Safe Control Synthesis Using Environmentally Robust Control Barrier Functions

Vahid Hamdipoor¹, Nader Meskin¹, and Christos G. Cassandras² ¹Vahid Hamdipoor and Nader Meskin are with the department of Electrical Engineering, Qatar University, Doha, Qatar [email protected].²Christos G. Cassandras is with the Division of Systems Engineering and Center for Information and Systems Engineering, Boston University, Brookline, MA, 02446, USA [email protected].This work was supported in part by NSF under grants ECCS-1931600, DMS-1664644, CNS-1645681, CNS-2149511, by AFOSR under grant FA9550-19-1-0158, by ARPA-E under grant DE-AR0001282, by the MathWorks, by the Red Hat-Boston University Collaboratory, and by NPRP grant (12S-0228-190177) from the Qatar National Research Fund, a member of the Qatar Foundation (the statements made herein are solely the responsibility of the authors).

Abstract

In this paper, we study a safe control design for dynamical systems in the presence of uncertainty in a dynamical environment. The worst-case error approach is considered to formulate robust Control Barrier Functions (CBFs) in an optimization-based control synthesis framework. It is first shown that environmentally robust CBF formulations result in second-order cone programs (SOCPs). Then, a novel scheme is presented to formulate robust CBFs which takes the nominally safe control as its desired control input in optimization-based control design and then tries to minimally modify it whenever the robust CBF constraint is violated. This proposed scheme leads to quadratic programs (QPs) which can be easily solved. Finally, the effectiveness of the proposed approach is demonstrated on an adaptive cruise control example.

I INTRODUCTION

Control Barrier Functions (CBFs) have emerged as a powerful means for guaranteeing control system safety in the form of set invariance [1]. CBFs are often used with Control Lyapunov Functions (CLFs) to simultaneously ensure stability and safety of the system along with state and input constraints [2]. This approach has been successfully implemented in numerous applications such as mobile robots [3], robotic manipulators [4], robotic swarms [5], aerial vehicles, racing drones [6], and spacecraft docking [7]. CBFs have also been extensively used in the realm of the autonomous vehicles to generate a safe control input in problems such as cruise control, on-ramp merging [1, 8], signal free intersections [9], and the lane change [10], to name a few.

One of the challenges in designing a control input using CBFs is that controllers rely on models or measurements that are assumed to be perfect and free of uncertainty. However, models or measurements are usually uncertain or imperfect and this can result in an unsafe behaviour if not accounted for properly. This problem has been mainly addressed through the development of robust CBFs. However, there exist different perspectives in considering robustness in safety-critical control using CBFs. Generally, the proposed approaches in the literature consider either input disturbances [11, 12, 13, 14, 15, 16, 17, 18, 19], dynamic model mismatch [20, 21], or measurement errors [22, 23, 24, 25, 26]. While the aforementioned works study robustness of CBF-based controllers, they do not take into account that the environment is dynamically changing and only consider a quasi-static environment. A good example of “environment” is the “other agents” in a multi-agent system with which the ego-agent is interacting, e.g., in the cruise control problem [1] the lead vehicle can be considered as the environment.

There exist limited works that consider the effect of a dynamic environment in the design of a safe control input via CBFs [27, 28, 29, 30, 31]. In [27, 28], the effect of a dynamic environment is considered through the notion of time-varying CBFs in which the time-derivative of the CBF is also added to the CBF constraint. Even though the authors in [27, 28, 29] have taken a dynamic environment into consideration, they do not study robustness and assume that perfect information on the environment is available. In [30], safe navigation in unknown environments is studied, where on-board range sensing is utilized to construct CBFs online. In the recent work [31], the notion of Environmental Control Barrier Functions (ECBFs) has been introduced and robust ECBFs against errors in the environment, in particular a time-delay, are investigated. In this paper, inspired by [31], we study the notion of Environmentally Robust Control Barrier Function (ER-CBFs). Similar to [31], worst-case error-based ER-CBFs are considered, however, unlike [31] ( $i$ ) the Lipschitz constant is not used to define the worst-case error in an ER-CBF constraint and ( $ii$ ) it is not assumed that the dynamics of the environment are known. Moreover, the original quadratic program (QP) for the control synthesis is converted to a second-order cone program (SOCP). Finally, we propose our main robust control scheme, by exploiting the closed-form solution of the original QP.

In summary, the contributions of this paper are as follows. An ER-CBF is introduced based on errors in the nominal CBF resulting from errors in a dynamically changing environment. This ER-CBF contains the norm control input (which is the optimization decision variable) and leads to the formulation of a control synthesis problem as a SOCP. Secondly, the nominally safe input obtained from a nominal CBF is considered as the desired input for the SOCP and a new ER-CBF is introduced which does not depend on the norm of the control input, hence the control synthesis problem leads to solving a QP. Then, the explicit solution to this QP is obtained. Finally, the effectiveness of the presented results is demonstrated in an adaptive cruise control example.

The rest of the paper is organized as follows. Preliminaries on CBFs and CLFs are reviewed in Section \Romannum2. The problem formulation is discussed in Section \Romannum3. Main results are presented in Section \Romannum4. An adaptive cruise control example is visited in Section \Romannum5. Numerical simulations on the cruise control example are presented in Section \Romannum6. Finally, concluding remarks are provided in the last section.

II Preliminaries

Consider a nonlinear control affine system

\dot{x}=f(x)+g(x)u,

(1)

where $x\in\mathcal{X}\subset\mathbb{R}^{n}$ , $u\in\mathbb{R}^{m}$ are state and control input, respectively, and $f:\mathbb{R}^{n}\rightarrow\mathbb{R}^{n}$ and $g:\mathbb{R}^{n}\rightarrow\mathbb{R}^{n\times m}$ are locally Lipschitz continuous functions. To establish exponential stability of system (1) without having to define an explicit feedback controller, the notion of a Control Lyapunov Function (CLF) is introduced.

Definition 1.

(Control Lyapunov Function (CLF) [32]) A continuously differentiable function $V:\mathbb{R}^{n}\rightarrow\mathbb{R}$ is called a Control Lyapunov Function (CLF) for system (1) if there exist positive constants ${c}_{1}$ , ${c}_{2}$ , and ${c}_{3}$ such that for $\forall x\in\mathcal{X}$ ,

{c}_{1}\|x\|^{2}\leq V(x)\leq{c}_{2}\|x\|^{2},

(2)

\inf_{u}[L_{f}V(x)+L_{g}V(x)u+{c}_{3}V(x)]\leq 0,

(3)

where $L_{f}V(x)\triangleq\nabla_{x}V(x)f(x)$ and $L_{g}V(x)\triangleq\nabla_{x}V(x)g(x)$ are Lie derivatives of $V(x)$ along the vector fields $f$ and $g$ , respectively.

Given a stabilizing CLF $V(x)$ as in Definition 3, any Lipschitz continuous controller $u(t)\in\mathbb{R}^{m}$ that satisfies (3), $\forall t\geq 0$ exponentially stabilizes system (1) to the origin.

For the safe operation of system (1), a safe set $\mathcal{C}\subset\mathcal{X}\subset\mathbb{R}^{n}$ is defined as a superlevel set of a differentiable function $h:\mathbb{R}^{n}\times[0,+\infty)\rightarrow\mathbb{R}$ , i.e.

\mathcal{C}=\{x\in\mathbb{R}^{n}:h(x,t)\geq 0\}.

(4)

To ensure that system (1) remains in the safety set $\mathcal{C}$ , the notion of Control Barrier Function (CBF) can be defined as follows, in a similar manner as the concept of CLF:

Definition 2.

(Control Barrier Function (CBF) [28]) Given the set $\mathcal{C}$ defined in (4), a continuously differentiable function $h:\mathbb{R}^{n}\times[0,+\infty)\rightarrow\mathbb{R}$ is called as a control barrier function (CBF) for system (1), if there exists an extended class $\mathcal{K}_{\infty}$ function¹¹1An extended class $\mathcal{K}_{\infty}$ function is a function $\alpha:\mathbb{R}\rightarrow\mathbb{R}$ that is strictly increasing and $\alpha(0)=0$ . $\alpha$ for all $x\in\mathcal{X}$ such that

\sup_{u}[\frac{\partial h(x,t)}{\partial t}+L_{f}h(x,t)+L_{g}h(x,t)u+\alpha(h(x,t))]\geq 0

(5)

where $L_{f}h(x,t)\triangleq\nabla_{x}h(x,t)f(x)$ and $L_{g}h(x,t)\triangleq\nabla_{x}h(x,t)g(x)$ are Lie derivatives of $h(x,t)$ along the vector fields $f$ and $g$ , respectively.

Notice that CBFs used in this paper are time-varying functions. When $h(x,t)$ is time-invariant, it is denoted as $h(x)$ and the condition (5) is simplified [32] as follows:

\sup_{u}[L_{f}h(x)+L_{g}h(x)u+\alpha(h(x))]\geq 0.

(6)

In this study, a particular choice of extended class $\mathcal{K}_{\infty}$ function having the form of $\alpha(h(x,t))=\nu h(x,t)$ is considered where $\nu\geq 0$ is a CBF design parameter which controls the system behaviours near the boundary of $h(x,t)=0$ . Safety of a set for a specific dynamical system is often stated in terms of the forward invariance property of that set with respect to the dynamical system:

Definition 3.

A set $\mathcal{C}\subset\mathbb{R}^{n}$ is forward invariant for system (1) if its solution starting at $x(0)\in\mathcal{C}$ satisfies $x(t)\in\mathcal{C}$ , $\forall t\geq 0$ .

Definition 4.

System (1) is safe with respect to set $\mathcal{C}$ defined in (4), if the set $\mathcal{C}$ is forward invariant.

Theorem 1 ([32]).

Given a CBF $h(x,t)$ as in Definition (5) with the associated set $\mathcal{C}$ , any Lipschitz continuous controller $u(t)$ that satisfies (5), $\forall t\geq 0$ renders $\mathcal{C}$ forward invariant for system (1).

The advantage of CLF and CBF formulations is that they allow the unification of control objectives (represented by CLFs) that are regulated to yield trajectories within desired sets (as enforced by CBFs). Given a CLF $V(x)$ and a CBF $h(x,t)$ , they can be combined into a single controller by using a sequence of Quadratic Programs (QPs).

III Problem Statement

Most of the works to date on designing robust CBFs that account for uncertainty consider a quasi-static environment for which it is assumed that a perfect knowledge of the environment is available. Unlike previous studies, in this paper, similar to [31], we consider a robust safety-critical control problem with regard to existing uncertainty in the state of the dynamic environment. If $x_{s}\in\mathbb{R}^{p}$ represents the state of the dynamic environment, we redefine the safety set $\mathcal{C}$ and the time-varying CBF $h(x,x_{s})$ as

\mathcal{C}_{s}=\{x\in\mathbb{R}^{n},x_{s}\in\mathbb{R}^{p}:h(x,x_{s})\geq 0\},

(7)

and $h:\mathbb{R}^{n}\times\mathbb{R}^{p}\rightarrow\mathbb{R}$ . Consider $x_{s}=\hat{x}_{s}+e_{s}$ and $\dot{x}_{s}=\dot{\hat{x}}_{s}+\dot{e}_{s}$ where $\hat{x}_{s}$ denotes the measured state of the environment and $e_{s}$ corresponds to the uncertainty in the measured state. We assume that $e_{s}$ and $\dot{e}_{s}$ are bounded, i.e., $||e_{s}||<\mathcal{E}_{s}$ and $||\dot{e}_{s}||<\dot{\mathcal{E}}_{s}$ . Our goal is to design a feedback controller $u(x,\hat{x}_{s})$ for a given system (1), such that the trajectories of the closed-loop system remain inside the safety set defined in (7). Note that since the dependence of $h$ on time comes only through $x_{s}(t)$ , we wil henceforth write $h(x,x_{s})$ instead of $h(x,t)$ and drop $t$ from $x_{s}(t)$ in order to ease notation. Next, an Environmentally Robust CBF (ER-CBF) is defined.

Definition 5.

A function $h(x,x_{s})$ is an Environmentally Robust Control Barrier Function (ER-CBF) for system (1) if there exists an extended class $\mathcal{K}$ function $\alpha$ such that for all $x\in\mathcal{X}$ and $\hat{x}_{s}\in\mathcal{X}_{s}$

	$\displaystyle\sup_{u}$	$\displaystyle[\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u$		(8)
		$\displaystyle+\alpha(h(x,\hat{x}_{s}))+\Delta(x,x_{s},\hat{x}_{s},u)]\geq 0,$

where $\Delta(x,x_{s},\hat{x}_{s},u)\in\mathbb{R}$ is the residual term which appears due to the difference between $x_{s}$ and $\hat{x}_{s}$ , and $L_{f}h(x,\hat{x}_{s})\triangleq\nabla_{x}h(x,\hat{x}_{s})f(x)$ and $L_{g}h(x,\hat{x}_{s})\triangleq\nabla_{x}h(x,\hat{x}_{s})g(x)$ .

Problem 1 (Safety under worst-case uncertainty in environment).

Given a surrounding dynamical system estimate $\hat{x}_{s}$ with the error bounds of $||e_{s}||<\mathcal{E}_{s}$ and $||\dot{e}_{s}||<\dot{\mathcal{E}}_{s}$ , design a feedback controller $u$ for system (1) such that the set $\mathcal{C}_{s}$ is rendered forward invariant for system (1) for all $x\in\mathcal{X}$ and $x_{s}\in\mathcal{X}_{s}$ .

Problem 2 (Robust safety of nominally safe controller).

Given a surrounding dynamical system estimate $\hat{x}_{s}$ with the error bounds of $||e_{s}||<\mathcal{E}_{s}$ and $||\dot{e}_{s}||<\dot{\mathcal{E}}_{s}$ and a nominal safe control $u$ for system (1) which satisfies (5), design a robust feedback control $u_{\text{rob}}$ by minimally modifying $u$ , such that the set $\mathcal{C}_{s}$ is rendered forward invariant for system (1) for all $x\in\mathcal{X}$ and $x_{s}\in\mathcal{X}_{s}$ .

Problem 1 seeks to find a robust safe control input based on a given desired control and error in the state of the environment, while Problem 2 only tries to robustify a given nominal safe control with respect to error in the surrounding environment. In the next section, we present our main results regarding the problems described in this section.

IV Results

First, the CBF error is quantified due to estimating the state of the surrounding dynamical system, its gradient, and its time-derivative. Let

	$\displaystyle e_{h}(x,x_{s},\hat{x}_{s})$	$\displaystyle\triangleq h(x,x_{s})-h(x,\hat{x}_{s}),$
	$\displaystyle e_{\nabla h}(x,x_{s},\hat{x}_{s})$	$\displaystyle\triangleq\nabla h(x,x_{s})-\nabla h(x,\hat{x}_{s}),$
	$\displaystyle e_{\frac{\partial h}{\partial t}}(x,x_{s},\hat{x}_{s})$	$\displaystyle\triangleq\frac{\partial h(x,x_{s})}{\partial t}-\frac{\partial h(x,\hat{x}_{s})}{\partial t}.$

Since $e_{s}$ and $\dot{e}_{s}$ are bounded, it follows that $e_{h}$ , $e_{\nabla h}$ , and $e_{\frac{\partial h}{\partial t}}$ are bounded as well. In this study, it is intended to design a control input for (1) based on the worst-case bounds of $e_{h}$ , $e_{\nabla h}$ , and $e_{\frac{\partial h}{\partial t}}$ and the worst-case uncertainties for the above errors are considered as follows:

$\displaystyle e_{h}^{*}(x,x_{s},\hat{x}_{s})$	$\displaystyle=\min_{\|\|e_{s}\|\|<\mathcal{E}_{s},\|\|\dot{e}_{s}\|\|<\dot{\mathcal{E}}_{s}}e_{h}(x,x_{s},\hat{x}_{s}),$
$\displaystyle e_{\nabla h}^{*}(x,x_{s},\hat{x}_{s})$	$\displaystyle=\max_{\|\|e_{s}\|\|<\mathcal{E}_{s},\|\|\dot{e}_{s}\|\|<\dot{\mathcal{E}}_{s}}\\|e_{\nabla h}(x,x_{s},\hat{x}_{s})\\|,$	(9)
$\displaystyle e_{\frac{\partial h}{\partial t}}^{*}(x,x_{s},\hat{x}_{s})$	$\displaystyle=\min_{\|\|e_{s}\|\|<\mathcal{E}_{s},\|\|\dot{e}_{s}\|\|<\dot{\mathcal{E}}_{s}}e_{\frac{\partial h}{\partial t}}(x,x_{s},\hat{x}_{s}).$

where it should be noted that $e_{h}^{*}$ and $e_{\frac{\partial h}{\partial t}}^{*}$ is obtained by minimizing, while $e_{\nabla h}^{*}$ is obtained by maximization. The reason for this is that (as shown in the next result) $e_{h}^{*}$ and $e_{\frac{\partial h}{\partial t}}^{*}$ appear as additive error terms in the residual term of the ER-CBF constraint, while $e_{\nabla h}^{*}$ appears as a multiplicative error term. From now on, in order to ease notation, the arguments $(x,x_{s},\hat{x}_{s})$ are omitted from $e_{h}^{*}$ , $e_{\nabla h}^{*}$ and $e_{\frac{\partial h}{\partial t}}^{*}$ . The next theorem provides a solution for Problem 1 and presents a sufficient condition in which an ER-CBF preserves system (1) forward invariance in the presence of bounded uncertainties in the state of the surrounding dynamical environment.

Theorem 2.

If $h(x,x_{s})$ is an ER-CBF for system (1) with the residual term

\Delta(x,x_{s},\hat{x}_{s},u)=e_{\frac{\partial h}{\partial t}}^{*}+\alpha(e_{h}^{*})-e_{\nabla h}^{*}||f(x)+g(x)u||,

(10)

where $e_{h}^{*}$ , $e_{\nabla h}^{*}$ , and $e_{\frac{\partial h}{\partial t}}^{*}$ are defined in (IV), then any Lipschitz continuous controller $u$ that satisfies (8) will render system (1) forward invariant with respect to $\mathcal{C}_{s}$ .

Proof.

According to Theorem 1, if there exists a control input $u\in\mathbb{R}^{m}$ such that

\frac{\partial h(x,x_{s})}{\partial t}+\nabla_{x}h(x,x_{s})(f(x)+g(x)u)+\alpha(h(x,x_{s}))\geq 0,

(11)

then, the set $\mathcal{C}_{s}$ is forward invaraint. By rewriting $h(x,x_{s})=h(x,\hat{x}_{s})+e_{h}(x,x_{s},\hat{x}_{s})$ , $\nabla_{x}h(x,x_{s})=\nabla_{x}h(x,\hat{x}_{s})+e_{\nabla h}(x,x_{s},\hat{x}_{s})$ , and $\frac{\partial h(x,x_{s})}{\partial t}=\frac{\partial h(x,\hat{x}_{s})}{\partial t}+e_{\frac{\partial h}{\partial t}}(x,x_{s},\hat{x}_{s})$ in (11), it is needed that a lower bound of the left-hand side expression which is still positive in the presence of the worst-case error in the state of the surrounding dynamical system, i.e.,

		$\displaystyle\min_{\|\|e_{s}\|\|<\mathcal{E}_{s},\|\|\dot{e}_{s}\|\|<\dot{\mathcal{E}}_{s}}[\frac{\partial h(x,\hat{x}_{s})}{\partial t}+e_{\frac{\partial h}{\partial t}}(x,x_{s},\hat{x}_{s})+$		(12)
		$\displaystyle\nabla_{x}h(x,\hat{x}_{s})(f(x)+g(x)u)+e_{\nabla h}(x,x_{s},\hat{x}_{s})(f(x)+g(x)u)$
		$\displaystyle+\alpha(h(x,\hat{x}_{s})+e_{h}(x,x_{s},\hat{x}_{s}))]\geq 0.$

Recalling that we consider $\alpha(h(x,t))=\nu h(x,t)$ , the extended class $\mathcal{K}$ function $\alpha$ can be selected such that $\alpha(h(x,\hat{x}_{s})+e_{h}(x,x_{s},\hat{x}_{s}))=\alpha(h(x,\hat{x}_{s}))+\alpha(e_{h}(x,x_{s},\hat{x}_{s}))$ . Moreover, due to the Cauchy-Shwarz inequality, $-\|e_{\nabla h}(x,x_{s},\hat{x}_{s})\|\|f(x)+g(x)u\|\leq e_{\nabla h}(x,x_{s},\hat{x}_{s})(f(x)+g(x)u)$ . By minimizing each term individually in (12), it follows that

	$\displaystyle\frac{\partial h(x,\hat{x}_{s})}{\partial t}+\nabla_{x}h(x,\hat{x}_{s})(f(x)+g(x)u)+\alpha(h(x,\hat{x}_{s}))$
	$\displaystyle\underbrace{-e_{\nabla h}^{}\\|f(x)+g(x)u\\|+e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{*})}_{\Delta(x,x_{s},\hat{x}_{s},u)}\geq 0,$

which, based on Definition 5, implies that $h(x,x_{s})$ is an ER-CBF for system (1). ∎

To obtain the safe input $u$ with respect to a desired control input $u_{\text{des}}$ , the following optimization problem is required to be solved at each time step to determine a value $u$ kept constant over this time step:

u^{*}=\textrm{arg}\min_{u}\quad\frac{1}{2}\|u-u_{\text{des}}\|^{2}

	s.t.	$\displaystyle\qquad\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u\,+$		(13)
		$\displaystyle\alpha(h(x,\hat{x}_{s}))-e_{\nabla h}^{}\\|f(x)+g(x)u\\|+e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{*})\geq 0$

Since the optimization variable $u$ appears in $\|f(x)+g(x)u\|$ above, this problem is no longer a QP. By writing $\frac{1}{2}\|u-u_{\text{des}}\|^{2}=\frac{1}{2}(u-u_{\text{des}})^{T}(u-u_{\text{des}})=\frac{1}{2}\|u\|^{2}+u_{\text{des}}^{T}u+\frac{1}{2}\|u_{\text{des}}\|^{2}$ and removing the term $\frac{1}{2}\|u_{\text{des}}\|^{2}$ from the objective function as it is a constant, a slack variable $q$ can be used to restate the optimization problem as follows:

	$\displaystyle[u^{},q^{}]^{T}$	$\displaystyle=\textrm{arg}\min_{u,q}\quad q-u_{\text{des}}^{T}u$
		$\displaystyle\textrm{s.t.}\quad(\ref{eq:QP2}),\,\frac{1}{2}\\|u\\|^{2}\leq q,$

with the decision variables $u$ and $q\geq 0$ . This problem is a second-order cone program (SOCP). The second constraint above can be written as a rotated second-order cone condition [33], which leads to the following SOCP:

	$\displaystyle[u^{},q^{}]^{T}$	$\displaystyle=\textrm{arg}\min_{u,q}\quad q-u_{\text{des}}^{T}u$
		$\displaystyle\textrm{s.t.}\quad(\ref{eq:QP2}),\,\left\\|\left[\begin{matrix}\sqrt{2}u\\ q-1\end{matrix}\right]\right\\|\leq q+1.$

The difficulty with SOCPs is that, unlike QPs, SOCPs tend to be infeasible very easily [34] and, therefore, sometimes another slack variable is added to the constraint (13) to ensure the feasibility of the SOCP [22], which can deteriorate the safe input. Another problem with SOCPs, as reported in [20], is that the computation time to solve them is higher than that of QPs, which can affect the real-time control synthesis as well. In [16], it is assumed that the control input $u$ is not overly restrictive, thus permitting sufficient control authority to preserve safety in the presence of uncertainty.

To circumvent solving a SOCP for ER-CBFs at each time step, we propose a novel ER-CBF which is based on computing the control input using the nominal CBF and modifying it whenever the ER-CBF constraint in (13) is violated. In this way, the control input produced by the nominal CBF is considered as the desired input and it is modified minimally so as to robustly guarantee safety. First, we denote the control input $u$ in the optimization problem with nominal CBFs and ER-CBFs as $u_{\text{nom}}$ and $u_{\text{rob}}$ , respectively. To begin with, we present the closed-form solution for the nominal safe input framed as the following QP (solved at each time step):

$\displaystyle u_{\text{nom}}^{*}$	$\displaystyle=\textrm{arg}\min_{u_{\text{nom}}}\quad\\|u_{\text{nom}}-u_{\text{des}}\\|^{2}$	(CBF-QP)
s.t.	$\displaystyle\frac{\partial h(x,x_{s})}{\partial t}+L_{f}h(x,x_{s})$
	$\displaystyle+L_{g}h(x,x_{s})u_{\text{nom}}+\alpha(h(x,x_{s}))\geq 0$

For this QP, the closed-form solution can be obtained using the following Lemma.

Lemma 1.

([35], [36]) Consider $h(x,x_{s})$ as a CBF for system (1) with $L_{g}h(x,x_{s})\neq 0$ . The explicit solution to (CBF-QP) is given by $u_{\text{nom}}^{\ast}=u_{\text{des}}+u_{s}$ where

u_{s}=\begin{cases}-\frac{L_{g}h(x,x_{s})^{T}}{\|L_{g}h(x,x_{s})\|^{2}}\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})\quad\textrm{if}\\ \qquad\qquad\qquad\qquad\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})<0,\\ 0\qquad\textrm{if}\qquad\qquad\quad\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})\geq 0\end{cases}

with $\Phi_{\text{nom}}(x,x_{s},u)=\frac{\partial h(x,x_{s})}{\partial t}+L_{f}h(x,x_{s})+L_{g}h(x,x_{s})u+\alpha(h(x,x_{s}))$ .

Our method to synthesize the control input using ER-CBFs is inspired by Lemma 1, where we intend to use $u_{\text{nom}}^{\ast}$ as the desired input and find an extra control effort such that the resulting input ensures robustness in the presence of environmental errors. First, let

	$\displaystyle\Phi_{\text{rob}}(x,\hat{x}_{s},u)=\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u\,+$
	$\displaystyle\alpha(h(x,\hat{x}_{s}))-e_{\nabla h}^{}\\|f(x)+g(x)u\\|+e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{*}).$

Then, in order to design an environmentally safe controller with ER-CBFs, one needs to consider the following SOCP:

	$\displaystyle u_{\text{rob}}^{*}=\textrm{arg}\min_{u_{\text{rob}}}\quad\\|u_{\text{rob}}-u_{\text{des}}\\|^{2}$		(ER-CBF-SOCP)
	$\displaystyle\textrm{s.t.}\quad\Phi_{\text{rob}}(x,\hat{x}_{s},u_{\textrm{rob}})\,\geq 0$

Since $u^{*}_{\text{nom}}$ which is the solution of (CBF-QP), will be taken as the desired input for (ER-CBF-SOCP), from now on, the desired input for (ER-CBF-SOCP) is denoted by $u^{(s)}_{\text{des}}$ to distinguish it with $u_{\text{des}}$ in (CBF-QP). Let us define $u_{\delta}\triangleq u_{\text{rob}}^{*}-u_{\text{nom}}^{*}$ as the amount of change in the control input $u_{\text{nom}}^{*}$ such that robustness to the environmental uncertainties is guaranteed. Next, based on Lemma 1, an upper bound on $u_{\delta}$ is obtained. Note that $u_{s}$ in Lemma 1 for the case where $u\in\mathbb{R}$ reduces to

u_{s}=\begin{cases}-\frac{\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})}{L_{g}h(x,x_{s})}\>&\textrm{if}\quad\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})<0,\\ 0\qquad&\textrm{if}\quad\Phi_{\text{nom}}(x,x_{s},u_{\text{des}})\geq 0.\end{cases}

Theorem 3.

Consider $u^{*}_{\text{nom}}$ to be the solution to (CBF-QP) for system (1) with $u\in\mathbb{R}$ and let it be the desired control input for (ER-CBF-SOCP), i.e., $u^{(s)}_{\text{des}}=u^{*}_{\text{nom}}$ . Define $u_{\delta}\triangleq u_{\text{rob}}^{*}-u_{\text{nom}}^{*}$ , with $u_{\text{rob}}^{*}$ being the solution for (ER-CBF-SOCP), and let $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ be obtained from (IV) at $\|e_{s}\|=\mathcal{E}_{s}$ and $\|\dot{e}_{s}\|=\dot{\mathcal{E}}_{s}$ . Assuming that $L_{g}h(x,\hat{x}_{s})\neq e^{*}_{\nabla}\|g(x)\|$ , then

\displaystyle|u_{\delta}|\leq\max\left\{\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})+e^{*}_{\nabla h}\|g(x)\|}\right|,\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})-e^{*}_{\nabla h}\|g(x)\|}\right|\right\}.

Proof.

Since $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ are obtained at $\|e_{s}\|=\mathcal{E}_{s}$ and $\|\dot{e}_{s}\|=\dot{\mathcal{E}}_{s}$ , there exits $\delta h\in\mathbb{R}$ such that for ER-CBF $h(x,x_{s})$ in (ER-CBF-SOCP), it follows:

	$\displaystyle\frac{\partial(h(x,\hat{x}_{s})+\delta h)}{\partial t}+L_{f}\left(h(x,\hat{x}_{s}\right)+\delta h)+L_{g}(h(x,\hat{x}_{s})$
	$\displaystyle+\delta h)u+\alpha(h(x,\hat{x}_{s})+\delta h)=\Phi_{\text{rob}}(x,\hat{x}_{s},u).$		(14)

Then, by considering the left-hand side of (14) and using Lemma 1 with $u^{(s)}_{\text{des}}=u_{\text{nom}}^{*}$ and noticing the fact that $u\in\mathbb{R}$ , it follows that:

\begin{cases}u_{\text{rob}}^{*}=u_{\text{nom}}^{*}\>&\textrm{if}\>\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})\geq 0\\ u_{\text{rob}}^{*}=u_{\text{nom}}^{*}-\frac{\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}(h(x,\hat{x}_{s})+\delta h)}\>&\textrm{if}\>\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})<0\end{cases}

(15)

Thus, for the case $\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})\geq 0$ , $u_{\delta}$ is zero, and for the case where $\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})<0$ , it follows:

u_{\delta}=-\frac{\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}(h(x,\hat{x}_{s})+\delta h)}=-\frac{\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})+L_{g}\delta h}.

(16)

Note that $L_{g}\delta h=\nabla_{x}\delta hg(x)$ . Although, the exact value for $L_{g}\delta h$ is not known, recall that $\|\nabla_{x}\delta h\|=e_{\nabla}^{*}$ in Theorem 2. Since $u\in\mathbb{R}$ , it also follows that $L_{g}h(x,\hat{x}_{s})\in\mathbb{R}$ and $L_{g}\delta h\in\mathbb{R}$ . Therefore,

|L_{g}\delta h|=|\nabla_{x}\delta hg(x)|=e_{\nabla}^{*}\|g(x)\|.

(17)

By replacing possible values of $L_{g}\delta h$ in (16), i.e., $L_{g}\delta h=\pm e_{\nabla}^{*}\|g(x)\|$ , it follows that:

\displaystyle|u_{\delta}|\leq\max\left\{\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})+e^{*}_{\nabla h}\|g(x)\|}\right|,\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})-e^{*}_{\nabla h}\|g(x)\|}\right|\right\}.

∎

Remark 1.

If the lower bound considered for (12) in the proof of Theorem 2 is tight, we can always find such $\delta h$ in (14). In other words, if $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ which are obtained by minimizing each term individually in (12), have a common optimizer, such $\delta h$ can always be found. That is the reason it is assumed in Theorem 3 that $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ are obtained at $\|e_{s}\|=\mathcal{E}_{s}$ and $\|\dot{e}_{s}\|=\dot{\mathcal{E}}_{s}$ . Note that this is not a strong assumption and $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ most of the time are obtained in extreme situations.

Theorem 3 finds an upper bound on the size of the necessary modification in the nominal safe input to meet the robustness condition. Using the results of Theorem 3, a new constraint is established for the ER-CBF which is no longer dependent on the norm of the control input, hence the control design problem can be formulated as a QP rather than a SOCP.

Theorem 4.

Let $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ be defined as in (IV). If $h(x,x_{s})$ is an ER-CBF for system (1) with $u\in\mathbb{R}$ and the residual term $\Delta(x,x_{s},\hat{x}_{s},u)=e_{\frac{\partial h}{\partial t}}^{*}+\alpha(e_{h}^{*})-e_{\nabla h}^{*}(||f(x)+g(x)u_{\text{nom}}||+\|g(x)\|\bar{u}_{\delta})$ , where $u_{\text{nom}}^{*}$ is the nominal safe input obtained by solving (CBF-QP) and

\displaystyle\bar{u}_{\delta}\triangleq\max\left\{\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})+e^{*}_{\nabla h}\|g(x)\|}\right|,\left|\frac{-\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})-e^{*}_{\nabla h}\|g(x)\|}\right|\right\},

then any Lipschitz continuous controller $u$ that satisfies (8) will render system (1) forward invariant with respect to $\mathcal{C}_{s}$ .

Proof.

According to Theorem 2, if $\Delta(x,x_{s},\hat{x}_{s},u)=e_{\frac{\partial h}{\partial t}}^{*}+\alpha(e_{h}^{*})-e_{\nabla h}^{*}(||f(x)+g(x)u||)$ , then any Lipschitz continuous controller $u\in\mathbb{R}$ that satisfies (8) will render system (1) forward invariant with respect to $\mathcal{C}_{s}$ . Next, we want to get rid of $u$ in this residual term by exploiting the result of Theorem 3. Considering $u^{*}_{\text{rob}}=u_{\text{nom}}^{\ast}+u_{\delta}$ , it follows that:

	$\displaystyle e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})-e_{\nabla h}^{*}(\|\|f(x)+g(x)(u_{\text{nom}}^{\ast}+u_{\delta})\|\|)\geq$
	$\displaystyle e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})-e_{\nabla h}^{*}(\|\|f(x)+g(x)u_{\text{nom}}^{\ast}\\|+\|u_{\delta}\|\\|g(x)\\|).$

Due to Theorem 3, $|u_{\delta}|\leq\bar{u}_{\delta}=\max\{|-\frac{\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})+e^{*}_{\nabla h}\|g\|}|,|-\frac{\Phi_{\text{rob}}(x,\hat{x}_{s},u^{*}_{\text{nom}})}{L_{g}h(x,\hat{x}_{s})-e^{*}_{\nabla h}\|g\|}|\}$ , thus,

	$\displaystyle e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})-e_{\nabla h}^{*}(\|\|f(x)+g(x)u_{\text{nom}}^{\ast}\\|+\|u_{\delta}\|\\|g(x)\\|)\geq$
	$\displaystyle e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})-e_{\nabla h}^{*}(\|\|f(x)+g(x)u_{\text{nom}}^{\ast}\\|+\bar{u}_{\delta}\\|g(x)\\|).$

This completes the proof. ∎

Notice that the residual term in Theorem 4, unlike the one in Theorem 2, does not depend on the control input, which is the decision variable in the optimization-based control design. In fact, in the residual term of Theorem 4, we have $u_{\text{nom}}^{*}$ and $\bar{u}_{\delta}$ which are not decision variables and hence they are available before solving the optimization problem. Hence, one can utilize a QP to compute the control input instead of a SOCP. Thus, to design an environmentally safe controller with ER-CBFs, the following QP is considered:

	$\displaystyle u_{\text{rob}}^{}=\textrm{arg}\min_{u_{\text{rob}}}\quad\\|u_{\text{rob}}-u_{\text{nom}}^{}\\|^{2}$		(ER-CBF-QP)
	$\displaystyle\textrm{s.t.}\quad\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u_{\text{rob}}$
	$\displaystyle+\alpha(h(x,\hat{x}_{s}))-e_{\nabla h}^{*}(\\|f(x)+g(x)u_{\text{nom}}^{\ast}\\|+\bar{u}_{\delta}\\|g(x)\\|)$
	$\displaystyle+e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})\geq 0.$

In the sequel, the closed-form solution of (ER-CBF-QP) tackling Problem 2 is presented.

Theorem 5.

Consider $h(x,x_{s})$ as an ER-CBF for system (1) with $u\in\mathbb{R}$ and $L_{g}h(x,\hat{x}_{s})\neq 0$ . The solution to (ER-CBF-QP) is given by $u_{\text{rob}}^{\ast}=u_{\text{nom}}^{\ast}+u_{\hat{\delta}}$ where

u_{\hat{\delta}}=\begin{cases}0&\textrm{if}\quad\widehat{\Phi}_{\text{rob}}(x,x_{s},u_{\text{nom}}^{*})\geq 0\\ -\frac{\widehat{\Phi}_{\text{rob}}(x,\hat{x}_{s},u_{\text{nom}}^{*})}{L_{g}h(x,\hat{x}_{s})}\quad&\textrm{if}\quad\widehat{\Phi}_{\text{rob}}(x,x_{s},u_{\text{nom}}^{*})<0\end{cases}

(18)

with $\widehat{\Phi}_{\text{rob}}(x,\hat{x}_{s},u)=\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u+\alpha(h(x,\hat{x}_{s}))-e_{\nabla h}^{*}(\|f(x)+g(x)u_{\text{nom}}^{\ast}\|+\bar{u}_{\delta}\|g(x)\|)+e_{\frac{\partial h}{\partial t}}^{*}+\alpha(e_{h}^{*})$ .

Proof.

Notice that in (ER-CBF-QP) both objective function and constraint are convex and continuously differentiable with respect to $u_{\text{rob}}$ . Hence, one can apply KKT (Karush–Kuhn–Tucker) conditions to provide necessary and sufficient conditions for optimality [37]. The rest of the proof is similar to the proof of Lemma 1. ∎

Remark 2.

Note that (ER-CBF-SOCP) presents our solution for Problem 1, and (ER-CBF-QP) presents our solution for Problem 2. In (ER-CBF-SOCP) the optimization constraint ( $\Phi_{\text{rob}}(x,\hat{x}_{s},u)$ ) is imposing safety and environmental robustness simultaneously, so it can be considered as a robust safe filter that modifies the nominal (and possibly unsafe) control input $u_{des}$ . On the other hand, in (ER-CBF-QP) the optimization constraint ( $\widehat{\Phi}_{\text{rob}}(x,\hat{x}_{s},u)$ ) is only imposing robustness to the nominally safe control input, so it can be regarded as robustness filter of nominally safe input $u^{*}_{nom}$ . In addition to that, computing the control input via (ER-CBF-QP) is faster and less prone to infeasiblity than (ER-CBF-SOCP)²²2In MATLAB, the interior point method (which has a polynomial time complexity) is utilized to solve both QP and SOCP (though with different algorithms). However, computing QP i.e. (ER-CBF-SOCP) is more time-consuming than computing SOCP, i.e., (ER-CBF-SOCP). This is also has been observed in [20].. Furthermore, (ER-CBF-QP) (as we shall see in Figures 3 and 4) is slightly more conservative than (ER-CBF-SOCP). Moreover, it should be noted that, (ER-CBF-SOCP) is applicable to the cases where $u\in\mathbb{R}^{m}$ , while (ER-CBF-QP) is only used for $u\in\mathbb{R}$ .

V Adaptive cruise control example

Refer to caption — Figure 1: Adaptive cruise control example for mixed traffic where ego vehicle is AV following the lead vehicle which is an HDV.

In this section, the proposed robust safe controller is applied to the adaptive cruise control problem where the lead vehicle is a human-driven vehicle (HDV) and the ego vehicle (see Figure 1) which we intend to design control actions for, is an Automated Vehicle (AV). The following longitudinal dynamics is considered for AVs:

	$\displaystyle\dot{p}$	$\displaystyle=v,$		(19)
	$\displaystyle\dot{v}$	$\displaystyle=\frac{u}{m}-\frac{F_{r}(v)}{m},$		(19)

where $p$ , $v$ , and $u$ denote the position, the velocity and the control input for the AV, respectively. The mass of the AV is denoted by $m$ and $F_{r}(v)$ is the rolling force which is approximated as

F_{r}(v)=c_{0}+c_{1}v+c_{2}v^{2},

(20)

with the constants $c_{0}$ , $c_{1}$ , and $c_{2}$ that can be determined empirically. Equation (19) can be written in a state-space form as

\dot{x}=\underbrace{\begin{bmatrix}v\\ -\frac{1}{m}F_{r}\end{bmatrix}}_{f(x)}+\underbrace{\begin{bmatrix}0\\ \frac{1}{m}\end{bmatrix}}_{g(x)}u.

(21)

where $x=[p,v]^{\textmd{T}}$ represents the state of the AV. It is assumed that the dynamics of the HDV (the lead vehicle) are unknown and only some uncertain measurements of its state are available. Let the state of the HDV be given by $p_{s}$ and $v_{s}$ , denoting the HDV’s position and velocity, respectively. To ensure the rear-end safety between AV and HDV, the following constraint should be imposed:

p_{s}-p\geq T_{h}v,

(22)

where $T_{h}$ is a look ahead (reaction) time. To enforce this constraint in the synthesis of the control input of the AV, the following CBF is considered:

h(x,x_{s})=p_{s}-p-T_{h}v-\frac{1}{2}\frac{(v_{s}-v)^{2}}{c_{d}g},

(23)

with $x_{s}=[p_{s},v_{s}]^{\textmd{T}}$ , and ${c_{d}g}$ is the maximum deceleration with $g$ and $c_{d}$ being the gravity acceleration and deceleration factor, respectively. It is assumed that, instead of the exact value of $x_{s}$ , an estimate of it, $\hat{x}_{s}$ , is available to the AV through its onboard sensors or a road-side coordinator. Therefore, it follows that $p_{s}=\hat{p}_{s}+e_{p}$ , $v_{s}=\hat{v}_{s}+e_{v}$ and $\dot{v}_{s}=\dot{\hat{v}}_{s}+e_{\dot{v}}$ . Then, by assuming known uncertainty bounds between $x_{h}$ and $\hat{x}_{s}$ , it follows that

|p_{s}-\hat{p}_{s}|\leq\mathcal{E}_{p},\>|v_{s}-\hat{v}_{s}|\leq\mathcal{E}_{v},\>|\dot{v}_{s}-\dot{\hat{v}}_{s}|\leq\mathcal{E}_{\dot{v}}.

(24)

Knowing the worst-case bounds on the errors of state of HDV, we need to quantify the error in the designed CBF (23), its gradient, and its time-derivative as follows:

	$\displaystyle\qquad e_{h}(x,x_{s},\hat{x}_{s})$	$\displaystyle=h(x,x_{s})-h(x,\hat{x}_{s})$
		$\displaystyle=e_{p}+\frac{2e_{v}(\hat{v}_{s}-v)+e_{v}^{2}}{2c_{d}g},$
	$\displaystyle\qquad\quad e_{\nabla h}(x,x_{s},\hat{x}_{s})$	$\displaystyle=\\|\nabla h(x,x_{s})-\nabla h(x,\hat{x}_{s})\\|$
		$\displaystyle=\\|[0,\frac{e_{v}}{c_{d}g}]^{T}\\|=\|\frac{e_{v}}{c_{d}g}\|,$
	$\displaystyle\qquad e_{\frac{\partial h}{\partial t}}(x,x_{s},\hat{x}_{s})$	$\displaystyle=\frac{\partial h(x,x_{s})}{\partial t}-\frac{\partial h(x,\hat{x}_{s})}{\partial t}$
		$\displaystyle=v_{s}-\frac{\dot{v}_{s}(v_{s}-v)}{c_{d}g}-\hat{v}_{s}+\frac{\hat{\dot{v}}_{s}(\hat{v}_{s}-v)}{c_{d}g}$
		$\displaystyle=e_{v}-\frac{\dot{v}_{s}e_{v}+e_{\dot{v}}(\hat{v}_{s}-v)+e_{v}e_{\dot{v}}}{c_{d}g}.$

Now $e_{\frac{\partial h}{\partial t}}^{*}$ , $e_{h}^{*}$ , and $e_{\nabla h}^{*}$ can be obtained via (IV). They will be utilized to synthesize the environmentally safe control input for the adaptive cruise control. To compute the desired control input to achieve the control objective, the following CLF is defined:

V(x)=(v-v_{d})^{2},

where $v_{d}$ is the desired velocity on the road. To apply maximum and minimum permissible velocity on the road ( $v_{\max}$ and $v_{\min}$ ), the following CBFs are defined.

	$\displaystyle h_{2}(x)$	$\displaystyle=v_{\max}-v,$
	$\displaystyle h_{3}(x)$	$\displaystyle=v-v_{\min}.$

Note that these CBFs only depend on the state of the AV, thus, they will not be used as ER-CBF constraints while implementing them in a QP or SOCP and are considered as a regular CBF constraint. In the next section, the control input is designed for this example using (CBF-QP), (ER-CBF-SOCP) and (ER-CBF-QP) and the obtained results are compared.

VI Simulation Results

To demonstrate the efficacy of the proposed methods, several simulations are carried out in MATLAB on the adaptive cruise control example presented in the previous section. MATLAB QUADPROG and CONEPROG commands are used for solving QPs and SOCPs and ODE45 is used for integrating AV dynamics. To generate the HDV’s motion, the so-called linear free-flow model is used [38]:

\dot{v}_{s}(t)=\lambda[v^{(d)}(t)-v_{s}(t-\tau)]+\epsilon(t),

(25)

where $v^{(d)}$ is the desired road velocity, $\tau$ is the HDV driver’s reaction time, $\lambda$ is a constant, and $\epsilon$ is a zero-mean Gaussian noise with the variance of $\sigma$ . For the simulations the parameters presented in Table I are for the vehicle dynamics for AV and HDV, and $g=9.81\,\textrm{m/s}^{2}$ , $c_{d}=0.3$ . To solve the QP and SOCP, CLF and CBF rates are selected equal as $\gamma=\nu=5$ . In addition, the maximum and minimum admissible road speed are considered as $v_{\max}=120\textrm{km/h}$ and $v_{\min}=60\textrm{km/h}$ .

AV		HDV
Parameter	Value	Parameter	Value
$m$	1650 kg	$\lambda$	0.309
$c_{0}$	0.1 N	$\sigma$	1.13
$c_{1}$	5 Ns/m	$v^{(d)}$	100 km/h
$c_{2}$	0.25 $\textrm{Ns}^{2}\textrm{/m}$	$\tau$	0

Table I: Vehicles parameters used in the simulations.

To begin the simulation, it is assumed that initial distance between the ego and lead vehicles is $\Delta p=80\textrm{m}$ and $v=v_{s}=27.8\,\textrm{m/s}=100\,\textrm{km/s}$ . Moreover, the worst-case errors for HDV state are considered as $\mathcal{E}_{p}=1\textrm{m}$ , $\mathcal{E}_{v}=1\,\textrm{m/s}$ and $\mathcal{E}_{\dot{v}}=0$ . In Figure 2, the uncertainty bound for CBF defined in (23) is shown using (CBF-QP), (ER-CBF-SOCP) and (ER-CBF-QP). It can be observed from the figure that in the case of CBF-QP (the top plot with red color), even though the nominal CBF remains non-negative, the uncertainty bound crosses the $x$ -axis and the CBF becomes negative; this is clearly not a safe behavior and the forward invariance property is no longer guaranteed. On the other hand, CBFs obtained via (ER-CBF-SOCP) and (ER-CBF-QP) remain non-negative in the presence of the uncertainties. It is worth noting that the nominal CBF for (ER-CBF-SOCP) and (ER-CBF-QP) is more conservative³³3 When a CBF has farther distance from x-axis (zero) it is considered to be more conservative. than (CBF-QP) which is indeed expected.

In Figure 3, the velocity of AV and HDV, their distance ( $\Delta p=p_{s}-p$ ) and the control input for AV are shown using three different methods. As it can be seen from the figure, the results of (ER-CBF-SOCP) and (ER-CBF-QP) almost coincide, and as it is shown in the magnified cross-section of distance plot, (ER-CBF-QP) is slightly more conservative.

Figure 4 also shows the CBF and CLF plot for the case of Figure 3. Similar to Figure 3, the results of (ER-CBF-SOCP) and (ER-CBF-QP) are coinciding, and the results of (ER-CBF-QP) are slightly more conservative.

In Figure 5 the plot for the control input resulting from the closed form solution (ER-CBF-QP) using Theorem 5 is presented. As it can be seen from the figure, at each time instant, $u_{\text{nom}}^{*}$ and $u_{\hat{\delta}}$ are computed and then $u_{\text{rob}}^{*}$ is computed via $u_{\text{rob}}^{*}=u_{\text{nom}}^{*}+u_{\hat{\delta}}$ where $u_{\hat{\delta}}$ is defined in (18) in Theorem 5.

VII conclusion

The control synthesis problem using environmentally robust control barrier functions is considered in this paper and it is shown that accounting for the worst-case error in a dynamical environment results in the ER-CBF-SOCP formulation. Then, we present the ER-CBF-QP alternative which minimally modifies the nominal safe input resulting from the solution of CBF-QP. ER-CBF-SOCP and ER-CBF-QP results are almost similar. However, ER-CBF-QP has a better computational time and is less prone to infeasibility. A future direction would be extending ER-CBF-QP for multi-input dynamical systems.

References

[1] A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs with application to adaptive cruise control,” in 53rd IEEE Conference on Decision and Control. IEEE, 2014, pp. 6271–6278.
[2] A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs for safety critical systems,” IEEE Transactions on Automatic Control, vol. 62, no. 8, pp. 3861–3876, 2016.
[3] T. Gurriet, M. Mote, A. D. Ames, and E. Feron, “An online approach to active set invariance,” in 2018 IEEE Conference on Decision and Control (CDC). IEEE, 2018, pp. 3592–3599.
[4] W. S. Cortez, D. Oetomo, C. Manzie, and P. Choong, “Control barrier functions for mechanical systems: Theory and application to robotic grasping,” IEEE Transactions on Control Systems Technology, vol. 29, no. 2, pp. 530–545, 2019.
[5] L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificates for collisions-free multirobot systems,” IEEE Transactions on Robotics, vol. 33, no. 3, pp. 661–674, 2017.
[6] A. Singletary, A. Swann, Y. Chen, and A. D. Ames, “Onboard safety guarantees for racing drones: High-speed geofencing with control barrier functions,” IEEE Robotics and Automation Letters, vol. 7, no. 2, pp. 2897–2904, 2022.
[7] J. Breeden and D. Panagou, “Guaranteed safe spacecraft docking with control barrier functions,” IEEE Control Systems Letters, vol. 6, pp. 2000–2005, 2021.
[8] W. Xiao, C. G. Cassandras, and C. A. Belta, “Bridging the gap between optimal trajectory planning and safety-critical control with applications to autonomous vehicles,” Automatica, vol. 129, p. 109592, 2021.
[9] H. Xu, W. Xiao, C. G. Cassandras, Y. Zhang, and L. Li, “A general framework for decentralized safe optimal control of connected and automated vehicles in multi-lane signal-free intersections,” IEEE Transactions on Intelligent Transportation Systems, 2022.
[10] R. Chen, C. G. Cassandras, A. Tahmasbi-Sarvestani, S. Saigusa, H. N. Mahjoub, and Y. K. Al-Nadawi, “Cooperative time and energy-optimal lane change maneuvers for connected automated vehicles,” IEEE Transactions on Intelligent Transportation Systems, vol. 23, no. 4, pp. 3445–3460, 2022.
[11] S. Kolathaya and A. D. Ames, “Input-to-state safety with control barrier functions,” IEEE control systems letters, vol. 3, no. 1, pp. 108–113, 2018.
[12] R. Takano and M. Yamakita, “Robust control barrier function for systems affected by a class of mismatched disturbances,” SICE Journal of Control, Measurement, and System Integration, vol. 13, no. 4, pp. 165–172, 2020.
[13] E. Daş and R. M. Murray, “Robust safe control synthesis with disturbance observer-based control barrier functions,” in 2022 IEEE 61st Conference on Decision and Control (CDC), 2022, pp. 5566–5573.
[14] Y. Wang and X. Xu, “Disturbance observer-based robust control barrier functions,” in 2023 American Control Conference (ACC), 2023.
[15] J. J. Choi, D. Lee, K. Sreenath, C. J. Tomlin, and S. L. Herbert, “Robust control barrier–value functions for safety-critical control,” in 2021 60th IEEE Conference on Decision and Control (CDC). IEEE, 2021, pp. 6814–6821.
[16] J. Buch, S.-C. Liao, and P. Seiler, “Robust control barrier functions with sector-bounded uncertainties,” IEEE Control Systems Letters, vol. 6, pp. 1994–1999, 2021.
[17] P. Seiler, M. Jankovic, and E. Hellstrom, “Control barrier functions with unmodeled input dynamics using integral quadratic constraints,” IEEE Control Systems Letters, vol. 6, pp. 1664–1669, 2021.
[18] A. Alan, A. J. Taylor, C. R. He, G. Orosz, and A. D. Ames, “Safe controller synthesis with tunable input-to-state safe control barrier functions,” IEEE Control Systems Letters, vol. 6, pp. 908–913, 2021.
[19] M. Jankovic, “Robust control barrier functions for constrained stabilization of nonlinear systems,” Automatica, vol. 96, pp. 359–367, 2018.
[20] K. Long, V. Dhiman, M. Leok, J. Cortés, and N. Atanasov, “Safe control synthesis with uncertain dynamics and constraints,” IEEE Robotics and Automation Letters, vol. 7, no. 3, pp. 7295–7302, 2022.
[21] Q. Nguyen and K. Sreenath, “Robust safety-critical control for dynamic robotics,” IEEE Transactions on Automatic Control, vol. 67, no. 3, pp. 1073–1088, 2021.
[22] S. Dean, A. J. Taylor, R. K. Cosner, B. Recht, and A. D. Ames, “Guaranteeing safety of learned perception modules via measurement-robust control barrier functions,” arXiv preprint arXiv:2010.16001, 2020.
[23] R. K. Cosner, A. W. Singletary, A. J. Taylor, T. G. Molnar, K. L. Bouman, and A. D. Ames, “Measurement-robust control barrier functions: Certainty in safety with uncertainty in state,” in 2021 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS). IEEE, 2021, pp. 6286–6291.
[24] S. Yaghoubi, G. Fainekos, T. Yamaguchi, D. Prokhorov, and B. Hoxha, “Risk-bounded control with kalman filtering and stochastic barrier functions,” in 2021 60th IEEE Conference on Decision and Control (CDC). IEEE, 2021, pp. 5213–5219.
[25] A. Clark, “Control barrier functions for stochastic systems,” Automatica, vol. 130, p. 109688, 2021.
[26] K. Garg and D. Panagou, “Robust control barrier and control lyapunov functions with fixed-time convergence guarantees,” in 2021 American Control Conference (ACC). IEEE, 2021, pp. 2292–2297.
[27] G. Wu and K. Sreenath, “Safety-critical control of a 3d quadrotor with range-limited sensing,” in Dynamic Systems and Control Conference, vol. 50695. American Society of Mechanical Engineers, 2016, p. V001T05A006.
[28] S. He, J. Zeng, B. Zhang, and K. Sreenath, “Rule-based safety-critical control design using control barrier functions with application to autonomous lane change,” in 2021 American Control Conference (ACC). IEEE, 2021, pp. 178–185.
[29] B. Chalaki and A. A. Malikopoulos, “A barrier-certified optimal coordination framework for connected and automated vehicles,” in 2022 IEEE 61st Conference on Decision and Control (CDC). IEEE, 2022, pp. 2264–2269.
[30] K. Long, C. Qian, J. Cortés, and N. Atanasov, “Learning barrier functions with memory for robust safe navigation,” IEEE Robotics and Automation Letters, vol. 6, no. 3, pp. 4931–4938, 2021.
[31] T. G. Molnar, A. K. Kiss, A. D. Ames, and G. Orosz, “Safety-critical control with input delay in dynamic environment,” IEEE Transactions on Control Systems Technology, 2022.
[32] A. D. Ames, S. Coogan, M. Egerstedt, G. Notomista, K. Sreenath, and P. Tabuada, “Control barrier functions: Theory and applications,” in 2019 18th European control conference (ECC). IEEE, 2019, pp. 3420–3431.
[33] G. C. Calafiore and L. El Ghaoui, Optimization models. Cambridge university press, 2014.
[34] F. Castañeda, J. J. Choi, B. Zhang, C. J. Tomlin, and K. Sreenath, “Pointwise feasibility of gaussian process-based safety-critical control under model uncertainty,” in 2021 60th IEEE Conference on Decision and Control (CDC). IEEE, 2021, pp. 6762–6769.
[35] X. Xu, P. Tabuada, J. W. Grizzle, and A. D. Ames, “Robustness of control barrier functions for safety critical control,” IFAC-PapersOnLine, vol. 48, no. 27, pp. 54–61, 2015.
[36] A. Singletary, S. Kolathaya, and A. D. Ames, “Safety-critical kinematic control of robotic systems,” IEEE Control Systems Letters, vol. 6, pp. 139–144, 2021.
[37] S. Boyd, S. P. Boyd, and L. Vandenberghe, Convex optimization. Cambridge university press, 2004.
[38] K. I. Ahmed, “Modeling drivers’ acceleration and lane changing behavior,” Ph.D. dissertation, Massachusetts Institute of Technology, 1999.

	$\displaystyle u_{\text{rob}}^{}=\textrm{arg}\min_{u_{\text{rob}}}\quad\\|u_{\text{rob}}-u_{\text{nom}}^{}\\|^{2}$		(ER-CBF-QP)
	$\displaystyle\textrm{s.t.}\quad\frac{\partial h(x,\hat{x}_{s})}{\partial t}+L_{f}h(x,\hat{x}_{s})+L_{g}h(x,\hat{x}_{s})u_{\text{rob}}$
	$\displaystyle+\alpha(h(x,\hat{x}_{s}))-e_{\nabla h}^{*}(\\|f(x)+g(x)u_{\text{nom}}^{\ast}\\|+\bar{u}_{\delta}\\|g(x)\\|)$
	$\displaystyle+e_{\frac{\partial h}{\partial t}}^{}+\alpha(e_{h}^{})\geq 0.$