Adversarial Resilience for Sampled-Data Systems under High-Relative-Degree Safety Constraints
AAdversarial Resilience for Sampled-Data Systems underHigh-Relative-Degree Safety Constraints
James Usevitch and Dimitra Panagou
Abstract — Control barrier functions (CBFs) have recentlybecome a powerful method for rendering desired safe sets for-ward invariant in single- and multi-agent systems. In the multi-agent case, prior literature has considered scenarios where allagents cooperate to ensure that the corresponding set remainsinvariant. However, these works do not consider scenarioswhere a subset of the agents are behaving adversarially withthe intent to violate safety bounds. In addition, prior resultson multi-agent CBFs typically assume that control inputs arecontinuous and do not consider sampled-data dynamics. Thispaper presents a framework for normally-behaving agents in amulti-agent system with heterogeneous control-affine, sampled-data dynamics to render a safe set forward invariant inthe presence of adversarial agents. The proposed approachconsiders several aspects of practical control systems includinginput constraints, clock asynchrony and disturbances, anddistributed calculation of control inputs. Our approach alsoconsiders functions describing safe sets having high relativedegree with respect to system dynamics. The efficacy of theseresults are demonstrated through simulations.
I. I
NTRODUCTION
Guaranteeing the safety of autonomous systems is acritical challenge in modern control theory. Safety is fre-quently modeled by defining a safe subset of the statespace for a given system and generating control inputs thatrender this subset forward invariant. Control barrier function(CBF) methods [1]–[4] that leverage quadratic programming(QP) techniques have risen as a powerful framework forestablishing forward invariance of a safe set. Both single-agent [5]–[8] and multi-agent systems [3], [9]–[12] havebeen considered, where agents have control-affine dynamics.Multi-agent CBF techniques have been applied to a variety ofsettings including collision avoidance for quadrotors [13] andmobile robots [14], accomplishing spatiotemporal tasks [15],forming or maintaining network communication topologiesbetween mobile agents [12], and more.Prior work on multi-agent CBF methods typically assumesthat all agents apply the nominally specified control law.This assumption does not encompass faulty or adversarialbehavior of agents within the system. In particular, adver-sarial agents may apply control laws specifically craftedin an attempt to violate set invariance conditions withingiven control constraints. Much prior and recent work has *The authors wish to acknowledge the technical and financial supportof the Automotive Research Center (ARC) in accordance with CooperativeAgreement W56HZV-19-2-0001 U.S. Army CCDC Ground Vehicle SystemsCenter (GVSC) Warren, MI.James Usevitch, and Dimitra Panagou are with the Aerospace EngineeringDepartment at the University of Michigan, Ann Arbor. { usevitch,dpanagou } @umich.edu considered the accomplishment of control objectives in thepresence of faulty or adversarial agents [16]–[22]. However,to the authors’ best knowledge no prior work using CBFmethods have considered the presence of adversarial agentswith respect to control actions. CBFs are used in [12] to con-struct resilient network communication topologies in finitetime; however, all agents are assumed to apply the nominalCBF-based controller without any adversarial misbehaviorwith respect to control actions.In addition, the majority of prior work involving CBFmethods considers a continuous-time system with continu-ous inputs. Practical systems are often more appropriatelymodeled using sampled-data dynamics, where state measure-ments and control inputs remain constant between samplingtimes. Notable studies that have explicitly considered theeffects of sampling in CBF methods include [8], [23]. How-ever, these papers do not consider multi-agent systems anddo not consider the presence of faulty or adversarial agents.Many systems also consider a CBF having high relativedegree with respect to agents’ dynamics, where the controlinput of the agents does not appear in the expression for thefirst derivative of the function whose sublevel or superlevelsets describe the safe set (e.g., systems with double-integratordynamics). Methods to apply CBF set-invariance methodsto such systems have been presented in prior literature [7],[24]; however these methods do not consider sampled-datadynamics and do not consider the presence of adversarialagents.In this paper, we present a framework for guaranteeingforward invariance of sets in sampled-data multi-agent sys-tems in the presence of adversarial agents. This frameworkconsiders a class of functions describing safe sets that havehigh relative degree with respect to (w.r.t.) the system dy-namics, where the control inputs of the agents do not appearfor one or more time derivatives of the safe-set function.Unlike prior work, this paper simultaneously considers multi-agent systems, asynchronous sampling times with clockdisturbances, the presence of adversarially behaving agentsand functions describing safe sets that have high relativedegree w.r.t. the system dynamics. Our specific contributionsare as follows: • We present a method under which a set of normally-behaving agents in a system with sampled-data dy-namics can collaboratively render a safe set forwardinvariant despite the actions of adversarial agents. Ouranalysis considers asychronous sampling times and dis-tributed calculation of agents’ control inputs. • We present a method under which a system of normally- a r X i v : . [ m a t h . O C ] F e b ehaving agents with sampled-data dynamics can ren-der a safe set forward invariant in the presence ofadversarial agents when the safe set is described bya function with high relative degree with respect toagents’ dynamics.Part of this work was previously submitted as a conferencepaper [25]. The differences between the conference versionand this work are as follows: • We include several proofs which were omitted from theconference version due to space constraints. • We extend the results of the conference version [25]to consider functions describing safe sets having highrelative degree with respect to the system dynamics. • We present additional simulations to demonstrate theefficacy of our approach.The organization of this paper is as follows: SectionII gives the notation and problem formulation, Section IIIpresents the main results for systems with a relative degreeof one are presented, Section IV presents the main results forfunctions describing the safe set having high relative degreew.r.t. the system dynamics, Section V presents simulationsdemonstrating this paper’s results, and Section VI gives abrief conclusion.II. N
OTATION AND P ROBLEM F ORMULATION
The nonnegative and strictly positive integers are denoted Z ≥ and Z > , respectively. We use the notation h ∈ C , loc to denote a continuously differentiable function h whosegradient ∇ h is locally Lipschitz continuous. Let x i ∈ R n i , n i ∈ Z ≥ for i = 1 , . . . , N be a set of vectors, and let ¯ n = (cid:80) Ni =1 n i . We let (cid:126)x = (cid:2) x T , . . . , x TN (cid:3) T denote the vectorconcatenating all x i vectors. The partial Lie derivative ofa function f ( (cid:126)x ) with respect to x i is denoted L f h x i ( (cid:126)x ) = ∂h ( (cid:126)x ) ∂x i f ( (cid:126)x ) . The n -ary Cartesian product of sets S , . . . , S N is denoted × Ni =1 S i = S × . . . × S N . The Minkowski sum ofsets S , S is denoted S ⊕ S . The open and closed normballs of radius (cid:15) > centered at (cid:126)x ∈ R n are respectivelydenoted B ( (cid:126)x, (cid:15) ) , B ( (cid:126)x, (cid:15) ) . The boundary and interior of a set S ⊂ R n are denoted ∂S and int ( S ) , respectively. A. Problem Formulation
Consider a group of N ∈ Z > agents, with the set ofagents denoted by V and each agent indexed { , . . . , N } .Each agent i ∈ V has the state x i ∈ R n i , n i ∈ Z > and input u i ∈ R m i , m i ∈ Z > . The system and input vectors (cid:126)x, (cid:126)u ,respectively, denote the vectors that concatenate all agents’states and inputs, respectively, as (cid:126)x = (cid:2) x T , . . . , x TN (cid:3) T , (cid:126)x ∈ R ¯ n and (cid:126)u = (cid:2) u T , . . . , u TN (cid:3) , (cid:126)u ∈ R ¯ m , ¯ n = (cid:80) Ni =1 n i , ¯ m = (cid:80) Ni =1 m i . Agents receive knowledge of the system state (cid:126)x in a sampled-data fashion; i.e., each agent i ∈ V hasknowledge of (cid:126)x ( · ) only at times T i = { t i , t i , t i , . . . } , where t ki represents agent i ’s k th sampling time, with t k +1 i > t ki ∀ k ∈ Z ≥ . In addition, at each t ki ∈ T i the agent i appliesa zero-order hold (ZOH) control input u ( t ki ) that is constanton the time interval t ∈ [ t ki , t k +1 i ) . For brevity, we denote x k i i = x i ( t ki ) and u k i i = u i ( t ki ) . The sampled-data dynamics of each agent i ∈ V under its ZOH controller on each interval t ∈ [ t ki , t k +1 i ) is as follows: ˙ x i ( t ) = f i ( x i ( t )) + g i ( x i ( t )) u i ( t ki ) + φ i ( t ) . (1)The functions f i , g i may differ among agents, but are alllocally Lipschitz on their respective domains R n i . Note thatunder these definitions for any i ∈ V there exists a matrix C i ∈ R n i × R ¯ n such that x i = C i (cid:126)x . We abuse notationby sometimes writing an expression f ( x i ) as f ( (cid:126)x ) . Thefunctions φ i : R → R n i , i ∈ V , are locally Lipschitz in t andmodel disturbances to the system (1). Each φ i is bounded asper the following assumption: Assumption 1.
For all i ∈ V , the disturbances φ i ( t ) satisfy (cid:107) φ i ( t ) (cid:107) ≤ φ max i ∈ R ≥ , ∀ t ≥ . Since each control input u i ( · ) is piecewise constant, theexistence and uniqueness of solutions to (1) are guaranteedby Carath´eodory’s theorem [26, Sec. 2.2].Each agent i ∈ V has control input constraints that arerepresented by a nonempty, convex, compact polytope, i.e. u i ∈ U i ( x i ) = { u ∈ R m i : A i ( x i ) u ≤ b i ( x i ) } , wherethe functions A i : R n i → R q i × m i , b i : R n i → R q i arelocally Lipschitz on their respective domains. Representationof control input constraints as polytopes is common inprior literature [4], [5], [27]. Similar to prior work, it isassumed there exists a nominal control law (cid:126)u nom ( · ) that thesystem computes in order to accomplish some objective [1].Examples of such a (cid:126)u nom might include a feedback controllaw to track a time-varying trajectory or to converge to agoal set. The nominal control law is designed without anysafety consideration, and therefore it is desired to minimallymodify (cid:126)u nom in order to render a safe set S ⊂ R ¯ n forwardinvariant under the dynamics (1). The set S is defined as thesublevel sets of a function h : R ¯ n → R , h ∈ C , loc as follows: S = { (cid:126)x ∈ R ¯ n : h ( (cid:126)x ) ≤ } ,∂S = { (cid:126)x ∈ R ¯ n : h ( (cid:126)x ) = 0 } , int ( S ) = { (cid:126)x ∈ R ¯ n : h ( (cid:126)x ) < } . (2) Assumption 2.
The set S is compact. Assumption 3.
For all i ∈ V and ∀ (cid:126)x ∈ S , the interior of U i ( (cid:126)x ) is nonempty and U i ( (cid:126)x ) is uniformly compact near (cid:126)x . Remark 1.
Note that the conditions for Assumption 3 aretrivially satisfied when A i , b i are constant and the interior set { u ∈ R m i : A i u < b i } is nonempty. For a specific examplesatisfying Assumption 3 when U i ( · ) is not constant, see (46) in Section V of this paper. We will refer to functions describing safe sets as simply“safe set functions” for brevity. For multi-agent systemsthat apply continuous controllers u i ( t ) to the dynamics (1),forward invariance can be collaboratively guaranteed by sat-isfying the sufficient condition ˙ h ( (cid:126)x ( t )) ≤ − α ( h ( (cid:126)x ( t ))) basedon Nagumo’s theorem [28], where α ( · ) is an extended class- K ∞ function and locally Lipschitz on R . The dependenceof (cid:126)x ( t ) on t will be omitted for brevity. For the multi-agentystem (1), expanding the term ˙ h ( (cid:126)x ) yields (cid:88) i ∈V ( L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i + L φ i h x i ( (cid:126)x )) ≤ − α ( h ( (cid:126)x )) , (3)where the partial Lie derivative notation L f i h x i ( (cid:126)x ) is definedat the beginning of Section II. When all agents behavenormally, methods exist for agents to locally solve for appro-priate local control inputs that together satisfy the conditionin (3) (e.g. [29]).In contrast to prior work, this paper considers systemscontaining agents that exhibit adversarial behavior. Morespecifically, this paper considers a subset of agents A ⊂ V that apply the following control input for all sampling times t kj , k ∈ Z ≥ , j ∈ A : u max j ( (cid:126)x k j ) = arg max u ∈U j (cid:2) L f j h x j ( (cid:126)x k j ) + L g j h x j ( (cid:126)x k j ) u (cid:3) . (4)The agents in A are called adversarial . Remark 2.
The control input (4) models adversarial intentin the sense that (4) maximizes agent j ’s control inputcontribution to the left-hand side (LHS) of (3) , i.e., the term L g j h x j ( (cid:126)x ) u j . Violating the inequality in (3) removes the for-ward invariance guarantee for the safe set S , and thereforethe control law (4) represents an adversarial agent’s max-imum instantaneous control effort towards violating systemsafety. Agents that are not adversarial are called normal . The setof normal agents is denoted N = V\A . Dividing the left-hand side (LHS) of (3) into normal and adversarial partsyields the following sufficient condition for set invariance inthe presence of adversaries: (cid:88) j ∈A (cid:0) L f j h x j ( (cid:126)x ) + L g j h x j ( (cid:126)x ) u max j + L φ j h x j ( (cid:126)x ) (cid:1) + (5) (cid:88) i ∈N ( L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i + L φ i h x i ( (cid:126)x )) ≤ − α ( h ( (cid:126)x )) . Again, the equation (5) being satisfied for all t ≥ isequivalent to ˙ h ( (cid:126)x ( t )) ≤ α ( h ( (cid:126)x ( t ))) being satisfied for all t ≥ which implies forward invariance of the set S . Theform of (5) reflects sampled-data adversarial agents seekingto violate the set invariance condition in (3) by maximizingtheir individual contributions to the LHS sum. The problemconsidered in this paper is for the normal agents to computecontrol inputs that render the set S forward invariant usingthe sufficient condition in (5) despite the worst-case behaviorof the adversarial agents in A . Problem 1.
Determine control inputs for the normal agents i ∈ V which render the set S forward invariant under theperturbed sampled-data dynamics (1) in the presence of aset of worst-case adversarial agents A . Remark 3.
Since adversarial agents’ states are generallymodeled as being uncontrollable under the nominal systemcontrol law, the function h ( (cid:126)x ) can be defined to consideronly the safety of normal agents. Remark 4.
This paper assumes the identities of the adver-sarial agents are known to the normal agents. Methods foridentifying misbehavior are beyond the scope of this paper.
III. S
AFE S ET F UNCTIONS WITH R ELATIVE D EGREE h wherethe control inputs u i for all agents appear simultaneouslyin the expression for the first time derivative ˙ h ( (cid:126)x ( t )) . Suchfunctions are said to have relative degree 1 with respect tothe system dynamics (1). A. Preliminaries
The results of this subsection will be needed for ourlater analysis. The minimum and maximum value functions γ min i ( · ) , γ max i ( · ) for i ∈ V are defined as follows: γ min i ( (cid:126)x ) = min u i ∈U i [ L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i ] ,γ max i ( (cid:126)x ) = max u i ∈U i [ L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i ] . (6)Each γ min i ( (cid:126)x ) and γ max i ( (cid:126)x ) can be calculated by solving aparametric linear program min u i ∈ R mi c ( (cid:126)x ) T u i s.t. A i ( (cid:126)x ) u i ≤ b i ( (cid:126)x ) , (7)where the vector c ( (cid:126)x ) T = L g i h x i ( (cid:126)x ) when calculating γ min i and c ( (cid:126)x ) T = − L g i h x i ( (cid:126)x ) when calculating γ max i . Note that(7) is feasible for all (cid:126)x ∈ S under Assumption 3. For anadversarial j ∈ A , the function γ max j ( · ) represents the boundon the worst-case contribution of j to the sum on the LHS of(5). Similarly, the function γ min i ( · ) for a normal agent i ∈ N represents the bound on agent i ’s best control effort towardsminimizing the LHS of (5). Remark 5.
Note that for any j ∈ A , for all u j ∈ U j it holdsthat L f j h x j ( (cid:126)x ) + L g j h x j ( (cid:126)x ) u j ≤ γ max j ( (cid:126)x ) , ∀ (cid:126)x ∈ R ¯ n . (8) Due to this property, it will be demonstrated later in thispaper that the results obtained by considering γ max i will holdfor any u j ∈ U j for all j ∈ A . The following result presents a sufficient condition underwhich γ min i ( · ) and γ max i ( · ) are locally Lipschitz on the set S . Lemma 1.
If the interior of U i ( (cid:126)x ) is nonempty for all (cid:126)x ∈ S and U i ( (cid:126)x ) is uniformly compact near (cid:126)x for all (cid:126)x ∈ S , thenthe functions γ min i ( · ) and γ max i ( · ) defined by (6) are locallyLipschitz on S .Proof. The proofs for γ min i ( · ) and γ max i ( · ) are identical ex-cept for trivially changing the sign of the objective function;therefore only the proof for γ min i ( · ) is given. Define the setof optimal points P i ( (cid:126)x ) = (cid:26) u ∗ i : u ∗ i = arg min u ∈U i L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u (cid:27) . The result in [30, Theorem 5.1] states that if U i ( (cid:126)x ) isnonempty and uniformly compact near (cid:126)x ∈ R ¯ n and ifhe Mangasarian-Fromovitz (M-F) conditions hold at each u ∗ i ∈ P i ( (cid:126)x ) , then γ min i ( · ) is locally Lipschitz near (cid:126)x (see[30] for the definition of the M-F conditions). The first twoconditions hold by assumption, and so we next prove that theM-F conditions hold at each u ∗ i ∈ P ( (cid:126)x ) . Let A i,j ( · ) denotethe j th row of A i ( · ) and b i,j ( · ) denote the j th entry of b i ( · ) .Consider any (cid:126)x ∈ S and u ∗ i ∈ P i ( (cid:126)x ) . Denote J i ( (cid:126)x ) = { j ∈ { , . . . , q i } : A i,j ( (cid:126)x ) u ∗ i − b i,j ( (cid:126)x ) = 0 } as the set ofconstraint indices where equality holds at u ∗ i . Note thatby definition of J i ( (cid:126)x ) , for all j (cid:48) (cid:54)∈ J i ( (cid:126)x ) it holds that A i,j (cid:48) ( (cid:126)x ) < . The interior int ( U i ( (cid:126)x )) being nonempty andconvex implies there exists an r ∈ R m i such that for all j ∈ J i ( (cid:126)x ) , A i,j ( (cid:126)x ) ( u ∗ i + r ) − b i,j ( (cid:126)x ) < , = ⇒ A i,j ( (cid:126)x ) r < b i,j ( (cid:126)x ) − A i,j ( (cid:126)x ) u ∗ i = 0 . (9)This implies that there exists an r such that A i ( (cid:126)x ) r < .The point u ∗ i is therefore M-F regular. Since this holds forany u ∗ i ∈ P i ( (cid:126)x ) and ∀ (cid:126)x ∈ S , by [30, Theorem 5.1] it holdsthat γ min i ( · ) is locally Lipschitz on S .We briefly emphasize the difference between the min /max value functions γ min i , γ max i in (6) and the min / max point functions defined as u min i ( (cid:126)x ) = arg min u i ∈U i [ L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i ] , (10) u max i ( (cid:126)x ) = arg max u i ∈U i [ L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u i ] . (11)In words, u min i and u max i represent the control actions suchthat, respectively, γ min i ( (cid:126)x ) = L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u min i and γ max i ( (cid:126)x ) = L f i h x i ( (cid:126)x ) + L g i h x i ( (cid:126)x ) u max i . Althoughthe min / max value functions γ min i ( · ) , γ max i ( · ) are locallyLipschitz under the conditions of Lemma 1 and [30], the min/ max point functions u min i and u max i may not be locallyLipschitz in general. The following Lemma will also be needed for our lateranalysis, and is based on results in [8], [31, Thm. 3.4]. Itestablishes an upper bound on the difference between thesampled state (cid:126)x k i and the state (cid:126)x ( t ) on the time interval t ∈ [ t ki , t ki + Γ) , Γ ≥ . Lemma 2.
For any Γ ≥ , there exists a µ ≥ , L (cid:48) > such that the following holds: (cid:13)(cid:13) (cid:126)x ( t ) − (cid:126)x k i (cid:13)(cid:13) ≤ µL (cid:48) (cid:16) e L (cid:48) Γ − (cid:17) ∀ t ∈ [ t ki , t ki + Γ) . Proof.
Using the same method as [31, Thm. 3.4], define thefunctions f ( t, (cid:126)x ) =0 , (12) g ( t, (cid:126)x ) = f ( x ) + g ( x ) u ( t ) + φ ( t ) ... f N ( x N ) + g N ( x N ) u N ( t ) + φ N ( t ) (13) We re-emphasize however that when (11) is applied in a ZOH manner,existence and uniqueness of solutions to (1) is guaranteed by Carath´eodory’stheorem [26, Sec. 2.2].
Next, observe that ddt (cid:126)x k i = 0 = f ( t,(cid:126)x k i ) ,ddt (cid:126)x ( t ) = f ( t,(cid:126)x )+ g ( t,(cid:126)x ) . Observe that S is compact by Assumption 2, each f i , g i is locally Lipschitz, and each φ i ( t ) is locally Lipschitz with (cid:107) φ i ( t ) (cid:107) ≤ φ max i . In addition, by Assumption 3 there existsan upper bound u M ∈ R such that (cid:107) u l (cid:107) ≤ u M . Thereforethere exists µ ∈ R ≥ such that sup (cid:126)x ∈ S (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) f ( x ) + g ( x ) u + φ ( t ) ... f N ( x N ) + g N ( x N ) u N + φ N ( t ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:13) ≤ µ. (14)Note that for t = t ki we have (cid:13)(cid:13) (cid:126)x ( t ) − (cid:126)x k i ( t ) (cid:13)(cid:13) = 0 . Thereforeby [31, Thm. 3.4], it holds that (cid:13)(cid:13) (cid:126)x − (cid:126)x k i (cid:13)(cid:13) ≤ µL (cid:48) (cid:16) e L (cid:48) ( t − t ki ) − (cid:17) ∀ t ∈ [ t ki , t ki + Γ) , (15)where L (cid:48) ∈ R > is any strictly positive constant.For brevity, we define the function (cid:15) : R × R × R > → R as (cid:15) (Γ , µ, L (cid:48) ) = µL (cid:48) (cid:16) e L (cid:48) Γ − (cid:17) . (16)For fixed µ, L (cid:48) , we abuse notation by writing (cid:15) (Γ) as afunction of Γ only. It can be shown that for fixed µ, L (cid:48) , (cid:15) ( · ) is a class- K function in Γ . B. Synchronous Sampling Times
To facilitate the presentation of the main results, wefirst consider the case where all agents in the system havesynchronous sampling times with a period of Γ > , i.e. T i = { k Γ : k ∈ Z ≥ } ∀ i ∈ N . This assumption is laterrelaxed to consider agents with asynchronous, nonidenticalsampling times. The Cartesian product of the admissiblecontrols for all normal agents is denoted U N = × i ∈N U i .Under Assumption 3, each U i ( (cid:126)x ) being uniformly compactnear all (cid:126)x ∈ S implies that U N is also uniformly compactnear all (cid:126)x ∈ S . We will denote (cid:126)u N ∈ U N as the vectorcontaining only normal agents’ control inputs; i.e. (cid:126)u N = (cid:104) u Ti . . . u Ti |N| (cid:105) T , { i , . . . , i |N | } ∈ N .Our ultimate aim is to demonstrate that for all t ≥ , ˙ h ( (cid:126)x ( t )) + α ( h ( (cid:126)x ( t ))) ≤ . (17)The dependence of (cid:126)x ( t ) on t will be omitted for brevity. Priorresults typically focus on designing continuous u ( · ) functionsthat guarantee (17) is satisfied. Satisfying (17) in sampled-data systems for all intermediate times t ∈ [ t k , t k +1 ) , k ∈ Z ≥ is more challenging since u ( · ) is constant on eachinterval t ∈ [ k Γ , ( k + 1)Γ) . Inspired by [8], this challengewill be addressed as follows: given the sampled state (cid:126)x ( t k ) and the state (cid:126)x ( t ) , t ∈ [ t k , t k +1 ) , define the error term e ( t, t k ) = (cid:16) ˙ h ( (cid:126)x ) − ˙ h ( (cid:126)x k ) (cid:17) + (cid:0) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x k )) (cid:1) . rom the LHS of (17) we obtain ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) = ˙ h ( (cid:126)x k ) + (cid:16) ˙ h ( (cid:126)x ) − ˙ h ( (cid:126)x k ) (cid:17) + α ( h ( (cid:126)x k )) + (cid:0) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x k )) (cid:1) , = ˙ h ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + e ( t, t k ) , ≤ ˙ h ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e ( t, t k ) (cid:13)(cid:13) . By defining a function η ( · ) such that η (Γ) ≥ sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e ( t, t k ) (cid:13)(cid:13) , the inequality condition in (17) istherefore satisfied for all times on the interval t ∈ [ t k , t k +1 ) if for every t k ∈ T the following condition holds: ˙ h ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + η (Γ) ≤ . (18)Satisfaction of (18) implies that ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) ≤ ˙ h ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + η (Γ) ≤ for all t ∈ [ t k , t k +1 ) . To define such afunction η ( · ) , the following Lemma will be used. Lemma 3.
Consider the system (1) . There exist constants c f , c g , c α , c γ , c h ∈ R such that for all (cid:126)x , (cid:126)x ∈ S , all of thefollowing inequalities hold: (cid:88) i ∈N (cid:13)(cid:13) L f i h x i ( (cid:126)x ) − L f i h x i ( (cid:126)x ) (cid:13)(cid:13) ≤ c f (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (19) (cid:88) i ∈N (cid:13)(cid:13) L g i h x i ( (cid:126)x ) − L g i h x i ( (cid:126)x ) (cid:13)(cid:13) ≤ c g (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (20) (cid:13)(cid:13) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x )) (cid:13)(cid:13) ≤ c α (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (21) (cid:88) j ∈A (cid:13)(cid:13) γ max j ( (cid:126)x ) − γ max j ( (cid:126)x ) (cid:13)(cid:13) ≤ c γ (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (22) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:88) l ∈V L φ l h x l ( (cid:126)x ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13) ≤ c h (cid:88) l ∈V φ max l (23) Proof.
The inequalities (19)-(22) follow from the fact thateach f i , g i , α , and γ max j are locally Lipschitz, h ∈ C , loc , and S is compact. To demonstrate that (23) holds, observe that S being compact and h ∈ C , loc implies (cid:13)(cid:13)(cid:13) ∂h ( (cid:126)x ) ∂x l (cid:13)(cid:13)(cid:13) is bounded on S for all l ∈ V . Therefore, there exists a constant c h ∈ R > such that for all t ∈ [ t k , t k +1 ) , ∀ (cid:126)x ∈ S , (cid:13)(cid:13)(cid:13)(cid:13)(cid:13)(cid:88) l ∈V L φ l h x l ( (cid:126)x ) (cid:13)(cid:13)(cid:13)(cid:13)(cid:13) ≤ (cid:88) l ∈V (cid:13)(cid:13)(cid:13)(cid:13) ∂h ( (cid:126)x ) ∂x l φ l ( t ) (cid:13)(cid:13)(cid:13)(cid:13) ≤ c h (cid:88) l ∈V φ max l In addition to the inequalities in Lemma 3, observe thateach set U i being uniformly compact implies that there exista constant u max ≥ such that (cid:13)(cid:13) u ki (cid:13)(cid:13) ≤ u max for all i ∈ N , k ≥ . Using this definition of u max , the constants definedin Lemma 3, and the function (cid:15) ( · ) in (16) we define thefunction η : R ≥ → R as follows: η (Γ) = ( c f + c g u max + c α + c γ ) (cid:15) (Γ) + c h (cid:88) l ∈V φ max l . (24)The proof that η (Γ) ≥ sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e ( t, t k ) (cid:13)(cid:13) will be givenin Theorem 1. This definition of η ( · ) is used to define thefollowing safety-preserving controls set for the normal agentsin N : K ( (cid:126)x ) = (cid:8) (cid:126)u k N ∈ U N : (cid:88) i ∈N (cid:2) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u ki (cid:3) + (cid:88) j ∈A γ max j ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + η (Γ) ≤ (cid:9) (25)Using this definition of K ( · ) , the following Theorempresents conditions under which the set S can be renderedforward invariant for the system (1) with synchronous sam-pling times despite the actions of the adversarial agents. Theorem 1.
Consider the system (1) with synchronoussampling times. If (cid:126)x k ∈ S for k ≥ , then for any controlinput (cid:126)u k ∈ K ( (cid:126)x k ) the trajectory (cid:126)x ( t ) satisfies (cid:126)x ( t ) ∈ S forall t ∈ [ k Γ , ( k + 1)Γ) .Proof. First, denote ˙ h (cid:48) ( (cid:126)x k ) = ˙ h ( (cid:126)x k ) − (cid:80) l ∈V L φ l h x l ( (cid:126)x k ) . Inwords, ˙ h (cid:48) ( (cid:126)x k ) is equal to ˙ h ( (cid:126)x k ) with all disturbance-relatedLie derivatives subtracted out. Observe that ˙ h ( (cid:126)x k ) + (cid:16) ˙ h ( (cid:126)x ) − ˙ h ( (cid:126)x k ) (cid:17) = ˙ h (cid:48) ( (cid:126)x k ) + (cid:88) l ∈V L φ l h x l ( (cid:126)x k )+ (cid:32) ˙ h ( (cid:126)x ) − ˙ h (cid:48) ( (cid:126)x k ) − (cid:88) l ∈V L φ l h x l ( (cid:126)x k ) (cid:33) , = ˙ h (cid:48) ( (cid:126)x k ) + (cid:16) ˙ h ( (cid:126)x ) − ˙ h (cid:48) ( (cid:126)x k ) (cid:17) , = ˙ h (cid:48) ( (cid:126)x k ) + (cid:16) ˙ h (cid:48) ( (cid:126)x ) − ˙ h (cid:48) ( (cid:126)x k ) (cid:17) + (cid:88) l ∈V L φ l h x l ( (cid:126)x ) . From (1) and the definition of adversarial agents in (4), definethe error term e (cid:48) ( t, t k ) = (cid:16) ˙ h (cid:48) ( (cid:126)x ) − ˙ h (cid:48) ( (cid:126)x k ) (cid:17) + (cid:88) l ∈V L φ l h x l ( (cid:126)x )+ (cid:0) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x k )) (cid:1) , = (cid:32)(cid:88) i ∈N L f i h x i ( (cid:126)x ) − L f i h ( (cid:126)x k ) (cid:33) + (cid:88) l ∈V L φ l h x l ( (cid:126)x )+ (cid:32)(cid:88) i ∈N (cid:2) L g i h x i ( (cid:126)x ) − L g i h x i ( (cid:126)x k ) (cid:3) u ki (cid:33) + (cid:88) j ∈A (cid:0) γ max j ( (cid:126)x ) − γ max j ( (cid:126)x k ) (cid:1) + (cid:0) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x k )) (cid:1) Since t k +1 − t k = ( k + 1)Γ − k Γ = Γ for all k ≥ , byLemma 2 we have (cid:13)(cid:13) (cid:126)x − (cid:126)x k (cid:13)(cid:13) ≤ (cid:15) (Γ) for all t ∈ [ t k , t k +1 ) .Using Lemma 3 and the definition of η ( · ) in (24) yields thefollowing upper bound on (cid:13)(cid:13) e (cid:48) ( t, t k ) (cid:13)(cid:13) : sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e (cid:48) ( t, t k ) (cid:13)(cid:13) ≤ ( c f + c g u max + c α + c γ ) (cid:15) (Γ)+ c h (cid:88) l ∈V φ max l , = ⇒ sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e (cid:48) ( t, t k ) (cid:13)(cid:13) ≤ η (Γ) . herefore for all t ∈ [ t k , t k +1 ) , it holds that ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) = ˙ h (cid:48) ( (cid:126)x k ) + (cid:16) ˙ h (cid:48) ( (cid:126)x ) − ˙ h (cid:48) ( (cid:126)x k ) (cid:17) + (cid:88) l ∈V L φ l h x l ( (cid:126)x ) + α ( h ( (cid:126)x k )) + (cid:0) α ( h ( (cid:126)x )) − α ( h ( (cid:126)x k )) (cid:1) , = ˙ h (cid:48) ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + e (cid:48) ( t, t k ) , ≤ ˙ h (cid:48) ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + sup t ∈ [ t k ,t k +1 ) (cid:13)(cid:13) e (cid:48) ( t, t k ) (cid:13)(cid:13) , ≤ (cid:88) i ∈N (cid:2) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u ki (cid:3) + (cid:88) j ∈A γ max j ( (cid:126)x k ) + α ( h ( (cid:126)x k )) + η (Γ) . Choosing any (cid:126)u k N ∈ K ( (cid:126)x ) , observe from (25) that (cid:88) i ∈N (cid:2) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u ki (cid:3) + (cid:88) j ∈A γ max j ( (cid:126)x k ) + α ( h ( (cid:126)x k ) + η (Γ) ≤ , (26) = ⇒ ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) ≤ . (27)Therefore any (cid:126)u k N ∈ K ( (cid:126)x k ) renders the set S forwardinvariant for all t ∈ [ t k , t k +1 ) . These arguments hold forall k ∈ Z ≥ , which concludes the proof. Remark 6.
Using Remark 5 observe that given any (cid:126)u k N ∈ K ( (cid:126)x k ) , for all u j ∈ U j , j ∈ A it holds that (cid:88) i ∈N (cid:0) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u i (cid:1) + (cid:88) j ∈A (cid:0) L f j h x j ( (cid:126)x k ) + L g j h x j ( (cid:126)x k ) u j (cid:1) + α ( h ( (cid:126)x )) + η (Γ) ≤ (cid:88) i ∈N (cid:0) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u i (cid:1) + (cid:88) j ∈A γ max j ( (cid:126)x k )+ α ( h ( (cid:126)x )) + η (Γ) . Therefore, the results of Theorem 1 hold for any feasiblecontrol inputs u j ∈ U j for any agent j ∈ A .In other words, since the analysis of Theorem 1 uses themaximum value functions γ max j ( · ) for the contributions of theadversarial agents j ∈ A to the LHS of the safety condition (3) , the results of Theorem 1 hold for any control inputsthat the adversarial agents can apply within their respectivefeasible polytopes U j . In this sense the results of Theorem 1can be applied to a broader definition of the control inputsof agents in the set A than the one given in Section II-A. When K ( (cid:126)x ) defined in (25) is nonempty, a feasible (cid:126)u ∗N ∈ K ( (cid:126)x ) rendering S invariant while minimally modifying (cid:126)u nom can be computed by solving the following QP: (cid:126)u ∗N ( (cid:126)x k ) =arg min (cid:126)u N ∈U N (cid:107) (cid:126)u N − (cid:126)u nom (cid:107) (28)s.t. (cid:88) i ∈N (cid:0) L f i h x i ( (cid:126)x k ) + L g i h x i ( (cid:126)x k ) u i (cid:1) + (cid:88) j ∈A γ max j ( (cid:126)x k ) + α ( h ( (cid:126)x )) + η (Γ) ≤ Note that this QP requires the values of γ max j ( (cid:126)x k ) , j ∈ A ,which can be solved for via a separate LP. Once (cid:126)u ∗N ( (cid:126)x k ) ∈ K ( (cid:126)x ) has been obtained, each agent i ∈ N can then applythe local control input u i ( (cid:126)x k ) . By Theorem 1, safety of theentire system is guaranteed under the adversarial behavior forall forward time. The case when K ( (cid:126)x ) is empty is discussedin Section III-D. C. Asynchronous Sampling Times
The assumption of identical, synchronous sampling timestypically does not hold in practice. In addition, a distributedsystem may not have access to a centralized entity to solvethe QP in (28) to obtain (cid:126)u N . This subsection will thereforeconsider asynchronous sampling times and a distributedmethod for computing local control inputs. Each agent i ∈ V is assumed to have a nominal sampling period Γ i ∈ R > andthe perturbed sequence of sampling times T i = { t i , t i , . . . } s.t. t k +1 i − t ki = Γ i + δ i ( k ) , ∀ k ∈ Z ≥ , (29)where δ i ( k ) is a disturbance satisfying (cid:107) δ i ( k ) (cid:107) ≤ δ max i .The function δ i can be used to model time delays due todisturbances such as clock asynchrony or packet drops inthe communication network. We denote Γ max = max i ∈V Γ i and δ max = max i ∈V δ max i . Recall from Section II-A that wedenote (cid:126)x k i = (cid:126)x ( t ki ) and u k i i = u i ( t ki ) .Each agent i ∈ N updates its control input u k i i at samplingtimes t ki and also broadcasts u k i i to all other agents in thenetwork. Each agent i stores the values of the most recentlyreceived inputs from its normal in-neighbors l ∈ N . Thenotation ˆ u k i l denotes the most recently received input valueby agent i from agent l at time t ki .Using the definition of η ( · ) from (24), the followingsafety-preserving control set is defined for each i ∈ N : K i ( (cid:126)x k i ) = (cid:110) u i ∈ U i : L f i h x i ( (cid:126)x k i ) + L g i h x i ( (cid:126)x k i ) u i + (cid:88) l ∈N \{ i } (cid:104) L f l h x l ( (cid:126)x k i ) + L g l h x l ( (cid:126)x k i )ˆ u k i l (cid:105) + (cid:88) j ∈A γ max j ( (cid:126)x k i ) + α ( h ( (cid:126)x k i )) + η (Γ i + δ max ) ≤ (cid:111) Theorem 2 presents conditions under which forward invari-ance of the set S can be guaranteed for the distributed,asynchronous system described in this subsection. Theorem 2.
Consider the system (1) with sampling timesdescribed by (29) . If at sampling time t ki for k ≥ , i ∈ N itholds that (cid:126)x k i ∈ S , then for any u k i i ∈ K i ( (cid:126)x k i ) the trajectory (cid:126)x ( t ) satisfies (cid:126)x ( t ) ∈ S for all t ∈ [ t ki , t k +1 i ) .Proof. Choose any i ∈ N and consider the time interval t ∈ [ t ki , t k +1 i ) . Recall that t k +1 i − t ki ≤ Γ i + δ max ∀ k ∈ Z ≥ by virtue of (29) and the definition of δ max . In particular,this implies (cid:15) (Γ i + δ i ( k )) ≤ (cid:15) (Γ i + δ max ) for all k ∈ Z ≥ since (cid:15) ( · ) is a class- K function in Γ . For each i ∈ N definethe value e (cid:48) i ( t, t k ) in a similar manner as Theorem 1 andbserve sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e (cid:48) i ( t, t ki ) (cid:13)(cid:13) ≤ ( c f + c g u max + c α + c γ ) (cid:15) (Γ i + δ max ) + c h (cid:88) l ∈V φ max l , = ⇒ sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e (cid:48) i ( t, t ki ) (cid:13)(cid:13) ≤ η (Γ i + δ max ) The same logic as in Theorem 1 can then be used to demon-strate that ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) ≤ for all t ∈ [ t ki , t k +1 i ) .Under the communication protocol described previously,each agent can use the most recently received inputs ˆ u k i l from other normal agents to calculate a control input u k i i ∈ K i ( (cid:126)x k i ) . Such a u k i i can be computed by solving thefollowing QP: u i ( (cid:126)x k i ) =arg min u i ∈U i (cid:13)(cid:13)(cid:13) u i − u k i i, nom (cid:13)(cid:13)(cid:13) (30)s.t. (cid:0) L f i h x i ( (cid:126)x k i ) + L g i h x i ( (cid:126)x k i ) u i (cid:1) + (cid:88) l ∈N \{ i } (cid:16) L f l h x l ( (cid:126)x k i ) + L g l h x l ( (cid:126)x k i )ˆ u k i l (cid:17) + (cid:88) j ∈A γ max j ( (cid:126)x k i ) + α ( h ( (cid:126)x k i ))+ η (Γ i + δ max ) ≤ . Like the previous formulations, the values of γ max j ( · ) for j ∈ A can be calculated via solving a separate LP. By theresults of Theorem 2, when each K i ( (cid:126)x ) is nonempty andeach normal agent applies the controller defined by (30) themulti-agent safe set is rendered forward invariant despite anycollective worst-case behavior of the adversarial agents. D. Maximum Safety-Preserving Control Action
One of the required conditions of the foregoing results isthe nonemptiness of the safety-preserving controls sets K ( (cid:126)x ) and K i ( (cid:126)x ) , which is also closely related to the feasibility ofthe respective QPs (28), (30). Conditions under which suchsets remain nonempty for general systems remains an openquestion. Guaranteeing both safety and the feasibility of theQP calculating the control input u i ( (cid:126)x k i ) has been a recenttopic of study [27], [32], and can depend on the choice ofextended class- K ∞ function α ( · ) .In contrast, consider the sampled-data control law u min i ( · ) defined in (10). Intuitively speaking, (10) represents thestrongest control effort agent i ∈ N can apply towardsminimizing the LHS of (3). This control input can be solvedfor by taking the arg min of the minimizing LP in (7): u min i ( (cid:126)x k i ) = arg min u i ∈ R mi L g i h x i ( (cid:126)x k i ) u i s.t. A i ( (cid:126)x k i ) u i ≤ b i ( (cid:126)x k i ) (31)For any system satisfying Assumption 3, the set U i ( (cid:126)x ) = { u : A i ( (cid:126)x ) u ≤ b i ( (cid:126)x ) } is nonempty for all (cid:126)x ∈ S . This implies that(31) is always guaranteed to be feasible for (cid:126)x ∈ S . Howeverthe question remains as to when the control action (10) can guarantee forward invariance of S . Towards this end, definethe set ∂S (cid:15) = (cid:26) x ∈ S : min z ∈ ∂S (cid:107) x − z (cid:107) ≤ (cid:15) (cid:27) , (cid:15) > . (32)In words, ∂S (cid:15) is an “inner boundary region” of S whichincludes all points in S within distance (cid:15) of ∂S with respectto a chosen norm. The next theorem presents a sufficientcondition for when each normal agent applying u min i ( · ) renders S forward invariant in the presence of an adversarialset A . Theorem 3.
Let (cid:15) ∗ = (cid:15) (Γ max + 2 δ max ) and define the sets ∂S (cid:15) ∗ , ∂S (cid:15) ∗ as per (32) . Suppose that each normal agent i ∈ N applies the control input u min i ( (cid:126)x k i ) from (10) for allsampled states (cid:126)x k i satisfying (cid:126)x k i ∈ ∂S (cid:15) ∗ . Then S is forwardinvariant if (cid:126)x (0) ∈ S \ ∂S (cid:15) ∗ and the following conditionholds: max (cid:126)x ∈ ∂S (cid:15) ∗ (cid:34) (cid:88) i ∈N max (cid:126)x i ∈ B ( (cid:126)x,(cid:15) ∗ ) (cid:2) γ min i ( (cid:126)x i ) (cid:3) + (33) (cid:88) j ∈A γ max j ( (cid:126)x ) + α ( h ( (cid:126)x )) (cid:35) ≤ − η (Γ max + 2 δ max ) . Proof.
The proof first demonstrates that the most recentlysampled states of all agents always lie within a closedball of radius (cid:15) ∗ = (cid:15) (Γ max + 2 δ max ) . Next, it shows that (cid:126)x (0) ∈ S \ ∂S (cid:15) ∗ implies that (cid:126)x ( t ) cannot leave S withoutall agents sampling the state at least once within the region ∂S (cid:15) ∗ . Finally, it is shown that this fact combined with (33)implies that S is forward invariant.Choose any i ∈ N and any sampling time t ki for agent i . By the definition of Γ max and δ max , the next samplingtime t k +1 i satisfies t k +1 i − t ki ≤ t ki + Γ max + 2 δ max . Sincethis holds for all i ∈ V , given any i , i ∈ N and interval [ t ki , t ki + Γ max + δ max ] , there exists a sampling time for i satisfying t k (cid:48) i ∈ [ t ki , t ki + Γ max + 2 δ max ] . Using Lemma 2,this implies that the maximum normed difference betweenany two most recently sampled states (cid:126)x ( t k ∗ i ) and (cid:126)x ( t k ∗ i ) satisfies (cid:13)(cid:13) (cid:126)x ( t k ∗ i ) − (cid:126)x ( t k ∗ i ) (cid:13)(cid:13) ≤ (cid:15) (Γ max + 2 δ max ) = (cid:15) ∗ . Sincethis holds for all i , i ∈ V at any t ki , the most recentlysampled states of all agents therefore always lie within aball of radius (cid:15) ∗ .Next, consider any agent i with sampling time t ki suchthat (cid:126)x ( t ki ) ∈ S \ ∂S (cid:15) ∗ and (cid:126)x ( t k +1 i ) (cid:54)∈ S \ ∂S (cid:15) ∗ . Since (cid:13)(cid:13) (cid:126)x ( t k +1 i ) − (cid:126)x ( t ki ) (cid:13)(cid:13) ≤ (cid:15) ∗ by previous arguments, this impliesthat (cid:126)x ( t k +1 i ) ∈ ∂S (cid:15) ∗ . Therefore (cid:126)x (0) ∈ S \ ∂S (cid:15) ∗ impliesthat (cid:126)x cannot leave S without each agent i ∈ N havingat least one sampling time t ki such that (cid:126)x k i ∈ ∂S (cid:15) ∗ . Notethat (cid:126)x (0) ∈ S \ ∂S (cid:15) ∗ as per the Theorem statement impliesthat (cid:126)x (0) ∈ S \ ∂S (cid:15) ∗ since ∂S (cid:15) ∗ ⊂ ∂S (cid:15) ∗ .Define e (cid:48) ( t, t ki ) in a similar manner to Theorem 1. Observethat t k +1 i − t ki ≤ Γ max + 2 δ max for all i ∈ N . In addition,for any i , i ∈ N with most recent sampling times t k i i and t k i i , it can be shown that | t k i i − t k i i | ≤ Γ max + 2 δ max .Therefore on any interval t ∈ [ t k i i , t k i i ) , we have up t ∈ [ t ki i ,t ki i ) (cid:13)(cid:13)(cid:13) e (cid:48) ( t, t k i i ) (cid:13)(cid:13)(cid:13) ≤ ( c f + c g u max + c α + c γ ) (cid:15) ∗ + c h (cid:88) l ∈V φ max l , = ⇒ sup t ∈ [ t ki i ,t ki i ) (cid:13)(cid:13)(cid:13) e (cid:48) ( t, t k i i ) (cid:13)(cid:13)(cid:13) ≤ η (Γ max + 2 δ max ) . Choose the first sampling time t k i i such that t k i i ≥ Γ max +2 δ max and (cid:126)x k i ∈ ∂S (cid:15) ∗ ⊂ ∂S (cid:15) ∗ . Since (cid:126)x (0) ∈ S (cid:15) ∗ by theTheorem statement, it can be shown using prior argumentsthat such a sampling time is guaranteed to exist. This choiceof t k i i implies that all agents have sampled at least onceat or before t k i i . Let t k i i > t k i i be the next normal agentsampling time strictly greater than t k i i , with the associatedagent denoted i ∈ N . Let (cid:126)x k i , . . . , (cid:126)x k i |N| denote themost recently sampled states of all normal agents. By priorarguments (cid:126)x k il ∈ B ( (cid:126)x k i , (cid:15) ∗ ) for all l ∈ , . . . , |N | , andtherefore by (33) at time t k i i we have (cid:88) p ∈ ,..., |N | γ min i ( (cid:126)x k ip ) − (cid:88) j ∈A γ max j ( (cid:126)x k i ) + α ( h ( (cid:126)x k i ))+ η ∗ (Γ max + 2 δ max ) ≤ . From this it holds that for all t ∈ [ t k i i , t k i i ) we have ˙ h ( (cid:126)x ) + α ( h ( (cid:126)x )) ≤ (cid:88) p ∈ ,...,N γ min i ( (cid:126)x k ip ) − (cid:88) j ∈A γ max j ( (cid:126)x k i )+ α ( h ( (cid:126)x k i )) + η ∗ (Γ max + 2 δ max ) ≤ . It follows that S is forward invariant on the interval t ∈ [ t k i i , t k i i ) . The preceding arguments can be repeated for anysubsequent adjacent sampling times t k il i l , t k ip i p , t k il i l < t k ip i p to show that S is forward invariant on [ t k il i l , t k ip i p ) , whichconcludes the proof.IV. S AFE S ET F UNCTIONS WITH H IGH R ELATIVE D EGREE
It has been demonstrated in prior literature that there existsafe set functions h where agents’ control inputs do notappear in the expression for the time derivative ˙ h ( (cid:126)x ) , i.e., ∂h ( (cid:126)x ) ∂x i g i ( (cid:126)x ) = for all (cid:126)x [7], [24]. These functions aresaid to have high relative degree with respect to the systemdynamics . In such cases, prior literature has consideredmethods for computing continuous-time controllers whichprovably maintain forward invariance of the safe set. Theseprior results do not consider systems with sampled-datadynamics however, nor do they consider the presence ofagents behaving in an adversarial manner. In this sectionwe extend our previous results to consider a class of safe setfunctions having high relative degree w.r.t. system dynamics.In prior work, safety of systems without disturbancesand having continuous control inputs using safe set func-tions having high relative degree w.r.t. system dynamics istypically considered as follows: a function h : R ¯ n → R describing the safe set is used to define a series of functions ψ j : R ¯ n → R , j = 1 , . . . , q in the following manner: ψ ( (cid:126)x ) (cid:44) h ( (cid:126)x ) ,ψ ( (cid:126)x ) (cid:44) ˙ ψ ( (cid:126)x ) + α ( ψ ( (cid:126)x )) , ... ψ q ( (cid:126)x ) (cid:44) ˙ ψ q − + α q ( ψ q − ( (cid:126)x )) , (34)where each α j : R → R is an extended class- K ∞ function.The integer q ∈ Z ≥ is chosen to be the smallest integersuch that a control input u i for some i ∈ V appears in theexpression for ψ q ( (cid:126)x ) . The integer q is called the relativedegree of h w.r.t the system dynamics. The functions in (34)are associated with the following series of sets: S (cid:44) { (cid:126)x ∈ R ¯ n : ψ ( (cid:126)x ) ≤ } .S (cid:44) { (cid:126)x ∈ R ¯ n : ψ ( (cid:126)x ) ≤ } . ... S q (cid:44) { (cid:126)x ∈ R ¯ n : ψ q − ( (cid:126)x ) ≤ } . (35)For brevity, we denote S I (cid:44) (cid:84) pr =1 S r . The following resultfrom prior literature applies to systems with continuous control inputs: Theorem 4 ([7]) . Suppose (cid:126)x ( t ) ∈ (cid:84) pi =1 S i . Then theset (cid:84) qi =1 S i is rendered forward invariant under any Lip-schitz continuous controller (cid:126)u ( t ) that ensures the condition ψ q ( (cid:126)x ( t )) ≤ for all t ≥ t . However, this prior result considers continuous controlinputs, does not account for the disturbances ψ i ( t ) in (1),and does not consider the presence of agents behaving in anadversarial manner.This section will extend the results in the previous sectionto present a method for normally-behaving agents with thesampled-data dynamics (1) to maintain safety using a safe setfunction h with high relative degree w.r.t. (1) in the presenceof adversarial agents. First, to address the presence of thedisturbances φ i ( t ) , i ∈ V , recall from Lemma 3 that thereexists a constant c h ≥ such that (cid:13)(cid:13)(cid:80) i ∈V L φ i h x i ( (cid:126)x ) (cid:13)(cid:13) ≤ c h (cid:80) i ∈V φ max i . We define the constant ξ = c h (cid:88) i ∈V φ max i . (36)The function h ( (cid:126)x ) and constant ξ are used to define a seriesof functions ψ dj : R ¯ n → R , j = 1 , . . . , q in the followingmanner: ψ d ( (cid:126)x ) (cid:44) h ( (cid:126)x ) ,ψ d ( (cid:126)x ) (cid:44) (cid:88) i ∈V L f i h x i ( (cid:126)x ) + ξ + α ( ψ d ( (cid:126)x )) ,ψ d ( (cid:126)x ) (cid:44) ˙ ψ d ( (cid:126)x ) + α ( ψ d ( (cid:126)x )) , ... ψ dq ( (cid:126)x ) (cid:44) ˙ ψ dq − + α q ( ψ dq − ( (cid:126)x )) , (37)where each α j : R → R is an extended class K ∞ functionand is locally Lipschitz on R . We make the followingassumptions: ssumption 4. The agent inputs u i for all i ∈ V appearsimultaneously in ψ dq ( (cid:126)x ) , q ∈ Z ≥ , and are all absent in all ψ dj , ≤ j < q . Assumption 5.
The function ψ dq − satisfies ψ dq − ∈ C , loc . In particular, this section considers cases where the relativedegree q > , since cases where q = 1 can be treated bythe results in Section III. The sets S d , . . . , S dq and S dI aredefined as S d (cid:44) { (cid:126)x ∈ R ¯ n : ψ d ( (cid:126)x ) ≤ } .S d (cid:44) { (cid:126)x ∈ R ¯ n : ψ d ( (cid:126)x ) ≤ } . ... S dq (cid:44) { (cid:126)x ∈ R ¯ n : ψ dq − ( (cid:126)x ) ≤ } S dI (cid:44) q (cid:92) k =1 S dk . (38)The following Lemma will be needed for our main result.It allows the analysis to consider disturbances φ i ( t ) whichare not differentiable in time. Lemma 4.
Let h have relative degree q > with respect to (1) . Then it holds that ˙ ψ d ( (cid:126)x ) + α ( ψ d ( (cid:126)x )) ≤ ψ d ( (cid:126)x ) ∀ t ≥ .Proof. Since q > , by Assumption 4 the time derivative of ψ d ( (cid:126)x ) satisfies ˙ ψ d ( (cid:126)x ) = (cid:80) i ∈V L f i h x i ( (cid:126)x )+ L φ i h x i ( (cid:126)x ) . FromLemma 3 and equation (36) we have (cid:13)(cid:13)(cid:80) i ∈V L φ i h x i ( (cid:126)x ) (cid:13)(cid:13) ≤ c h (cid:80) i ∈V φ max i = ξ . Using (37) it follows that ˙ ψ d ( (cid:126)x ) + α ( ψ d ( (cid:126)x )) ≤ (cid:88) i ∈V ( L f i h x i ( (cid:126)x )) + ξ + α ( ψ d ( (cid:126)x )) , = ψ d ( (cid:126)x ) , which concludes the proof.By upper bounding the term L φ i h x i ( (cid:126)x ) with the constant ξ , no time derivatives of φ i ( t ) appear in the functions ψ , ...ψ q .Similar to Theorem 4, to achieve forward invariance of S dI under a ZOH control law the key condition is to show that ψ dq ( (cid:126)x ( t ) , (cid:126)u ( t )) ≤ for all t ≥ t . Using a similar method asthe prior section, for a ZOH (cid:126)u k we can define the error term e ψ ( t, t k ) = (cid:0) ψ dq ( (cid:126)x ) − ψ dq ( (cid:126)x k ) (cid:1) . (39)For all t ∈ [ t ki , t k +1 i ) it therefore holds that ψ dq ( (cid:126)x ( t )) = ψ dq ( (cid:126)x k ) + e ψ ( t, t ki ) ≤ ψ dq ( (cid:126)x k ) + sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e ψ ( t, t k ) (cid:13)(cid:13) . If it holds that ψ dq ( (cid:126)x k ) + sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e ψ ( t, t k ) (cid:13)(cid:13) ≤ , thenfor all t ∈ [ t ki , t k +1 i ) we therefore have ψ dq ( (cid:126)x ) ≤ for all t ∈ [ t ki , t k +1 i ) .Consider the asynchronous system with perturbed sam-pling times from section III-C such that Assumption 4 issatisfied and the function h has relative degree q under (1). Using (1) and (37), the function ψ q ( (cid:126)x ) can be expanded intothe expression ψ q ( (cid:126)x ) = ˙ ψ q − ( (cid:126)x ) + α q ( ψ q − ( (cid:126)x )) , = (cid:88) i ∈N L f i ψ x i q − ( (cid:126)x ) + L g i ψ x i q − ( (cid:126)x ) u i + (40) (cid:88) j ∈N L f j ψ x j q − ( (cid:126)x ) + L g j ψ x j q − ( (cid:126)x ) u j + α q ( ψ q − ( (cid:126)x )) Observe that the RHS of (40) is affine in (cid:126)u . This followsfrom (40) and the definition of the relative degree q fromAssumption 4. Similar to equation (6), define the functions ˆ γ min i ( (cid:126)x ) = min u i ∈U i (cid:2) L f i ψ x i q − ( (cid:126)x ) + L g i ψ x i q − ( (cid:126)x ) u i (cid:3) , ˆ γ max i ( (cid:126)x ) = max u i ∈U i (cid:2) L f i ψ x i q − ( (cid:126)x ) + L g i ψ x i q − ( (cid:126)x ) u i (cid:3) . (41)As in the previous section, the functions ˆ γ min i , ˆ γ max i can beshown to be locally Lipschitz on the set S I . Lemma 5.
If the interior of U i ( (cid:126)x ) is nonempty for all (cid:126)x ∈ S I and U i ( (cid:126)x ) is uniformly compact near (cid:126)x for all (cid:126)x ∈ S I , thenthe functions ˆ γ min i ( · ) and ˆ γ max i ( · ) defined by (41) are locallyLipschitz on S I .Proof. The result follows from Assumption 5 and by usingsimilar arguments as in Lemma 1.Similar to Section III, the following result will be neededto define a function η (cid:48) : R ≥ → R that will be used to upperbound the normed error term sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e ψ ( t, t k ) (cid:13)(cid:13) : Lemma 6.
Consider the system (1) and the function ψ dq − ( (cid:126)x ) . There exist constants c (cid:48) f , c (cid:48) g , c (cid:48) α , c (cid:48) ˆ γ ∈ R such thatfor all (cid:126)x , (cid:126)x ∈ S dI , all of the following inequalities hold: (cid:88) i ∈N (cid:13)(cid:13)(cid:13) L f i ( ψ dq − ) x i ( (cid:126)x ) − L f i ( ψ dq − ) x i ( (cid:126)x ) (cid:13)(cid:13)(cid:13) ≤ c (cid:48) f (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (cid:88) i ∈N (cid:13)(cid:13)(cid:13) L g i ( ψ dq − ) x i ( (cid:126)x ) − L g i ( ψ dq − ) x i ( (cid:126)x ) (cid:13)(cid:13)(cid:13) ≤ c (cid:48) g (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (cid:13)(cid:13)(cid:13) α q ( ψ dq − ( (cid:126)x )) − α q ( ψ dq − ( (cid:126)x )) (cid:13)(cid:13)(cid:13) ≤ c (cid:48) α (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , (cid:88) j ∈A (cid:13)(cid:13) ˆ γ j max ( (cid:126)x ) − ˆ γ j max ( (cid:126)x ) (cid:13)(cid:13) ≤ c (cid:48) ˆ γ (cid:13)(cid:13) (cid:126)x − (cid:126)x (cid:13)(cid:13) , Proof.
Follows from ψ q − ∈ C , loc by Assumption 5, from α q being locally Lipschitz on R by definition, and from ˆ γ min i , ˆ γ max i being locally Lipschitz by Lemma 5.Using the constants defined in Lemma 6 and the function (cid:15) ( · ) in (16), we define the function η (cid:48) : R ≥ → R as follows: η (cid:48) (Γ) = (cid:0) c (cid:48) f + c (cid:48) g u max + c (cid:48) α + c (cid:48) ˆ γ (cid:1) (cid:15) (Γ) . (42)This definition of η (cid:48) ( · ) is used to define the following safety-preserving controls sets for i ∈ V . Recall from Section III-Cthat ˆ u k i l denotes the most recently received input value bygent i ∈ N from agent l ∈ N at time t ki . K ψi ( (cid:126)x k i ) = (cid:8) u i ∈ U i : ψ q ( (cid:126)x k i ) ≤ (cid:9) , = (cid:110) u i ∈ U i : L f i ψ x i q − ( (cid:126)x k i ) + L g i ψ x i q − ( (cid:126)x k i ) u i + (cid:88) l ∈N \{ i } (cid:104) L f l ψ x l q − ( (cid:126)x k i ) + L g l ψ x l q − ( (cid:126)x k i )ˆ u k i l (cid:105) + (cid:88) j ∈A γ max j ( (cid:126)x k i ) + α ( ψ q − ( (cid:126)x k i )) + η (cid:48) (Γ i + δ max ) ≤ (cid:111) . The next Theorem demonstrates conditions under which theset S may be rendered forward invariant for trajectories ofthe system (1). Theorem 5.
Consider the system (1) with sampling timesdescribed by (29) . Let ψ d , . . . , ψ dq be defined as in (37) . Ifat sampling time t ki for k ≥ , i ∈ N it holds that (cid:126)x k i ∈ S I ,then for any u k i i ∈ K ψi ( (cid:126)x k i ) the trajectory (cid:126)x ( t ) satisfies (cid:126)x ( t ) ∈ S I for all t ∈ [ t ki , t k +1 i ) .Proof. From (39) and (37), we have e ψ ( t, t k ) = (cid:0) ψ dq ( (cid:126)x ) − ψ dq ( (cid:126)x k ) (cid:1) , = (cid:88) i ∈N (cid:0) L f i ( ψ dq − ) x i ( (cid:126)x ) − L f i ( ψ dq − ) x i ( (cid:126)x k ) (cid:1) + (cid:88) i ∈N (cid:0) L g i ( ψ dq − ) x i ( (cid:126)x ) − L g i ( ψ dq − ) x i ( (cid:126)x k ) (cid:1) u ki + (cid:88) j ∈A (cid:0) ˆ γ max j ( (cid:126)x ) − ˆ γ max j ( (cid:126)x k ) (cid:1) + (cid:0) α q ( ψ q − ( (cid:126)x )) − α q ( ψ q − ( (cid:126)x k )) (cid:1) (43)Choose any i ∈ N and consider the time interval t ∈ [ t ki , t k +1 i ) . Recall that t k +1 i − t ki ≤ Γ i + δ max ∀ k ∈ Z ≥ by virtue of (29) and the definition of δ max . In particular,this implies (cid:15) (Γ i + δ i ( k )) ≤ (cid:15) (Γ i + δ max ) for all k ∈ Z ≥ since (cid:15) ( · ) is a class- K function in Γ . Using equations (43),(42), Lemma 6, and Lemma (2) observe that sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e ψ ( t, t ki ) (cid:13)(cid:13) ≤ (cid:0) c (cid:48) f + c (cid:48) g u max + c (cid:48) α + c (cid:48) ˆ γ (cid:1) (cid:15) (Γ i + δ max ) , = ⇒ sup t ∈ [ t ki ,t k +1 i ) (cid:13)(cid:13) e ψ ( t, t ki ) (cid:13)(cid:13) ≤ η (cid:48) (Γ i + δ max ) The same logic as in Theorem 1 can then be used todemonstrate that for any u i ∈ K ψi ( (cid:126)x k i ) it holds that ψ dq ( (cid:126)x ( t )) ≤ ψ dq ( (cid:126)x k )+ η (cid:48) (Γ i + δ max ) ≤ for all t ∈ [ t ki , t k +1 i ) .We next demonstrate that ψ dq ( (cid:126)x ) ≤ for all t ∈ [ t ki , t k +1 i ) implies that (cid:126)x ∈ S dI ∀ t ∈ [ t ki , t k +1 i ) . For brevity, denote I ki = [ t ki , t k +1 i ) . Since ψ dq ( (cid:126)x ) ≤ for all t ∈ I ki , from(37) this implies that ˙ ψ dq − ( (cid:126)x ) + α q ( ψ dq − ( (cid:126)x )) ≤ for all t ∈ I ki . By Nagumo’s Theorem, this implies that ψ dq − ( (cid:126)x ) ≤ for all t ∈ I ki . Continuing inductively, observe that forall ≤ j ≤ q it holds that ψ dj ( (cid:126)x ) ≤ ∀ t ∈ S ki , whichimplies ˙ ψ dj − ( (cid:126)x ) + α j ( ψ dj − ( (cid:126)x )) ≤ ∀ t ∈ I ki . Therefore, byNagumo’s Theorem it holds that ψ dj − ( (cid:126)x ) ≤ ∀ t ∈ I ki . Bythis logic we therefore have ψ dq ( (cid:126)x ) ≤ ⇒ ψ dq − ( (cid:126)x ) ≤ ⇒ . . . = ⇒ ψ d ( (cid:126)x ) ≤ ∀ t ∈ I ki . By Lemma 4, ψ d ( (cid:126)x ) ≥ ˙ ψ d ( (cid:126)x ) + α ( ψ d ( (cid:126)x )) for all t ≥ . Therefore ψ d ( (cid:126)x ) ≤ ∀ t ∈ I ki implies that ˙ ψ d ( (cid:126)x ) + α ( ψ d ( (cid:126)x )) ≤ ∀ t ∈ I ki , whichimplies that ψ d ( (cid:126)x ) ≤ ∀ t ∈ I ki . Using the definitions in(38), it follows that the trajectory (cid:126)x ( t ) satisfies (cid:126)x ( t ) ∈ S dI = (cid:84) qj =1 S dj for all t ∈ I ki , which concludes the proof.Under the communication protocol described in SectionIII-C, each normal agent i ∈ N can use the most recentlyreceived inputs ˆ u k i l from other normal agents to calculate acontrol input u k i i ∈ K i ( (cid:126)x k i ) . Such a u k i i can be computedby solving the following QP: u i ( (cid:126)x k i ) = arg min u i ∈U i (cid:13)(cid:13)(cid:13) u i − u k i i, nom (cid:13)(cid:13)(cid:13) (44)s.t. (cid:0) L f i ( ψ dq − ) x i ( (cid:126)x k i ) + L g i ( ψ dq − ) x i ( (cid:126)x k i ) u i (cid:1) + (cid:88) l ∈N \{ i } (cid:16) L f l ( ψ dq − ) x l ( (cid:126)x k i ) + L g l ( ψ dq − ) x l ( (cid:126)x k i )ˆ u k i l (cid:17) + (cid:88) j ∈A γ max j ( (cid:126)x k i ) + α ( ψ dq − ( (cid:126)x k i )) + η (Γ i + δ max ) ≤ . A. Discussion
This section has considered systems satisfying Assumption4 where all agents’ inputs appear simultaneously for the samerelative degree q of h under (1). However, Assumption 4may not be satisfied in general for systems composed ofagents with heterogeneous control-affine dynamics. A simpleexample is a system composed of both single- and double-integrator agents with states in R . Only control inputsfor the single integrators appear in the function ψ ( (cid:126)x, (cid:126)u ) from (37), while the function ψ ( (cid:126)x, (cid:126)u, ˙ (cid:126)u ) = ddt ( ψ ( (cid:126)x, (cid:126)u )) + α ( ψ ( (cid:126)x, (cid:126)u )) simultaneously contains single-integrator in-puts, time-derivatives of single-integrator inputs, and double-integrator inputs.The extension of this paper’s results to the general casedoes not immediately follow for two reasons. First, the timederivatives of inputs ˙ (cid:126)u, ¨ (cid:126)u, . . . , (cid:126)u ( r ) , r ∈ Z ≥ for ZOH con-trollers are undefined at sampling instances. This necessitatesa careful and rigorous mathematical analysis of the behaviorof each ψ j ( (cid:126)x, (cid:126)u, ˙ (cid:126)u, . . . ) to ensure that safety can indeedbe guaranteed under a ZOH control law. Second, whenconsidering multi-agent safe set functions h ( · ) the functions ψ j for higher values of j are not guaranteed to be convexin (cid:126)u when Assumption 4 is not satisfied. This nonconvexityinhibits the ability to efficiently compute safety-preservingcontrol inputs. We therefore leave the general case as aninteresting direction for future investigation.V. S IMULATIONS
Simulations were performed using a combination of MAT-LAB and the Julia programming language [33]. The simu-lations used the OSQP optimization package [34] and theForwardDiff automatic differentiation package [35].While forward invariance of the safe set is guaranteedfor any control inputs in the safety-preserving controls sets K i ( · ) , K ψi ( · ) , a key issue is guaranteeing that the sets K i ( · ) , K ψi ( · ) remain nonempty for all forward time. Due to thedifficulty of calculating forward reachable sets for general ig. 1. Two examples of initial system states where it is impossible toguarantee forward nonemptiness of the normal agent’s safe controls set K i ( · ) . Agents have single integrator dynamics; the normal agent is depictedin blue and adversarial agents in red. The straight line at the top of theright image denotes an obstacle. Determining initial conditions for whichnonemptiness of safe control sets is guaranteed for all forward time remainsan open problem when considering nonlinear control-affine systems. nonlinear systems subject to disturbances [36], [37], prior lit-erature typically does not provide guarantees on the forwardnonemptiness of such safety-preserving controls sets exceptin very specific cases (e.g. when control input constraints arenot considered). Even in the absence of obstacles, it is trivialto find examples where forward invariance of the safe set isimpossible in an adversarial setting. Two such examples aregiven in Figure 1 for single integrator agents in the plane R ,where adversaries surround a normal agent or pin a normalagent against an obstacle. Proving the forward nonemptinessof sets K i ( · ) and K ψi ( · ) , however, is beyond the scope ofthis paper. A. Unicycle Agents in R The first simulation involves a network of n = 5 agentswith unicycle dynamics in R . Agents are nominally taskedwith tracking time-varying trajectories defined by a Beziercurve, timing law, and local formational offsets. The agentsmust also avoid static obstacles. Two agents misbehave byeach pursuing the respective closest normal agent. The stateof each unicycle i ∈ V is denoted x i = (cid:2) x i, x i, x i, (cid:3) T .Each unicycle is controlled via an input-output linearizationmethod [38, Ch. 11] where each agent has the outputs p i = (cid:2) p i, p i, (cid:3) T defined as p i, = x i, + b cos( x i, ) ,p i, = x i, + b sin( x i, ) , b > . (45)The output p i is treated as having single integrator dynamics ˙ p i = u i = (cid:2) u i, u i, (cid:3) T . Each agent i is controlled by firstcomputing the output control input u i and minimally modi-fying u i via the CBF-based QP method described previously.The final unicycle control inputs (cid:2) ν i ω i (cid:3) are then obtainedvia the transformation [ ν i ω i ] = (cid:104) cos( θ i ) sin( θ i ) − sin ( θ i ) /b cos( θ i ) /b (cid:105)(cid:2) u i, u i, (cid:3) .At any timestep where the QP is infeasible, each normalagent applies the best-effort safety preserving control (10)calculated via the LP (31). Infeasibility of the QP generatingthe control inputs does not necessarily imply that safetycannot be maintained. Reasons why the QP may go infeasibleat particular time steps include the conservative nature of theform of η ( · ) and the choice of α ( · ) function. The LP in (31)is applied whenever an agent’s QP is infeasible to apply theagent’s best control efforts towards maintaining safety. Givencontrol bounds | ν i | ≤ ν max i and | ω i | ≤ ω max i , it can be shown that the corresponding linear control bounds on u i, , u i, are A i ( x i ) (cid:20) u i, u i, (cid:21) ≤ b i , with A i ( x i ) = cos( θ i ) sin( θ i ) − cos( θ i ) − sin( θ i ) − sin( θ i ) /b cos( θ i ) /b sin( θ i ) /b − cos( θ i ) /b , b i = ν max i ν max i ω max i ω max i (46)For strictly positive ν max i , ω max i , and b , the set U i = { u i : A i ( x i ) u i − b i ≤ } satisfies the conditions of Assumption3 for all x i ∈ R . In this simulation each normal agenthas ν max i = 4 , ω max i = 2 , i ∈ N . For purposes of thissimulation, each adversarial agent has lower maximum linearand angular velocities than the normal agents with ν max j = 2 , ω max j = 1 , j ∈ A . The safe set S is defined using a booleancomposition of pairwise collision-avoidance sets for normal-to-normal pairs, normal-to-adversarial pairs, and normal-to-obstacle pairs. More specifically, given i, i (cid:48) ∈ N each safe set h i,i (cid:48) ( (cid:126)x ) is defined with respect to the linearized outputs (45)as h i,i (cid:48) = ( R c + 2 b ) − (cid:107) p i − p i (cid:48) (cid:107) , with partial derivative ∂h i,i (cid:48) ∂p i = − p i − p i (cid:48) ) . The normal-to-adversarial and normal-to-obstacle pairwise safe sets for i ∈ N , j ∈ A are definedin a similar manner. The pairwise adversarial-to-adversarialand adversarial-to-obstacle safe sets are not considered (asper Remark 3), since the nominal control law by definitionhas no effect on adversarial agents. All pairwise safe setsare composed into a single CBF h tot via boolean ANDoperations using the log-sum-exp smooth approximation tothe max( · ) function: h tot ( (cid:126)x ) = LSE ( (cid:2) h , . . . , h p (cid:3) ) = σ + 1 ρ ln (cid:32) p (cid:88) i =1 e ρ ( h i − σ ) (cid:33) , where ρ ∈ R > , σ ∈ R . The term σ is chosen to ensurenumerical stability. The term ρ controls how tightly LSE ( · ) approximates max( · ) . The reader is referred to [39], [40,Eq (10)] for more details. Sampling times in this simulationare asynchronous; each agent has a nominal sampling timeperiod of Γ = 0 . with a time-varying random disturbancesatisfying δ max i = . . For each agent i ∈ V , the distur-bance bound satisfies φ max i = 1 . , and the term η is setas η (Γ) = 8 . . Several frames from the simulation areshown in Figure 2. A plot of h tot is given in Figure 3. Asshown by Figure 3, under the proposed resilient controllerthe safety bounds for normal agents are not violated forthe duration of the simulation. This is achieved despite theactions of the adversarial agents.For comparison, Figure 4 depicts a simulation run underthe same parameters but with η (Γ) = 0 ∀ t ≥ ; i.e. nothingis done by normal agents to counteract effects of sampling,disturbances, and time delays. In this case safety of the nor-mal agents is not preserved—the value of h tot is temporarilypositive, indicating that one or more of the composed safesets was not invariant for the entire simulation. B. Double Integrators in R The second simulation involves a network of n = 8 doubleintegrator agents in R . Four of the agents behave normally ig. 2. Still frames from the video of Simulation 1. Normal agents are represented by blue circles and adversarial agents are represented by red circles. Thedotted red lines around the blue circles represent normal agents’ safety radii. The time-varying formation trajectory is represented by the dotted magentaline; the magenta diamond represents the center of formation. Black crosses represent agents’ nominal local time-varying formational points.Fig. 3. The value of the composed function h tot representing the safe set S . Non-positive values represent safety of the normal agents.Fig. 4. The value of the composed function h tot representing the safe set S when η (Γ) = 0 for all normal agents; i.e. sampling times and disturbancesare not accounted for in the control input calculations. The safety boundfor the normal agents is violated. and four are adversarial. Similar to the prior simulation,agents are nominally tasked with tracking positions in atime-varying formation defined by a Bezier curve, timinglaw, and local formational offsets. Each agent i ∈ V has thestate (cid:126)x i = (cid:2) x i, x i, x i, v i, v i, v i, (cid:3) T with thefollowing dynamics: Fig. 5. Input values for (normal) agent 2. The blue solid line representslinear input value and the green solid line represents angular input value.Dotted lines represent input bounds. Times at which the worst-case LP isused are marked with red X’s on both the linear and angular input lines. ˙ (cid:126)x i = (cid:20) × I × × − β i I × (cid:21)(cid:124) (cid:123)(cid:122) (cid:125) A (cid:126)x i + (cid:20) × I × (cid:21)(cid:124) (cid:123)(cid:122) (cid:125) B u i, u i, u i, + φ i ( t ) . Each normal agent i ∈ N has an input bound (cid:107) u i (cid:107) ∞ ≤ .Each adversarial agent j ∈ A has an input bound (cid:107) u j (cid:107) ∞ ≤ . . The terms β i ∈ R ≥ are chosen such that each normalagent has a velocity bound (cid:13)(cid:13)(cid:2) v i, v i, v i, (cid:3)(cid:13)(cid:13) ≤ ∀ i ∈ N and each adversarial agent has (cid:13)(cid:13)(cid:2) v j, v j, v j, (cid:3)(cid:13)(cid:13) ≤ . ∀ j ∈ A . Specifically, β i = 3 ∀ i ∈ V .Each normal agent i ∈ N seeks to track a time-varyingformational state (cid:126)x di ∈ R . The nominal formation states forall agents are equidistantly distributed around the edge ofa circle of radius 30 whose center translates along a time-varying trajectory described by a 3rd order Bezier curve B ( t ) = (cid:80) k =0 (cid:126)β i b i, ( s ( t )) described by the timing law s ( t ) = t f − tt f − t for t f = 140 and t = 0 , Bernstein basispolynomials b i, ( s ) , and the vector coefficients (cid:126)β = (cid:126)β = − (cid:126)β = − (cid:126)β = . etting the error (cid:126)e i be defined as (cid:126)e i = (cid:126)x di − (cid:126)x i , each i ∈ N calculates the nominal control law (cid:126)u i, nom = − K(cid:126)e i − ¨ (cid:126)x di with K = [ k I × k I × ] , where ¨ (cid:126)x di is the acceleration of (cid:126)x di , k = 2 , and k = 2 √ k . The nominal input (cid:126)u i, nom is minimally modified via the higher-order CBF-based QPmethod described in IV. Similar to (31), at any timestep t ki where the QP is infeasible each normal agent i ∈ N appliesthe control action u min i ( (cid:126)x k i ) = arg min u i ∈U i (cid:2) L f i ψ x i q − ( (cid:126)x k i ) + L g i ψ x i q − ( (cid:126)x k i ) u i (cid:3) . The environment contains 10 spherical obstacles withradius 2 randomly distributed across the volume containingthe second half of the time-varying trajectory. Adversarialagents j ∈ A in this simulation are each assigned a targetagent to pursue, with one of the normal agents havingmultiple pursuers. Each adversarial agent j ∈ A is assumedto have full knowledge of its target’s current state, but doesnot have knowledge of its target’s control inputs. Definingthe error term (cid:126)e i,j = (cid:126)x i − (cid:126)x j , i, j ∈ V , each adversary j ∈ A applies the control law (cid:126)u j = − K(cid:126)e i,j , where the matrix K is defined as previously described but with k = 1 . Thiscontrol input is minimally modified using a CBF QP methodto respect control input constraints and avoid collisions withother adversaries and obstacles, but not with normal agents.The safe set S in this simulation is defined using a similarboolean composition of pairwise collision avoidance sets asin the previous simulation. At each sampling instance, thenormal agent i considers all other agents whose positions liewithin a neighborhood of radius from agent i ’s position [ x i, x i, x i, ] . All normal-to-normal, normal-to-adversarial,and normal-to-obstacle pairwise safe sets are composed intoa single function h tot via boolean AND operations using the log-sum-exp function. Sampling times in this simulation areasynchronous for normal agents; each i ∈ N has a nominalsampling time period of Γ = 0 . with δ max i = 0 . for eachnormal agent. The disturbance φ i ( t ) for each agent i ∈ V (normal and adversarial) satisfies φ max i = . . For eachnormal agent i ∈ N the term η satisfies η (Γ i + δ max ) = 5 ,and the term ξ satisfies ξ = 39 . . Still frames from thesimulation are shown in Figure 6, and a plot of the value of h tot is given in Figure 7. As shown by Figure 7, the safetybounds for the normal agents are not violated for the durationof the simulation despite the actions of the adversaries.VI. C ONCLUSION
In this paper, we presented a framework for normally-behaving agents to render a safe set forward invariant inthe presence of adversarial agents. The proposed methodconsiders distributed sampled-data systems with heteroge-neous, asynchronous control affine dynamics, and a class offunctions defining safe sets with high relative degree with re-spect to system dynamics. Directions for future work includeinvestigating cases where control inputs of heterogeneousagents do not appear simultaneously in higher derivativesof the functions describing safe sets. R
EFERENCES[1] A. D. Ames, S. Coogan, M. Egerstedt, G. Notomista, K. Sreenath,and P. Tabuada, “Control barrier functions: Theory and applications,”in . IEEE, 2019, pp.3420–3431.[2] M. Srinivasan, S. Coogan, and M. Egerstedt, “Control of multi-agentsystems with finite time control barrier certificates and temporal logic,”in . IEEE,2018, pp. 1991–1996.[3] P. Glotfelter, J. Cort´es, and M. Egerstedt, “Nonsmooth barrier func-tions with applications to multi-robot systems,”
IEEE Control SystemsLetters , vol. 1, no. 2, pp. 310–315, 2017.[4] K. Garg and D. Panagou, “Control-lyapunov and control-barrier func-tions based quadratic program for spatio-temporal specifications,” in . IEEE,2019, pp. 1422–1429.[5] A. D. Ames, X. Xu, J. W. Grizzle, and P. Tabuada, “Control barrierfunction based quadratic programs for safety critical systems,”
IEEETransactions on Automatic Control , vol. 62, no. 8, pp. 3861–3876,2016.[6] S.-C. Hsu, X. Xu, and A. D. Ames, “Control barrier function basedquadratic programs with application to bipedal robotic walking,” in . IEEE, 2015, pp. 4542–4548.[7] W. Xiao and C. Belta, “Control barrier functions for systems withhigh relative degree,” in . IEEE, 2019, pp. 474–479.[8] W. S. Cortez, D. Oetomo, C. Manzie, and P. Choong, “Control barrierfunctions for mechanical systems: Theory and application to roboticgrasping,”
IEEE Transactions on Control Systems Technology , 2019.[9] A. Li, L. Wang, P. Pierpaoli, and M. Egerstedt, “Formally correct com-position of coordinated behaviors using control barrier certificates,” in . IEEE, 2018, pp. 3723–3729.[10] L. Wang, A. D. Ames, and M. Egerstedt, “Safety barrier certificates forcollisions-free multirobot systems,”
IEEE Transactions on Robotics ,vol. 33, no. 3, pp. 661–674, 2017.[11] P. Glotfelter, J. Cort´es, and M. Egerstedt, “Boolean composability ofconstraints and control synthesis for multi-robot systems via nons-mooth control barrier functions,” in . IEEE, 2018, pp. 897–902.[12] L. Guerrero-Bonilla and V. Kumar, “Realization of r-robust formationsin the plane using control barrier functions,”
IEEE Control SystemsLetters , vol. 4, no. 2, pp. 343–348, 2019.[13] L. Wang, A. D. Ames, and M. Egerstedt, “Safe certificate-basedmaneuvers for teams of quadrotors using differential flatness,” in .IEEE, 2017, pp. 3293–3298.[14] D. Pickem, P. Glotfelter, L. Wang, M. Mote, A. Ames, E. Feron, andM. Egerstedt, “The robotarium: A remotely accessible swarm roboticsresearch testbed,” in . IEEE, 2017, pp. 1699–1706.[15] L. Lindemann and D. V. Dimarogonas, “Control barrier functionsfor multi-agent systems under conflicting local signal temporal logictasks,”
IEEE Control Systems Letters , vol. 3, no. 3, pp. 757–762, 2019.[16] I. M. Mitchell, A. M. Bayen, and C. J. Tomlin, “A time-dependenthamilton-jacobi formulation of reachable sets for continuous dynamicgames,”
IEEE Transactions on automatic control , vol. 50, no. 7, pp.947–957, 2005.[17] R. Isaacs,
Differential games: a mathematical theory with applicationsto warfare and pursuit, control and optimization . Courier Corpora-tion, 1999.[18] H. Park and S. A. Hutchinson, “Fault-tolerant rendezvous of multirobotsystems,”
IEEE Transactions on Robotics , vol. 33, no. 3, pp. 565–582,2017.[19] K. Saulnier, D. Saldana, A. Prorok, G. J. Pappas, and V. Kumar,“Resilient flocking for mobile robot teams,”
IEEE Robotics andAutomation letters , vol. 2, no. 2, pp. 1039–1046, 2017.[20] J. Usevitch, K. Garg, and D. Panagou, “Finite-time resilient formationcontrol with bounded inputs,” in . IEEE, 2018, pp. 2567–2574.[21] J. Usevitch and D. Panagou, “Resilient leader-follower consensus toarbitrary reference values in time-varying graphs,”
IEEE Transactionson Automatic Control , vol. 65, no. 4, pp. 1755–1762, 2019.ig. 6. Still frames from Simulation 2. Normal agents are represented by blue circles and adversarial agents are represented by red circles. For clarity, thesafety radii of the normal agents has been omitted. The time-varying formation trajectory is represented by the dotted magenta line; the magenta diamondrepresents the center of formation. Black crosses represent individual agents’ nominal local time-varying formational points. Black spheres representrandomly placed obstacles.Fig. 7. A plot of the value of the composed function h tot representingthe safe set S for all normal agents in the second simulation. Non-positivevalues represent safety of the normal agents. For the entire duration of thissimulation, the value of h tot remains strictly negative, indicating that safetyis maintained for all normal agents.[22] ——, “Resilient leader-follower consensus to arbitrary reference val-ues,” in . IEEE,2018, pp. 1292–1298.[23] A. Singletary, Y. Chen, and A. D. Ames, “Control barrier func-tions for sampled-data systems with input delays,” arXiv preprintarXiv:2005.06418 , 2020.[24] Q. Nguyen and K. Sreenath, “Exponential control barrier functionsfor enforcing high relative-degree safety-critical constraints,” in . IEEE, 2016, pp. 322–328.[25] J. Usevitch and D. Panagou, “Adversarial resilience for sampled-datasystems using control barrier function methods,” in . IEEE, 2021, To Appear.[26] L. Gr¨une and J. Pannek, “Nonlinear model predictive control,” in Nonlinear Model Predictive Control . Springer, 2017.[27] K. Garg, E. Arabi, and D. Panagou, “Prescribed-time control underspatiotemporal and input constraints: A QP based approach,” arXivpreprint arXiv:1906.10091 , 2019.[28] M. Nagumo, “ ¨Uber die lage der integralkurven gew¨ohnlicher differ-entialgleichungen,”
Proceedings of the Physico-Mathematical Societyof Japan. 3rd Series , vol. 24, pp. 551–559, 1942.[29] L. Lindemann and D. V. Dimarogonas, “Decentralized control barrierfunctions for coupled multi-agent systems under signal temporal logictasks,” in . IEEE,2019, pp. 89–94.[30] J. Gauvin and F. Dubeau, “Differential properties of the marginalfunction in mathematical programming,” in
Optimality and Stabilityin Mathematical Programming . Springer, 1982, pp. 101–119.[31] H. K. Khalil,
Nonlinear systems . Prentice hall Upper Saddle River,NJ, 2002, vol. 3.[32] M. Black, K. Garg, and D. Panagou, “A quadratic program basedcontrol synthesis under spatiotemporal constraints and non-vanishing Fig. 8. A plot of the infinity norm of control input for (normal) agent 2versus time for the second simulation. The control norm bound is plotted inred, and the norm of agent 2’s control input is plotted in blue. Times whenthe backup LP is used are marked with red X’s.disturbances,” in . IEEE, 2020.[33] J. Bezanson, A. Edelman, S. Karpinski, and V. B. Shah, “Julia: Afresh approach to numerical computing,”
SIAM Review , vol. 59, no. 1,pp. 65–98, 2017.[34] B. Stellato, G. Banjac, P. Goulart, A. Bemporad, and S. Boyd, “OSQP:an operator splitting solver for quadratic programs,”
MathematicalProgramming Computation , vol. 12, no. 4, pp. 637–672, 2020.[Online]. Available: https://doi.org/10.1007/s12532-020-00179-2[35] J. Revels, M. Lubin, and T. Papamarkou, “Forward-mode automaticdifferentiation in Julia,” arXiv:1607.07892 [cs.MS] , 2016. [Online].Available: https://arxiv.org/abs/1607.07892[36] M. Chen, S. L. Herbert, M. S. Vashishtha, S. Bansal, and C. J. Tomlin,“Decomposition of reachable sets and tubes for a class of nonlinearsystems,”
IEEE Transactions on Automatic Control , vol. 63, no. 11,pp. 3675–3688, 2018.[37] L. Liebenwein, C. Baykal, I. Gilitschenski, S. Karaman, and D. Rus,“Sampling-based approximation algorithms for reachability analysiswith provable guarantees,” in
Robotics: Science and Systems , 2018.[38] B. Siciliano, L. Sciavicco, L. Villani, and G. Oriolo,
Robotics: mod-elling, planning and control . Springer Science & Business Media,2010.[39] L. Lindemann and D. V. Dimarogonas, “Control barrier functions forsignal temporal logic tasks,”
IEEE Control Systems Letters , vol. 3,no. 1, pp. 96–101, 2018.[40] J. Wurts, J. L. Stein, and T. Ersal, “Collision imminent steering at highspeed using nonlinear model predictive control,”