pith. sign in

arxiv: 2605.16588 · v1 · pith:TJUB22R7new · submitted 2026-05-15 · 💻 cs.RO · cs.SY· eess.SY

Policy Library CBF: Finite-Horizon Safety at Runtime via Parallel Rollouts

Taekyung Kim , Hideki Okamoto , Bardh Hoxha , Georgios Fainekos , Dimitra Panagou This is my paper

Pith reviewed 2026-05-20 17:15 UTC · model grok-4.3

classification 💻 cs.RO cs.SYeess.SY
keywords control barrier functionsruntime safety filtersfinite-horizon safetypolicy librariesparallel rolloutsautonomous navigationquadratic programming
0
0 comments X

The pith

A library of fallback policies checked via parallel finite-horizon rollouts can certify safety at runtime by selecting the least invasive safe mode and minimally adjusting a nominal policy.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that maintaining a collection of backup policies and testing them simultaneously over a short future window allows an autonomous system to stay safe even when constraints shift unexpectedly. It selects the backup that requires the smallest change to the main controller and applies that change through a quadratic program. A language-based metric on the resulting closed-loop trajectories defines how much coverage the library must provide to guarantee safety over that window. This setup is shown to handle more safety situations than a single fixed policy while running fast enough for real-time use on vehicles and robots.

Core claim

PL-CBF evaluates a library of fallback policies via parallel finite-horizon rollouts, selects the least invasive safe mode, and enforces safety by solving a quadratic program that minimally modifies a nominal policy, with theoretical analysis based on a finite-horizon language metric characterizing policy-library coverage requirements for certifying finite-horizon safety.

What carries the argument

Finite-horizon language metric over closed-loop behaviors, which quantifies the coverage a policy library must supply to guarantee safety within a bounded time window.

If this is right

  • Safety coverage improves over single-policy control barrier functions across the tested systems.
  • Runtime remains at the millisecond level on models with four to twelve states.
  • The finite-horizon language metric gives an explicit requirement on library size and diversity for certification to hold.
  • The quadratic program ensures the nominal policy is altered only when and as much as needed to reach a safe fallback.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the library can be updated or expanded online, the method could handle a wider range of unexpected constraint changes without redesign.
  • The parallel rollout structure suggests a natural way to incorporate learned or adaptive policies into the safety filter.
  • The same coverage metric might be used to decide when the library is too small and additional policies must be added.

Load-bearing premise

The policy library supplies enough options that, for any current state and any evolving constraints, at least one fallback policy satisfies the finite-horizon safety specification.

What would settle it

A simulation or experiment in which the system reaches a state where none of the stored policies produces a safe closed-loop trajectory over the chosen horizon, causing the quadratic program to become infeasible or to permit a safety violation.

Figures

Figures reproduced from arXiv: 2605.16588 by Bardh Hoxha, Dimitra Panagou, Georgios Fainekos, Hideki Okamoto, Taekyung Kim.

Figure 1
Figure 1. Figure 1: Recovered safe sets for the double-integrator example on the slice [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Representative trajectory from the highway driving experiment in Table I with MPCC reference speed [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Warehouse navigation using PL-CBF with P = 64. The robot tracks sequential waypoints (stars) while reacting to newly sensed dynamic obstacles. At each step, PL-CBF selects the least-restrictive fallback from its library (thick blue line) and applies the QP-based safety filter online (Alg. 1). µ. In this experiment, the friction coefficient changes across road segments and both the controller and the safety… view at source ↗
read the original abstract

Safety-critical autonomy in unstructured environments poses significant challenges for online safety certification under evolving constraints. We propose Policy Library Control Barrier Function~(PL-CBF), a runtime safety filter that evaluates a library of fallback policies via parallel finite-horizon rollouts, selects the least invasive safe mode, and enforces safety by solving a quadratic program that minimally modifies a nominal policy. We provide a theoretical analysis based on a finite-horizon language metric over closed-loop behaviors, characterizing policy-library coverage requirements for certifying finite-horizon safety. Simulations on a planar double-integrator (4 states), highway driving with abrupt friction changes using a realistic nonlinear vehicle model (8 states), and 3D quadrotor navigation in crowded dynamic environments (12 states) demonstrate improved safety coverage over single-policy safety filters while retaining millisecond-level runtime.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The manuscript proposes Policy Library Control Barrier Function (PL-CBF), a runtime safety filter that evaluates a library of fallback policies via parallel finite-horizon rollouts, selects the least invasive safe mode, and enforces safety by solving a quadratic program that minimally modifies a nominal policy. A theoretical analysis based on a finite-horizon language metric over closed-loop behaviors characterizes policy-library coverage requirements for certifying finite-horizon safety. Simulations on a 4-state planar double-integrator, an 8-state nonlinear vehicle model with abrupt friction changes, and a 12-state quadrotor in crowded dynamic environments demonstrate improved safety coverage over single-policy CBFs while retaining millisecond-level runtime.

Significance. If the coverage assumption holds under evolving constraints, the approach could advance finite-horizon safety certification for high-dimensional robotic systems in unstructured settings by combining policy libraries with CBFs. The parallel rollout mechanism and language metric provide a structured way to reason about coverage, and the multi-system simulations (4/8/12 states) plus real-time performance are concrete strengths that support practical relevance.

major comments (2)
  1. [Theoretical analysis] Theoretical analysis section: The finite-horizon language metric characterizes coverage requirements, but the manuscript provides no constructive procedure or verification method to ensure the library contains at least one policy satisfying the safety specification for arbitrary admissible future constraint trajectories. This assumption is load-bearing for the finite-horizon safety claim yet remains unverified beyond the specific simulated scenarios (e.g., friction shifts).
  2. [Simulations] Simulations, 8-state vehicle example: Abrupt friction changes are presented as a test of evolving constraints, but without explicit details on library construction or how the metric bounds behaviors under these shifts, it is unclear whether the reported safety improvement generalizes or if the QP remains feasible when coverage is incomplete.
minor comments (2)
  1. [Abstract] Abstract: The statement of the theoretical contribution could be more precise about what the language metric establishes versus what it assumes.
  2. Notation for the least-invasive selection criterion and the language metric could be illustrated with a short example to improve readability.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their insightful comments on our manuscript. We address the major comments point by point below, providing clarifications on the theoretical assumptions and simulation details. We will incorporate revisions to enhance the manuscript's clarity and rigor.

read point-by-point responses

  1. Referee: Theoretical analysis section: The finite-horizon language metric characterizes coverage requirements, but the manuscript provides no constructive procedure or verification method to ensure the library contains at least one policy satisfying the safety specification for arbitrary admissible future constraint trajectories. This assumption is load-bearing for the finite-horizon safety claim yet remains unverified beyond the specific simulated scenarios (e.g., friction shifts).

    Authors: We acknowledge that ensuring coverage for arbitrary admissible future constraint trajectories is a strong assumption. The finite-horizon language metric is intended to characterize the necessary conditions for the safety certification to hold, rather than to provide a synthesis or verification algorithm for the library. Constructing such a library for all possible trajectories would require solving a difficult problem in robust control synthesis. In our work, we demonstrate the approach in scenarios where the library is designed to cover the relevant behaviors, as in the simulations. We will revise the theoretical analysis section to explicitly state the conditional nature of the safety guarantee and include a discussion on heuristic methods for library design based on expected operating conditions. revision: partial

  2. Referee: Simulations, 8-state vehicle example: Abrupt friction changes are presented as a test of evolving constraints, but without explicit details on library construction or how the metric bounds behaviors under these shifts, it is unclear whether the reported safety improvement generalizes or if the QP remains feasible when coverage is incomplete.

    Authors: We appreciate this feedback and agree that more details would improve the presentation. The library in the 8-state example consists of policies tailored to different friction levels, constructed using offline model predictive control with parameter variations to cover a range of friction coefficients from 0.3 to 0.8. The language metric is applied to verify that the closed-loop trajectories under these policies satisfy the safety constraints for the considered friction shifts. In cases of incomplete coverage, the QP may indeed become infeasible, triggering a fallback to the most conservative policy in the library. We will add detailed descriptions of the library construction, the computed metric values, and QP feasibility statistics in the revised simulations section to address concerns about generalization. revision: yes

Circularity Check

0 steps flagged

No significant circularity in derivation chain

full rationale

The paper's core contribution is a runtime QP-based safety filter that selects from a pre-defined policy library using parallel rollouts and a finite-horizon language metric to characterize coverage needs. The metric is defined over closed-loop trajectories under the system dynamics and is used to state sufficient conditions for safety certification; it does not reduce to a fitted parameter or rename an input quantity by construction. The library-coverage assumption is explicitly stated as an external premise rather than derived from internal equations. No load-bearing self-citations, ansatz smuggling, or self-definitional steps appear in the abstract or described theoretical analysis. Simulations on multiple models supply independent empirical checks. The derivation therefore remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The central claim rests on the existence of a policy library whose closed-loop behaviors cover the relevant safety specifications under the finite-horizon language metric; no explicit free parameters or invented entities are stated in the abstract.

axioms (1)
  • domain assumption A finite-horizon language metric over closed-loop behaviors exists and can be used to characterize policy-library coverage requirements.
    Invoked in the theoretical analysis section referenced by the abstract.

pith-pipeline@v0.9.0 · 5686 in / 1261 out tokens · 55848 ms · 2026-05-20T17:15:00.024492+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

29 extracted references · 29 canonical work pages · 1 internal anchor

  1. [1]

    RAPTOR: Robust and Perception-Aware Trajectory Replanning for Quadrotor Fast Flight,

    B. Zhou, J. Pan, F. Gao, and S. Shen, “RAPTOR: Robust and Perception-Aware Trajectory Replanning for Quadrotor Fast Flight,” IEEE Transactions on Robotics, vol. 37, no. 6, pp. 1992–2009, 2021

    work page 1992

  2. [2]

    gatekeeper: Online Safety Verification and Control for Nonlinear Systems in Dynamic Environments,

    D. R. Agrawal, R. Chen, and D. Panagou, “gatekeeper: Online Safety Verification and Control for Nonlinear Systems in Dynamic Environments,”IEEE Transactions on Robotics, vol. 40, pp. 4358– 4375, 2024

    work page 2024

  3. [3]

    Visibility-Aware RRT* for Safety-Critical Navigation of Perception-Limited Robots in Unknown Environments,

    T. Kim and D. Panagou, “Visibility-Aware RRT* for Safety-Critical Navigation of Perception-Limited Robots in Unknown Environments,” IEEE Robotics and Automation Letters, vol. 10, no. 5, pp. 4508–4515, 2025

    work page 2025

  4. [4]

    OA-MPC: Occlusion-Aware MPC for Guaranteed Safe Robot Navigation With Unseen Dynamic Obstacles,

    R. Firoozi, A. Mir, G. S. Camps, and M. Schwager, “OA-MPC: Occlusion-Aware MPC for Guaranteed Safe Robot Navigation With Unseen Dynamic Obstacles,”IEEE Transactions on Control Systems Technology, vol. 33, no. 3, pp. 940–951, 2025

    work page 2025

  5. [5]

    Beyond Collision Cones: Dynamic Obstacle Avoidance for Nonholonomic Robots via Dynamic Parabolic Control Barrier Functions,

    H. K. Park, T. Kim, and D. Panagou, “Beyond Collision Cones: Dynamic Obstacle Avoidance for Nonholonomic Robots via Dynamic Parabolic Control Barrier Functions,” inInternational Conference on Robotics and Automation (ICRA), 2026

    work page 2026

  6. [6]

    Neural Network Model Predictive Motion Control Applied to Automated Driving With Un- known Friction,

    N. A. Spielberg, M. Brown, and J. C. Gerdes, “Neural Network Model Predictive Motion Control Applied to Automated Driving With Un- known Friction,”IEEE Transactions on Control Systems Technology, vol. 30, no. 5, pp. 1934–1945, 2022

    work page 1934

  7. [7]

    Physics Embedded Neural Network Vehicle Model and Applications in Risk-Aware Autonomous Driving Using Latent Features,

    T. Kim, H. Lee, and W. Lee, “Physics Embedded Neural Network Vehicle Model and Applications in Risk-Aware Autonomous Driving Using Latent Features,” inIEEE/RSJ International Conference on Intelligent Robots and Systems (IROS), 2022, pp. 4182–4189

    work page 2022

  8. [8]

    Safe Control Synthesis for Hybrid Systems through Local Control Barrier Functions,

    S. Yang, M. Black, G. Fainekos, B. Hoxha, H. Okamoto, and R. Mang- haram, “Safe Control Synthesis for Hybrid Systems through Local Control Barrier Functions,” inAmerican Control Conference (ACC), 2024, pp. 344–351

    work page 2024

  9. [9]

    A general Hamilton- Jacobi framework for non-linear state-constrained control problems,

    A. Altarovici, O. Bokanowski, and H. Zidani, “A general Hamilton- Jacobi framework for non-linear state-constrained control problems,” ESAIM: Control, Optimisation and Calculus of Variations, vol. 19, no. 2, pp. 337–357, 2013

    work page 2013

  10. [10]

    Control Barrier Functions: Theory and Applications,

    A. D. Ames, S. Coogan, M. Egerstedt, G. Notomista, K. Sreenath, and P. Tabuada, “Control Barrier Functions: Theory and Applications,” in European Control Conference (ECC), 2019, pp. 3420–3431

    work page 2019

  11. [11]

    Advances in the Theory of Control Barrier Func- tions: Addressing practical challenges in safe control synthesis for autonomous and robotic systems,

    K. Garg, J. Usevitch, J. Breeden, M. Black, D. Agrawal, H. Parwana, and D. Panagou, “Advances in the Theory of Control Barrier Func- tions: Addressing practical challenges in safe control synthesis for autonomous and robotic systems,”Annual Reviews in Control, vol. 57, p. 100945, 2024

    work page 2024

  12. [12]

    Backup Control Barrier Functions: Formulation and Comparative Study,

    Y . Chen, M. Jankovic, M. Santillo, and A. D. Ames, “Backup Control Barrier Functions: Formulation and Comparative Study,” inIEEE Conference on Decision and Control (CDC), 2021, pp. 6835–6841

    work page 2021

  13. [13]

    How to Train Your Neural Control Barrier Function: Learning Safety Filters for Complex Input-Constrained Systems,

    O. So, Z. Serlin, M. Mann, J. Gonzales, K. Rutledge, N. Roy, and C. Fan, “How to Train Your Neural Control Barrier Function: Learning Safety Filters for Complex Input-Constrained Systems,” in IEEE International Conference on Robotics and Automation (ICRA), 2024, pp. 11 532–11 539

    work page 2024

  14. [14]

    Safety on the Fly: Constructing Robust Safety Fil- ters via Policy Control Barrier Functions at Runtime,

    L. Knoedler, O. So, J. Yin, M. Black, Z. Serlin, P. Tsiotras, J. Alonso- Mora, and C. Fan, “Safety on the Fly: Constructing Robust Safety Fil- ters via Policy Control Barrier Functions at Runtime,”IEEE Robotics and Automation Letters, vol. 10, no. 10, pp. 10 058–10 065, 2025

    work page 2025

  15. [15]

    E. F. Camacho and C. Bordons,Model Predictive Control. Springer London, 2004

    work page 2004

  16. [16]

    L. D. Re, F. Allg ¨ower, L. Glielmo, C. Guardiola, and I. Kolmanovsky, Automotive Model Predictive Control: Models, Methods and Applica- tions. Springer, 2010

    work page 2010

  17. [17]

    JAX: composable transformations of Python+NumPy programs,

    J. Bradbury, R. Frostig, P. Hawkins, M. J. Johnson, C. Leary, D. Maclaurin, G. Necula, A. Paszke, J. VanderPlas, S. Wanderman- Milne, and Q. Zhang, “JAX: composable transformations of Python+NumPy programs,” 2018

    work page 2018

  18. [18]

    Approximation Metrics for Discrete and Continuous Systems,

    A. Girard and G. J. Pappas, “Approximation Metrics for Discrete and Continuous Systems,”IEEE Transactions on Automatic Control, vol. 52, no. 5, pp. 782–798, 2007

    work page 2007

  19. [19]

    Approximate Bisimulation: A Bridge Between Computer Sci- ence and Control Theory,

    ——, “Approximate Bisimulation: A Bridge Between Computer Sci- ence and Control Theory,”European Journal of Control, vol. 17, no. 5, pp. 568–578, 2011

    work page 2011

  20. [20]

    Verification of Hybrid Automata Diagnosability With Measurement Uncertainty,

    Y . Deng, A. D’Innocenzo, M. D. Di Benedetto, S. Di Gennaro, and A. A. Julius, “Verification of Hybrid Automata Diagnosability With Measurement Uncertainty,”IEEE Transactions on Automatic Control, vol. 61, no. 4, pp. 982–993, 2016

    work page 2016

  21. [21]

    Safe Reinforcement Learning with Nonlinear Dynamics via Model Predictive Shielding,

    O. Bastani, “Safe Reinforcement Learning with Nonlinear Dynamics via Model Predictive Shielding,” inAmerican Control Conference (ACC), 2021, pp. 3488–3494

    work page 2021

  22. [22]

    Boolean Composability of Constraints and Control Synthesis for Multi-Robot Systems via Non- smooth Control Barrier Functions,

    P. Glotfelter, J. Cort ´es, and M. Egerstedt, “Boolean Composability of Constraints and Control Synthesis for Multi-Robot Systems via Non- smooth Control Barrier Functions,” inIEEE Conference on Control Technology and Applications (CCTA), 2018, pp. 897–902

    work page 2018

  23. [23]

    Backup-Based Safety Filters: A Comparative Review of Backup CBF, Model Predictive Shielding, and gatekeeper

    T. Kim, A. D. Menon, A. Trivedi, and D. Panagou, “Backup-Based Safety Filters: A Comparative Review of Backup CBF, Model Predic- tive Shielding, and gatekeeper,” inarXiv preprint arXiv:2604.02401, 2026

    work page internal anchor Pith review Pith/arXiv arXiv 2026

  24. [24]

    Hamilton- Jacobi reachability: A brief overview and recent advances,

    S. Bansal, M. Chen, S. Herbert, and C. J. Tomlin, “Hamilton- Jacobi reachability: A brief overview and recent advances,” inIEEE Conference on Decision and Control (CDC), 2017, pp. 2242–2253

    work page 2017

  25. [25]

    Be- yond the stable handling limits: nonlinear model predictive control for highly transient autonomous drifting,

    J. Y . M. Goh, M. Thompson, J. Dallas, and A. Balachandran, “Be- yond the stable handling limits: nonlinear model predictive control for highly transient autonomous drifting,”Vehicle System Dynamics, vol. 62, no. 10, pp. 2590–2613, 2024

    work page 2024

  26. [26]

    Control Barrier Functions for Shared Control and Vehicle Safety,

    J. Dallas, J. Talbot, M. Suminaka, M. Thompson, T. Lew, G. Orosz, and J. Subosits, “Control Barrier Functions for Shared Control and Vehicle Safety,” inAmerican Control Conference (ACC), 2025, pp. 4203–4210

    work page 2025

  27. [27]

    Model predictive contouring control,

    D. Lam, C. Manzie, and M. Good, “Model predictive contouring control,” inIEEE Conference on Decision and Control (CDC), 2010, pp. 6137–6142

    work page 2010

  28. [28]

    Integration of Adaptive Control and Reinforcement Learning for Real-Time Control and Learning,

    A. M. Annaswamy, A. Guha, Y . Cui, S. Tang, P. A. Fisher, and J. E. Gaudio, “Integration of Adaptive Control and Reinforcement Learning for Real-Time Control and Learning,”IEEE Transactions on Automatic Control, vol. 68, no. 12, pp. 7740–7755, 2023

    work page 2023

  29. [29]

    Borrelli, A

    F. Borrelli, A. Bemporad, and M. Morari,Predictive Control for Linear and Hybrid Systems. Cambridge University Press, 2017

    work page 2017