A Hamilton-Jacobi Reachability Framework with Soft Constraints for Safety-Critical Systems

TL;DR

Safety-critical systems often face competing hard and soft constraints, and classical Hamilton-Jacobi reachability enforces all constraints hard. This work extends HJ reachability by introducing an augmented budget state and a Lipschitz-regularized value function to certify safety while allowing bounded soft-constraint violations, encapsulated by a budget $Q$. The main contributions are a formal soft-constrained reach-avoid problem, an augmented dynamics with a violation budget, a convergent regularization via $W_\epsilon$, and two flight-critical demonstrations showing safety-performance trade-offs under worst-case disturbances; the method recovers the classical hard-constrained RA when $Q=0$. Overall, the framework broadens reachability-based safety verification to handle heterogeneous constraint types and enables principled, disturbance-robust trade-offs between safety and performance in practice.

Abstract

Traditional reachability methods provide formal guarantees of safety under bounded disturbances. However, they strictly enforce state constraints as inviolable, which can result in overly conservative or infeasible solutions in complex operational scenarios. Many constraints encountered in practice, such as bounds on battery state of charge in electric vehicles, recommended speed envelopes, and comfort constraints in passenger-carrying vehicles, are inherently soft. Soft constraints allow temporary violations within predefined safety margins to accommodate uncertainty and competing operational demands, albeit at a cost such as increased wear or higher operational expenses. This paper introduces a novel soft-constrained reachability framework that extends Hamilton-Jacobi reachability analysis for the formal verification of safety-critical systems subject to both hard and soft constraints. Specifically, the framework characterizes a subset of the state space, referred to as the soft-constrained reach-avoid set, from which the system is guaranteed to reach a desired set safely, under worst-case disturbances, while ensuring that cumulative soft-constraint violations remain within a user-specified budget. The framework comprises two principal components: (i) an augmented-state model with an auxiliary budget state that tracks soft-constraint violations, and (ii) a regularization-based approximation of the discontinuous Hamilton-Jacobi value function associated with the reach-avoid differential game studied herein. The effectiveness of the proposed framework is demonstrated through numerical examples involving the landing of a simple point-mass model and a fixed-wing aircraft executing an emergency descent, both under wind disturbances. The simulation results validate the framework's ability to simultaneously manage both hard and soft constraints in safety-critical settings

Figures (6)

• Figure 1: Computed soft-constrained reach-avoid sets for $Q \in \{ \textcolor{rgb(102,204,255)}{0},\, \textcolor{rgb(0,0,128)}{0.06},\, \textcolor{rgb(0,128,0)}{0.3},\, \textcolor{rgb(102,0,153)}{0.6} \}$for the point-mass model. The sets expand as $Q$ increases, with the set at $Q=0$ coinciding with the classical reach-avoid set ($RA$) computed using the standard HJ framework (Eqs. \ref{['eq:9']} and \ref{['eq:11']}). Representative initial conditions $\bullet$, $\bullet$, and $\bullet$ illustrate the validity of the sets: under worst-case disturbances, the feedback controller derived from $W_{\epsilon}$ generates trajectories (see Fig. \ref{['mball5']} for the corresponding budget depletion curves) that satisfy the soft-constrained reach-avoid specifications in Definition \ref{['definition_1']}, with budgets not exceeding that of their respective sets. With less budget, the green trajectory leaves the hard constraint boundary earlier than the purple trajectory. Initial conditions whose minimum violation-time budget falls within $(0.3, 0.6]$ are contained in the $Q=0.6$ set, but not in the $Q=0.3$ set.
• Figure 2: Boundary error between the soft-constrained ($\widetilde{\mathcal{RA}}_{0}$) and classical ($RA$, \ref{['eq:9']}) reach-avoid sets, computed using an $N \times N$ discretization of the $(\dot{y},y)$-plane. As $N$ increases, the maximum and average errors drop below the grid spacing ($h$), demonstrating convergence.
• Figure 3: (a) Convergence of the approximate soft-constrained reach-avoid set with respect to $\epsilon$. For $\epsilon \leq 1$, the sets become indistinguishable, suggesting that the theoretical threshold has been reached ($1 \leq \epsilon^{*}$). (b) Convergence in (a) is quantified by the Lebesgue measure of the difference between two consecutive iterates, which is zero for $\epsilon \leq 1$, confirming the conclusion in (a).
• Figure 4: Residual budget along the trajectories of Fig. \ref{['mball1']}. Since the initial conditions lie on the boundaries of the sets for $Q \in \{ \textcolor{rgb(102,204,255)}{0},\, \textcolor{rgb(0,128,0)}{0.3},\, \textcolor{rgb(102,0,153)}{0.6} \}$, each trajectory fully expends its allocated budget.
• Figure 5: Computed soft-constrained reach-avoid sets for $Q \in \{\textcolor{rgb(102,204,255)}{0},\,\textcolor{rgb(0,128,0)}{5},\,\textcolor{rgb(102,0,153)}{10}\}$ for the fixed-wing aircraft model under propulsion failure. The sets expand as $Q$ increases, with safe landing above 22 meters only possible via soft-constraint violation. Representative initial conditions $\bullet$, $\bullet$, and $\bullet$ are used to validate the sets: under worst-case disturbances, the feedback controller derived from $W_{\epsilon}$ generates trajectories (see Fig. \ref{['mball9']} for the corresponding budget depletion curves) that satisfy the soft-constrained reach-avoid specifications in Definition \ref{['definition_1']}, with budget usage not exceeding that of their respective sets.

Theorems & Definitions (25)

• Definition 1
• Proposition 1
• Proposition 2
• Proposition 3
• Proposition 4
• Proposition 5
• Theorem 1
• proof
• Proposition 6
• proof