Tunable Input-to-State Safety with Input Constraints

TL;DR

A framework that integrates general compact input constraints into tuning function synthesis is proposed and it is shown that these conditions, combined with tuning function monotonicity, guarantee input compatibility and recursive feasibility of the resulting quadratic program (QP)-based safety filter.

Abstract

Tunable input-to-state safety (TISSf) generalizes the input-to-state safety (ISSf) framework by incorporating a tuning function that regulates safety conservatism while preserving robustness against perturbations. Despite its flexibility, the TISSf tuning function is often designed without explicitly incorporating actuator limits, which can lead to incompatibility with input constraints. To address this gap, this paper proposes a framework that integrates general compact input constraints into tuning function synthesis. Leveraging a geometric perspective, we characterize the TISSf condition as a state-dependent half-space constraint and derive a verifiable certificate for input compatibility using support functions. This characterization transforms the compatibility requirement into a design constraint on the tuning function, yielding a prescriptive lower bound that defines an admissible family of tunings under input constraints. These results are specialized to norm-bounded, polyhedral, and box constraints, yielding tractable control design conditions. We show that these conditions, combined with tuning function monotonicity, guarantee input compatibility and recursive feasibility of the resulting quadratic program (QP)-based safety filter. Furthermore, an offline parameter selection procedure using a covering-based sampling strategy ensures compatibility across the entire safe set via a linear program (LP). A connected cruise control (CCC) application demonstrates robust safety under TISSf while enforcing input constraints by design.

Figures (3)

• Figure 1: Geometric interpretation of the TISSf-CBF condition and its compatibility with input constraints. (a) Geometric effect of $\varepsilon(h(\mathbf{x}))$: varying its value shifts the half-space boundary relative to a baseline (blue line), where increasing or decreasing $\varepsilon(h(\mathbf{x}))$ yields a displaced hyperplane (green and orange dashed lines, respectively). (b) Design impact on compatibility: an improperly small $\varepsilon(h(\mathbf{x}))$ results in $\Pi_{\varepsilon}(\mathbf{x}) \cap \mathcal{U} = \emptyset$ (blue line), whereas a proper choice of $\varepsilon(h(\mathbf{x}))$ ensures $\Pi_{\varepsilon}(\mathbf{x}) \cap \mathcal{U} \neq \emptyset$ (green dashed line).
• Figure 2: Motivating example showing that directly applying a TISSf-CBF-based controller with different parameters of the exponential tuning function $\varepsilon(h)=\epsilon_0 e^{\lambda h}$ may violate input constraints: (a) state trajectories in the $(x_1,x_2)$ plane for different parameter choices; (b) evolution of the barrier function $h(\mathbf x)$; (c) evolution of the tightened quantity $h(\mathbf x)+\zeta(h(\mathbf x),\delta)$; (d) control input $u(t)$ over a short time window, highlighting possible violations of the input bound $|u|\le 15$.
• Figure 3: Comparative CCC simulation results under perturbations: (a) headway distance $D$; (b) ego vehicle velocity $v$ (the leading-vehicle profile is shown in the plot); (c) robust safety metric $h(\mathbf{x})+\zeta(h(\mathbf{x}),\delta)$, where values above zero indicate robust safety; and (d) control input $u(t)$ with acceleration limits (red dashed).

Theorems & Definitions (20)

• Definition 1
• Definition 2
• Definition 3
• Theorem 1
• Definition 4
• Theorem 2
• Example 1
• Lemma 1
• proof
• Remark 1