Safety Guardrails in the Sky: Realizing Control Barrier Functions on the VISTA F-16 Jet
For autonomous systems operating at the edge of their performance limits, Guardrails provides a practical runtime safety mechanism validated on a real high-performance aircraft.
This paper introduces Guardrails, a runtime assurance mechanism based on control barrier functions that guarantees dynamic safety for autonomous systems. Implemented on an F-16 fighter jet, Guardrails successfully enforced safety constraints (g-limits, altitude bounds, geofence) during flight tests with a human pilot, ensuring safety while minimally modifying unsafe inputs.
The advancement of autonomous systems -- from legged robots to self-driving vehicles and aircraft -- necessitates executing increasingly high-performance and dynamic motions without ever putting the system or its environment in harm's way. In this paper, we introduce Guardrails -- a novel runtime assurance mechanism that guarantees dynamic safety for autonomous systems, allowing them to safely evolve on the edge of their operational domains. Rooted in the theory of control barrier functions, Guardrails offers a control strategy that carefully blends commands from a human or AI operator with safe control actions to guarantee safe behavior. To demonstrate its capabilities, we implemented Guardrails on an F-16 fighter jet and conducted flight tests where Guardrails supervised a human pilot to enforce g-limits, altitude bounds, geofence constraints, and combinations thereof. Throughout extensive flight testing, Guardrails successfully ensured safety, keeping the pilot in control when safe to do so and minimally modifying unsafe pilot inputs otherwise.