Discrete-Time Control Barrier Functions

• Discrete-time CBFs are mathematical safety constraints that ensure system states remain in a safe set using probabilistic guarantees under uncertainty.
• They employ sufficient conditions such as Markov, Cantelli, Hoeffding, scenario, and conformal methods to yield tractable, real-time control synthesis.
• Practical applications in robotics and cyber-physical systems leverage these methods to maintain high-probability safety even in the presence of disturbance.

Discrete-time control barrier functions (CBFs) are a foundational tool for synthesizing controllers that enforce safety via set invariance for discrete-time stochastic systems that are subject to uncertainties. Recent advances have extended these methods beyond the deterministic setting, enabling formal probabilistic guarantees that account for random disturbances. This article reviews the mathematical framework, sufficient conditions, computational strategies, and practical applications of probabilistic discrete-time CBFs, emphasizing their use in safety-critical control under uncertainty.

1. Deterministic and Probabilistic Discrete-Time Control Barrier Functions

A deterministic discrete-time CBF is defined for a system $x_{k+1} = f(x_k, u_k)$ and a continuous function $h: \mathbb{R}^n \to \mathbb{R}$ encoding a safe set $C = \{x \in \mathbb{R}^n: h(x) \geq 0\}$. The classical CBF condition requires that for all $x \in C$, there exists $u \in \mathbb{R}^m$ such that

$h(f(x, u)) \geq (1-\alpha) h(x)$

for some $\alpha \in [0,1]$. This ensures forward invariance of $C$ under suitable control policies.

For discrete-time stochastic systems of the form

$$x_{k+1} = f(x_k, u_k, \omega_k),\quad \omega_k \sim \mathcal{D},$$

where $\mathcal{D}$ is a distribution that may be unknown or unbounded, the deterministic guarantee is replaced by a probabilistic one. The $\delta$-probabilistic CBF condition requires that for every $x \in \mathbb{R}^n$ there exists $u$ such that

$$\mathbb{P}\big[ h(f(x, u, \omega)) \geq \alpha h(x) \mid x\big] \geq 1 - \delta.$$

This enforces that, for any state, with probability at least $1-\delta$, the post-transition state remains at least at a scaled level of the current safety function.

2. Finite-Horizon Safety Guarantees

Given a policy $\kappa(x)$ that at each step satisfies the one-step probabilistic CBF condition, the finite-horizon joint safety probability satisfies

$$\mathbb{P}\left[ x_0 \in C, x_1 \in C, \ldots, x_H \in C \right] \geq (1-\delta)^H.$$

To achieve a safety probability at least $1-\epsilon$ over $H$ steps, it suffices to select $\delta \leq 1 - (1-\epsilon)^{1/H}$. This finite-horizon bound is a direct product of the probabilities at each step and is tight under independence.

3. Sufficient Conditions for Probabilistic CBFs

Probabilistic CBF synthesis can be recast in terms of the random variable

$$\Delta h(x, u, \omega) = h(f(x, u, \omega)) - \alpha h(x),$$

where candidate controls are sought to ensure $\mathbb{P}(\Delta h \geq 0) \geq 1-\delta$. Several tractable sufficient conditions, derived from uncertainty quantification theory, yield inequalities that can be directly incorporated into controller synthesis:

Method	Sufficient Condition for $\mathbb{P}(\Delta h \geq 0) \geq 1-\delta$	Additional Requirements
Markov	$\mathbb{E}[\Delta h] \geq b (1-\delta)$	$\Delta h \leq b$ a.s.
Cantelli	$$\mathbb{E}[\Delta h] - \sqrt{\mathrm{Var}(\Delta h) (1-\delta)/\delta} \geq 0$$	Known mean/variance
Hoeffding	$$\frac{1}{N} \sum \Delta h(x,u,\omega^{(i)}) \geq \epsilon + b(1-\delta)$$	Bounds $a \leq \Delta h \leq b$ on samples
Scenario	$\Delta h(x,u,\omega^{(i)}) \geq 0$ for all $i=1,\ldots,N$	Convex $\Delta h$ in $u$
Conformal	Empirical quantile $Q_N \leq 0$ for scores $R^{(i)} = -\Delta h(x,u,\omega^{(i)})$	Calibration parameter

Each method provides a conservative but computationally tractable criterion, enabling explicit trade-offs between safety level, sample complexity, and computational cost.

4. Synthesis and Real-Time Implementation

At each time step $k$, a “safety filter” optimization is solved: $u_k^* = \arg\min_u \|u - u_{\text{nom}}(x_k)\|^2 \quad \text{subject to appropriate sufficient-condition in %%%%30%%%%}.$ Depending on the employed sufficient condition:

• Markov/Cantelli: constraints are (potentially nonconvex) quadratic or second-order cone programs.
• Hoeffding/Scenario: convex quadratic programs with $N$ constraints.
• Conformal: QP with a rank-quantile/mixed-integer reformulation.

These problems are generally low dimensional; for $N\sim100$ samples, problem instances are solvable within milliseconds on most robotics hardware. Many practical dynamics are either affine in the control or allow for convex relaxation (e.g., $h$ quadratic), which further simplifies computation.

5. Design Trade-offs and Tuning Parameters

Selection of $\delta$ directly determines the per-step risk and consequently the joint risk $\epsilon$ over the planning horizon via $(1-\delta)^H \geq 1-\epsilon$.

Additional trade-offs:

• Smaller $\delta$ gives stronger single-step safety but can render the CBF constraint infeasible, especially for highly stochastic or poorly modeled systems.
• Data-driven methods (Hoeffding, Scenario, Conformal) require selection of sample size $N$ and confidence $\beta$ to balance conservatism and empirical coverage.
• Cantelli’s condition exploits variance information for tighter bounds compared to the mean-only Markov criterion, at cost of computing $\mathrm{Var}(\Delta h)$.

All methods maintain formal guarantees that the total violation probability remains at most $\epsilon$ over the specified horizon, with confidence $1-\beta$ for sampled/data-driven schemes.

6. Applications and Empirical Validation

The probabilistic CBF framework has been demonstrated in simulation and hardware for robotic systems with significant stochasticity. For instance, in quadruped robot experiments, the method was shown to maintain high-probability safety over a prescribed finite horizon using tractable, real-time QP-based safety filters (Mestres et al., 1 Oct 2025).

Practical workflow involves:

• Setting risk parameters ($\delta, \epsilon, H$).
• Choosing the most suitable sufficient condition method for a given application/scenario.
• Collecting or estimating disturbance statistics as needed.
• Implementing a low-latency QP or SOCP-based filter to enforce real-time constraint satisfaction.

This ensures systematic, adjustable safety guarantees—even in the presence of significant, unmodeled stochastic disturbance—using only lightweight online computation, enabling scalability to high-bandwidth, complex robotic or cyber-physical systems.

7. Framework Scope and Limitations

The presented probabilistic CBF framework is general: it only requires that the sufficient condition is evaluable for candidate controls at each state. Nevertheless, the key limitations are:

• The framework is inherently conservative; worst-case analysis or statistical sampling may restrict the feasible region depending on disturbance magnitude, sample size, and desired confidence.
• The per-step constraint structure, while tractable in many settings, may become nonconvex if the system is nonlinear and $h \circ f$ is nonconvex in $u$; convex relaxation may be necessary.
• The guarantee is finite-horizon; for infinite-time or stationary safety, additional drift or recurrence conditions are needed.

Continued research addresses extensions to infinite-horizon safety guarantees, adaptive methods for estimating disturbance distributions online, and scalable realizations in embedded or networked control settings (Mestres et al., 1 Oct 2025).