → R , x (cid:55)→ y = f ( x ) with ¬ π ( f ) . Let g : (cid:3) → R , ( δ, (cid:15) ) (cid:55)→ g ( δ, (cid:15) ) be a functionsatisfying ∀ x ∈ [ x ] , ∃ (cid:15) ∈ (cid:3) , f ( x ) = g ( µ ( x ) , (cid:15) ) , where µ isthe unit range mapping of [ x ] . Then, ˜ f ( . ) = g ( µ ( . ) , (cid:3) ) isan inclusion function for f ( . ) . Also, π ( g ) ∧ π ( µ ) ⇒ π ( ˜ f ) . According to Lemma 36, enclosing a non-linear (resp.non-polynomial) function f in a linear (resp. polyno-mial) framework can be achieved by finding an adequatelinear (resp. polynomial) function g . In order to exem-plify the generic inclusion method, a more focused ap-proach is proposed for increasing/decreasing and con-vex/concave functions f on some interval [ x ]. Notation:[ ∂ x f ]( . ) = ∂f ( x ) ∂x (cid:12)(cid:12)(cid:12) x = . . Theorem 37 (An inclusion method)
Let f : [ x ] → R , x (cid:55)→ y = f ( x ) be a class C convex or concave functionon a given interval [ x ] = ˆ x ± ˚ x = [ x, x ] ⊂ R with ˚ x > .Let y = f ( x ) , y = f ( x ) , ˆ y = ( y + y ) / , ˚ y = ( y − y ) / .Let δ = µ ( x ) where µ is the unit range mapping of [ x ] (so, x ∈ [ x ] ⇔ δ ∈ (cid:3) ). Let r ( δ ) = f (ˆ x + ˚ xδ ) − (ˆ y + ˚ yδ ) .Let δ ∗ be the solution of [ ∂ x f ](ˆ x + ˚ xδ ) = ˚ y/ ˚ x . Then, g ( δ, (cid:15) ) = g + g δ + g (cid:15) with g = ˆ y + r ( δ ∗ ) , g = ˚ y , g = | r ( δ ∗ ) | satisfies ∀ x ∈ [ x ] , ∃ (cid:15) ∈ (cid:3) , f ( x ) = g ( µ ( x ) , (cid:15) ) . ˜ f ( . ) = g ( µ ( . ) , (cid:3) ) is an inclusion function for f ( . ) on [ x ] . PROOF.
The regularity of f on [ x ] ensures that[ ∂ δ r ]( δ ∗ ) = 0 i.e. [ ∂ x f ](ˆ x + ˚ xδ ∗ ) = ˚ y/ ˚ x has a uniquesolution. Since r ( −
1) = r (+1) = 0, if f is convex(resp. concave) on [ x ], then r ( δ ) ∈ [ r ( δ ∗ ) ,
0] (resp. r ( δ ) ∈ [0 , r ( δ ∗ )]) for δ ∈ (cid:3) . The two cases are gath-ered as: r ( δ ) ∈ r ( δ ∗ ) ± | r ( δ ∗ ) | Thus, ∃ (cid:15) ∈ (cid:3) , r ( δ ) = f ( x ) − (ˆ y +˚ yδ ) = r ( δ ∗ )+ | r ( δ ∗ ) | (cid:15) , as x = ˆ x +˚ xδ by definition of µ as in Lemma 35. Then, g ( δ, (cid:15) ) and theproof follow from the last equality. Corollary 38
The s-function [ µ − ( δ ); g ( δ, (cid:15) )] where δ and (cid:15) refer to symbols of type (unit) interval is a con-tinuous s-zonotope since µ − and g are affine. ∀ x ∈ [ x ] , [ x ; f ( x )] ∈ (cid:104) [ µ − ( δ ); g ( δ, (cid:15) )] (cid:105) s,τ,ι , an e-zonotope usuallynot reduced to an aligned box due to the dependency ig. 3. Inclusion method of theorem 37 applied to f ( x ) = e x on [ x ] = − ± . x ] = +1 ± . x + ˚ xδ ∗ = log(˚ y/ ˚ x ). of both dimensions on common symbol(s) referred as δ .Moreover, if x is a polynotope, so is (cid:104) [ µ − ( δ ); g ( δ, (cid:15) )] (cid:105) s,τ . An illustrative example with f ( x ) = e x is reported inFig. 3 and further remarks are reported hereafter: a ) The inclusion proposed in theorem 37 is entirely pa-rameterized by the input domain [ x ] while not being sub-ject to the arbitrary choice of a point used as referencefor linearizing or computing a Taylor expansion. b ) δ ∗ often has an explicit form, e.g., ˆ x +˚ xδ ∗ = log(˚ y/ ˚ x ),˚ x/ ˚ y , (˚ x/ ˚ y ) for f ( x ) = e x , log( x ), √ x , respectively. c ) If ˚ x = 0, then the input is punctual and f ( x ) = f (ˆ x ).This is consistent with the limit ˚ x → f gives ˚ y → g → ˆ y , g → g → d ) If f is decreasing, then y < y and ˚ y < e ) r ( δ ) is the remainder term wrt to a (linear) approx-imation of f ( x ) which itself (linearly) depends on x :ˆ y + ˚ yµ ( x ). The purpose of a dependency-preserving in-clusion (dpi) is thus achieved, at least for a structuralproperty π referring to being linear. Note that polyno-mial dependencies possibly modeling x (then, x ( . ) and δ ( . ) = µ ( x ( . )) are polynomials) are readily propagatedby a linear enclosing approximation ˜ f ( . ) of f ( . ). Indeed,the composition of affine and polynomial functions isstill polynomial. Thus, the result in theorem 37 is read-ily applicable with polynotopes. Moreover, the genericinclusion method in Lemma 36 encompasses polynomialenclosing approximations of non-polynomial functions. In the last paragraph ( § f satisfying the regularity conditions of be-ing C has been proposed in Theorem 37. Following thegeneric inclusion method stated in Lemma 36, the caseof a prototypical C but not C function is considered inthis paragraph: the absolute value. The motivation forthis is summarized in Table 2 which shows that severaluseful switching functions can be built by composing ba-sic operators (like +, − , taking the half) with the abso-lute value operator abs ( x ) = | x | . Thus, a dependency-preserving inclusion of a prototypical switching functionlike abs is highly desirable to model and efficiently prop-agate uncertainties within hybrid dynamical systems, Table 2Switching functions expressed from the absolute value oper-ator: abs( x ) = | x | (or from ReLU ∗ ).Function Notation Expression with | . | (or pos)Maximum max( x, y ) = x + y + | x − y | (= y + pos( x − y ))Minimum min( x, y ) = x + y − | x − y | (= x − pos( x − y ))Saturation sat( x, x, x ) = ( x + x + | x − x | − | x − x | )Deadzone dz( x, x, x ) = x − sat( x, x, x )ReLU ∗ pos( x ) = max(0 , x ) = x + | x | ∗ Rectifier Linear Unit (remark: | x | = 2pos( x ) − x ). without necessarily requiring costly bisections and/or aspecific management of guard conditions. Theorem 39 (An inclusion of abs)
Let abs : [ x ] → R , x (cid:55)→ y = | x | be the restriction of the absolute valueon a given interval [ x ] = ˆ x ± ˚ x = [ x, x ] ⊂ R .Case 1: If x ≤ , then abs ( . ) = − ( . ) ,Case 2: If x ≥ , then abs ( . ) = +( . ) ,Case 3: If | ˆ x | < ˚ x , then (cid:102) abs ( . ) is an inclusion functionfor abs ( . ) on [ x ] with: (cid:102) abs ( . ) = (cid:18) ˆ x ˚ x (cid:19) ( . ) + (cid:18) ˚ x − ˆ x x (cid:19) (1 + (cid:3) ) . (18) PROOF.
If 0 (cid:54)∈ [ x ] (case 1 or 2), abs ( . ) is linear andno dedicated inclusion is then required. If 0 ∈ [ x ] (case3), the inclusion method of theorem 37 is applied step-by-step: Let µ be the unit range mapping of [ x ] and δ = µ ( x ). Since abs ( . ) is only C and convex on [ x ],but not C , the range of the remainder r ( δ ) ≤ r ( −
1) = r (+1) = 0) is computed by noticingthat its minimum is obtained for x = ˆ x + ˚ xδ ∗ = 0.Then, δ ∗ = − ˆ x/ ˚ x gives r ( δ ∗ ) = (ˆ x − ˚ x ) / ˚ x and satisfies ∀ δ ∈ (cid:3) , r ( δ ) ∈ [ r ( δ ∗ ) , g ( δ, (cid:15) ) = g + g δ + g (cid:15) with g = ˚ x +ˆ x x , g = ˆ x , g = ˚ x − ˆ x x ( | ˆ x | < ˚ x in case 3).Finally, g ( µ ( x ) , (cid:15) ) = ( ˆ x ˚ x ) x + ( ˚ x − ˆ x x )(1 + (cid:15) ).Corollary 38 still applies to f = abs , as a corollaryof theorem 39 rather than theorem 37. A dependency-preserving inclusion of abs ( . ) has been obtained. By ex-tension, dependency-preserving inclusions (dpi) for theswitching functions reported in table 2, among otherspossibly resulting from functional compositions are alsoobtained. Moreover, the vertical concatenation opera-tor implemented for zonotopes and polynotopes allowsto build n -dimensional dpi from scalar ones throughbasic compositions. These can be implemented by us-ing the overloading capability of some object orientedlanguages, to the benefit of code readability. This fea-ture holds not only for switching functions, but alsofor non-linear/non-polynomial ones. This makes polyno-topes a relevant tool to compute and analyze mixed un-certainty propagation within non-linear hybrid dynami-12al systems. Indeed, their polynomial nature, efficientlyencoded by combining full and sparse data structures,looks appropriate to model a wide spectrum of non-trivial dependencies, as shown by the functional com-pleteness result given in theorem 33. An extension of Kalman Filtering to discrete-time non-linear hybrid dynamical systems is proposed in this sec-tion. It is based on polynotopes and interpretations re-lated to a set-membership uncertainty paradigm.Let x ( s ) be a s-polynotope (7): x ( s ) = (cid:104) c, R, I, E (cid:105) s,τ = c + Rs EI (syntax). By analogy with zonotopes, its covari-ation [13] is defined as: cov( x ( s )) = RR T . In order topossibly take symbol types and/or the monomial struc-ture into account, a covariation weighted by Φ (or Φ ( . ))is introduced as: Definition 40 (Weighted covariation)
Given asymmetric matrix Φ ( Φ = Φ T ), the weighted covariationof x = (cid:104) c, R, . . . (cid:105) s,τ ( ,ι ) (polynotope or zonotope) is: cov Φ ( x ) = RΦR T . x ( s ) formalizes a polynomial (s-)function of the sym-bolic variables in s I . The execution of polynotope op-erations like sum, linear image, concatenation, reduc-tion, zonotopic hull Z x ( s ), interval/box hull B x ( s ), etcmainly work at a syntactic level by manipulating polyno-mial expressions (e.g. encoded as ( c, R, I, E ) with sparse E ) while preserving semantic properties. In particular,inclusion is viewed as a semantic property related to aset-membership interpretation of polynomial functionsdepending on typed symbolic variables. From (8), itcomes: ∀ σ ∈ ιτ s I , ιx ( σ ) ∈ P x ( s ) = (cid:104) c, R, I, E (cid:105) s,τ,ι (se-mantics), where ιx ( . ) stands for the interpretation of x ( . ) as a vector of polynomial mathematical functions( R dim ( I ) → R ) with real coefficients (under assump-tion 16). Since probability theory is the most commonlyused framework for nonlinear filtering, some analogiesand possible links are briefly outlined: Conjecture 41 (probability measure) σ (as in def-inition 9, (4) and (8)) can be viewed as an “outcome”,the function ιx ( . ) as a “random variable”, [ ιx ] − ( S ) asan “event” related to any set S of output values takenby ιx ( . ) . A “measure” π ( . ) of events on the domain ιτ s I induced by an interpretation of symbol types becomes a“probability measure” as long as π ( ιτ s I ) = 1 . The typedsymbols s I then contribute to define the probability space. Remark 42
Another way to introduce probability the-ory in the proposed framework consists in extending the Notice that the set-membership interpretation is also re-lated to the types considered under the assumption 16. symbol types considered in assumption 16 to other typeslike (some class of ) random variables defined on a givenprobability space (e.g. see § In the following, no probability measure is consid-ered. Notations: x = x ( s ) denotes a s-polynotope. x = ιx ( σ ) ∈ R n denotes a punctual evaluation of x obtained for some so-called outcome σ ∈ ιτ s I . Then, x ∈ P x , the e-polynotope related to x . Also, x ∈ Z x (resp. x ∈ B x ) means that x belongs to a zonotopic(resp. interval/box) hull of x .The state observation (or filtering) problem addressedin this section deals with discrete-time non-linear hybriddynamical systems modeled as: x + = f ( x, u, v ) , x ∈ P x , v ∈ P v , (19)0 = g ( x, u, v, y ) , (20)where the functions f ( . ) and g ( . ) result from the compo-sition of elementary functions and operators for whichinclusion preserving polynotope versions are available.In practice, this is not much restrictive since sum, lin-ear image, reduction, concatenation, product are avail-able (see § these elementary func-tions and operators with their inclusion preserving poly-notopic version, and by applying the same composition,inclusion functions with polynotopic inputs and outputs˜ f ( . ) and ˜ g ( . ) can be obtained for f ( . ) and g ( . ), respec-tively. In (19), the index + refers to the next time step k + 1 and the current time step k is omitted to sim-plify the notations, except for the initial state x at time k = 0. x ∈ R n x is assumed unknown but bounded bythe e-polynotope P x related to a known s-polynotope x . x ∈ R n x , u ∈ R n u , y ∈ R n y , v ∈ R n v respectivelystand for the states, the known (control) inputs, theknown measurements, the unknown but bounded un-certainties (state and measurement noises, disturbances,modeling errors, etc) at time k . v is assumed boundedby a known polynotope P v . Notice that u ∈ P u = { u } (singleton) for u = (cid:104) u, ∅ , ∅ , ∅(cid:105) s,τ . Similarly, y ∈ P y with y = (cid:104) y, ∅ , ∅ , ∅(cid:105) s,τ . The problem addressed is that of de-signing a one step-ahead prediction filter (or state ob-server) minimizing the trace tr( . ) of the (weighted) co-variation of a polynotope enclosing the predicted state.Filtering is mainly a data fusion process. So, how tomerge (vector) sources ? Weighting is a usual solution: z ∈ P z ∧ z ∈ P z ⇒ z = G z + G z ∈ P z with z = G z + G z . (21)Two noticeable ways to particularize (21) are: a ) Taking z = z under G + G = I gives (22) which To the benefit of code readability and maintainability. able 3PKF iteration: x + = PKF( x , u , v , y , ˜ f, ˜ g, Φ, q ):¯ x = ↓ q x , reduction (24) p = ˜ f (¯ x , u , v ) , prediction (25) e = ˜ g (¯ x , u , v , y ) , innovation (26) (cid:42) ˘ c, R p R e , ˘ I, ˘ E (cid:43) s,τ = pe , alignment (27) G = ( R p ΦR Te )( R e ΦR Te ) − , optimal gain (28) x + = p − G e . update (29) parameterizes enclosures of a polynotope intersectionthat could be used to design a state bounding observer: z ∈ ( P z ∩ P z ) ⇒ z ∈ P ( G z + G z ) . (22) z ∈ P z ∧ ∈ P z ⇒ z ∈ P ( z − G z ) . (23) b ) Taking z = 0 and G = I under G = − G gives (23)which parameterizes an update (or correction) of an ini-tial knowledge P z about z with some other dependingknowledge, P z , such as the one obtained through somemeasurements. (23) thus looks as a prototypical weight-ing underlying the structure of Kalman Filters. More-over, in our framework, the symbols possibly shared be-tween z and z play a key role in the modeling of depen-dencies. This makes it possible to tune/optimize G so asto maximize uncertainty cancellation when comput-ing z − G z . The general idea of Kalman Filters is in-deed to optimize the precision of a prediction p = z byusing a dependent yet complementary source, the inno-vation e = z , to update the prediction as p − G e (29).Then, the algorithm (24)-(29) implementing an itera-tion of the proposed Polynotopic Kalman Filter (PKF)follows as in Table 3 and theorem 43. Theorem 43 (PKF: inclusion and optimal gain)
Given a system modeled as in (19)-(20), the PKF itera-tion in (24)-(29) (Table 3) satisfies a ) and b ) : a ) x ∈ P x ∧ v ∈ P v ⇒ x + ∈ P x + , b ) Let G ∗ = arg min G tr(cov Φ ( x + )) . G ∗ is the optimalgain computed as in (28): G ∗ = ( R p ΦR Te )( R e ΦR Te ) − . PROOF. a ) : By construction, ˜ f ( . ) and ˜ g ( . ) are inclu-sion functions for f ( . ) and g ( . ). Since the reduction step(24) is inclusion preserving, the inclusion property a ) isa direct consequence of (23) with z = p and z = e . b ) : ∂ X h ( X ) denoting ∂h ( X ) /∂X , if h ( . ) returns scalarvalues and X = [ X ij ] is a matrix, then ∂ X h ( X ) = which is impossible with usual interval arithmetic, subjectto the so-called dependency problem. [ ∂ X ji h ( X )]. X , A , B , C being matrices of correct size, ∂ X tr( AX T B ) = A T B T , (30) ∂ X tr( AXBX T C ) = BX T CA + B T X T A T C T . (31)Let J ( G ) = tr(cov Φ ( x + )). In (27), ˘ c = [ c p ; c e ] and [ p ; e ]is such that p = c p + R p s ˘ E ˘ I and e = c e + R e s ˘ E ˘ I .From (29), x + = (cid:104) c p − Gc e , R p − GR e , ˘ I, ˘ E (cid:105) s,τ and J ( G ) = tr(( R p − GR e ) Φ ( R p − GR e ) T ) = tr( R p ΦR Tp ) − R p ΦR Te G T ) + tr( GR e ΦR Te G T ). Using (30) and(31), ∂ G J ( G ) = − R e ΦR Tp ) + 2( R e ΦR Te ) G T . G ∗ be-ing the value of G such that ∂ G J ( G ) = 0, it comes G ∗ R e ΦR Te = R p ΦR Te and G ∗ = ( R p ΦR Te )( R e ΦR Te ) − . Theorem 44 (PKF vs. ZKF)
Let consider the par-ticular case of linear functions f ( . ) and g ( . ) defined as: f ( x, u, v ) = Ax + Bu + Ev p , g ( x, u, v, y ) = Cx + Du + F v e − y ,where v = [ v p ; v e ] (state noise and measurementnoise), and A, B, C, D, E, F are (possibly time-varying)matrices with appropriate dimensions. Only symbolsof type (unit) interval are considered and Φ = I .Also, let ˜ f ( . ) = f ( . ) , ˜ g ( . ) = g ( . ) , x ∈ P x with x = (cid:104) c , R , I , I(cid:105) s,τ (then, P x = Z x is a zonotope), v ∈ P v with v = (cid:104) , I , I v , I(cid:105) s,τ (then, P v = Z v = B v isa unit hypercube). It is also assumed that I and all I v ’shave no common scalar elements/identifiers which areall unique (then, no symbol being shared between x andall the v ’s, this is in fact an independence assumption).Then, PKF computes the same centers c (punctual stateestimates) and generator/shape matrices R as ZKF in[13] would do, up to column permutations; all the com-puted polynotopes are also zonotopes, and the optimalgain G = AK corresponds to the usual Kalman gain K = ¯ P C T ( C ¯ P C T + F F T ) − with ¯ P = ¯ R ¯ R T . PROOF.
Polynotopes (and zonotopes) being closedunder linear transforms, taking ˜ f ( . ) = f ( . ) and˜ g ( . ) = g ( . ) suffices to preserve inclusion when (19)-(20) is a discrete-time LTV (or LTI) model. Moreover,all the polynotope exponent matrices equaling I , (s-)polynotope operations naturally reduce to (s-)zonotopeoperations, and the generator matrix computed by theconsidered reduction operator does not depend on thesymbolic description. The focus of the proof is firstplaced on the observer structure and, then, on the opti-mal gain. Observer structure:(24): ¯x = (cid:104) ¯ c, ¯ R, ¯ I, I(cid:105) s,τ = ↓ q x where ¯ c = c ,(25): p = A ¯ x + B u + E v p , with v p = [ I , v , The polynotope concatenation [ p ; e ] gives expressions of p and e such that the generators related to their commonmonomials (i.e. dependencies) become “aligned” in the samecolumns of the matrices R p and R e . This is the reason why(27) is called the alignment step. e = C ¯ x + D u + F v e − y , with v e = [0 , I ] v ,(29): x + = p − G e gives: x + = ( A ¯ x + B u + E v p ) + G ( y − ( C ¯ x + D u + F v e )),which corresponds to ((14)) i.e. the equation (14) in [13]where ( v, w ) stands for ( v p , v e ). Also, just for insight: x + = ( A − GC )¯ x + ( B − GD ) u + [ E, − GF ] v + G y .Keeping in mind that the sum of two generators with thesame monomial term (here: with the same symbol) isa classical vector sum, and an horizontal concatenationotherwise (see MLC in § c ∗ and genera-tor matrices R ∗ of the s-polynotopes (also s-zonotopessince E ∗ = I ) computed in (25), (26) and (29) are :(25): c p = A ¯ c + Bu ,(25): R p = [ A ¯ R, E ] since ¯ I ∩ I v p = ∅ ,(26): c e = C ¯ c + Du − y ,(26): R e = [ C ¯ R, F ] since ¯ I ∩ I v e = ∅ ,(29): c + = c p − Gc e = ( A − GC )¯ c + ( B − GD ) u + Gy ,(29): R + = R p − GR e = [( A − GC ) ¯ R, E, − GF ],since I v p ∩ I v e = ∅ , but note that PKF can take depen-dent state and measurement noises into account with v .Finally, it can be checked that c + and R + exactly coin-cide with ((15)) and ((16)), respectively, so proving thatPKF reduces to the same observer structure as ZKFunder the specific assumptions of theorem 44.Optimal gain: Let ¯ P = ¯ R ¯ R T (= cov Φ ( ¯x ), Φ = I ).Respectively substituting [ A ¯ R, E,
0] and [ C ¯ R, , F ]for R p and R e in (28) gives G = AK with K =¯ P C T ( C ¯ P C T + F F T ) − . Then, it can be checked thatthe optimal observer gain is the same as in ((21)) − ((22)). Remark 45 (PKF vs. KF)
Theorem 44 (PKF vs.ZKF) can be combined with Theorem 7 (ZKF vs. KF) in[13] to make a further bridge between set-membership andstochastic paradigms. In particular, this gives the condi-tions under which PKF covariations and KF covariancescoincide, as well as the punctual state estimates.
Based on modeling tools for nonlinear hybrid systemsdeveloped in the proposed framework, a compositionalimplementation of advanced reachability and filtering al-gorithms preserving inclusion is made possible by usingoperator overloading. This is exemplified with the Poly-notopic Kalman Filter (PKF) proposed in this section.
The first example illustrates some connection with basicdigital circuit design. The s-polynotopes (i.e. polynomials-functions) resulting from the multi-affine decomposi-tion of n bits binary adders only made of nand gates arecompared depending on the type of symbol(ic variable)sused: signed or boolean as explained in § Up to column permutations with no impact on the inter-pretation. Table 4Algorithm of functions building Half (H), Full 1 bit (F), andFull n bits (N) adder with nand gates ( ¬ x ↔ x (cid:90) x ). H : ( a, b ) (cid:55)→ ( s, c ) : Half-adder with 5 nand gates t ← a (cid:90) b , t ← a (cid:90) t , t ← t (cid:90) b , s ← t (cid:90) t , c ← t (cid:90) t . F : ( a, b, c in ) (cid:55)→ ( s, c out ) : Full 1 bit adder with carry( r, c ) ← H ( a, b ), ( s, c ) ← H ( r, c in ), c out ← ¬ c (cid:90) ¬ c . N : ( A, B, c ) (cid:55)→ ( S, c ) : Full n bits adder with carryfor i ← . . . n ( A ) , ( S ( i ) , c ) ← F ( A ( i ) , B ( i ) , c ).Table 5Number of distinct generators/monomials of s-polynotopesrepresenting the multi-affine decomposition of an n -bitsadder (as in table 4) with either signed or boolean symbol(icvariable)s. The computation time is given in seconds (s). n The binary adders architecture is described in Table 4where S ( i ) refers to the projection of the s-polynotope S along the i th dimension, i = 1 , . . . , n ( S ). For an n bits adder, A = s n and B = s ( n +1):2 n each refer toa vector of n (either signed or boolean) symbolic vari-ables representing the (unknown) bits encoding two in-teger operands. The e-zonotope (or e-polynotope) re-lated to A is the set of the 2 n possible input values i.e. {− , +1 } n (resp. { , } n ) in the signed (resp. boolean)case. Idem for B . These sets are never computed ex-plicitly: they only describe the set-valued interpretationof semi-symbolic calculi based on the ( c, R, I, E ) datastructure used to represent s-polynotope objects. Then,building the architecture of an n bits adder by comput-ing ( S, c ) = N ( A, B ) as in table 4 with s-polynotopeoverloaded operators results in the s-polynotopes S (sumresult) and c (output carry) of dimension n and 1, re-spectively. S ( i ) is a polynomial with scalar coefficientsgiving the expression of the i th bit of S as a function ofthe input bits/symbols in A , B and an input carry. Afull n -bits adder has 2 n + 1 (binary) inputs and n + 1(binary) outputs. The s-polynotope ˜ S = [ S ; c ] gather-ing the sum result and the output carry is thus givenby ˜ S = (cid:104) ˜ c, ˜ R, ˜ I, ˜ E (cid:105) s,τ with ˜ c ∈ R n +1 , ˜ R ∈ R ( n +1) × m ( n ) ,˜ I ∈ N n +1 , ˜ E ∈ N (2 n +1) × m ( n ) . The number of (dis-tinct) generators/monomials in ˜ S , including the cen-ter/constant term, is 1 + m ( n ). This number is reportedin Table 5 depending on the number n of bits of the adderand the symbol types: either signed or boolean. An un-expected yet interesting result is obtained: The numberof distinct monomials required to describe the full ar-chitecture of an n -bits adder is much smaller and morescalable using signed rather than boolean symbols.15 ig. 4. Reachability result obtained on the Van-Der-Pol os-cillator with continuous polynotopes (the plot results fromzonotopic enclosures Z x at each time step). This example of a full n -bits adder shows the ability of s-polynotopes to describe and manipulate purely discreteexpressions yielding non trivial relations and dependen-cies between inputs and outputs. Moreover, the polyno-mial representation benefits from useful simplificationsmade possible by dealing with typed symbols. In order to illustrate reachability on continuous domainsand compare the results with [32], a Van-Der-Pol oscil-lator taken from [28] is considered:˙ x = x , ˙ x = (1 − x ) x − x . The initial state set is P x = P [ x , ; x , ] = [[1 . , . . , . h = 0 .
005 are computed in 9 . s with continuous polyno-topes under Matlab running on a 1.8 GHz Core i5 pro-cessor with 8 Go RAM. The zonotopic enclosure Z x of the final polynotope (at t = 6 . s ) is the green set inFig. 4. At each iteration, the (polynotopic version of the)reduction operator ↓ q from [17] with q = 50 is used to: a ) reduce the square x , b ) reduce the product ( x ) x , c )reduce x . As expected, the reachability result shown inFig. 4 is close to the one obtained with sparse polynomialzonotopes (spz) in the Figure 3 of [32], where a compar-ison with other methods is conducted. Thus, continuouspolynotopes also outperform zonotopes and quadraticzonotopes on this example, which illustrates the interestin dealing with polynomial dependencies to propagatecontinuous domains within nonlinear dynamics. In order to illustrate reachability for dynamics definedwith switching functions like min (see § Fig. 5. Reachability result obtained with polynotopes (cyan)for the model of a 3-link traffic network representing a diverge junction. Comparison with the results reported in Figure 2 in[45]: methods C/GB (blue), SDMM-IA (magenta), MM andSDMM-S/F (red); Monte-Carlo simulations (black dots).
TIRA toolbox in [45], the model of a 3-link traffic net-work representing a diverge junction is considered:˙ x = − k ( x ) /T + p, ˙ x = k ( x ) / − min( c, vx ) , ˙ x = k ( x ) / − min( c, vx ) , where k ( x ) = min( c, vx , w (¯ x − x ) , w (¯ x − x )) . min( ., ., ., . ) is implemented as min(min( ., . ) , min( ., . )).The state x ∈ R is the vehicle density on each link. p ∈ [4 / ,
2] is the constant but uncertain vehicle in-flow to link 1. Notice that the constant nature ofthis uncertainty is naturally handled by the proposedsymbolic approach (no new symbol at each time for p ). As in [45], the known parameters of the networkare [ T, c, v, ¯ x, w ] = [30 , , . , , / P x = [[150 , , , h = 1 and finaltime t f = 30 is considered. The reduction x = ↓ q x is applied at each iteration with q = 20. No addi-tional information about Jacobian signs/bounds wasrequired to compute in 0 . s the polynotope P x t f re-ported in cyan in Fig. 5. For the sake of comparison,the results in the Figure 2 in [45] are also reportedin Fig. 5 : C/GB (Contraction/Growth Bound), MM(Mixed Monotonicity), SDMM-IA (Sampled Data MM-Interval arithmetic), SDMM-S/F(Sampled Data MM-Sampling/Falsification). P x t f looks competitive wrtto the best results obtained with TIRA (red box inFig.5). Moreover, the computed polynotope capturesthe orientation of the “black cloud of sample succes-sors” obtained from 5000 Monte-Carlo simulations andalso reported in Fig. 5. This illustrates the ability of theproposed scheme to maintain dependency links whilepropagating uncertainties through hybrid dynamicsmodeled with switching functions.16 .4 Reachability and Filtering: Lotka-Volterra A non-linear non-autonomous prey-predator model re-sulting from the discretization of a modified continuous-time Lotka-Volterra model illustrates a ) the computa-tion of reachable sets based on a mixed-encoding ( § b ) Polynotopic Kalman Fil-tering (PKF) as developed in section §
6. The modifiedcontinuous-time Lotka-Volterra model is ˙ x = f ( x, u )with x ∈ R , u ∈ R , ( a, b, c, d ) = (2 , . , , . f ( x, u ) = [ ax − bx x ; − cx + dx x + u ]. A mixed-encoding of the initial state set is first con-sidered and further propagated using mixed polynotopecomputations within the non-linear dynamics of the dis-cretized Lotka-Volterra model.More precisely, following the definition 21 and the corol-lary 22, a 3-level signed-interval mixed encoding of theinterval 15 ± x , and x , (i.e. x and x at t = kh = 0): x , = 15 + 1 .Z s ([!(3 , s ); !(1 , i )]) , (32) x , = 15 + 1 .Z s ([!(3 , s ); !(1 , i )]) , (33) P x = P [ x , ; x , ] = [[14 , , . (34)Each occurrence of !(3 , s ) (resp. !(1 , i )) calls USP (see § x , and x , are independent since they share no common sym-bol. Note that the symbol types are compatible with thedefinition 21 of Z gs . g refers to the granularity level ofthe mixed-encoding. g = 3 means that 3 signed symbolsare used to hierarchically decompose the range 15 ± = 8 sub-intervals. The coverage of the contin-uous domain 15 ± , i ). For instance, let I =[!(3 , s ); !(1 , i )] and x , = 15 + 1 .Z s ( I ) as in (32). Then, x , = (cid:104) , [ , , , ] , I, (cid:105) s,τ = s I + s I + s I + s I , where the 3 symbols s I are of type signed i.e. ιs I ∈ {− , +1 } and the symbol s I is of type (unit)interval i.e. ιs I ∈ [ − , +1], so that x , also writes as: x , = 12 |±| I + 14 |±| I + 18 |±| I + 18 (cid:3) I . (35) x , = 12 |±| J + 14 |±| J + 18 |±| J + 18 (cid:3) J . (36) x , is obtained analogously from J = [!(3 , s ); !(1 , i )]( I ∩ J = ∅ ) and x , = 15 + 1 .Z s ( I ) as in (33).The e-polynotope (or e-zonotope) related to the s-polynotope x , (or s-zonotope since E = I ) is thus P x , = Z x , = 15 ± x , and x , coming from I ∩ J = ∅ gives(34). The polynotope x = [ x , ; x , ] contains all the
14 15 16 x x k=0 x x k=1 x x k=2 x x k=3 x x k=4 x x k=5 Fig. 6. Reachable sets resulting from a 3-level signed-inter-val mixed encoding of the initial states of a Lotka-Volterramodel. The mixed polynotope computed at each time k char-acterizes (overlapping) outer approximations of the propa-gation of each of the 64 cells (red) paving the initial state set with no bissection . This also works with cell groups (green). information required to decompose the initial state set[[14 , , k = 0.Moreover, assigning values +1 or − without anybissection , only through the polynomial computationsimplementing the basic polynotope operators.For the sake of illustration, an Euler sampling of theLotka-Volterra model is considered: x + = x + f ( x, h ,where the time index k is omitted, x + stands for x k +1 ,and the step size is h = 0 . s . The reduction operator ↓ is applied at each iteration. The reachability analysisreported in Fig. 6 results from N = 5 iterations startingfrom the initial state (32)-(33) satisfying (34). Let [+ − +]be a short notation for [+1; −
1; +1] (also applying forother sign combinations). Let x | ( s I = v ) denote the s-polynotope obtained by substituting in x the expressionsin v for the symbolic variables in s I . Unless v dependson some symbols in s I , x | ( s I = v ) does not depend any-more on s I . The related e-polynotope (resp. e-zonotopicenclosure) is P x | ( s I = v ) (resp. Z x | ( s I = v )). Consid-ering the vectors of unique symbol identifiers I and J asin (35)-(36), the red (resp. green) cell at k = 0 in Fig. 6corresponds to P x | ( s I = [+ − +] , s J = [ − − +])(resp. P x | ( s I = [ − ] , s J = [+ − ])). Then, the single s-polynotope x k computed at each iteration k contains allthe information required to obtain the related subplot17 ig. 7. Sparse structure of the exponent matrix E of x at k = 5: 16 symbolic variables (interval: (cid:3) marks, signed: +marks), 50 monomials/generators, 90 non-zero elements. in Fig. 6. In particular, the red (resp. green) zonotopicsets are Z x k | ( s I = [+ − +] , s J = [ − − +]) (resp. Z x k | ( s I = [ − ] , s J = [+ − ])) for k = 1 , . . . ,
5. Thesezonotopic enclosures are guaranteed to enclose the set ofstates reached from the initial red cell (resp. green cells)by iterating the sampled non-linear dynamics. Moreover,the initial “implicit paving” gradually leads to possiblyoverlapping cells (see the blue borders in Fig. 6) sincethe complexity of the polynotope computed at each it-eration is reduced to a finite number (50) of generators.The sparse structure of the exponent matrix E of x at k = 5 is given in Fig. 7. The monomials involve 16 sym-bolic variables (10 of type unit interval: square marks,6 of type signed: + marks). There are 90 non-zeros el-ements. The maximum degree is 3. As expected fromthe propagation of the initial mixed-encoding of statesthrough a non-linear dynamic, several mixed monomi-als can be observed, that is, monomials involving bothcontinuous and discrete symbolic variables.This example of reachability with a mixed-encoding ofstate sets illustrates the ability of mixed polynotopes totrace the propagation of a significant number of hier-archically organized cells within non-trivial dynamics.Bissections have been avoided by dealing with polyno-mial dependencies between symbolic variables of differ-ent types combining continuous and discrete value do-mains. Moreover, the ability to explicitly characterizethe overlapping between cells forming a partition of theinitial state set paves the way for efficient symbolic ab-straction techniques. The Polynotopic Kalman Fiter (PKF) developed in sec-tion § x + = x + f ( x, u ) h + E ¯ v, (37) y = x + F ¯ w. (38)The prediction model (37) (resp. measurement equation(38)) correspond to (19) (resp. (20)) in the formulation ofPKF with v = [¯ v ; ¯ w ] and Φ = I . The step size is h = 0 . k ∈ { , . . . , N } ⊂ N with N = 750 iterations. Theinitial and final times are t = 0 and t f = N h = 30.The input is u = 2 for t ∈ [10 ,
20[ i.e. 250 ≤ k < u = 0 otherwise. E = 3 . − I , F = 1 .
5. The state
Table 6Computation times for 750 iterations of PKF in seconds (s).Cases: continuous ( g = 0) vs. mixed ( g = 2), and ↓ vs. ↓ . g = 0 g = 2 q = 50 3 . s . sq = 100 13 . s . s and measurement noises are assumed to be bounded as¯ v ∈ [ − , +1] and ¯ w ∈ [ − , +1] i.e. P v = [ − , +1] .The initial state set is assumed to be bounded by P x =[[5 , , ⊂ R . These bounds are obtained from: x , = 15 + 10 .Z gs ([!( g, s ); !(1 , i )]) , x , = 15 + 10 .Z gs ([!( g, s ); !(1 , i )]) , v = [ Z s (!(1 , i )); Z s (!(1 , i )); Z gs ([!( g, s ); !(1 , i )])] , where g stands for the granularity level of a mixed en-coding of the initial states and the measurement noiseat each sample time k . Two cases are considered: i ) g = 0 corresponds to a purely continuous case (solidlines in Fig. 8) with only symbols of type unit interval. ii ) g = 2 corresponds to a mixed case (dashed lines inFig. 8) involving symbols of different types (signed andinterval) in mixed polynotope computations.At each iteration of PKF, the reduction operator ↓ q with q = 50 or q = 100 is used to: a ) implement the reductionof x as in (24), b ) reduce the product x x in f ( x , u ); thisis the only (inclusion preserving) difference between f (19) and ˜ f (25) in this example. Notice also that g (20)equals ˜ g (26) since the measurement/innovation equa-tion (38) is linear. The simulation of the “true” systemis obtained from x = [22; 8] using Heun’s method. Con-sistently with (38), only the first state x ∈ R is mea-sured at each sample time k , and the main purpose ofPKF is to estimate state bounds B x for the state x ∈ R while minimizing the (predicted) polynotope covariationtrace. The computation times with a Matlab implemen-tation are reported in Table 6: The mixed encoding doesnot increase very significantly the computation time inspite of the number of discrete configurations, contraryto the number of generators. The simulation results re-ported in Fig. 8 show a significant improvement of ac-curacy compared to EZGKF in a purely bounded-errorsetting with q = 200 generators as in [14]. In particu-lar, PKF shows an enhanced ability to reconstruct x from noisy measurements of x . Mixed encoding tendsto give results with increased accuracy, especially for x ,provided the number of generators is sufficient. Mean-while, the maximum degree of computed polytopes isdecreased from 6 (resp. 7) in the continuous case g = 0with q = 50 (resp. q = 100) to only 4 in both mixed casesi.e. g = 2 with q = 50 or 100. This is consistent withthe reduced size of remainder intervals for g = 2 and theinfluence of rewriting rules, in particular the inclusionneutral rule (11). This illustrates the ability of PKF toefficiently deal with nonlinear and mixed dynamics.18 t=kh -505101520253035 x t=kh -10-5051015202530 x Fig. 8. Estimated state bounds vs. “true” values (red) of x (top) and x (bottom) with the Lotka-Volterra model: PKFwith continuous (solid lines) or mixed (dashed lines) poly-notopes, and ↓ (magenta) or ↓ as reduction operator.Comparison with EZGKF in a bounded-error setting (grey). A framework for functional sets with typed symbols isintroduced in this work. An explicit distinction betweensyntax and semantics helps formalize the managementof dependencies, characterize sources of conservatismand analyze the impact of evaluation strategies (innerfirst vs. outer first/lazy/call-by-need). Image-sets withtyped symbols generalize several set-representationslike zonotopes and polynomial zonotopes to mixed do-mains, as exemplified with mixed polynotopes. Thecombination of polynomial functions with interval,signed and boolean symbolic variables through simplerewriting rules makes it possible to gather in a singlecompact and efficient data structure the description ofnon-convex and non-connected sets which would usu-ally require costly bissection/splitting strategies to bepropagated. The mixed-encoding of intervals proposedin this context allows to tune the granularity level of thediscrete part of the description and, meanwhile, controlthe combinatorial complexity through the use of reduc- tion operators. In addition, the traceability of uniquelyidentified typed symbols paves the way for advancedmixed sensitivity analysis and symbolic abstractiontechniques. The reachability results show the relevanceof the proposed framework to deal with the verificationand synthesis of Cyber-Physical Systems (CPS). Basedon modeling tools for nonlinear hybrid systems, a com-positional implementation of advanced reachability andfiltering algorithms is made possible by simply usingoperator overloading. This has been exemplified withthe proposed Polynotopic Kalman Filter (PKF) whichpaves the way to advanced hybrid nonlinear filter-ing techniques preserving inclusion. Moreover, severalbridges with random variables and stochastic filteringhave been outlined as well as bridges with functionalprogramming and object oriented paradigms, robust(and interpretable?) artificial intelligence [48,22] withthe neural network activation function ReLU, sensitivityanalysis, and symbolic abstractions of hybrid systems.Much remains to be done to exploit these connections.
Acknowledgements
The author would like to thank Prof. Ali Zolghadri formany insightful discussions during this research workand for his careful reading of the manuscript.
References [1] Teodoro Alamo, Jos´e M. Bravo, and Camacho Eduardo F.Guaranteed state estimation by zonotopes.
Automatica ,41:1035–1043, 2005.[2] Amr Alanwar, Hazem Said, and Matthias Althoff. Distributedsecure state estimation using diffusion kalman filters andreachability analysis. In . IEEE, dec 2019.[3] Matthias Althoff. Reachability analysis of nonlinear systemsusing conservative polynomialization and non-convex sets. InCalin Belta and Franjo Ivancic, editors,
Proceedings of the16th international conference on Hybrid systems: computationand control, HSCC 2013, April 8-11, 2013, Philadelphia, PA,USA , pages 173–182. ACM, 2013.[4] Matthias Althoff and Bruce H. Krogh. Zonotope bundles forthe efficient computation of reachable sets. In
Proceedingsof the 50th IEEE Conference on Decision and Control andEuropean Control Conference, CDC-ECC 2011, Orlando, FL,USA, December 12-15, 2011 , pages 6814–6821. IEEE, 2011.[5] Matthias Althoff and Bruce H. Krogh. Reachability analysis ofnonlinear differential-algebraic systems.
IEEE Trans. Autom.Control. , 59(2):371–383, 2014.[6] Martin Berz and Kyoko Makino. Rigorous reachabilityanalysis and domain decomposition of taylor models. InAlessandro Abate and Sylvie Boldo, editors,
NumericalSoftware Verification - 10th International Workshop, NSV2017, Heidelberg, Germany, July 22-23, 2017, Proceedings[collocated with CAV 2017] , volume 10381 of
Lecture Notes inComputer Science , pages 90–97. Springer, 2017.[7] Dines Bjørner and Klaus Havelund. 40 years of formalmethods. In
Lecture Notes in Computer Science , pages 42–61.Springer International Publishing, 2014.
8] Jos´e Manuel Bravo, Antonio Su´arez, Manuel Vasallo, andTeodoro Alamo. Slide window bounded-error time-varyingsystems identification.
IEEE Trans. Autom. Control. ,61(8):2282–2287, 2016.[9] Christophe Combastel. A state bounding observer based onzonotopes.
European Control Conference, ECC 2003 , pages2589–2594, 2003.[10] Christophe Combastel. A state bounding observer foruncertain non-linear continuous-time systems based onzonotopes.
Proceedings of the 44th IEEE Conference onDecision and Control, and the European Control Conference,CDC-ECC ’05 , 2005:7228–7234, 2005.[11] Christophe Combastel. Stable interval observers in Cfor linear systems with time-varying input bounds.
IEEETransactions on Automatic Control , 58(2):481–487, 2013.[12] Christophe Combastel. Merging Kalman filtering andzonotopic state bounding for robust fault detection under noisyenvironment.
IFAC-PapersOnLine , 28(21):289–295, 2015.[13] Christophe Combastel. Zonotopes and Kalman observers:Gain optimality under distinct uncertainty paradigms androbust convergence.
Automatica , 55:265–273, may 2015.[14] Christophe Combastel. An extended zonotopic andgaussian kalman filter (EZGKF) merging set-membership andstochastic paradigms: Toward non-linear filtering and faultdetection.
Annual Reviews in Control , 42:232–243, 2016.[15] Christophe Combastel and Sid-Ahmed Raka. On computingenvelopes for discrete-time linear systems with affineparametric uncertainties and bounded inputs.
IFACProceedings Volumes (IFAC-PapersOnline) , 44:4525–4533,2011.[16] Christophe Combastel, Qinghua Zhang, and Sid-AhmedRaka. On using distorted sensors for set-based multi-scaleactuator fault diagnosis.
IFAC Proceedings Volumes (IFAC-PapersOnline) , 44:12015–12023, 2011.[17] Christophe Combastel and Ali Zolghadri. A distributedKalman filter with symbolic zonotopes and unique symbolsprovider for robust state estimation in CPS.
InternationalJournal of Control , (0):1–17, 2019.[18] Thach Ngoc Dinh, Fr´ed´eric Mazenc, Zhenhua Wang, andTarek Ra¨ıssi. On fixed-time interval estimation of discrete-time nonlinear time-varying systems with disturbances. In , pages 2605–2610. IEEE, 2020.[19] Nicolas Ellero, David Gucik-Derigny, and David Henry. Anunknown input interval observer for LPV systems under l2-gain and l ∞ -gain criteria. Automatica , 103:294–301, 2019.[20] Mirko Fiacchini, Teodoro Alamo, and Eduardo F. Camacho.On the computation of convex robust control invariant sets fornonlinear systems.
Automatica , 46(8):1334–1338, aug 2010.[21] Luiz Henrique De Figueiredo and Jorge Stolfi. Affinearithmetic: Concepts and applications.
Numerical Algorithms ,37(1-4):147–158, 2004.[22] Timon Gehr, Matthew Mirman, Dana Drachsler-Cohen,Petar Tsankov, Swarat Chaudhuri, and Martin Vechev. AI2:Safety and robustness certification of neural networks withabstract interpretation. In . IEEE, may 2018.[23] Antoine Girard. Reachability of uncertain linear systemsusing zonotope. In
Hybrid Systems: Computation and Control ,volume 3414 of
LNCS , pages 291–305. Springer, 2005.[24] Eric Goubault and Sylvie Putot. A zonotopic framework forfunctional abstractions.
Formal Methods in System Design ,47(3):302–360, 2015. [25] Eric Goubault and Sylvie Putot. Robust under-approximations and application to reachability of non-linearcontrol systems with disturbances.
IEEE Control. Syst. Lett. ,4(4):928–933, 2020.[26] Branko Grnbaum.
Convex Polytopes . Springer New York,New York, 2003.[27] J. Roger Hindley and Jonathan P. Seldin.
Lambda-Calculusand Combinators, an Introduction . Cambridge UniversityPress, 2008.[28] Fabian Immler, Matthias Althoff, Xin Chen, Chuchu Fan,Goran Frehse, Niklas Kochdumper, Yangge Li, Sayan Mitra,Mahendra Singh Tomar, and Majid Zamani. ARCH-COMP18 category report: Continuous and hybrid systemswith nonlinear dynamics. In Goran Frehse, MatthiasAlthoff, Sergiy Bogomolov, and Taylor T. Johnson, editors,
ARCH18. 5th International Workshop on Applied Verificationof Continuous and Hybrid Systems, ARCH@ADHS 2018,Oxford, UK, July 13, 2018 , volume 54 of
EPiC Series inComputing , pages 53–70. EasyChair, 2018.[29] Luc Jaulin, Michel Kieffer, Olivier Didrit, and Eric Walter.
Applied interval analysis . Springer, 2001.[30] Rudolf E. Kalman. A new approach to linear filtering andprediction problems.
Transactions of the ASME - Journal ofBasic Engineering , 82:35–45, 1960.[31] Niklas Kochdumper and Matthias Althoff. Representationof polytopes as polynomial zonotopes. arXiv:1910.07271 .[32] Niklas Kochdumper and Matthias Althoff. Sparse polynomialzonotopes: A novel set representation for reachability analysis. arXiv:1901.01780 , 2019.[33] Niklas Kochdumper and Matthias Althoff. Constrainedpolynomial zonotopes. arXiv:2005.08849 , 2020.[34] Dirk P. Kroese, Tim Brereton, Thomas Taimre, andZdravko I. Botev. Why the monte carlo method is so importanttoday.
Wiley Interdisciplinary Reviews: ComputationalStatistics , 6(6):386–392, jun 2014.[35] Wolfgang K¨uhn. Rigorously computed orbits of dynamicalsystems without the wrapping effect.
Computing , 61:pp. 47–67, 1998.[36] Alex Kurzhanskiy and Pravin Varaiya. Ellipsoidal techniquesfor reachability analysis of discrete-time linear systems.
IEEETrans. on Automatic Control , 52(1):26–38, 2007.[37] Vu Tuan HieuLe, Cristina Stoica, Teodoro Alamo, Eduardo F. Camacho,and Didier Dumur. Zonotopic guaranteed state estimation foruncertain systems.
Automatica , 49:3418–3424, 2013.[38] Colas Le Guernic and Antoine Girard. Reachability analysisof linear systems using support functions.
Nonlinear Analysis:Hybrid Systems , 4(2):250–262, 2010.[39] Youdong Lin and Mark A. Stadtherr. Validated solutionsof initial value problems for parametric odes.
Appl. Numer.Math. , 57:1145–1162, 2007.[40] Rudolf J. Lohner.
Perspectives on enclosure methods , chapterOn the ubiquity of the wrapping effect in the computation oferror bounds, pages 201–216. Springer, Berlin, 2001.[41] Moussa Ma¨ıga, Nacim Ramdani, Louise Trav´e-Massuy`es,and Christophe Combastel. A comprehensive method forreachability analysis of uncertain nonlinear hybrid systems.
IEEE Trans. Autom. Control. , 61(9):2341–2356, 2016.[42] Kyoko Makino and Martin Berz. Rigorous integration offlows and odes using taylor models. In Hiroshi Kai, HiroshiSekigawa, Tateaki Sasaki, Kiyoshi Shirayanagi, and Ilias S.Kotsireas, editors,
Symbolic Numeric Computation, SNC ’09,Kyoto, Japan - August 03 - 05, 2009 , pages 79–84. ACM, 2009.
43] D. G. Maksarov and J. P. Norton. Computationallyefficient algorithms for state estimation with ellipsoidalapproximations.
International Journal of Adaptive Controland Signal Processing , 16(6):411–434, 2002.[44] Fr´ed´eric Mazenc and Olivier Bernard. Interval observers forlinear time-invariant systems with disturbances.
Automatica ,47(1):140–147, 2011.[45] Pierre-Jean Meyer, Alex Devonport, and Murat Arcak. TIRA: Toolbox for interval reachability analysis. In
Proc. of the22nd ACM Int. Conf. on Hybrid Systems: Computation andControl . ACM, apr 2019.[46] Thomas Le Mezo, Luc Jaulin, and Benoit Zerr. An intervalapproach to compute invariant sets.
IEEE Transactions onAutomatic Control , 62(8):4236–4242, aug 2017.[47] Mario Milanese and Carlo Novara. Set membershipidentification of nonlinear systems.
Automatica , 40:957–975,2004.[48] Matthew Mirman, Timon Gehr, and Martin T. Vechev.Differentiable abstract interpretation for provably robustneural networks. In Jennifer G. Dy and Andreas Krause,editors,
Proc. of the 35th Int. Conf. on Machine Learning,ICML 2018, Stockholm, Sweden, July 10-15, 2018 , volume 80of
Proceedings of Machine Learning Research , pages 3575–3583. PMLR, 2018.[49] Ian M. Mitchell. The flexible, extensible and efficient toolboxof level set methods.
J. Sci. Comput. , 35(2-3):300–329, 2008.[50] Marcelo Moisan, Olivier Bernard, and Jean-Luc Gouz´e. Nearoptimal interval observers bundle for uncertain bioreactors.
Automatica , 45(1):291–295, 2009.[51] Ramon E. Moore.
Interval analysis . Prentice-Hall,Englewood Cliffs, N.J., 1966.[52] Nedialko S. Nedialkov, Ken R. Jackson, and George F.Corliss. Validated solutions of initial value problems forordinary differential equations.
Applied Mathematics andComputation , 105(1):21–68, 1999.[53] Luis Orihuela, Pablo Milln, Samira Roshany-Yamchi, andRamn A. Garca. Negotiated distributed estimation withguaranteed performance for bandwidth-limited situations.
Automatica , 87:94–102, 2018.[54] Luis Orihuela, Samira Roshany-Yamchi, Ramn A. Garca,and Pablo Milln. Distributed set-membership observers forinterconnected multi-rate systems.
Automatica , 85:221–226,2017.[55] Masoud Pourasghar, Christophe Combastel, Vicen Puig, andCarlos Ocampo-Martinez. FD-ZKF: A zonotopic Kalmanfilter optimizing fault detection rather than state estimation.
Journal of Process Control , 73:89–102, 2019.[56] Luc Pronzato. Optimal experimental design and some relatedcontrol problems.
Automatica , 44(2):303–325, feb 2008.[57] Vicen¸c Puig, Jordi Saludes, and Joseba Quevedo. Worst-casesimulation of discrete linear time-invariant interval dynamicsystems.
Reliable Computing , 9(4):251–290, 2003.[58] Djahid Rabehi, Nacim Meslem, and Nacim Ramdani. Secureinterval observer for linear continuous-time systems withdiscrete measurements subject to cyber-attacks. In , pages 336–341. IEEE,2019.[59] Tarek Ra¨ıssi, Denis Efimov, and Ali Zolghadri. Interval stateestimation for a class of nonlinear systems.
IEEE Trans. onAutomatic Control , 57(1):260–265, 2012. [60] Tarek Ra¨ıssi and Denis V. Efimov. Some recent results on thedesign and implementation of interval observers for uncertainsystems.
Automatica , 66(3):213–224, 2018.[61] Nacim Ramdani, Nacim Meslem, and Yves Candau. A hybridbounding method for computing an over-approximation forthe reachable set of uncertain nonlinear systems.
IEEE Trans.Autom. Control. , 54(10):2352–2364, 2009.[62] Wolfgang Rautenberg.
A concise introduction tomathematical logic . Springer New York, 2010.[63] Raul Rojas. A tutorial introduction to the lambda calculus. arXiv:1503.09060 , 2015.[64] Damiano Rotondo, Andrea Cristofaro, Tor Arne Johansen,Fatiha Nejjari, and Vicen¸c Puig. State estimation anddecoupling of unknown inputs in uncertain LPV systems usinginterval observers.
Int. J. Control , 91(8):1944–1961, 2018.[65] Siegfried M. Rumpand Masahide Kashiwagi. Implementation and improvementsof affine arithmetic.
Nonlinear Theory and Its Applications,IEICE , 6(3):341–359, 2015.[66] Fred C. Schweppe. Recursive state estimation: unknown butbounded errors and system inputs.
IEEE Trans. on AutomaticControl , 13(1):22–28, 1968.[67] Dana S. Scott. Lambda calculus then and now. In
ACMTuring Centenary Celebration on - ACM-TURING 2012 .ACM Press, 2012.[68] Joseph K. Scott and Paul I. Barton. Bounds on the reachablesets of nonlinear control systems.
Automatica , 49(1):93–100,2013.[69] Joseph K. Scott, Davide M. Raimondo, Giuseppe RobertoMarseglia, and Richard D. Braatz. Constrained zonotopes:A new tool for set-based estimation and fault detection.
Automatica , 69:126–136, jul 2016.[70] Fran¸cois-R´egis Sinot. Complete laziness: A natural semantics.
Electronic Notes in Theoretical Computer Science , 204:129–145, apr 2008.[71] Rihab El Houda Thabet, Tarek Ra¨ıssi, ChristopheCombastel, Denis Efimov, and Ali Zolghadri. An effectivemethod to interval observer design for time-varying systems.
Automatica , 50(10):2677–2684, 2014.[72] Ye Wang, Sorin Olaru, Giorgio Valmorbida, Vicen¸c Puig,and Gabriela Cembra˜no. Set-invariance characterizations ofdiscrete-time descriptor systems with application to activemode detection.
Automatica , 107:255–263, 2019.[73] Feng Xu, Vicen¸c Puig, Carlos Ocampo-Martinez, SorinOlaru, and Florin Stoican. Set-theoretic methods in robustdetection and isolation of sensor faults.
Int. J. Syst. Sci. ,46(13):2317–2334, 2015.[74] G¨unter M. Ziegler.
Lectures on Polytopes . Graduate Textsin Mathematics. Springer-Verlag, New York, NY, 1995.. Graduate Textsin Mathematics. Springer-Verlag, New York, NY, 1995.