ProBF: Probabilistic Safety Certificates with Barrier Functions 

Abstract

Safety-critical applications require controllers/policies that can guarantee safety with high confidence. The control barrier function is a useful tool to guarantee safety if we have access to the ground-truth system dynamics. In practice, we have inaccurate knowledge of the system dynamics, which can lead to unsafe behaviors due to unmodeled residual dynamics. Learning the residual dynamics with deterministic machine learning models can prevent the unsafe behavior but can fail when the predictions are imperfect. In this situation, a probabilistic learning method that reasons about the uncertainty of its predictions can help provide robust safety margins. In this work, we use a Gaussian process to model the projection of the residual dynamics onto a control barrier function. We propose a novel optimization procedure to generate safe controls that can guarantee safety with high probability. The safety filter is provided with the ability to reason about the uncertainty of the predictions from the GP. We show the efficacy of this method through experiments on Segway and Quadrotor simulations. Our proposed probabilistic approach is able to reduce the number of safety violations significantly as compared to the deterministic approach with a neural network.

Learning theory guarantees only high probability chances of good-quality predictions. If the training dataset that was generated by an oracle uniformly at random differs significantly from the test set, we enter the low-probability chance of failure regime where the predictions are quite off. In this situation, probabilistic models such as Gaussian Processes provide confidence bounds on their predictions. This uncertainty information can be infused into the safety mechanism such as CBF's to adjust for incorrect predictions. This insight is translated into a method ProBF with GP that solves for a QCQP at each time to improve safety in the presence of uncertain predictions. 

How does a Gaussian Process model uncertainty?

A Gaussian process enforces a modeling assumption on the prediction uncertainty. It is an internal model, which the agent, while enforcing safety, can use in order to decide how much margin it needs to allow, depending on how much training data is available in a particular region. If the training data is scarce in a particular region, the variance of the posterior distribution of the prediction is estimated to be high. This information is thereafter used to control the margin allowance in the CBF-QP. 

The posterior mean and variance provided by the GP is purely an estimate based on an internal model of the agent. The actual distribution of the modeling error can actually be less or more but the agent decides to place an uncertainty estimate based on how cautious it wants to operate.

Segway

We test our framework on a simulated segway platform that can move in one dimension and rotate in one dimension. We use an advanced model that accounts for mass of frame, mass of wheel, inertia, resistance of motors, friction coefficients and battery voltage. This model assumes that the position in the other two dimensions are constant. As shown in the figures below, ProBF-GP accounts for uncertainty and leads to more conservative safety as the confidence interval width is increased. In certain cases, as the confidence interval width is increased, the safety filter initiates overly aggressive controls to shield the segway much before the safe set boundary. This sometimes result in the system moving to regions which the training data did not possess. Despite any of these issues, the ProBF-GP with confidence interval width around 1.0 performs much better than previous baseline LCBF-NN. Empirical results from ten different training runs each independently tested on ten different seeds is as follows:

LCBF-NN results in around 42% safety violations on average in 100 tests. Further, the variance of the safety violations per training run is also higher. The control cycle time of LCBF-NN is 7-10 ms.

ProBF-GP results in around 10% safety violations on average in 100 tests. The control cycle time of ProBF is 10-20 ms.

Planar Quadrotor with gravity

We test consequently on a 2D quadrotor example with gravity pulling the quadrotor down. To steer the quadrotor towards the desired location, we use a two-level CLF-QP stabilizing controller. This controller is given access to the true dynamics.  Then, we design an augmented CBF based off this paper to enable obstacle avoidance while satisfying the criteria for a valid CBF.

On the left, we see the trajectory of the Quadrotor with no CBF. With the CBF, we restrict entry into the yellow region. The CBF with full knowledge of the dynamics avoids the obstacle and reaches the destination. With some errors in model parameters, the CBF touches the yellow region in 100% of trials. On the right, we show the video of the quadrotor approaching and hovering at the desired location.

ProBF is trained with 5 different random seeds, each time with 7 episodes of data. Each of the trained GP's was tested with 10 different initial points. The total number of safety violations is zero. The control cycle time of ProBF is 10-30 ms.

LCBF-NN is quite ineffective in this setup and does not reduce safety violations at all. Small errors in neural network predictions causes safety violations. This is where the confidence interval based constraint margin works in favor of ProBF-GP. We use a 1-layer NN with 200 neurons.  The average control cycle time is 2-3ms.

Citation

Athindran Ramesh Kumar*, Sulin Liu*, Jaime F. Fisac, Ryan P. Adams, and Peter J. Ramadge. "ProBF: Learning Probabilistic Safety Certificates with Barrier Functions." arXiv preprint arXiv:2112.12210 (2021).