pith. sign in

arxiv: 2604.05799 · v1 · submitted 2026-04-07 · 📡 eess.SY · cs.SY

From Points to Sets: Set-Based Safety Verification in the Latent Space

Wenyuan Wu , Peng Xie , Zhen Zhang , Yanliang Huang , Karl H. Johansson , Amr Alanwar This is my paper

Pith reviewed 2026-05-10 18:27 UTC · model grok-4.3

classification 📡 eess.SY cs.SY
keywords latent safety verificationset-based evaluationzonotope propagationbarrier certificatesquadrotor controlstate uncertaintysafety margins
0
0 comments X

The pith

Evaluating latent safety certificates over state sets instead of points detects blind spots and improves collision avoidance.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that barrier functions in a learned latent space transfer safety guarantees more reliably when states are treated as sets rather than single points. By encoding states as zonotopes and checking the certificate over the entire propagated set, the method captures uncertainty in a way that adapts automatically to each constraint and time step. This yields fewer false positives on safety and better task success than either point evaluation or a fixed margin. A reader should care because real systems always carry state uncertainty, and no single margin can handle the varying gaps that appear across different safety heads.

Core claim

Safety certificates designed in latent space can be evaluated over zonotopes that represent sets of possible states; propagating the original-state zonotope through the encoder produces a latent zonotope, and the worst-case value of the certificate over that set supplies a safety guarantee that accounts for uncertainty and transfers back to the original system.

What carries the argument

Latent zonotope evaluation, in which the original state is represented and propagated as a zonotope so that the certificate is checked over its full extent rather than at a point.

Load-bearing premise

The encoder must map original-state zonotopes to latent zonotopes accurately enough that a worst-case check in latent space produces a valid safety guarantee for the original uncertain states.

What would settle it

A concrete trajectory in which set-based evaluation certifies safety yet the original system state violates a constraint, or a feasible safe control action that set evaluation rejects while point evaluation accepts.

Figures

Figures reproduced from arXiv: 2604.05799 by Amr Alanwar, Karl H. Johansson, Peng Xie, Wenyuan Wu, Yanliang Huang, Zhen Zhang.

Figure 1
Figure 1. Figure 1: Overview of point-valued vs. set-valued latent safety evaluation. Both tracks encode the same physical state [PITH_FULL_IMAGE:figures/full_fig_p002_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: 3D gate passage comparison on the HARD scenario. SET (blue) passes safely; POINT (red) results in load collision [PITH_FULL_IMAGE:figures/full_fig_p006_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Certificate traces hpoint (dashed) and hmin = minz∈Z h(z) (solid) for the vertical clearance head hz on the HARD scenario. The shaded region marks the blind spot where point evaluation reports safe but set evaluation detects danger. set-based controller detects these violations early and steers both the quadrotor and the load safely through the gate. TABLE V: Per-head spread statistics between set and poin… view at source ↗
Figure 4
Figure 4. Figure 4: Per-head certificate spread (gap between point and set evaluation) across all five scenarios as a function of position [PITH_FULL_IMAGE:figures/full_fig_p007_4.png] view at source ↗
read the original abstract

We extend latent representation methods for safety control design to set-valued states. Recent work has shown that barrier functions designed in a learned latent space can transfer safety guarantees back to the original system, but these methods evaluate certificates at single state points, ignoring state uncertainty. A fixed safety margin can partially address this but cannot adapt to the anisotropic and time-varying nature of the uncertainty gap across different safety constraints. We instead represent the system state as a zonotope, propagate it through the encoder to obtain a latent zonotope, and evaluate certificates over the worst case of the entire set. On a 16-dimensional quadrotor suspended-load gate passage task, set-valued evaluation achieves 5/5 collision-free passages, compared to 1/5 for point-based evaluation and 2/5 for a fixed-margin baseline. Set evaluation reports safety in 44.4% of per-head evaluations versus 48.5% for point-based, and this greater conservatism detects 4.1% blind spots where point evaluation falsely certifies safety, enabling earlier corrective control. The safety gap between point and set evaluation varies up to $12\times$ across certificate heads, explaining why no single fixed margin suffices and confirming the need for per-head, per-timestep adaptation, which set evaluation provides by construction.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 3 minor

Summary. The paper extends latent-barrier safety methods to set-valued states by representing the original-state uncertainty as a zonotope, propagating it through a learned encoder to a latent zonotope, and evaluating the latent barrier certificate over the entire set rather than at a single point. On a 16-dimensional quadrotor suspended-load gate-passage task, set-valued evaluation yields 5/5 collision-free passages versus 1/5 for point-based evaluation and 2/5 for a fixed-margin baseline; it also detects 4.1% blind spots where point evaluation falsely reports safety.

Significance. If the safety-transfer argument holds, the work supplies a practical way to handle anisotropic, time-varying state uncertainty inside learned latent-barrier controllers without resorting to a single fixed margin. The empirical demonstration on a high-dimensional nonlinear system with concrete success-rate numbers is a useful data point for the community.

major comments (2)
  1. [§3.2, §4.2] §3.2 and §4.2: the safety-transfer claim (that worst-case evaluation over the latent zonotope yields valid original-system guarantees) rests on the assumption that the propagated latent zonotope over-approximates the true image of the original zonotope under the encoder. The manuscript does not supply an explicit error bound or a proof that the chosen layer-wise zonotope propagation is strictly conservative; without this, the reported blind-spot detection and collision-free passages cannot be guaranteed to transfer.
  2. [§4.3, Table 1] §4.3, Table 1: the 5/5 vs 1/5 success-rate comparison is presented without an ablation on encoder accuracy or on the tightness of the zonotope propagation. If the encoder reconstruction error is large or the latent zonotope is substantially smaller than the true image, the performance gap may be an artifact of the particular network rather than a general property of set-valued evaluation.
minor comments (3)
  1. [Abstract, §1] Abstract and §1: the phrase 'transfer safety guarantees back to the original system' is used without a forward reference to the precise assumption under which the transfer holds (i.e., the over-approximation property of the latent zonotope).
  2. [§3.1] §3.1: notation for the latent zonotope (Z_ℓ) is introduced without an explicit statement of how its generators are obtained from the encoder layers.
  3. [Figure 3, §4.4] Figure 3 and §4.4: the per-head safety-gap plot would benefit from error bars or a statement of how many independent runs underlie the reported 12× variation.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive and detailed comments. We address each major comment point by point below, indicating the revisions we plan to incorporate.

read point-by-point responses

  1. Referee: [§3.2, §4.2] §3.2 and §4.2: the safety-transfer claim (that worst-case evaluation over the latent zonotope yields valid original-system guarantees) rests on the assumption that the propagated latent zonotope over-approximates the true image of the original zonotope under the encoder. The manuscript does not supply an explicit error bound or a proof that the chosen layer-wise zonotope propagation is strictly conservative; without this, the reported blind-spot detection and collision-free passages cannot be guaranteed to transfer.

    Authors: We agree that the manuscript lacks an explicit error bound or formal proof establishing that the layer-wise zonotope propagation is strictly conservative for the safety-transfer argument. The propagation relies on standard zonotope arithmetic, which produces over-approximations by construction, but we did not derive or state a specific bound. In the revised manuscript we will add a dedicated paragraph in §3.2 that (i) recalls the over-approximating property of the chosen propagation rules, (ii) states that safety guarantees are therefore conditional on the quality of this over-approximation, and (iii) explicitly lists the absence of a tight bound as a limitation of the current work, suggesting tighter analysis as future research. revision: partial

  2. Referee: [§4.3, Table 1] §4.3, Table 1: the 5/5 vs 1/5 success-rate comparison is presented without an ablation on encoder accuracy or on the tightness of the zonotope propagation. If the encoder reconstruction error is large or the latent zonotope is substantially smaller than the true image, the performance gap may be an artifact of the particular network rather than a general property of set-valued evaluation.

    Authors: We concur that the empirical comparison would be strengthened by ablations on encoder reconstruction error and on the tightness of the latent zonotope. The reported 5/5 versus 1/5 figures are specific to the trained encoder and the 16-dimensional quadrotor task. In the revision we will augment §4.3 with an ablation that reports the measured encoder reconstruction error on the test trajectories and, where computationally feasible, repeats the gate-passage experiments with encoders of deliberately varied accuracy (e.g., by early stopping or added noise). If full re-training is prohibitive, we will at minimum add a quantitative discussion relating the observed performance gap to the encoder error measured in the original experiments, thereby clarifying the extent to which the advantage is tied to the particular network. revision: partial

Circularity Check

0 steps flagged

No circularity: empirical results on simulation task are independent of any fitted inputs or self-referential definitions

full rationale

The paper's core contribution is an extension of latent barrier methods to set-valued states via zonotope propagation through a learned encoder, with safety evaluated over the worst-case latent set. All reported performance metrics (5/5 collision-free passages, 4.1% blind spots, per-head safety gaps up to 12x) are obtained from direct Monte-Carlo simulation on the 16D quadrotor task and are therefore externally falsifiable. No equations in the provided text reduce these quantities to quantities defined by the method itself, nor do any derivations invoke self-citation chains that substitute for independent verification. The guarantee-transfer step is referenced to prior latent-barrier literature, but the present evaluation remains a separate, non-circular empirical test of the set-based extension.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 1 invented entities

The method rests on standard zonotope arithmetic and the assumption that the learned encoder supports set propagation; no new free parameters are introduced in the abstract.

axioms (1)
  • domain assumption Zonotope propagation through the encoder produces a valid over-approximation of the latent-state set corresponding to the original-state set
    Invoked to justify evaluating certificates over the latent zonotope as a proxy for the original uncertainty.
invented entities (1)
  • latent zonotope no independent evidence
    purpose: Represent the image of the original-state uncertainty set under the encoder for worst-case certificate evaluation
    New representational object introduced to enable set-valued rather than point-valued safety checks in latent space.

pith-pipeline@v0.9.0 · 5544 in / 1407 out tokens · 62683 ms · 2026-05-10T18:27:16.861669+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

13 extracted references · 13 canonical work pages

  1. [1]

    Control barrier functions: Theory and applications,

    A. D. Ames, S. Coogan, M. Egerstedt, G. Notomista, K. Sreenath, and P. Tabuada, “Control barrier functions: Theory and applications,” inEuropean Control Conference (ECC), 2019, pp. 3420–3431

    work page 2019

  2. [2]

    Safety verification of hybrid systems us- ing barrier certificates,

    S. Prajna and A. Jadbabaie, “Safety verification of hybrid systems us- ing barrier certificates,” inHybrid Systems: Computation and Control (HSCC), 2004, pp. 477–492

    work page 2004

  3. [3]

    Latent representations for control design with provable stability and safety guarantees,

    P. Lutkus, K. Wang, L. Lindemann, and S. Tu, “Latent representations for control design with provable stability and safety guarantees,” in 2025 IEEE 64th Conference on Decision and Control (CDC). IEEE, 2025, pp. 2937–2944

    work page 2025

  4. [4]

    In-distribution barrier functions: Self-supervised policy filters that avoid out-of-distribution states,

    F. Casta ˜neda, H. Nishimura, R. McAllister, K. Sreenath, and A. Gaidon, “In-distribution barrier functions: Self-supervised policy filters that avoid out-of-distribution states,” inLearning for Dynamics and Control Conference (L4DC). PMLR, 2023, pp. 286–299

    work page 2023

  5. [5]

    LatentCBF: A control barrier function in latent space for safe control,

    S. S. Kumar, Q. Lin, and J. Dolan, “LatentCBF: A control barrier function in latent space for safe control,” 2024. [Online]. Available: https://openreview.net/forum?id=30L0rr9W8A

    work page 2024

  6. [6]

    Control barrier function based quadratic programs with application to adaptive cruise control,

    A. D. Ames, J. W. Grizzle, and P. Tabuada, “Control barrier function based quadratic programs with application to adaptive cruise control,” inIEEE Conference on Decision and Control (CDC), 2014, pp. 6271– 6278

    work page 2014

  7. [7]

    Hamilton-Jacobi reachability: A brief overview and recent advances,

    S. Bansal, M. Chen, S. Herbert, and C. J. Tomlin, “Hamilton-Jacobi reachability: A brief overview and recent advances,” in2017 IEEE 56th Annual Conference on Decision and Control (CDC). IEEE, 2017, pp. 2242–2253

    work page 2017

  8. [8]

    Safe control with learned certificates: A survey of neural Lyapunov, barrier, and contraction methods for robotics and control,

    C. Dawson, S. Gao, and C. Fan, “Safe control with learned certificates: A survey of neural Lyapunov, barrier, and contraction methods for robotics and control,”IEEE Transactions on Robotics, vol. 39, no. 3, pp. 1749–1767, 2023

    work page 2023

  9. [9]

    Data-driven nonconvex reachability analysis using exact multiplication,

    Z. Zhang, M. U. B. Niazi, M. S. Chong, K. H. Johansson, and A. Alanwar, “Data-driven nonconvex reachability analysis using exact multiplication,” in2025 IEEE 64th Conference on Decision and Control (CDC). IEEE, 2025, pp. 4882–4889

    work page 2025

  10. [10]

    Conformalized data-driven reachability analysis with pac guarantees,

    Y . Huang, Z. Zhang, P. Xie, Z. Zeng, and A. Alanwar, “Conformalized data-driven reachability analysis with pac guarantees,”arXiv preprint arXiv:2603.12220, 2026

    work page arXiv 2026

  11. [11]

    Set-based training for neural network verification,

    L. Koller, T. Ladner, and M. Althoff, “Set-based training for neural network verification,”Transactions on Machine Learning Research, 2025. [Online]. Available: https://openreview.net/forum?id= n0lzHrAWIA

    work page 2025

  12. [12]

    Fast and effective robustness certification,

    G. Singh, T. Gehr, M. Mirman, M. P ¨uschel, and M. Vechev, “Fast and effective robustness certification,” inAdvances in Neural Information Processing Systems (NeurIPS), 2018

    work page 2018

  13. [13]

    Reachability analysis and its application to the safety assessment of autonomous cars,

    M. Althoff, “Reachability analysis and its application to the safety assessment of autonomous cars,” Ph.D. dissertation, TU Munich, 2010

    work page 2010