Safety-critical Control with Control Barrier Functions: A Hierarchical Optimization Framework

The control barrier function (CBF) has become a fundamental tool in safety-critical systems design since its invention. Typically, the quadratic optimization framework is employed to accommodate CBFs, control Lyapunov functions (CLFs), other constraints and nominal control design. However, the constrained optimization framework involves hyper-parameters to tradeoff different objectives and constraints, which, if not well-tuned beforehand, impact system performance and even lead to infeasibility. In this paper, we propose a hierarchical optimization framework that decomposes the multi-objective optimization problem into nested optimization sub-problems in a safety-first approach. The new framework addresses potential infeasibility on the premise of ensuring safety and performance as much as possible and applies easily in multi-certificate cases. With vivid visualization aids, we systematically analyze the advantages of our proposed method over existing QP-based ones in terms of safety, feasibility and convergence rates. Moreover, two numerical examples are provided that verify our analysis and show the superiority of our proposed method.

💡 Research Summary

The paper addresses a fundamental limitation of contemporary safety‑critical control methods that combine Control Barrier Functions (CBFs) and Control Lyapunov Functions (CLFs) within a quadratic program (QP). While the classic “Hard‑CLF‑CBF QP” enforces safety and stability as hard constraints, it often becomes infeasible when the constraints conflict or when input limits are added. Existing remedies—introducing slack variables (Soft‑CLF‑CBF QP) or optimizing decay rates (Optimal‑decay QP)—require careful tuning of hyper‑parameters and, more importantly, relax the safety constraint, thereby compromising the very guarantee that CBFs are meant to provide.

To overcome these issues, the authors propose a safety‑first hierarchical optimization framework. The central idea is to decompose the original multi‑objective problem into three nested sub‑problems, each solving a single objective while preserving the results of the higher‑priority tasks:

1. Sub‑problem 1 (Safety Slack Minimization) – Minimizes the slack variable associated with the CBF constraint (δ₂) while respecting the CLF inequality and input limits. This step yields the smallest possible violation of safety, guaranteeing that if a strictly safe control exists, it will be found; otherwise, the minimal safety breach is recorded.

2. Sub‑problem 2 (Stability Slack Minimization) – Takes the optimal δ₂ from the first step as a fixed bound and minimizes the CLF slack (δ₁). This ensures that stability is pursued as aggressively as possible without increasing the safety violation already determined.

3. Sub‑problem 3 (Performance Optimization) – With both slacks fixed, the final QP minimizes the deviation of the control input from a nominal controller (e.g., a pre‑designed feedback law) under the hard constraints defined by the previously obtained slacks.

Because each sub‑problem is solved sequentially and the higher‑level slacks are never increased later, the overall scheme always yields a feasible solution: if the safety constraint cannot be satisfied exactly, the algorithm returns the control that incurs the smallest safety violation, thereby eliminating infeasibility.

A novel concept called sub‑safe is introduced to handle situations where the system starts outside the safe set (h(x) < 0). Traditional CBF theory only guarantees forward invariance for states already inside the set. Sub‑safe extends the guarantee by ensuring that, even from unsafe initial conditions, the state will asymptotically enter the safe set whenever it is reachable. This is particularly relevant for applications such as adaptive cruise control where a conservative safety distance may be initially violated.

The framework is naturally extensible to multiple certificates (e.g., several CBFs for multi‑obstacle avoidance, connectivity constraints, etc.). The authors propose a priority‑based grouping: certificates are assigned a priority level i and a weight cᵢⱼ within that level. The hierarchical optimization proceeds level by level, solving a batch of slack‑minimization QPs for all certificates of the current priority before moving to the next lower priority. The final performance QP then uses the accumulated slacks as hard bounds. This systematic approach preserves feasibility and respects the prescribed hierarchy of safety, stability, and performance across arbitrarily many constraints.

To facilitate comparison, the paper rewrites the classic Hard‑CLF‑CBF QP, Soft‑CLF‑CBF QP, and Optimal‑decay QP into a unified QP form. By analyzing the limiting behavior of the weighting matrices and slack penalties, the authors show that the proposed hierarchical method corresponds to the limit where the safety‑related weights tend to infinity. Consequently, the hierarchical method inherits the safety guarantees of the hard‑constraint formulation while avoiding infeasibility, something the other methods can only achieve with carefully tuned finite weights.

Two numerical case studies validate the theory:

• Case 1 – Single‑Obstacle Avoidance: The vehicle starts inside the unsafe region (distance smaller than the prescribed safe distance). The Hard‑CLF‑CBF QP is infeasible; the Optimal‑decay QP relaxes safety and leads to a collision. The hierarchical method yields a control that first minimizes safety violation, then stabilizes, and finally follows the nominal trajectory, successfully bringing the vehicle into the safe region without collision.

• Case 2 – Multi‑Obstacle Avoidance: Multiple CBFs representing several obstacles are active simultaneously. Existing methods either require cumbersome weight tuning or become infeasible when constraints conflict. The hierarchical approach resolves the highest‑priority obstacle first, then the next, and so on, guaranteeing that all safety constraints are satisfied (or minimally violated) and that the closed‑loop system converges faster than the benchmark methods.

In summary, the paper makes three major contributions: (1) a safety‑first hierarchical QP framework that eliminates infeasibility while preserving strict safety guarantees; (2) the introduction of the sub‑safe notion, extending safety guarantees to initially unsafe states; and (3) a systematic extension to multi‑certificate scenarios with clear priority handling. Theoretical analysis, unified formulation, and simulation results collectively demonstrate that the proposed method outperforms existing QP‑based safety‑critical control schemes in feasibility, safety preservation, and convergence speed, paving the way for more reliable real‑time implementation in autonomous systems.