SafeSpace: Aggregating Safe Sets from Backup Control Barrier Functions under Input Constraints

Abstract: Control barrier functions (CBFs) provide a principled framework for enforcing safety in control systems -- yet the certified safe operating region in practice is often conservative, especially under input bounds. In many applications, multiple smaller safe sets can be certified independently, e.g., around distinct equilibria with different stabilizing controllers. This paper proposes a framework for uniting such regions into a single certified safe set using \emph{combinatorial CBFs}. We refine the combinatorial CBF framework by introducing an auxiliary variable that enables logical compositions of individual CBFs. In the proposed framework, we show that such compositions yield a \emph{generalized combinatorial CBF} under a condition termed \emph{conjunctive compatibility}. Building on this result, we extend the framework to enable the aggregation of multiple implicit safe sets generated by the backup CBF framework. We show that the resulting CBF-based quadratic program yields a continuous safety filter over the aggregated safe region. The approach is demonstrated on two spacecraft safety problems, safe attitude control and safe station keeping, where multiple certified safe regions are combined to expand the operational envelope.

• The paper introduces a combinatorial CBF framework that aggregates multiple backup safe sets, significantly enlarging safe operating regions.
• It leverages auxiliary variables and logical compositions to blend disjoint safe sets while enforcing stringent input and state constraints.
• Simulations on underactuated satellites illustrate improved safety and performance compared to single-backup CBF approaches.

Aggregation of Safe Sets via Combinatorial Backup Control Barrier Functions under Input Constraints

Introduction and Context

The paper "SafeSpace: Aggregating Safe Sets from Backup Control Barrier Functions under Input Constraints" (2604.03536) addresses the conservatism inherent in certified safe regions produced by conventional Control Barrier Functions (CBFs), especially under stringent input bounds. The work targets scenarios where multiple small certified safe sets, each anchored around a distinct equilibrium and associated backup controller, may be leveraged to construct an enlarged safe operating region. By systematically aggregating these sets through novel extensions to combinatorial CBFs, the framework significantly expands safe system behavior without compromising input constraints, with critical applications demonstrated in complex space system scenarios.

Control Barrier Functions and Limitations

CBFs offer sufficient conditions for forward invariance of prescribed safe sets via the enforcement of differential constraints on system trajectories. For a control-affine system, these conditions ensure safety by enabling feedback design that keeps the system within a safe region. However, the size of the safe region is often overly restrictive in practical settings—input bounds further shrink the size of control-invariant sets, sometimes forcing solutions to a patchwork of disconnected certified sets, each attached to a local stabilizer.

Conventional approaches (e.g., Hamilton-Jacobi reachability) can theoretically compute maximal control-invariant subsets but are computationally prohibitive. Recent developments have explored backup CBF constructions, where the reachability of a backup safe set (under a known stabilizing policy) is used to expand a certified region, yet these are still conservative when only a single backup set and controller are used.

Combinatorial CBFs: Generalized Aggregation Framework

The crux of the paper is a systematic method for forming a union of several control-invariant sets (explicit or implicit) through "generalized combinatorial CBFs," thus directly synthesizing a singular, continuous safety filter (i.e., CBF-QP controller) over the aggregated region. The combinatorial construction introduces:

• Auxiliary variables: To relax barrier constraints for CBFs not locally active, restoring feasibility via variable-weighted penalty terms.
• Logical composition: The aggregation supports logical operations (e.g., pointwise max for disjunction, min for conjunction) of primitive CBFs, ensuring the union (OR) or intersection (AND) of safe regions is rendered invariant under the closed-loop system, subject to compatibility assumptions.
• Conjunctive compatibility: Simultaneous satisfiability of active CBF conditions at intersections is formalized, ensuring feasibility without requiring conservative switching or blending strategies.

For explicit CBFs, the QP formulation synthesizes a continuous policy over the union of all certified sets and mitigates discontinuities or controller synthesis complexity associated with prior nonsmooth or switched approaches (see Figure 1).

Figure 1: Simulation results for the satellite under projection $R \mapsto \bRe_3$, showing that the combinatorial bCBF (green) realizes both safety and boundary convergence, impossible using only a single backup set (red).

Extension to Implicit Safe Sets: Aggregation of Backup CBFs

A significant contribution is extending combinatorial CBF logic to implicit safe sets—regions certified by trajectories under backup (safeguarding) controllers, where reachability constraints are enforced over time via (possibly discretized) trajectory-level conditions. The main technical apparatus involves:

• Nested max-min set encoding: The aggregated safe set is computed as the union (max) across backup CBFs, each itself a conjunction (min) of constraints along specific backup trajectories.
• QP-based controller synthesis: The barrier constraints, including auxiliary variables, are robustly enforced across all trajectory samples and controller indices, preserving safety and continuity without recourse to switching logic.

This yields a certified extension: the forward invariance of the union of backup CBF-based reachable sets, each associated with different controllers. The resultant safe set is provably strictly larger than what a single backup CBF can achieve, thereby explicitly reducing conservatism without loss of constraint adherence.

Figure 2: Comparative results for safe spacecraft station keeping: standard CBF (a), standard bCBF (b), combinatorial CBF (c), and combinatorial bCBF (d), demonstrating that aggregation yields the largest control-invariant safe set and best orbit tracking, while strictly enforcing all constraints and input bounds.

Application Scenarios: Space Systems

Attitude Regulation of Underactuated Satellites

An underactuated satellite with severe input saturation and a sun-avoidance constraint exemplifies the typical conservatism of standard CBFs. By projecting the configuration to $\mathbb S^2$ and constructing five backup CBF sets (via different equilibrium points and stabilizers), the combinatorial bCBF approach unites these regions under a continuous policy. The result is both safety and convergence to the boundary, a property unattainable with a single local controller.

Safe Station Keeping in Orbital Operations

For a satellite performing station keeping near an asteroid with keep-in and keep-out radial constraints and control rate bounds, local CBFs were built around multiple orbital equilibria. The proposed method combines their backup-based safe sets, allowing the spacecraft to closely track a desired orbit (even inside the union of disjoint local sets), outperforming both standard CBF and single-backup CBF approaches in terms of mission utility and safety metrics.

Theoretical and Practical Implications

The paper establishes that the union of control-invariant sets is itself control invariant, and the generalized combinatorial CBF-QP is both continuous and universally safe under input constraints, provided compatibility holds. Practically, this enables modular synthesis: practitioners may certify multiple small regions (potentially with distinct controllers and local models) and seamlessly unite them for enlarged safe operation envelopes, all under tight input and state restrictions.

Key implications include:

• Compositional safety guarantees for complex systems where constructing a single global controller and safe set is intractable and localized certification is tractable.
• Smooth, switch-free safety filters for multi-region safe operation, obviating hybrid mode logic and associated analysis complexity.
• Scalability: The auxiliary variable relaxation and max-min logic yield efficient QP-based controllers, bypassing the computational bottlenecks of reachability PDEs.

Future Directions

The approach admits further developments, including automated construction of backup (reachability) controllers via orbital mechanics (e.g., Lambert’s problem), extension to higher-dimensional nested logic compositions, and more expressive compatibility criteria leveraging optimal-decay CBFs or temporal logic constraints.

Conclusion

The paper makes a technically substantial contribution to the synthesis of safety filters for input-constrained nonlinear systems by innovatively aggregating multiple explicit and implicit (backup) safe sets via combinatorial CBF logic. The approach's numerically demonstrated efficacy in high-stakes, low-thrust space mission scenarios attests to the method’s potential for broad adoption in domains demanding reliable assurances of safety under strict physical limitations.