pith. sign in

arxiv: 2603.03632 · v3 · submitted 2026-03-04 · 📡 eess.SY · cs.SY· math.OC

Local Safety Filters for Networked Systems via Two-Time-Scale Design

Emiliano Dall'Anese This is my paper

Pith reviewed 2026-05-15 17:17 UTC · model grok-4.3

classification 📡 eess.SY cs.SYmath.OC
keywords control barrier functionssafety filtersnetworked systemstwo-time-scale designsingular perturbationlocal implementationforward invariancederivative estimation
0
0 comments X

The pith

A two-time-scale dynamic filter approximates centralized CBF safety filters locally in networked systems without any subsystem coordination.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper develops locally implementable approximations of networked control barrier function safety filters that avoid global coupling and communication. It uses a dynamic implementation with a small time-scale parameter epsilon that separates fast filter dynamics from the slower plant dynamics, enabling each subsystem to run its own filter via local derivative estimates. Explicit bounds are derived on the mismatch between the trajectories produced by the local dynamic filter and those of the ideal centralized safety filter. These bounds depend on epsilon, estimation errors, and filter activation time, which lets designers quantify the safety cost of local implementability.

Core claim

The central claim is that a two-time-scale dynamic implementation of networked CBF safety filters, inspired by singular perturbation theory, enables local approximations via derivative estimation; explicit bounds then quantify the trajectory mismatch to the centralized filter as a function of the time-scale parameter epsilon, estimation errors, and activation time.

What carries the argument

The two-time-scale dynamic safety filter, whose fast dynamics approximate the solution of the centralized CBF quadratic program using estimated derivatives at each subsystem.

If this is right

  • The local filters keep the system inside the safe set up to a quantifiable degradation that shrinks as epsilon decreases.
  • No communication between subsystems is required to implement the filters.
  • Safety degradation can be bounded explicitly in terms of epsilon, estimation error size, and activation instant.
  • The approach applies to general networked systems whose safety constraints couple the subsystems.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same separation idea could be tested on other optimization-based networked controllers such as economic model predictive control.
  • The bounds supply a concrete rule for choosing epsilon once sensor noise levels and available computation speed are known.
  • If derivative estimates degrade with network size, an outer low-pass filter layer might be needed to restore the guarantees.

Load-bearing premise

A sufficiently small time-scale separation parameter epsilon exists so that singular perturbation theory applies and derivative estimation errors remain bounded without destroying forward invariance of the safe set.

What would settle it

Run the networked system with the proposed local dynamic filter at a chosen small epsilon and measure the actual state-trajectory deviation from the centralized filter; if the deviation substantially exceeds the derived explicit bound, the approximation guarantee fails.

Figures

Figures reproduced from arXiv: 2603.03632 by Emiliano Dall'Anese.

Figure 1
Figure 1. Figure 1: Frequency across the system with and without dynamic filter. [PITH_FULL_IMAGE:figures/full_fig_p006_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Maximum lower-bound frequency violation as a function of time [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
read the original abstract

Safety filters based on Control Barrier Functions (CBFs) provide formal guarantees of forward invariance, but are often difficult to implement in networked dynamical systems. This is due to global coupling and communication requirements. This paper develops locally implementable approximations of networked CBF safety filters that require no coordination across subsystems. The proposed approach is based on a two-time-scale dynamic implementation inspired by singular perturbation theory, where a small parameter $\epsilon$ separates fast filter dynamics from the plant dynamics; then, a local implementation is enabled via derivative estimation. Explicit bounds are derived to quantify the mismatch between trajectories of the systems with dynamic filter and with the ideal centralized safety filter. These results characterize how safety degradation depends on the time-scale parameter $\epsilon$, estimation errors, and filter activation time, thereby quantifying trade-offs between safety guarantees and local implementability.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper develops a two-time-scale dynamic implementation of networked CBF safety filters that enables fully local (no-communication) approximations. Fast filter dynamics scaled by 1/ε are combined with local derivative estimation to replace global coupling terms; singular-perturbation arguments and explicit trajectory-mismatch bounds are used to quantify the deviation from the ideal centralized QP solution and the resulting safety degradation as a function of ε, estimation error, and activation time.

Significance. If the mismatch bounds remain valid under realistic (non-vanishing) derivative-estimation errors and the CBF Lie-derivative margin is preserved, the result would supply a concrete, quantifiable route to decentralized safety enforcement in large-scale networked systems. The work correctly leverages standard singular-perturbation and CBF machinery rather than introducing new axioms, and the explicit dependence on ε and estimation error supplies a practical design knob.

major comments (2)
  1. [§4.2, Theorem 1] §4.2 (Reduced slow system and Theorem 1): the trajectory-closeness bound ||x_ε(t)−x^*(t)||≤δ(ε) is derived under the assumption that the fast dynamics converge to the exact centralized QP solution. When derivative-estimation errors remain O(1) (as is typical for finite-difference or fixed-gain observers), the equilibrium of the fast system is shifted by a non-vanishing amount; the proof does not show that the resulting perturbation still satisfies L_f h + L_g h u ≥ −α(h) with a uniform positive margin on the actual closed-loop vector field.
  2. [§5] §5 (Safety invariance argument): forward invariance of {h≥0} is claimed to follow from the ideal-filter invariance plus the mismatch bound. Because the CBF condition is only required to hold with a positive margin for the ideal vector field, an O(1) estimation error that enters the fast dynamics can destroy that margin even when ||x_ε−x^*|| is small; the manuscript does not supply an explicit lower bound on the margin that survives the estimation error.
minor comments (2)
  1. [Abstract, §1] Notation for the fast time scale τ=t/ε is introduced only in §3; repeating the definition in the abstract and introduction would improve readability.
  2. [§6] The numerical example in §6 uses a fixed ε=0.01 but does not report the observed estimation-error magnitude or the realized CBF margin; adding these quantities would directly illustrate the trade-off claimed in the abstract.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the careful reading and for highlighting the need to make the safety-margin preservation explicit under non-vanishing estimation errors. We will revise the manuscript to extend the singular-perturbation analysis, incorporate a uniform positive margin that survives O(1) estimation errors, and add the corresponding explicit bounds to both Theorem 1 and the safety-invariance argument.

read point-by-point responses

  1. Referee: [§4.2, Theorem 1] §4.2 (Reduced slow system and Theorem 1): the trajectory-closeness bound ||x_ε(t)−x^*(t)||≤δ(ε) is derived under the assumption that the fast dynamics converge to the exact centralized QP solution. When derivative-estimation errors remain O(1) (as is typical for finite-difference or fixed-gain observers), the equilibrium of the fast system is shifted by a non-vanishing amount; the proof does not show that the resulting perturbation still satisfies L_f h + L_g h u ≥ −α(h) with a uniform positive margin on the actual closed-loop vector field.

    Authors: We agree that the present statement of Theorem 1 is stated for vanishing estimation error. The fast-subsystem equilibrium can be re-derived with an additive O(e) perturbation, where e is the uniform bound on the derivative-estimation error. This yields a generalized quasi-steady-state u_ε = u^* + O(e + ε) and an extended trajectory-mismatch bound ||x_ε(t) − x^*(t)|| ≤ δ(ε, e). Because the ideal QP solution satisfies the CBF inequality with a positive margin γ > 0 on the compact set of interest, the perturbed input produces a reduced margin γ − C e, where C is an explicit Lipschitz constant of the Lie-derivative map. We will revise Theorem 1 to state the condition ε < ε_0(e, γ) that keeps the margin strictly positive and to display the dependence on e inside the mismatch bound. revision: yes

  2. Referee: [§5] §5 (Safety invariance argument): forward invariance of {h≥0} is claimed to follow from the ideal-filter invariance plus the mismatch bound. Because the CBF condition is only required to hold with a positive margin for the ideal vector field, an O(1) estimation error that enters the fast dynamics can destroy that margin even when ||x_ε−x^*|| is small; the manuscript does not supply an explicit lower bound on the margin that survives the estimation error.

    Authors: We will augment the safety-invariance proof in §5 with an explicit surviving-margin calculation. Let γ be the minimum ideal margin over the relevant compact set. The combined effect of trajectory mismatch and estimation error perturbs the closed-loop vector field by at most L δ(ε, e) + M e, where L and M are explicit constants depending on the CBF gradient and system Lipschitz constants. The actual margin is therefore bounded below by γ − L δ(ε, e) − M e. Choosing ε sufficiently small relative to e and γ makes this quantity positive, so the CBF condition holds for the actual dynamics and forward invariance follows. The revised proof will display this lower bound explicitly. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation rests on standard singular perturbation theory and CBF results

full rationale

The paper derives local approximations of networked CBF safety filters using a two-time-scale dynamic implementation based on singular perturbation theory, with explicit mismatch bounds between dynamic-filter trajectories and the ideal centralized filter. These bounds are obtained from standard singular-perturbation analysis and existing CBF forward-invariance theorems rather than by fitting parameters to the target safety quantities or by self-referential definitions. Derivative estimation enables locality but enters the analysis only through bounded-error terms whose effect on the Lie derivative condition is quantified explicitly; the safety guarantee is not redefined in terms of the estimator output. No load-bearing step reduces a prediction or invariance claim to a self-citation chain or to an ansatz smuggled from prior work by the same authors. The central result therefore remains independent of its own fitted quantities.

Axiom & Free-Parameter Ledger

1 free parameters · 2 axioms · 0 invented entities

The central claim rests on standard singular perturbation assumptions for time-scale separation and on the existence of a valid CBF for the centralized system; no new entities are postulated.

free parameters (1)
  • epsilon
    Small positive parameter controlling the separation between fast filter dynamics and slow plant dynamics; chosen to satisfy singular-perturbation conditions.
axioms (2)
  • domain assumption Singular perturbation theory applies to the closed-loop system when epsilon is sufficiently small
    Invoked to justify the separation of fast filter dynamics from plant dynamics and to derive trajectory bounds.
  • domain assumption A valid control barrier function exists for the ideal centralized networked system
    Required for the safety filter to be well-defined before approximation.

pith-pipeline@v0.9.0 · 5434 in / 1336 out tokens · 48346 ms · 2026-05-15T17:17:50.013888+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

24 extracted references · 24 canonical work pages · 1 internal anchor

  1. [1]

    Control barrier function based quadratic programs for safety critical systems,

    A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs for safety critical systems,”IEEE Transactions on Automatic Control, vol. 62, no. 8, pp. 3861–3876, 2017

    work page 2017

  2. [2]

    Control, learning, and optimization methods for autonomous multi-agent sys- tems in transportation,

    C. G. Cassandras, K. H. Johansson, and A. A. Malikopoulos, “Control, learning, and optimization methods for autonomous multi-agent sys- tems in transportation,” inIEEE Conference on Decision and Control, 2025

    work page 2025

  3. [3]

    Control of low-inertia power systems,

    F. D ¨orfler and D. Groß, “Control of low-inertia power systems,” Annual Review of Control, Robotics, and Autonomous Systems, vol. 6, no. 1, pp. 415–445, 2023

    work page 2023

  4. [4]

    Data-driven safety filters: Hamilton-jacobi reachability, control barrier functions, and predictive methods for uncertain systems,

    K. P. Wabersich, A. J. Taylor, J. J. Choi, K. Sreenath, C. J. Tom- lin, A. D. Ames, and M. N. Zeilinger, “Data-driven safety filters: Hamilton-jacobi reachability, control barrier functions, and predictive methods for uncertain systems,”IEEE Control Systems Magazine, vol. 43, no. 5, pp. 137–177, 2023

    work page 2023

  5. [5]

    Distributed implementation of control barrier functions for multi-agent systems,

    X. Tan and D. V . Dimarogonas, “Distributed implementation of control barrier functions for multi-agent systems,”IEEE Control Systems Letters, vol. 6, pp. 1879–1884, 2021

    work page 2021

  6. [6]

    Distributed safe control design and probabilistic safety verification for multi-agent systems,

    H. Wang, A. Papachristodoulou, and K. Margellos, “Distributed safe control design and probabilistic safety verification for multi-agent systems,”Automatica, vol. 179, p. 112393, 2025

    work page 2025

  7. [7]

    Distributed safe nav- igation of multi-agent systems using control barrier function-based controllers,

    P. Mestres, C. Nieto-Granda, and J. Cort ´es, “Distributed safe nav- igation of multi-agent systems using control barrier function-based controllers,”IEEE Robotics and Automation Letters, vol. 9, no. 7, pp. 6760–6767, 2024

    work page 2024

  8. [8]

    Safe control of multiagent sys- tems via low-complexity control barrier functions,

    X. Min, S. Baldi, Y . Shi, and W. Yu, “Safe control of multiagent sys- tems via low-complexity control barrier functions,”IEEE Transactions on Automatic Control, vol. 70, no. 10, pp. 6831–6845, 2025

    work page 2025

  9. [9]

    Banach con- trol barrier functions for large-scale swarm control,

    X. Gao, G. Pascual, S. Brown, and S. Mart ´ınez, “Banach con- trol barrier functions for large-scale swarm control,”arXiv preprint arXiv:2602.05011, 2026

    work page arXiv 2026

  10. [10]

    Collaborative safety-critical control in coupled networked systems,

    B. A. Butler and P. E. Par ´e, “Collaborative safety-critical control in coupled networked systems,”IEEE Open Journal of Control Systems, 2025

    work page 2025

  11. [11]

    Singular perturba- tions and order reduction in control theory - an overview,

    P. V . Kokotovic, R. E. O’Malley Jr, and P. Sannuti, “Singular perturba- tions and order reduction in control theory - an overview,”Automatica, vol. 12, no. 2, pp. 123–132, 1976

    work page 1976

  12. [12]

    PID controllers: theory, design, and tuning,

    K. J. Astrom, “PID controllers: theory, design, and tuning,”The international society of measurement and control, 1995

    work page 1995

  13. [13]

    Dirty derivatives for output feedback stabilization,

    M. Marchi, L. Fraile, and P. Tabuada, “Dirty derivatives for output feedback stabilization,”arXiv preprint arXiv:2202.01941, 2022

    work page arXiv 2022

  14. [14]

    Control barrier proximal dynamics: A contraction theoretic approach for safety verification,

    Z. Marvi, F. Bullo, and A. G. Alleyne, “Control barrier proximal dynamics: A contraction theoretic approach for safety verification,” IEEE Control Systems Letters, vol. 8, pp. 880–885, 2024

    work page 2024

  15. [15]

    Bullo,Contraction Theory for Dynamical Systems, 1.2 ed

    F. Bullo,Contraction Theory for Dynamical Systems, 1.2 ed. Kindle Direct Publishing, 2024

    work page 2024

  16. [16]

    Non-Euclidean contraction analysis of continuous-time neural networks,

    A. Davydov, A. V . Proskurnikov, and F. Bullo, “Non-Euclidean contraction analysis of continuous-time neural networks,”IEEE Trans- actions on Automatic Control, vol. 70, no. 1, pp. 235–250, 2025

    work page 2025

  17. [17]

    Regularity properties of optimization-based controllers,

    P. Mestres, A. Allibhoy, and J. Cort ´es, “Regularity properties of optimization-based controllers,”European Journal of Control, vol. 81, p. 101098, 2025

    work page 2025

  18. [18]

    Boyd and L

    S. Boyd and L. Vandenberghe,Convex optimization. Cambridge University Press, 2004

    work page 2004

  19. [19]

    Explicit Control Barrier Function-based Safety Filters and their Resource-Aware Computation

    P. Mestres, S. S. Mousavi, P. Ong, L. Yang, E. Das, J. W. Burdick, and A. D. Ames, “Explicit control barrier function-based safety filters and their resource-aware computation,”arXiv preprint arXiv:2512.10118, 2025

    work page internal anchor Pith review Pith/arXiv arXiv 2025

  20. [20]

    H. K. Khalil,Nonlinear Systems; 3rd ed.Upper Saddle River, NJ: Prentice-Hall, 2002

    work page 2002

  21. [21]

    A contraction theory approach to singularly perturbed systems,

    D. Del Vecchio and J.-J. E. Slotine, “A contraction theory approach to singularly perturbed systems,”IEEE Transactions on Automatic Control, vol. 58, no. 3, pp. 752–757, 2012

    work page 2012

  22. [22]

    Online feedback optimiza- tion and singular perturbation via contraction theory,

    L. Cothren, F. Bullo, and E. Dall’Anese, “Online feedback optimiza- tion and singular perturbation via contraction theory,”arXiv preprint arXiv:2310.07966, 2023

    work page arXiv 2023

  23. [23]

    C. A. Desoer and M. Vidyasagar,Feedback systems: input-output properties. SIAM, 2009

    work page 2009

  24. [24]

    Optimizing der participation in inertial and primary-frequency response,

    S. S. Guggilam, C. Zhao, E. Dall’Anese, Y . C. Chen, and S. V . Dho- ple, “Optimizing der participation in inertial and primary-frequency response,”IEEE Transactions on Power Systems, vol. 33, no. 5, pp. 5194–5205, 2018. APPENDIX Additional simulation parameters. The test system is the IEEE 14-bus transmission network. Synchronous generators are located a...

    work page 2018