Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Robust Verification of Controllers under State Uncertainty via Hamilton-Jacobi Reachability Analysis

Albert Lin, Alessandro Pinto, Somil Bansal

TL;DR

RoVer-CoRe advances formal safety verification for perception-based controllers by embedding the perception, estimation, and control stack into a single closed-loop abstraction compatible with Hamilton-Jacobi reachability. It develops exact and conservative methods to compute or bound the closed-loop Hamiltonian, enabling safe analysis under bounded perceptual uncertainty and guiding robustness via safety-guided hyperparameter optimization. The approach is validated through aircraft taxiing and NN-based rover navigation case studies, demonstrating guaranteed safety margins, failure diagnostics, and practical design insights such as adaptive lighting policies to manage uncertainty. This framework broadens the applicability of HJ reachability to real-world perception pipelines, offering rigorous guarantees where approximate methods may be overly conservative. $$V(x,t)$$-based safety guarantees and the closed-loop Hamiltonian bounding form the core technical contributions, with open-source code to enable reuse and extension in perception-rich control systems.

Abstract

As perception-based controllers for autonomous systems become increasingly popular in the real world, it is important that we can formally verify their safety and performance despite perceptual uncertainty. Unfortunately, the verification of such systems remains challenging, largely due to the complexity of the controllers, which are often nonlinear, nonconvex, learning-based, and/or black-box. Prior works propose verification algorithms that are based on approximate reachability methods, but they often restrict the class of controllers and systems that can be handled or result in overly conservative analyses. Hamilton-Jacobi (HJ) reachability analysis is a popular formal verification tool for general nonlinear systems that can compute optimal reachable sets under worst-case system uncertainties; however, its application to perception-based systems is currently underexplored. In this work, we propose RoVer-CoRe, a framework for the Robust Verification of Controllers via HJ Reachability. To the best of our knowledge, RoVer-CoRe is the first HJ reachability-based framework for the verification of perception-based systems under perceptual uncertainty. Our key insight is to concatenate the system controller, observation function, and the state estimation modules to obtain an equivalent closed-loop system that is readily compatible with existing reachability frameworks. Within RoVer-CoRe, we propose novel methods for formal safety verification and robust controller design. We demonstrate the efficacy of the framework in case studies involving aircraft taxiing and NN-based rover navigation. Code is available at the link in the footnote.

Robust Verification of Controllers under State Uncertainty via Hamilton-Jacobi Reachability Analysis

TL;DR

RoVer-CoRe advances formal safety verification for perception-based controllers by embedding the perception, estimation, and control stack into a single closed-loop abstraction compatible with Hamilton-Jacobi reachability. It develops exact and conservative methods to compute or bound the closed-loop Hamiltonian, enabling safe analysis under bounded perceptual uncertainty and guiding robustness via safety-guided hyperparameter optimization. The approach is validated through aircraft taxiing and NN-based rover navigation case studies, demonstrating guaranteed safety margins, failure diagnostics, and practical design insights such as adaptive lighting policies to manage uncertainty. This framework broadens the applicability of HJ reachability to real-world perception pipelines, offering rigorous guarantees where approximate methods may be overly conservative. -based safety guarantees and the closed-loop Hamiltonian bounding form the core technical contributions, with open-source code to enable reuse and extension in perception-rich control systems.

Abstract

As perception-based controllers for autonomous systems become increasingly popular in the real world, it is important that we can formally verify their safety and performance despite perceptual uncertainty. Unfortunately, the verification of such systems remains challenging, largely due to the complexity of the controllers, which are often nonlinear, nonconvex, learning-based, and/or black-box. Prior works propose verification algorithms that are based on approximate reachability methods, but they often restrict the class of controllers and systems that can be handled or result in overly conservative analyses. Hamilton-Jacobi (HJ) reachability analysis is a popular formal verification tool for general nonlinear systems that can compute optimal reachable sets under worst-case system uncertainties; however, its application to perception-based systems is currently underexplored. In this work, we propose RoVer-CoRe, a framework for the Robust Verification of Controllers via HJ Reachability. To the best of our knowledge, RoVer-CoRe is the first HJ reachability-based framework for the verification of perception-based systems under perceptual uncertainty. Our key insight is to concatenate the system controller, observation function, and the state estimation modules to obtain an equivalent closed-loop system that is readily compatible with existing reachability frameworks. Within RoVer-CoRe, we propose novel methods for formal safety verification and robust controller design. We demonstrate the efficacy of the framework in case studies involving aircraft taxiing and NN-based rover navigation. Code is available at the link in the footnote.

Paper Structure

This paper contains 18 sections, 11 equations, 7 figures.

Table of Contents

  1. Introduction
  2. Related Works
  3. Approximate Reachable Set Methods
  4. Certificate-Based Methods
  5. HJ Reachability Analysis
  6. Problem Setup
  7. Background
  8. HJ Reachability Analysis
  9. Approach
  10. Closed-Loop System Abstraction
  11. Computing or Bounding the Closed-Loop Hamiltonian
  12. Exactly Computing the Hamiltonian
  13. Lower Bounding the Hamiltonian
  14. Robust Controller Design
  15. Case Studies
  16. ...and 3 more sections

Figures (7)

  • Figure 1: (Black) A perception-based system under perceptual uncertainty $e$, which result in noisy state estimates $\hat{x}$. (Red) The closed-loop system abstraction used for safety analysis.
  • Figure 2: (a) Histograms of the prediction errors for $\hat{p}_x$ and $\hat{\theta}$ by the aircraft DNN module. (b) Prediction error bounds for different error coverages.
  • Figure 3: Evolution of the BRTs for the taxiing controller as the error coverage increases. Safety is guaranteed in the blue region. (Black) The BRT boundary. (Dot) The initial state.
  • Figure 4: (a) Value function at the initial state under an error coverage of $0.997$ across the controller space. (b) Actual (solid) and perceived (dashed) trajectories under worst-case uncertainty.
  • Figure 5: From left to right: the lower bounds, nominal outputs, and upper bounds of the NN at ($\theta=0$ rad, $t=1.5$ s). Rightmost: Rollouts by the NN-based controller successfully reach a goal (green star) while avoiding obstacles (red circles) under perfect state estimation.
  • ...and 2 more figures

Theorems & Definitions (1)

  • remark 1