Safety Verification & Controller Synthesis

• Safety verification and controller synthesis are methodologies that ensure systems remain in safe states using formal invariance specifications and correct-by-design policies.
• Deep reinforcement learning implementations use safety shields to decouple performance optimization from offline safety guarantees, enabling scalable solutions for high-dimensional systems.
• Techniques employing algebraic certificates, probabilistic reachability, and discrete synthesis provide robust, verifiable safety assurances for nonlinear, stochastic, and cyber-physical architectures.

Safety verification and controller synthesis encompass a spectrum of methodologies for constructing, analyzing, and certifying controllers that guarantee adherence to critical system safety properties under a wide range of operating conditions, including nonlinear dynamics, stochastic disturbances, parametric uncertainty, actuation limits, and hybrid or learning-augmented closed loops. Contemporary approaches combine reachability analysis, temporal logic, algebraic certificates, numerical optimization, probabilistic reasoning, and correct-by-construction discrete synthesis. The following provides a technical survey of these frameworks and their principal algorithmic developments, with a particular focus on recent scalable pipelines developed for deep reinforcement learning, stochastic networked systems, nonlinear and high-dimensional plants, and correct-by-design cyber-physical architectures.

1. Foundational Concepts and Formal Problem Statements

The core safety specification is cast as invariance: guaranteeing that, from a given initial set or under all admissible initializations, the system state never enters a specified unsafe set, possibly expressed as a region of the state space, a logical property, or as a path-avoidance requirement in a graph or game-theoretic setting. In general, one models the system (possibly uncertain, nonlinear, or stochastic) dynamics as

$x_{t+1} = f(x_t, u_t, w_t),$

with $x_t$ in a continuous or discrete state space, $u_t$ the control input, and $w_t$ representing process or modeling noise. The synthesis objective is to construct a controller $u(\cdot)$ such that, for all allowed $w_t$ and $x_0$ in the initial region, $x_t$ remains in a prescribed safe set $S_\text{safe}$ for all $t$.

Safety verification refers to the analysis of a given closed-loop policy (or one synthesized by learning or engineering practice) to certify whether it meets the safety specification. Controller synthesis, conversely, integrates specification and plant models to automatically construct a policy (or a family of policies) that is correct by design, i.e., guaranteed to satisfy the safety specification by construction.

(Xiong et al., 2021, Akbarzadeh et al., 20 Jul 2025, Wang et al., 2022, Roy et al., 2010, Dai et al., 2024)

2. Safety Shields and Decoupled Synthesis in Deep Reinforcement Learning

A leading paradigm for scalable safety assurance in high-dimensional, learning-based controllers is the safety shield methodology. The architectural principle is to decouple safety guarantee computation from the underlying neural policy optimization, precomputing an offline "shield"—a dynamic filter or override mechanism—that monitors actions proposed by the primary controller and enforces a rapid correction whenever a candidate action may induce an unsafe transition.

• Verified Linear Controller Families (VLCF): Rather than directly verifying a high-dimensional neural policy, a family of stabilizing linear controllers $\{K_i\}$ is synthesized offline (e.g., via variants of LQR with randomized cost/dynamics), and for each, tight probabilistic reachable tubes $R_t$ under closed-loop stochasticity are computed using volume and density bounds. A selector function $\varphi(t)$ chooses among the $K_i$ at each time window to maximize cumulative safety probability, and invariance proofs rely on algebraic bounds exploiting the structure of the underlying linear dynamics and noise (Theorems 1, 2, 4 in (Xiong et al., 2021)).
• Separation of Concerns: Verification of the shielded region is entirely decoupled from policy learning. During deep reinforcement learning, the shield serves as an admissibility filter, allowing the RL policy to optimize for performance within the shielded safe set, while precluding any unsafe transitions by runtime rejection/override with a certified fallback.
• Scalability: By never constructing explicit gridded representations or polytopic approximations—operating instead on matrix-vector boxes and exploiting compositional strategies in the shield selection—this pipeline scales to systems with state dimensions in the hundreds (e.g., $n=896$, $32$-Helicopter benchmark, verification time $<1$ hour). Experimental metrics show zero training safety violations and superior post-training performance on benchmarks compared to both unshielded and prior shielded DRL approaches.

(Xiong et al., 2021)

3. Algebraic and Convex Certificate Methods: Barrier and Lyapunov Functions

For nonlinear, control-affine, or polynomial systems, positive invariance and safety synthesis/verification are achieved using function-theoretic certificates—primarily Control Barrier Functions (CBFs), Control Lyapunov Functions (CLFs), and their robust-adaptive extensions.

• CBF/CBC Synthesis and Verification: A function $b(x)$ is sought such that its $0$-superlevel set defines a forward-invariant safe region. For polynomial systems or semi-algebraic safe/unsafe sets, satisfaction of the invariance (Nagumo) condition is reduced to the nonexistence of solutions to a finite family of polynomial equalities and inequalities. Via the Positivstellensatz, this is encoded as a sum-of-squares (SOS) feasibility problem or, in the presence of input/actuation constraints, as a hierarchy of polynomial matrix inequalities.
• Controller Synthesis by Alternating SDPs: Polynomial controller candidates and barrier certificates are searched for via alternating semi-definite programming. More recently, compatibility of barrier and Lyapunov certificates is precisely characterized by Farkas' Lemma, extending the approach to the joint synthesis of compatible CBF/CLF pairs, again via SOS programming, ensuring that both safety and stability are realized simultaneously, even for nonlinear systems under polyhedral input constraints. Enlarged invariant sets and reduced conservativeness over classical CBFs are observed in numerical results.
• High-Dimensional and Robust-Adaptive Extensions: When dynamics parameters are uncertain but bounded, robust-adaptive CBFs (raCBFs) incorporate both real-time parameter estimation dynamics and a robustness margin in the invariance condition, certified again by alternating SOS programs. These have achieved 100% safety in up to 7-dimensional systems, with significant performance gains over worst-case robust CBFs.

(Wang et al., 2022, Dai et al., 2024, Liu et al., 2023, Clark, 2022, Clark, 2021)

4. Probabilistic and Stochastic Verification Techniques

In the stochastic domain, especially for systems subject to process noise, network-induced losses, or sim-to-real discrepancies, safety verification and synthesis utilize probabilistic reachability, martingale concentration, and chance-constrained optimization.

• Probabilistic Tubes and Set Erosion: For systems $X_{t+1}=f(X_t,u_t)+w_t$ with sub-Gaussian noise, tight affine-martingale inequalities are leveraged to construct probabilistic tube bounds $r_{\delta,t}$ such that, with probability $1-\delta$, all trajectories remain within $r_{\delta,t}$ of their noiseless nominal. The set-erosion strategy accordingly reduces stochastic safety verification to a deterministic reachability verification of the nominal system within a shrunken safe set. This methodology enables high-probability safety certificates and scalable safe MPC or barrier filter synthesis for nonlinear stochastic plants.
• Communication Loss and Networked Systems: In scenarios with delayed and lossy communication (e.g., networked control with packet erasures), system state is augmented, and the stochastic evolution is encoded in higher-dimensional Markov or linear systems. Quadratic control barrier certificates are optimized via matrix inequalities (LMIs) to quantify the probability of avoiding the unsafe set, explicitly bounding the risk as a function of delay and packet loss rates.
• Sim2Real Gap Quantification: Data-driven scenario-based analysis is combined with probabilistic uncertainty sets and reachability analysis to guarantee that controllers designed in simulation satisfy hardware safety specifications with arbitrarily high confidence (via scenario optimization and union bounds), without requiring hardware-in-the-loop testing except for the uncertainty calibration phase.

(Liu et al., 5 Mar 2025, Akbarzadeh et al., 20 Jul 2025, Akella et al., 2022)

5. Discrete, Symbolic, and Temporal Logic Approaches

Formal synthesis for cyber-physical and hybrid systems often involves discrete abstractions, temporal logic, and automata/games:

• LTL/LTL Fragments for Safety and Liveness: Correct-by-design controller synthesis is performed on finite-state abstractions of smooth physical models, with safety (pure invariance) and guarantee (basic reachability) specifications encoded in safe-LTL or limited fragments. Central to scalability is the avoidance of Safra's determinization by restricting to safety W-formulas and reachability goals. Symbolic safety games are solved to extract memoryless controllers with rigorous $\epsilon$-approximation guarantees when implemented on the concrete system.
• Game-Based and Learning Approaches: For infinite parameterized systems (e.g., arrays, distributed protocols), regular model checking and Angluin's L* learning are employed to synthesize regular winning sets and corresponding reactive strategies, with completeness guarantees for regular invariants.
• Discrete-Event and Markov Models with ML Components: For systems with embedded DNNs, controller synthesis is lifted to parametric Markov models that embed quantifiable perception uncertainty, integrating DNN verification at the modeling phase. Synthesis is coupled with probabilistic model checking and multi-objective optimization to ensure that both safety and performance constraints are met, even in the presence of ML-induced nondeterminism.

(Roy et al., 2010, Lin et al., 11 Apr 2025, Calinescu et al., 2022, Markgraf et al., 2020)

6. Synthesis Workflows and Soundness in Software Implementation

Beyond formal synthesis and mathematical certificates, robust, certification-ready workflows require rigorous linkage between high-level specifications, controller design, and their concrete software artifacts.

• Sound Development and Code Testing: End-to-end certified pipelines, exemplified for collaborative robot safety supervision, combine stochastic modeling, policy synthesis (via PCTL-constrained MDPs and model-checking), code generation, and mechanized conformance testing. Symbolic finite-state reference models (SFSMs) are leveraged to generate complete test suites (via the H-Method) that guarantee any deviation between generated code and synthesized controller is detected provided code state count is within limits.
• Tool-Supported Frameworks: Model checkers (e.g., PRISM), synthesis and validation environments (Yap, libfsmtest), and digital twin infrastructures ensure practical deployment, integration, and standard-compliant validation.

(Gleirscher et al., 2020, Gleirscher et al., 2021, Gleirscher et al., 2022, Gleirscher et al., 2021)

---

References

• "Scalable Synthesis of Verified Controllers in Deep Reinforcement Learning" (Xiong et al., 2021)
• "Safety Controller Synthesis for Stochastic Networked Systems under Communication Constraints" (Akbarzadeh et al., 20 Jul 2025)
• "Safety Verification and Controller Synthesis for Systems with Input Constraints" (Wang et al., 2022)
• "Safety-Guarantee Controller Synthesis for Cyber-Physical Systems" (Roy et al., 2010)
• "Verification and Synthesis of Compatible Control Lyapunov and Control Barrier Functions" (Dai et al., 2024)
• "Synthesis and verification of robust-adaptive safe controllers" (Liu et al., 2023)
• "A Semi-Algebraic Framework for Verification and Synthesis of Control Barrier Functions" (Clark, 2022)
• "Verification and Synthesis of Control Barrier Functions" (Clark, 2021)
• "Safety Verification of Nonlinear Stochastic Systems via Probabilistic Tube" (Liu et al., 5 Mar 2025)
• "Safety-Critical Controller Verification via Sim2Real Gap Quantification" (Akella et al., 2022)
• "Discrete-Event Controller Synthesis for Autonomous Systems with Deep-Learning Perception Components" (Calinescu et al., 2022)
• "Parameterized Synthesis with Safety Properties" (Markgraf et al., 2020)
• "Secondary Safety Control for Systems with Sector Bounded Nonlinearities [Extended Version]" (Lin et al., 11 Apr 2025)
• "Sound Development of Safety Supervisors" (Gleirscher et al., 2022)
• "Safety Controller Synthesis for Collaborative Robots" (Gleirscher et al., 2020)
• "Verified Synthesis of Optimal Safety Controllers for Human-Robot Collaboration" (Gleirscher et al., 2021)
• "Complete Test of Synthesised Safety Supervisors for Robots and Autonomous Systems" (Gleirscher et al., 2021)