Backup Control Barrier Functions
- Backup CBFs are trajectory-based safety filters that certify a system's safe operation by verifying that a backup controller can steer states to a known invariant backup set over a finite horizon.
- They implement an online safety filter, typically via a quadratic program, that minimally adjusts nominal control inputs while preserving forward invariance under bounded constraints.
- Recent advancements address nonsmoothness, robustness to disturbances, and the integration of multiple backup strategies to reduce conservativeness and extend applicability.
Backup Control Barrier Functions (backup CBFs, bCBFs, or BCBFs) are trajectory-based control barrier constructions for control-affine systems in which direct CBF synthesis is difficult, especially under bounded inputs. The central idea is to replace direct certification of a large safe set by certification of recoverability: a state is treated as safe if a prescribed backup controller can keep the system inside the safety constraints over a finite horizon and steer it into a smaller backup set that is already known to be forward invariant. This yields an implicitly defined controlled-invariant set and an online safety filter, typically a quadratic program, that minimally modifies a nominal controller while preserving safety (Chen et al., 2021, Wijk et al., 6 Oct 2025).
1. Core construction and canonical formulation
The standard setting is a control-affine nonlinear system
with admissible input set , safe set
and backup set
A locally Lipschitz backup controller is assumed to render forward invariant. Let denote the flow of the backup closed loop
The backup CBF construction defines a larger implicit safe set by requiring safety of the backup rollout over a horizon together with terminal arrival in the backup set. Across the literature this enlarged set appears in equivalent forms such as
or, in the notation of some papers,
0
The set inclusion
1
is explicit in several formulations (Janwani et al., 2023, Kim et al., 2 Apr 2026).
The corresponding barrier is implicit because it is defined through the backup trajectory rather than through a closed-form state function. A canonical expression is
2
whose 3-superlevel set is exactly the backup-induced safe set (Chen et al., 2021, Kim et al., 2 Apr 2026). In sampled implementations this becomes a minimum over finitely many trajectory samples plus a terminal term, a structure that later becomes important for regularity and feasibility analysis (Alan et al., 17 Nov 2025).
This construction is motivated by bounded-input safety. Standard CBFs require feasibility of the barrier inequality throughout the certified set, whereas backup CBFs certify only those states from which a feasible backup maneuver is known to exist. This shifts the problem from explicit invariant-set synthesis to online verification of recoverability under the backup policy (Janwani et al., 2023, Wijk et al., 6 Oct 2025).
2. Safety filter, invariance, and feasibility
The online controller is typically a pointwise QP that keeps the applied control close to a desired or nominal input while enforcing barrier inequalities associated with the backup rollout. A representative formulation is
4
subject to sampled inequalities of the form
5
together with the terminal backup-set condition
6
Here 7 and 8 (Janwani et al., 2023).
The central safety theorem states that any Lipschitz continuous controller satisfying the backup-CBF inequalities keeps the closed loop safe with respect to the induced set. One formulation states that if 9, then
0
This is the basic forward-invariance claim behind the method (Janwani et al., 2023). A closely related statement appears in the tutorial formulation: if the backup set is invariant under the backup controller, then the induced recoverable set is controlled invariant for every 1 (Chen et al., 2021).
A major attraction of the method is feasibility. On the induced set, the backup controller itself is a feasible point of the QP, so the safety filter is feasible by construction under the stated assumptions (Chen et al., 2021). Later work re-emphasizes this as the main advantage of bCBFs over standard CBF filters under input bounds (Wijk et al., 6 Oct 2025).
The 2021 tutorial paper also proves that, under mild assumptions, the constituent functions 2 and 3 have relative degree 4 for all 5, except at singular points. This clarifies why backup CBFs often avoid the high-relative-degree complications that arise when one tries to certify the original geometric constraint directly (Chen et al., 2021).
The standard implementation cost is nontrivial because the filter depends on forward simulation and flow sensitivities. One later formulation states that standard bCBF implementation requires forward integration of
6
ODEs per control step: 7 for the backup flow and 8 for the sensitivity matrix. A closed-form alternative restricts the admissible safe control to
9
derives the optimizer 0 analytically, proves that the resulting controller renders the backup-induced set forward invariant, and reduces the required ODE integrations to
1
3. Nonsmoothness, smoothing, and infinite-constraint structure
A defining technical feature of backup CBFs is that the safe set is usually encoded by a pointwise minimum of continuously differentiable functions. In the discretized backup construction this appears as
2
with 3 for trajectory samples and a terminal term 4. More generally,
5
defines a nonsmooth safe-set function, nonsmooth precisely where multiple constraints are active (Alan et al., 17 Nov 2025).
Recent work analyzes this issue through the active set
6
combined with MFCQ on the boundary. Under MFCQ, strict safety of the nonsmooth set is equivalent to positivity of the active Lie derivatives on the boundary: 7 This strict positivity condition is the key hypothesis behind a smoothing theorem based on the soft minimum
8
For compact safe sets, if 9 is compact, MFCQ holds on 0, and the system is strictly safe with respect to 1, then for all 2,
3
is a CBF, with explicit threshold
4
For potentially unbounded sets, tail assumptions yield an extended CBF guarantee uniformly for sufficiently large 5 (Alan et al., 17 Nov 2025).
Applied back to backup CBFs, the result states that if the terminal backup set is compact, the backup flow exists for 6, the backup closed-loop system is strictly safe with respect to the terminal set, and the boundary condition
7
holds on the relevant backup-reachable boundary, then there exists 8 such that the smoothed function
9
is a CBF for all 0. The significance is explicit a priori feasibility of the smooth safety filter without additional online certification (Alan et al., 17 Nov 2025).
A complementary line of work reframes backup CBFs as an infinite-constraint problem. With
1
the constraint family is indexed by the continuous time parameter 2. Under compactness of the parameter set and a well-posedness condition analogous to regularity of active constraints, forward invariance is equivalent to the Nagumo-type boundary condition
3
The same work introduces optimal-decay barrier functions and optimal-decay control barrier functions (OD-CBFs), with a single shared decay variable 4, and proves both continuity of the resulting controller under strict feasibility and a local finite reduction theorem for discretization with robustness margins (Cohen et al., 16 Apr 2026).
These results address a persistent misconception that the min-over-trajectory structure is merely an implementation artifact. The later theory shows instead that nonsmoothness and semi-infinite constraints are intrinsic to the backup-CBF construction, and that their regularization requires separate geometric and analytic conditions.
4. Robustness to disturbances, uncertainty, and output feedback
Backup CBFs depend on predicted backup trajectories. Consequently, model errors, disturbances, and state-estimation errors directly affect certification because the backup flow may be inaccurately computed. Several extensions modify the backup-set construction rather than only the online optimizer.
Measurement-Robust Control Barrier Functions combine backup sets with uncertainty margins on the estimated state. The controller receives an estimate
5
with bounded estimation error, and the barrier inequality is enforced at 6 with explicit robustness margins
7
For backup-set implementations this yields the notion of a Measurement-Robust Implicit Safe Set (MRISS) together with an online Measurement-Robust Backup Set Optimization Program, an SOCP whose constraints are robustified versions of the discretized backup inequalities (Cosner et al., 2021).
For uncertain dynamics with additive disturbances, disturbance-robust backup CBFs construct a tightened safe set around the nominal backup flow. One formulation defines a tube around the nominal flow using the deviation bound
8
and chooses tightening margins satisfying
9
The resulting Disturbance-Robust Backup CBF (DR-bCBF) inequalities guarantee forward invariance of the tightened set for the disturbed system (Wijk et al., 2024).
A related disturbance-observer formulation replaces worst-case disturbance assumptions by an estimated disturbance 0, generated by
1
and then tightens the backup set around the estimated-flow rollout. The corresponding Disturbance Observer Backup CBF (DO-bCBF) certificate includes explicit observer-error terms and proves safety, robustness to unknown disturbances, and satisfaction of input constraints (Wijk et al., 19 Mar 2025).
Output-feedback backup CBFs address the case where only an estimate 2 is available and the true flow evolves under feedback based on that estimate. The key object is a tightened set in the estimate space,
3
where the tightening terms are chosen from an uncertainty envelope around the estimated flow. The main guarantee is that ensuring safety of the envelope guarantees safety of the true state, and that there always exists a feasible input that guarantees true-state safety under bounded inputs and state-estimation error (Wijk et al., 21 Apr 2026).
A common theme across these variants is that robustness is introduced by modifying the implicit safe set itself—via margins, tubes, or envelopes—rather than only by penalizing uncertainty in the QP.
5. Multiple backups, aggregation, and generalized constructions
A major source of conservativeness in backup CBFs is dependence on a single backup controller and a single backup set. Several generalizations therefore enlarge the certified region by using multiple backups, shared backup policies across multiple constraints, learned backup policies, or more flexible expansion dynamics.
The extension to multiple backup controllers replaces a single recoverability certificate by a family of certificates. In human-robot collaboration, one formulation uses a set of backup controllers
4
and learns a switching index 5 with a deep LSTM plus DNN decoder, while the BCBF-QP still enforces safety under the selected backup strategy (Janwani et al., 2023). In reinforcement learning, RLBUS starts from hand-designed backup policies, trains an additional backup policy 6, defines the combined safe set by a soft maximum over the individual backup certificates, and reports zero training-time safety violations while enlarging the safe exploration region (Rabiee et al., 2023).
A different generalization handles multiple decoupled state constraints and mixed state-input constraints with a single backup set–backup controller pair. The key move is to project a mixed constraint
7
onto the state space along the backup controller by defining
8
This converts the mixed state-input safety problem into a projected state-constraint problem and yields a backup-CBF QP that becomes a quadratic program whenever each mixed constraint is affine in 9 (Gacsi et al., 17 Mar 2026).
Another line of work decouples the controller used for set expansion from the controller used to certify invariance of the backup set. With verified backup controller 0, expansion controller 1, and switching function 2, the switched controller
3
defines a generalized implicit safe set through the switched flow 4. This strictly generalizes the standard bCBF construction, recovers it as the special case 5, and extends naturally to parameterized controller families for online adaptation (Wijk et al., 19 Mar 2026).
A further generalization uses a reference-parameterized family of backup-like policies. On the augmented state-reference space 6, the barrier is defined as the minimum future constraint margin under the prestabilizing flow with fixed reference: 7 The resulting safety filter is a QP over both the physical input 8 and a virtual input 9 that drives the reference dynamics 0 (Freire et al., 10 Oct 2025).
Finally, multiple implicit safe sets generated by distinct backup controllers can themselves be aggregated. SafeSpace defines finite-horizon implicit safe functions 1, forms the union
2
and represents it by
3
A generalized combinatorial CBF with auxiliary variable 4 and a conjunctive compatibility condition yields a continuous safety filter over the aggregated region without switching among backup controllers online (Ong et al., 4 Apr 2026).
| Direction | Core mechanism | Representative paper |
|---|---|---|
| Multiple backup controllers | Reachability-based BCBF constraints under a learned switching rule | (Janwani et al., 2023) |
| RL-trained backup policy | Learn an additional backup controller and enlarge the recoverable set | (Rabiee et al., 2023) |
| Mixed state-input constraints | Project 5 to 6 along the backup controller | (Gacsi et al., 17 Mar 2026) |
| Separate expansion and certification | Use 7 for expansion and 8 for invariant recovery | (Wijk et al., 19 Mar 2026) |
| Dynamic backup policy family | Define barrier on augmented 9 space under fixed-reference rollout | (Freire et al., 10 Oct 2025) |
| Aggregated implicit safe sets | Max-over-min combinatorial CBF over several backup-generated safe regions | (Ong et al., 4 Apr 2026) |
These variants share the same structural motif: safety is still certified through existence of a safe backup evolution, but the object being certified is expanded by richer controller families or richer logical compositions.
6. Comparisons, applications, and recurring limitations
The original comparative study places backup CBFs between explicit invariant-set computation and direct barrier design. Hamilton–Jacobi PDE methods approximate the maximum control invariant set accurately but scale poorly with dimension; SOS methods are constrained by polynomial ansatz and problem structure; backup CBFs can produce a control invariant set close to the maximum control invariant set under a good backup policy for many practical problems (Chen et al., 2021). This directly identifies the quality of the backup controller as a structural determinant of conservativeness.
The same conservativeness appears in comparative reviews of backup-based safety filters. A unified comparison of Backup CBF, Model Predictive Shielding (MPS), and gatekeeper argues that a key source of conservativeness is “safety evaluation on backup”: safety is judged by feasibility of a backup maneuver rather than by continued safe execution of the nominal policy. Within that framework, MPS is a special case of gatekeeper, and the paper proves
0
This suggests that backup-based filters differ less in their terminal safety logic than in how aggressively they allow nominal execution before invoking backup reasoning (Kim et al., 2 Apr 2026).
A separate refinement direction treats backup CBFs as candidate CBFs and then explicitly reduces conservativeness with reachability. refineCBF initializes a control barrier-value function recursion with a backup CBF, proves that each dynamic-programming update is at least as safe as the previous iterate, and converges to a valid CBF whose certified set lies in the viability kernel. In that formulation, backup CBFs are useful because they are often valid by design, but conservative enough to benefit from reachability-based refinement (Tonkens et al., 2022).
The application range is broad. Reported examples include obstacle avoidance for a dual-track robot in human-robot collaboration (Janwani et al., 2023), safe exploration for an inverted pendulum in reinforcement learning (Rabiee et al., 2023), simultaneous enforcement of angle, torque, and power constraints for an inverted pendulum (Gacsi et al., 17 Mar 2026), double integrator and nonlinear fixed-wing aircraft geofencing (Wijk et al., 6 Oct 2025), Segway safety under perception error (Cosner et al., 2021), spacecraft attitude and station-keeping problems (Ong et al., 4 Apr 2026), and braking on asymmetric-friction roads using constructive backup-set synthesis based on feedback linearization and continuous-time Lyapunov equations (Gacsi et al., 17 Oct 2025).
Several recurring limitations are also explicit in the literature. Continuous-time path constraints over 1 are generally not tractable and are therefore discretized; the induced safe set depends strongly on the chosen backup controller and horizon 2; multiple backups increase computational burden; and certification based on recoverability may exclude states from which the nominal policy would in fact remain safe. Later developments on smoothing, infinite-constraint theory, aggregation, and adaptive expansion can be read as responses to these limitations rather than departures from the backup-CBF paradigm.
In aggregate, backup CBFs constitute a family of safety filters built around a single organizing principle: certify states by demonstrating the existence of a safe backup evolution to an invariant terminal set. The modern literature extends that principle to nonsmooth implicit barriers, semi-infinite constraint families, disturbance and estimation uncertainty, mixed state-input safety, multiple backup strategies, and aggregated safe regions, while preserving the original emphasis on recursive feasibility under input bounds.