Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Safety Guardrails in the Sky: Realizing Control Barrier Functions on the VISTA F-16 Jet

Andrew W. Singletary, Max H. Cohen, Tamas G. Molnar, Aaron D. Ames

Abstract

The advancement of autonomous systems -- from legged robots to self-driving vehicles and aircraft -- necessitates executing increasingly high-performance and dynamic motions without ever putting the system or its environment in harm's way. In this paper, we introduce Guardrails -- a novel runtime assurance mechanism that guarantees dynamic safety for autonomous systems, allowing them to safely evolve on the edge of their operational domains. Rooted in the theory of control barrier functions, Guardrails offers a control strategy that carefully blends commands from a human or AI operator with safe control actions to guarantee safe behavior. To demonstrate its capabilities, we implemented Guardrails on an F-16 fighter jet and conducted flight tests where Guardrails supervised a human pilot to enforce g-limits, altitude bounds, geofence constraints, and combinations thereof. Throughout extensive flight testing, Guardrails successfully ensured safety, keeping the pilot in control when safe to do so and minimally modifying unsafe pilot inputs otherwise.

Safety Guardrails in the Sky: Realizing Control Barrier Functions on the VISTA F-16 Jet

Abstract

The advancement of autonomous systems -- from legged robots to self-driving vehicles and aircraft -- necessitates executing increasingly high-performance and dynamic motions without ever putting the system or its environment in harm's way. In this paper, we introduce Guardrails -- a novel runtime assurance mechanism that guarantees dynamic safety for autonomous systems, allowing them to safely evolve on the edge of their operational domains. Rooted in the theory of control barrier functions, Guardrails offers a control strategy that carefully blends commands from a human or AI operator with safe control actions to guarantee safe behavior. To demonstrate its capabilities, we implemented Guardrails on an F-16 fighter jet and conducted flight tests where Guardrails supervised a human pilot to enforce g-limits, altitude bounds, geofence constraints, and combinations thereof. Throughout extensive flight testing, Guardrails successfully ensured safety, keeping the pilot in control when safe to do so and minimally modifying unsafe pilot inputs otherwise.

Paper Structure

This paper contains 30 sections, 2 theorems, 29 equations, 7 figures.

Table of Contents

  1. Related Works
  2. Collision Avoidance and Run-Time Assurance for Aircraft
  3. Safety-Critical Control
  4. Overview of Guardrails
  5. Technical Overview
  6. Safety-Critical Control
  7. Implicit Control Invariant Sets
  8. Blended Safety Filters
  9. Invariant Sets for Fixed-Wing Aircraft
  10. Dynamical Model
  11. Safety Constraints
  12. Backup Maneuvers
  13. Results
  14. Experimental Setup: X-62 VISTA
  15. Flight Tests
  16. ...and 15 more sections

Key Result

theorem 1

Consider the control system in eq:dyn, a state constraint set $\mathcal{C}$ as in eq:constraint-set, and a backup safe set $\mathcal{C}_{\rm b}\subset\mathcal{C}$ as in eq:backup-set, assumed to be forward invariant for the closed-loop system in eq:dyn-backup under a locally Lipschitz backup control

Figures (7)

  • Figure 1: Overview of Guardrails --- a runtime assurance system that supervises artificial intelligence or human pilots in real time for safe highly dynamic maneuvers. Guardrails was implemented on the X-62 Variable-stability In-flight Simulator Test Aircraft (VISTA) shown at the bottom, and evaluated during flight tests with the Edwards Air Force Base Test Pilot School.
  • Figure 2: Results associated with using Guardrails for load factor limiting. Here, the dashed blue curve represents the load factor requested by the pilot, the solid orange curve represents the safe load factor computed by Guardrails, and the thin green curve represents the measured load factor on the aircraft. Panel (b) is a zoom-in view of panel (a).
  • Figure 3: Results from applying Guardrails for altitude limiting. In panel (a), the green curve denotes the evolution of the aircraft's altitude over time, with the green area denoting the safe region and the red area denoting the unsafe region. Panel (c) displays the evolution of the aircraft's pitch angle (thin green) and angle of attack (orange). Panel (b) illustrates the pilot's requested load factor (dashed blue), the commanded load factor computed by Guardrails (solid orange), and the measured load factor aboard the aircraft (thin green). Here, the purple region denotes the span of time where Guardrails is active (${\lambda>0}$), as quantified by the value of $\lambda$ in panel (d).
  • Figure 4: Results from employing Guardrails for geofencing. Panel (a) highlights that the aircraft's trajectory (green curve) stays in the safe region (green area), avoiding the restricted airspace (red area). Panel (b) plots the safety function $h$ (a normalized time to collision measure associated with the distance to the geofence), whose positive value indicates safety. Panel (c) depicts how the aircraft rolls to abide by the geofence. Panels (d) and (e), respectively, show that the load factor and roll rate commanded by the pilot (dashed blue) are modified to a safe command by Guardrails (solid orange) which is tracked by the aircraft (thin green). The control authority of Guardrails is shown in panel (f).
  • Figure 5: Results from using Guardrails for simultaneous geofencing and altitude limiting. In panels (a) and (b), respectively, the VISTA's trajectory and altitude (green curve) are shown, with the safe (green) and unsafe (red) regions indicated. Panel (c) depicts the evolution of the roll angle. Panels (d) and (e) display the corresponding load factor and roll rate, respectively, as requested by the pilot (dashed blue), computed by Guardrails (solid orange), and measured aboard the aircraft (thin green). The partial control authority of Guardrails is quantified by the blending parameter $\lambda$ in panel (f).
  • ...and 2 more figures

Theorems & Definitions (4)

  • definition 1
  • definition 2
  • theorem 1: backup set method gurriet2020scalable
  • theorem 2: blended safety filter singletary2022onboard