Graph-Based Barrier Functions

Updated 8 January 2026

Graph-based barrier functions are mathematical constructs that represent discrete system dynamics as state-transition graphs to enforce safety through invariant verification.
They integrate techniques like bounded model checking and counterexample-guided inductive synthesis to dynamically prune unsafe regions and synthesize robust controllers.
The approach addresses quantization effects and implementation uncertainties, offering computational efficiency and stability guarantees in safety-critical control systems.

A graph-based barrier function is a mathematical construct that leverages the structural properties of plant dynamics when these can be encoded as a graph or network, typically in a discrete-time state-space setting. In rigorous controller synthesis and formal safety verification, this approach is particularly valuable in physical systems where the evolution of the state can be captured as transitions over a finite or infinite graph, possibly embedded with uncertainties and digital implementation effects. This concept is foundational to approaches that link reachability, invariance, and synthesis of control laws with formal completeness and computational tractability.

1. Framework: State-Space Modeling and Graph Representation

Graph-based barrier functions operate within the paradigm of discrete-time linear (or affine) systems, most commonly modeled as:

$x_{k+1} = A_dx_k + B_du_k + \nu_k$

where $x_k\in\mathbb{R}^n$ is the plant state, $u_k\in\mathbb{R}^m$ is the input, and $A_d,B_d$ encode the exact ZOH discretization of the continuous-time system. Digital implementation induces quantization and rounding uncertainties, abstracted as additive bounded noise $\nu_k$ (Abate et al., 2017).

The dynamics can be structurally represented as a state-transition graph, where each vertex corresponds to a system state and each edge corresponds to a permissible transition under some input and noise, possibly parameterized by controller gains. The safe set $X_{\text{safe}}\subset\mathbb{R}^n$ denotes the subset of allowable (safe) states, typically an axis-aligned box.

This graph abstraction paves the way for barrier-function arguments, reachability analysis, and counterexample-guided synthesis.

2. Safety Specification as Reachability and Invariance

Safety is specified as the requirement that all trajectories of the closed-loop system remain within $X_{\text{safe}}$ for all time:

$\varphi_{\text{safety}} \equiv \forall k \geq 0.\; x_k \in X_{\text{safe}}$

The unsafe set $S_{\text{unsafe}} = \mathbb{R}^n \setminus X_{\text{safe}}$ is the forbidden region of the state graph.

Barrier functions can be implemented as indicator functions or certificates that guarantee positive invariance: for every $x_k \in X_{\text{safe}}$ , every allowed transition keeps $x_{k+1}\in X_{\text{safe}}$ , despite adversarial quantization, rounding, or other bounded disturbances.

Bounded Model Checking (BMC) encodes this invariant property as a chain of assertions over the graph:

$\texttt{assert}(l \leq x_k \leq u) \quad \text{for } k=0,\ldots,K$

where $l,u$ are lower and upper bounds on the box. Verification entails checking absence of paths in the graph reaching $S_{\text{unsafe}}$ under all allowed noise realizations (Abate et al., 2017).

3. Synthesis via Counterexample-Guided Inductive Synthesis (CEGIS)

The synthesis loop alternates between two phases tied to the graph structure:

Inductive (Guess) Phase: On a subgraph induced by initial states (counterexamples), synthesize a candidate controller $K$ such that no admissible path from any node exits $X_{\text{safe}}$ up to depth $k$ .
Validation (Check) Phase: Search for violations of the invariant; if a path is found that escapes the safe region, extract the initial state (node) and time step (edge label) as a new counterexample. Add this to the graph's set of monitored nodes and repeat (Abate et al., 2017).

This procedure dynamically prunes the control space and refines controller gains, excluding regions of the graph that can be shown (via extracted counterexamples) to violate safety. The process is equivalent to progressive exploration and elimination of unsafe subgraphs.

The completeness of this approach relies upon a reachability threshold $\bar k$ ; once the check passes for all subgraphs of length $k \geq \bar k$ , safety for all $k$ is guaranteed.

4. Safety Verification via Graph-Based Reachability and Acceleration

Two verification strategies map directly onto the graph formalism:

Bounded Model Checking (BMC): Unroll the graph up to a finite depth $K$ , translate it into a SAT/SMT problem parameterized by the controller and disturbance bounds, and check whether there exists a path from the initial node to any unsafe node.
Abstract Acceleration: Compute a closed-form over-approximation of all reachable nodes for all $k$ via matrix summations that encode paths (walks) through the graph:

$\hat X^\# = \bigcup_{k\geq 0} (A_{cl})^k X_0 \oplus \bigcup_{k\geq 0} \sum_{i=0}^{k-1} (A_{cl})^i B_n N$

where $A_{cl}$ acts as an adjacency or transition matrix of the state graph, $B_n$ absorbs the noise bounds, and $N$ is the reachable set under all possible noise patterns.

Testing inclusion $\mathcal{A}X_0\oplus\mathcal{B}N\subseteq X_{\text{safe}}$ is equivalent to verifying that, under all possible walks in the graph, the system remains within the safe nodes.

Failure in this inclusion check yields explicit graph counterexamples—violating traces, which trigger further refinement in the CEGIS loop.

5. Quantization and Implementation Effects in the Graph Model

Real digital controllers operate with finite precision:

Quantization (ADC/DAC truncation) and rounding errors are modeled as additive noise in node transitions.
All finite-word-length effects expand the allowable transition set in the graph, increasing nondeterminism in possible paths.
Noise bounds $q_1, q_2, q_3$ are based on the quantization granularity and arithmetic precision.

This realistic modeling ensures that the barrier property is robust to all hardware-induced uncertainties along every allowable edge in the graph (Abate et al., 2017).

6. Computational Tractability, Performance, and Empirical Results

Empirical evaluation demonstrates:

Abstraction-based acceleration on the reachability graph is on average 7× faster than naive unwinding/BMC.
Verified controllers are synthesized for standard benchmarks in under 1 minute (median 9.4 s), with full external validation in MATLAB.
The method scales to systems up to 4 states, 8.8 bits controller precision, and 28 bits plant precision.

In all cases, graph-based barrier functions coupled with controller synthesis guarantee that:

$\forall k\geq0\,,\,\, \|x_k\|_\infty \leq 0.92$

For the 2-state magnetic suspension benchmark, the resulting eigenvalues of the closed-loop graph adjacency ( $A_d−B_dK$ ) are inside the unit circle, certifying stability (Abate et al., 2017).

7. Extensions and Connections

The graph-based barrier function paradigm is foundational to varied extensions:

Safety-critical cyber-physical systems, where abstractions naturally form graphs (cells, modes, transitions) (Roy et al., 2010).
Automated controller synthesis for stochastic or nonlinear systems, where the graph accounts for probabilistic or complex transitions (Shmarov et al., 2019).
Symbolic or automata-based representations for high-level safety games, parameterized systems, and regular controller sets (Markgraf et al., 2020).
Safety certificate acceleration in high-dimensional verification (abstract reachability in state graphs) (Xiong et al., 2021).

In summary, graph-based barrier functions synthesize and verify digital controllers by treating the plant evolution and its uncertain implementation as transitions over a discrete graph. Through a tight integration of state invariance, counterexample-driven refinement, and forward-reachability on the graph, this approach yields computationally efficient and sound guarantees of safety and stability (Abate et al., 2017).