Distributed Predictive Control Barrier Functions: Towards Scalable Safety Certification in Modular Multi-Agent Systems

Abstract

We consider safety-critical multi-agent systems with distributed control architectures and potentially varying network topologies. While learning-based distributed control enables scalability and high performance, a lack of formal safety guarantees in the face of unforeseen disturbances and unsafe network topology changes may lead to system failure. To address this challenge, we introduce structured control barrier functions (s-CBFs) as a multi-agent safety framework. The s-CBFs are augmented to a distributed predictive control barrier function (D-PCBF), a predictive, optimization-based safety layer that uses model predictions to guarantee recoverable safety at all times. The proposed approach enables a permissive yet formal plug-and-play protocol, allowing agents to join or leave the network while ensuring safety recovery if a change in network topology requires temporarily unsafe behavior. We validate the formulation through simulations and real-time experiments of a miniature race-car platoon.

Figures (6)

• Figure 3: Network-level recoverable safety using s-CBFs. The formulation defines safe sets $\mathcal{S}_\ell$ and regions of attraction $\mathcal{D}_\ell\setminus \mathcal{S}_\ell$, ensuring constraint satisfaction and network-level convergence even when individual trajectories temporarily have to violate safety.
• Figure 4: Possible distributed predictive control barrier function (D-PCBF) control loop. Local control policies propose inputs $u_{\mathrm{p},\ell}$ that a distributed model predictive safety filter (see muntwilerDistributedModelPredictive2020, but with the same constraint formulation as the D-PCBF) subsequently filters to generate the control inputs $u_\ell$, using the slack values $\xi_\ell^i$ that result from the D-PCBF. The D-PCBF design ensures that the feasible set is forward-invariant and attractive. Instead of using local controllers and a distributed predictive safety filter, distributed MPC can be employed directly by modifying the cost in \ref{['eq:mpsf_optimization_problem']}.
• Figure 5: Platoon example system. Assuming perfect lateral tracking and a kinematic model, the distributed dynamics consider the arc length to the preceding vehicle and the velocity magnitude.
• Figure 6: Synthesis results for the vehicle platoon model when maximizing the safe set for $L=5$ agents. The top plots show the resulting s-CBF safe sets (green) and domains (blue) for the second and third car of the platoon. The bottom plots visualize the alternating optimization results described in Section \ref{['sec:sCBFs_synthesis']} to approximately solve \ref{['eq:max_safeset_synthesis_opt']}. The safe set size is plotted as the log-determinants of $E$, i.e., $\log\det(E)=\sum_\ell \log\det(E_\ell) \propto \vert E\vert$, while $\gamma_f$ is used to indicate the size of the terminal region of attraction.
• Figure 7: Simulation results for the vehicle platoon model. The top plots show the state space trajectories (start=dot, end=cross) of the distributed simulation for the first four follower agents, where agents $\ell=1,2$ are initialized at an unsafe distance. The top-left plot shows results for 5 agents, and the right plot shows results for 40 agents. In both cases, the network-level system converges to safe operation within the state constraints, although all agents try to accelerate with $a_\ell^\mathrm{p}=10.0\, \mathrm{m}/\mathrm{s}^2$. The bottom plot shows the solve times of \ref{['eq:dpcbf_optimization_problem']} for the centralized solver and the distributed implementation, where the latter is reported as an idealized parallel runtime.

Theorems & Definitions (11)

• Definition B.1: Control barrier function (CBF) wabersichPredictiveControlBarrier2023
• Definition C.1: Structured CBFs (s-CBFs)
• Theorem C.3: Network-level CBF from s-CBFs
• proof
• Remark C.4: Multi-objective formulation
• Theorem C.6: D-PCBF
• proof
• Remark C.7: Disturbance robustness
• Definition D.1: Maximum violation sets
• Remark D.3: Distributed computation of recovery certificate