Generalizing Safety Beyond Collision-Avoidance via Latent-Space Reachability Analysis

TL;DR

This work generalizes robotic safety beyond collision avoidance by embedding Hamilton-Jacobi reachability in the latent space of a generative world model. By learning a latent failure classifier and performing reachability in imagination, the approach yields a policy-agnostic safety filter that can override unsafe actions using high-dimensional observations such as RGB images. The method is validated through simulation and hardware experiments, demonstrating near-privileged safety performance in vision-based tasks and capability to prevent hard-to-model failures like spilling from a bag. Limitations include dependency on world-model quality and the lack of formal guarantees, motivating future work on uncertainty quantification and broader constraint handling.

Abstract

Hamilton-Jacobi (HJ) reachability is a rigorous mathematical framework that enables robots to simultaneously detect unsafe states and generate actions that prevent future failures. While in theory, HJ reachability can synthesize safe controllers for nonlinear systems and nonconvex constraints, in practice, it has been limited to hand-engineered collision-avoidance constraints modeled via low-dimensional state-space representations and first-principles dynamics. In this work, our goal is to generalize safe robot controllers to prevent failures that are hard--if not impossible--to write down by hand, but can be intuitively identified from high-dimensional observations: for example, spilling the contents of a bag. We propose Latent Safety Filters, a latent-space generalization of HJ reachability that tractably operates directly on raw observation data (e.g., RGB images) to automatically compute safety-preserving actions without explicit recovery demonstrations by performing safety analysis in the latent embedding space of a generative world model. Our method leverages diverse robot observation-action data of varying quality (including successes, random exploration, and unsafe demonstrations) to learn a world model. Constraint specification is then transformed into a classification problem in the latent space of the learned world model. In simulation and hardware experiments, we compute an approximation of Latent Safety Filters to safeguard arbitrary policies (from imitation- learned policies to direct teleoperation) from complex safety hazards, like preventing a Franka Research 3 manipulator from spilling the contents of a bag or toppling cluttered objects.

Figures (9)

• Figure 1: Our Latent Safety Filter can detect, predict, and mitigate failures that are hard to model (e.g., spilling the contents of a bag), such as those encountered in vision-based manipulation. Our idea is to perform approximate reachability analysis in the latent space of a world model (light grey region). The latent failure set is shown as a black region, with an example of an imagined failure observation shown in the upper right. Our method identifies latent states from which the robot is doomed to enter visually-observable failures no matter what actions it takes (larger red set shown above), and automatically overrides the base policy $\pi^{\text{task}}$ with safety-preserving actions from our safety policy $\pi^{\text{\tiny{*}}}$ to prevent spilling the content of the bag. Video results can be found on the project website: https://kensukenk.github.io/latent-safety/.
• Figure 2: Latent Safety vs. Privileged Safety. Dubins' car collision-avoidance qualitative results. Dashed lines indicate the ground-truth set boundary. We visualize each method's failure specification and corresponding unsafe set, shown at heading slices $\theta \in \{ 0, \pi/2 \}$. While PrivilegedSafe uses the ground-truth $s$ and $\mathcal{F}_\textrm{gt}$, LatentSafe uses the latent state from encoding the observation, $z = \mathcal{E}_\psi(o)$, and the inferred failure set $\mathcal{F}_\textrm{latent}$. Insets on the bottom row show the observations corresponding to select privileged states $s_1, s_2, s_3.$
• Figure 3: Ablation: Latent Safety with Incomplete WM. Unsafe set approximated by LatentSafe using the latent space of a biased world-model built from incomplete action coverage $\tilde{\mathcal{A}}=\{0, a_\textrm{max}\}\subset \mathcal{A}$.
• Figure 4: Visual Manipulation: Simulation.Top row: Robot's observations corresponding to a known unsafe action sequence. Middle row: Our learned failure classifier correctly identifies only the final observations at $t=28$ as being in the failure state since the red blocks have fallen all the way over. Bottom row: Our unsafe set (obtained via the latent-space HJ value function) correctly identifies that the robot is doomed to fail the moment that the two red blocks begin to tip over at time $t=14$.
• Figure 5: Far Left: Without a safety filter, a teleoperator lifts the closed-end of the bag too quickly and spills the Skittles. Middle Left: By using LatentSafe, the same action of lifting the closed-end leads to the value function $V_{\textrm{latent}}^\text{\tiny{*}}$ dipping below the safe threshold (orange) and prompting the safety policy to override the teleoperator (green); the robot does not allow the human pull the bag up sharply. Middle Right: At the same time, LatentSafe slows down the human's attempt to move the bag side-to-side while grasping the closed end, indicating that the safety filter has a nuanced understanding of which actions will and won't violate safety. Right: Grasping the bag from the open end and lifting is deemed safe and is allowed by LatentSafe.