Papers
Topics
Authors
Recent
Search
2000 character limit reached

Backup-Based Safety Filters: A Comparative Review of Backup CBF, Model Predictive Shielding, and gatekeeper

Published 2 Apr 2026 in cs.RO and eess.SY | (2604.02401v1)

Abstract: This paper revisits three backup-based safety filters -- Backup Control Barrier Functions (Backup CBF), Model Predictive Shielding (MPS), and gatekeeper -- through a unified comparative framework. Using a common safety-filter abstraction and shared notation, we make explicit both their common backup-policy structure and their key algorithmic differences. We compare the three methods through their filter-inactive sets, i.e., the states where the nominal policy is left unchanged. In particular, we show that MPS is a special case of gatekeeper, and we further relate gatekeeper to the interior of the Backup CBF inactive set within the implicit safe set. This unified view also highlights a key source of conservatism in backup-based safety filters: safety is often evaluated through the feasibility of a backup maneuver, rather than through the nominal policy's continued safe execution. The paper is intended as a compact tutorial and review that clarifies the theoretical connections and differences among these methods.

Summary

  • The paper presents a unified framework for backup-based safety filters, systematically comparing Backup CBF, MPS, and Gatekeeper through recoverable and inactive sets.
  • Empirical evaluations across various scenarios demonstrate that Gatekeeper achieves higher nominal command acceptance and reduced conservatism relative to other methods.
  • The theoretical analysis using set-inclusion relationships offers actionable insights for designing less intrusive, safety-certified control schemes in nonlinear systems.

Comparative Analysis of Backup-Based Safety Filters: Backup CBF, MPS, and Gatekeeper

Introduction

This work presents a comprehensive analysis of three canonical backup-based safety filters in nonlinear control: Backup Control Barrier Functions (Backup CBF), Model Predictive Shielding (MPS), and gatekeeper. These approaches ensure formal safety guarantees for nonlinear systems, particularly when nominal planners and controllers—such as those used in reinforcement learning or sampling-based motion planning—lack robust safety assurances. The methodological comparison leverages a unified abstraction based on recoverable sets and filter-inactive sets, offering new insight into the relative conservatism and connective structure of these leading methods.

Unified Framework for Backup-Based Safety Filters

The paper formalizes the notion of a safety filter πsf\pi_{\textup{sf}} sitting between the plant and a nominal policy πnom\pi_{\textup{nom}}. It intervenes only when necessary to ensure invariance within a predefined safe set CC and guarantees eventual entry into a controlled-invariant terminal set S0S_0. All considered filters are predicated on a backup policy πb\pi_{\textup{b}} capable of consistently recovering the system into S0S_0 from an associated recoverable set.

The primary innovation in analysis is the introduction of the filter-inactive set IsfI_{\textup{sf}}, defined as states where the nominal input is left unchanged. Comparisons among filters are then reduced to set-inclusion relations among these inactive sets, providing an interpretable and system-agnostic measure of intervention conservatism.

Theoretical Comparison of Safety Filters

Backup CBF

Backup CBF defines an implicit safe set SS as the TBT_B-horizon recoverable set under the backup policy, where online safety is enforced via a quadratic program (QP) which minimally perturbs the nominal input to remain within SS. Crucially, Backup CBF does not make a binary choice between the nominal and backup policies; rather, it projects the nominal input onto the maximal safe admissible subset.

Model Predictive Shielding (MPS)

MPS, originally defined for discrete-time systems, is recast here in continuous-time for formal comparison. At each digital update time, MPS checks if executing the nominal policy for a single interval πnom\pi_{\textup{nom}}0 followed by the backup policy guarantees safety (i.e., the validity test for a fixed switching time). If not, it switches immediately to the backup.

Gatekeeper

Gatekeeper extends MPS by searching over a set of admissible switching times πnom\pi_{\textup{nom}}1, accepting the nominal input as long as some nonzero segment of nominal execution can be safely certified before switching to the backup. This modification systematically reduces intervention conservatism by exploiting the potential to delay the commitment to backup without violating safety. Figure 1

Figure 1: Recovered safe sets (light-colored regions) and filter-inactive sets (dark-colored regions) for different filters on a double-integrator slice. The viability kernel from HJ reachability provides the ground truth.

Set Relationships

The paper establishes two main theoretical inclusions:

  • Ï€nom\pi_{\textup{nom}}2: Gatekeeper always intervenes less often or equally as MPS, due to its optimization over longer nominal segments.
  • Ï€nom\pi_{\textup{nom}}3: The relative interior of the Backup CBF’s inactive set (within its implicit safe set Ï€nom\pi_{\textup{nom}}4) always lies within the gatekeeper's inactive set, signifying that gatekeeper at least recovers all robustly inactive states of Backup CBF. Figure 2

    Figure 2: Geometric illustration of the local set-theoretic argument showing that the relative interior of the Backup CBF inactive set is contained within the gatekeeper inactive set.

Empirical Evaluation

Planar Double Integrator

In a 4D planar double-integrator, the hierarchy of conservatism across the filters is visualized. The viability kernel computed via Hamilton-Jacobi reachability provides the true safety set. Backup CBF and MPS display substantial conservatism, rejecting states where later switching would suffice for safety. Gatekeeper’s inactive set is visibly larger, confirming the reduction in unnecessary intervention.

Dynamic Reach-Avoid

In a 2D navigation scenario with a moving obstacle, gatekeeper enables the ego agent to reach the goal by hiding in a safety pocket only when truly necessary, in contrast to the persistent retreat enforced by the more conservative filters. Quantitative metrics confirm a significantly higher rate of nominal input acceptance for gatekeeper. Figure 3

Figure 3: Reach-avoid scenario with a dynamic obstacle. (a) Trajectories generated by each filter. (b) Evolution of the Backup CBF value. (c) Certified switching times πnom\pi_{\textup{nom}}5 for MPS and gatekeeper.

Highway Overtake—Dynamic Bicycle Model

Utilizing a high-dimensional, nonlinear vehicle model, the gatekeeper filter eliminates unnecessary evasive maneuvers triggered prematurely by MPS and Backup CBF, permitting uninterrupted nominal tracking when actual risk is not present. The result is πnom\pi_{\textup{nom}}6 nominal controller usage for gatekeeper, versus substantial intervention fractions for the alternatives. Figure 4

Figure 4: Highway overtake scenario. (a) Vehicle trajectories under each filter. (b) Backup CBF value time course. (c) Certified switching times πnom\pi_{\textup{nom}}7 for MPS and gatekeeper.

Discussion, Limitations, and Implications

The main structural limitation exposed is what the paper terms safety evaluation on backup: all existing backup-based safety filters, despite different search strategies, restrict their acceptance of the nominal policy based on anticipated feasibility of an immediate or near-future backup maneuver. Thus, safety can be enforced conservatively, even when the nominal trajectory itself would not lead to constraint violation. Gatekeeper addresses the lag between conservatism and actual safety threat by optimizing the switching time, but the quality of the backup policy and the model's fidelity remain fundamental bottlenecks.

From a practical perspective, the parallelized version of gatekeeper offers computational efficiency compatible with real-time deployment, narrowing the gap between permissiveness and tractability. Theoretically, the inclusion relations provide a formal basis for understanding guarantees and limitations, supporting future development of even less-intrusive filters, potentially incorporating lookahead over the full nominal trajectory or fusing with statistical risk estimation.

Conclusion

This review rigorously compares Backup CBF, MPS, and gatekeeper within a common formal framework, elucidating their algorithmic structure, theoretical connections, and empirical performance. The results demonstrate that gatekeeper’s search over switching times yields a strictly less conservative intervention policy than MPS and encompasses the interior acceptance region of Backup CBF. The unified perspective provided here clarifies both the potential and the structural sources of conservatism in backup-based safety filters, guiding future research toward less intrusive, more permissive safety-certified control schemes.

Strong empirical results confirm up to πnom\pi_{\textup{nom}}8 nominal command acceptance for gatekeeper in dynamic scenarios, with computation speeds suitable for online use, while highlighting persistently conservative behavior in other methods. These findings have direct implications for the deployment of safety filters in high-dimensional, safety-critical robotic systems, and suggest promising directions for further integration of model-predictive planning and backup-based certification.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We found no open problems mentioned in this paper.

Collections

Sign up for free to add this paper to one or more collections.

Tweets

Sign up for free to view the 1 tweet with 2 likes about this paper.