1. Introduction
Rapid advances in maritime autonomy, including Maritime Autonomous Surface Ships (MASSs) and unmanned surface vehicles (USVs), have attracted increasing interest in ocean surveillance, marine conservation, port patrol, search-and-rescue operations, and intelligent transportation. In these applications, navigation is not merely a path-following problem but also a safety-critical decision-making process in dynamic and uncertain maritime environments [
1,
2,
3].
Collision avoidance remains a central challenge for the deployment of autonomous ships in complex maritime settings. The International Regulations for Preventing Collisions at Sea (COLREGs) provide general rules for common encounters, including head-on, crossing, and overtaking situations. However, these rules contain situation-dependent semantic requirements, such as timely action, appropriate course alteration, safe distance, and good seamanship, which are difficult to encode as fixed mathematical constraints [
4,
5,
6].
From the profound perspective of control theory, maritime collision avoidance can be fundamentally viewed through the lens of symmetry and asymmetry. The physical environment and the nominal kinematics of ASVs often exhibit homogeneous symmetries. However, the control objectives dictated by COLREGs are almost always asymmetric, specifying unique behavioral responsibilities, such as the clear distinction between a “give-way” vessel and a “stand-on” vessel in a crossing situation. Consequently, an effective intelligent navigation system must leverage symmetric control theory for scalable, stable path-following, while employing asymmetric control strategies to address heterogeneous constraints, ambiguous semantic rules, and complex global collision-avoidance goals.
Conventional techniques, including rule-based planning, artificial potential fields (APFs), velocity obstacles (VOs), and model predictive control (MPC), can perform well in structured settings; however, they remain limited in multi-ship interactions, complex traffic scenarios, and semantically ambiguous encounters [
7,
8,
9]. Learning-based algorithms, such as deep reinforcement learning (DRL), multi-agent reinforcement learning (MARL), and hybrid optimization-learning methods, provide greater adaptability to dynamic navigation and path-planning problems; for example, DRL-based and BIT* + TD3-based frameworks have been investigated for autonomous-vessel decision-making and energy-efficient USV path planning [
10,
11]. However, their decision-making processes are often opaque and difficult to validate, raising safety concerns in high-stakes maritime operations.
LLMs offer a promising tool for high-level decision support because they can interpret natural-language rules and generate human-readable reasoning. Recent studies on maritime-specific LLMs and LLM-based USV mission planning suggest that language models may support high-level maritime navigation reasoning and task-level decision support [
12,
13]. More specifically, recent work has explored LLM-assisted COLREGs decision-making and navigation support for autonomous vessels. Nevertheless, LLMs were not designed to serve as safety-critical controllers. Their outputs may be semantically plausible but physically ungrounded, delayed, inconsistent, or dynamically infeasible; consequently, LLM outputs should be validated and filtered before influencing vessel control [
14].
Recent advances in lightweight visual detection, perception, and sensor-fusion technologies have enabled autonomous systems to obtain richer environmental awareness and detect obstacles in real time. Lightweight YOLO-based detectors have been explored in resource-constrained visual-recognition tasks outside the maritime domain [
15], while radar, LiDAR, camera, and AIS-related measurements can support maritime target detection, dynamic obstacle tracking, and situation awareness for safe navigation and collision avoidance [
16,
17,
18,
19,
20].
This paper proposes a runtime assurance (RTA)-oriented dual-envelope safety mechanism to address these collision-avoidance challenges. In the proposed framework, the LLM acts as a semantic reasoning module that translates structured encounter information into auditable COLREGs-conformant labels, including encounter type, vessel responsibility, relevant rules, recommended maneuvers, and prohibited actions. These outputs are validated and then mapped to a soft semantic compliance envelope, while a predictive risk envelope and an MPC-CBF safety filter ensure physical collision avoidance. When semantic outputs are unreliable, the runtime assurance monitor triggers conservative or emergency fallback actions, thereby decoupling semantic reasoning from physical safety guarantees.
We introduce a COLREGs-oriented semantic control architecture for ASV collision avoidance that restricts the LLM to high-level rule interpretation while preserving physical safety through a deterministic controller.
We develop a safety-verification and correction mechanism that prevents unsafe or dynamically infeasible LLM-generated decisions from being executed directly.
We evaluate the proposed method in canonical two-vessel encounters and multi-vessel scenarios to assess collision avoidance, COLREGs compliance, and decision interpretability.
2. Related Work
2.1. COLREGs-Compliant Collision Avoidance for Maritime Autonomous Surface Ships
Collision avoidance for Maritime Autonomous Surface Ships (MASSs) and ASVs is a fundamental requirement for safe autonomous navigation. Unlike generic robotic obstacle avoidance, maritime collision avoidance must account for COLREGs, which specify encounter-dependent responsibilities in head-on, crossing, overtaking, give-way, and stand-on situations. However, COLREGs were originally written for human navigators rather than autonomous control systems. Terms such as early and substantial action, safe speed, proper lookout, and ordinary practice of seamen are, therefore, difficult to translate into deterministic mathematical constraints.
Recent surveys have shown that COLREGs-compliant navigation is not merely a geometric collision-prevention problem but a coupled problem involving situation awareness, encounter classification, risk assessment, decision-making, trajectory planning, and control execution. Burmeister and Constapel evaluated the use of artificial intelligence, machine learning, and data-driven solutions for autonomous collision avoidance at sea [
21]. Zhang et al. surveyed collision-avoidance navigation systems for MASSs and reviewed regulatory, perception, planning, and navigation challenges [
22]. Hu et al. reviewed COLREGs-compliant ASV navigation from classical methods to learning-based approaches [
23]. Chang et al. further analyzed MASS collision-avoidance studies using the Conventional Collision Avoidance Process model and identified functional gaps between academic approaches and conventional bridge practice [
24].
These studies indicate that COLREGs compliance cannot be guaranteed by a single local planner or a single collision-risk metric. An effective autonomous collision-avoidance system should integrate rule interpretation, risk prediction, maneuver feasibility, and verifiable safety bounds. This observation motivates architectures in which high-level COLREGs reasoning is decoupled from low-level control execution: semantic rule interpretation may guide the system, but deterministic and auditable modules must retain safety authority.
2.2. Rule-Based, Artificial-Potential-Field, Velocity-Obstacle, and ORCA Methods
Early COLREGs-compliant collision-avoidance methods were commonly based on rule logic, ship-domain models, artificial potential fields (APFs), velocity obstacles (VOs), reciprocal velocity obstacles, and search-based planners. These methods are attractive because they are interpretable, easy to analyze, and directly related to selected COLREGs encounter categories. Ship-domain methods define protected regions around vessels, APF methods generate attractive and repulsive navigation fields, and VO-based methods identify relative-velocity regions that can lead to collision. Rule-based planners then select course or speed changes according to encounter type and collision-risk metrics, such as DCPA and TCPA.
APF-based maritime planners have been adapted to include COLREGs-compliant repulsive fields and deterministic real-time path planning. Lyu and Yin proposed a real-time path-planning approach with COLREGs constraints based on modified artificial potential fields [
25], while Li and Zheng developed a real-time USV collision-avoidance planner based on field theory [
26]. VO-based methods provide a complementary geometric perspective. Kuwata et al. designed a maritime VO algorithm that accounts for COLREGs when guiding USVs in dynamic environments [
27]. ORCA, originally developed for multi-agent robotics, provides sufficient local conditions for reciprocal collision avoidance without communication and is therefore a useful reference for reactive geometric avoidance [
28].
These methods form the conceptual basis of the rule-based COLREGs and APF/VO/ORCA baselines evaluated in this study. However, they typically rely on hand-crafted encounter classifiers, risk thresholds, and priority rules. Although transparent, they can become fragile in heavy traffic, ambiguous responsibility assignments, and uncertain COLREGs situations in which multiple rules may apply. This limitation motivates predictive optimization strategies that reason over future trajectories rather than reacting only to the current collision geometry.
2.3. Model Predictive Control and Predictive Collision Avoidance
Model predictive control (MPC) has become a prominent approach for maritime collision avoidance because it can account for vessel dynamics, actuator limits, prediction horizons, and multi-objective cost functions. MPC-based algorithms evaluate candidate future trajectories or control sequences and select actions that balance path following, risk reduction, maneuver smoothness, and COLREGs compliance. MPC therefore provides the methodological basis for the MPC-only baseline used in this study.
Johansen et al. proposed a simulation-based control-behavior selection method that predictively evaluates collision hazards while maintaining COLREGs compliance [
29]. The method generates a finite set of candidate control actions, propagates them forward in time, and evaluates them according to collision risk and rule adherence. Eriksen et al. introduced the branching-course MPC algorithm as a short-term maritime collision-avoidance mechanism that is robust to obstacle-estimation uncertainty and satisfies applicable COLREGs rules [
30]. Hagen et al. later explored scenario-based MPC with multiple decision stages as a predictive strategy for COLREGs-compliant ship collision avoidance [
31].
Although MPC-based solutions provide predictive feasibility and dynamic constraint handling, they usually depend on predefined rule encodings and manually specified semantic criteria. The optimizer can evaluate risk and feasibility, but it cannot by itself resolve the linguistic ambiguity of COLREGs or explain why a particular regulatory interpretation should dominate in a compound encounter. MPC is therefore well suited as a deterministic planning and implementation layer, but safety-critical COLREGs-compliant navigation also requires semantic reasoning and runtime safety supervision.
2.4. COLREGs-Aware Trajectory Optimization and Rule-Constrained MPC
A related line of research directly incorporates COLREGs into trajectory-optimization or MPC objectives. Instead of selecting from a restricted set of rule-based actions, these methods represent rule compliance as mode-dependent costs, constraints, or penalties within an optimization problem. This formulation enables smoother and more dynamically feasible trajectories while explicitly representing own-ship obligations in head-on, crossing, overtaking, give-way, and stand-on scenarios.
Tsolakis et al. proposed a COLREGs-aware optimal trajectory method for ASVs using model predictive contouring control [
32]. Their approach integrates relevant COLREGs rules into motion planning and verifies the resulting behavior in simulation. Similar optimization-based methods formulate collision-avoidance constraints, ship domains, and rule-dependent penalties to avoid trajectories that are technically safe but rule-inconsistent. These studies motivate the COLREGs-MPC-CBF baseline used here, in which the planner must not only avoid collision but also follow rule-aware maneuver preferences.
Nevertheless, COLREGs-based optimization alone cannot provide complete safety reasoning. The optimizer may become infeasible in dense traffic, depend on manually selected rule thresholds, or generate locally feasible trajectories with a limited safety margin. Formal safety bounds and runtime guarantees are therefore required when rule-constrained MPC is used in safety-critical closed-loop operation.
2.5. Control Barrier Functions and MPC-CBF Safety-Critical Control
Control barrier functions (CBFs) provide a formal mechanism for enforcing safety constraints in real time. The CBF-QP framework developed by Ames et al. integrates safety requirements with performance objectives by expressing safety as a forward invariance of an admissible set and embedding the resulting conditions in a quadratic program [
33]. CBFs are therefore attractive for safety-critical control because they can act as real-time safety filters that minimally modify nominal control commands while enforcing safety constraints.
Combining MPC and CBFs has become increasingly popular because it links finite-horizon optimality with forward-invariance-based safety. Zeng et al. studied safety-critical MPC with discrete-time CBF constraints and showed how safety requirements can be incorporated directly into predictive optimization [
34]. In maritime scenarios, Lee et al. recently proposed turning-circle-based CBFs for COLREGs-compliant collision avoidance, explicitly accounting for vessel maneuverability and avoidance direction [
35]. These studies motivate the MPC-CBF foundation of the proposed safety filter.
Although CBF-based methods formalize safety, they primarily enforce invariance of a mathematically defined safe set. A CBF constraint may preserve a minimum distance, but it does not necessarily determine whether the own ship should act as a give-way, stand-on, or overtaking vessel. Thus, generic MPC-CBF can be geometrically safe while remaining difficult to justify under COLREGs. This gap motivates the integration of CBF safety constraints with COLREGs-aware semantic compliance envelope and runtime monitoring.
2.6. Runtime Assurance and Safety Filtering
Runtime assurance (RTA) is an architectural principle for systems that include complex, optimization-based, or learning-enabled components. Rather than requiring full offline validation of an advanced controller, RTA monitors runtime behavior and switches to, or filters through, a verified safety controller when necessary. The Simplex architecture introduced by Seto et al. is an early example of this idea, separating an advanced controller from a verified safety controller [
36].
More recent RTA research extends this concept to learning-enabled autonomous systems. Cofer et al. demonstrated a runtime assurance architecture for a neural-network-based aircraft taxiing application, showing how monitors and high-assurance components can constrain the behavior of an advanced controller [
37]. The same principle is applicable to ASV collision avoidance, which may involve predictive optimization, learned perception, or semantic instructions from LLMs. Such components may improve performance or interpretability, but their outputs should remain bounded by deterministic safety authority.
This literature motivates the RTA-MPC-CBF and single-envelope RTA-MPC-CBF baselines. The RTA-MPC-CBF baseline tests whether runtime safety supervision reduces worst-case behavior relative to nominal COLREGs-MPC-CBF. The single-envelope baseline further evaluates whether a fixed conservative safety envelope is sufficient, or whether a dual-envelope design is needed to reduce unnecessary intervention during low-risk operation while retaining emergency protection.
2.7. Learning-Based and LLM-Assisted COLREGs Reasoning
Learning-based methods have been developed to improve flexibility in complex multi-vessel environments. Deep reinforcement learning (DRL), multi-agent reinforcement learning (MARL), and hybrid optimization-learning algorithms can learn collision-avoidance behavior from simulation and capture nonlinear relationships that are difficult to hand-code. Wei and Kuo proposed CA-QMIX, a COLREGs-compliant multi-ship collision-avoidance algorithm that integrates a 3-DOF ship model with ORCA-based collision-risk prediction and safe-velocity calculation [
38]. Wen et al. proposed a two-stage DRL planning method for cooperative USV path planning under COLREGs constraints [
39].
Learning-based approaches are promising because they can generalize across diverse scenarios and may learn maneuvers that are difficult to design manually. However, they also raise challenges related to interpretability, verification, distribution shift, and certification. A learned policy may perform well in simulation while providing limited explanation of its COLREGs reasoning. Because safety-critical maritime navigation requires auditable rule compliance and failure handling, learning-based components should be constrained by formal safety filters or placed in advisory roles rather than granted unrestricted control authority.
Recently, LLMs have attracted increasing attention as high-level decision-support tools because they can understand textual rules, provide human-readable reasoning, and translate complex situations into interpretable decisions. Agyei et al. proposed an LLM-based decision-making and control architecture for ASVs under COLREGs, in which the LLM serves as a high-level decision-maker and local planning and control modules implement the generated command [
40]. Related interest is also reflected in the COLREG 3 report and the Navigation-GPT preprint, which explore LLMs for maritime rule interpretation and navigation support [
41,
42].
Nevertheless, using an LLM as a direct maneuver authority remains difficult to justify in safety-critical maritime control. LLM outputs may be unstable, overconfident, or semantically plausible yet geometrically unsafe. They may also depend strongly on prompt design, state representation, and scenario distribution. An LLM should therefore not be regarded as a certified controller. A safer strategy is to restrict the LLM to semantic governance: it may classify the encounter, identify the applicable COLREGs responsibility, suggest qualitative maneuver preferences, and provide an explanation, but its output must be structured, validated, spatially and temporally checked, and bypassed at runtime when necessary.
2.8. Research Gap and Position of This Work
The literature shows that COLREGs-compliant collision avoidance has evolved along several complementary directions. Rule-based, APF, VO, ORCA, and ship-domain methods provide interpretability and regulatory structure but often rely on manually encoded thresholds and encounter rules. MPC-based approaches improve predictive feasibility and dynamic constraint handling, but still depend on predefined COLREGs semantics. COLREGs-aware optimization improves the generation of rule-consistent trajectories, but it does not necessarily provide formal safety or runtime-failure handling. CBF and MPC-CBF methods provide formal safety filtering, but they do not directly resolve COLREGs semantic ambiguity. RTA methods can supervise untrusted advanced controllers, but require effective safety envelopes and do not themselves provide maritime rule interpretation. Learning-based and LLM-assisted methods improve adaptability and interpretability, but their outputs cannot be certified when treated as direct control commands.
This paper addresses this gap by proposing a runtime-assured dual-envelope predictive safety-control framework in which the LLM is not used as a direct controller. Instead, the LLM is confined to semantic governance, generating structured COLREGs interpretations, encounter classifications, and qualitative maneuver preferences. These outputs are then verified through schema validation, temporal-consistency checking, geometric-feasibility checking, confidence monitoring, and runtime assurance supervision. The deterministic MPC-CBF safety layer retains final command authority by enforcing collision-avoidance constraints and rejecting or downgrading unsafe semantic suggestions.
This review also motivates the baseline design in the experimental section. The COLREGs baseline represents hand-coded maritime rules. The APF/VO/ORCA baseline represents reactive geometric avoidance. The MPC-only baseline evaluates the benefit of finite-horizon prediction. The MPC-CBF baseline measures the effect of formal barrier safety. The COLREGs-MPC-CBF baseline evaluates rule-aware optimization. The RTA-MPC-CBF and single-envelope RTA-MPC-CBF baselines measure runtime safety supervision and the cost of conservative fixed-envelope protection. The proposed method further introduces semantic uncertainty awareness, adaptive safety inflation, and dual-envelope runtime assurance, thereby integrating semantic interpretability with deterministic safety enforcement.
3. Problem Formulation and Methodology
3.1. Design Principle and Overall Architecture
This paper proposes a runtime-assured dual-envelope predictive safety-control architecture for COLREGs-compliant ASVs. The main design principle is to decouple semantic rule interpretation from safety-critical control. The LLM is not used as a direct controller and is not permitted to output rudder angle, thrust, yaw rate, acceleration, waypoints, or other actuator-level commands. Instead, it serves as a semantic governor that maps structured encounter data to auditable COLREGs-related labels and qualitative maneuver preferences.
Final control authority remains with a deterministic safety layer. This layer combines a semantic compliance envelope, a predictive risk envelope, and an MPC-CBF safety filter. The semantic compliance envelope represents validated COLREGs interpretations and penalizes behavior inconsistent with the applicable rules. The predictive risk envelope represents physical collision risk by propagating target-vessel trajectories and prediction uncertainty over the prediction horizon. The MPC-CBF safety filter then computes the final admissible control command by imposing collision-avoidance constraints while minimizing unnecessary deviation from nominal path-following behavior and COLREGs-consistent preferences.
The overall runtime-assured dual-envelope architecture is shown in
Figure 1. First, the state-estimation module provides own-ship and target-vessel states. These estimates are processed through two parallel channels: a semantic control channel and a predictive risk channel. The semantic branch converts deterministic encounter features into verified COLREGs labels and maps them to the semantic compliance envelope. In parallel, the prediction branch estimates target-vessel motion and uncertainty over the MPC horizon to construct the predictive risk envelope. The two envelopes are then combined by the MPC-CBF safety filter, while the runtime assurance supervisor monitors semantic validity, solver feasibility, and fallback conditions.
As illustrated in
Figure 1, the LLM is not placed in the direct control loop because it does not make actuator-level decisions. Its output is converted into a semantically bounded envelope only after validation. This architectural separation allows semantic interpretations to guide the controller without becoming a single point of safety failure.
3.2. Vessel State Representation and Collision Risk Assessment
The controlled vessel is denoted as the own ship (OS). Surrounding vessels are indexed as target vessels
, such that i = 1, 2, …, N. The state of the own ship and the state of the i-th target vessel are expressed as follows:
where
and
denote vessel position,
denotes heading angle, and U is the vessel speed. With the
x-axis pointing east and the
y-axis pointing north, the velocity vectors of the own ship and the target vessel are given by the following:
The relative position and velocity of target vessel i with respect to the own ship are defined as follows:
According to
and
, the time to closest point of approach and distance to closest point of approach are computed as follows:
Because Equation (4) is singular and numerically unstable at relative velocities near zero (i.e., ), it is regularized by introducing a small regularization constant to the denominator. When m/s, the system smoothly switches to the instantaneous Euclidean distance as a conservative safety proxy, which reduces command chattering caused by discontinuities. When < 0, the vessels are considered receding from the closest point of approach and the encounter is not generally treated as an urgent one. A target vessel is considered dangerous when 0 < < , < .
The normalized distance risk and time risk for target vessel
are mathematically formulated as follows:
where
and
are the deterministic safety thresholds for closest-approach distance and time, respectively.
The overall risk index is
The use of
= 0.6 and
= 0.4 as initial values in this study is because predicted passing distance directly indicates the severity of the possible conflict. Target vessels are ranked by
,
, and
. The highest-risk vessels are then included in the structured semantic prompt and predictive safety constraints. Including all surrounding vessels in the LLM prompt and the MPC optimization problem in high-density maritime traffic would cause substantial computational bottlenecks. To be scalable, the system uses a dynamic risk filter that utilizes the continuous risk index (
). Surrounding vessels are ranked by the risk index at each control step. Only the top
highest-risk vessels with
≥ 0.30 (medium-to-high risk) are active. The filtered vessels are used as constraints in the MPC-CBF safety filter and converted into a structured LLM description and the lower-risk vessels are temporarily ignored to maintain a bounded computational load. The threshold
= 5.0 m is chosen to satisfy the collision boundary (approximately 2.5 times the vessel’s length overall), ensuring a robust margin for maneuverability.
is set to 30 s, which is consistent with typical observation intervals for small USVs to allow early intervention. The risk weights
= 0.6 and
= 0.4 are selected to prioritize predicted passing distance (spatial risk) over time-to-collision (temporal risk), reflecting a design preference for maintaining sufficient spatial clearance in the navigation corridor. The collision risk levels used for semantic encoding are summarized in
Table 1.
3.3. COLREGs-Oriented Encounter Abstraction
Before querying the LLM, the numerical encounter state is transformed into a structured COLREGs-oriented representation. This step is essential because the LLM should not infer vessel responsibilities directly from raw coordinates. Instead, it receives a rule-relevant context generated by deterministic encounter-classification logic.
where
is the absolute bearing of the target vessel from the own ship, and
is the own ship’s heading. The modulo operation ensures the relative bearing
is mapped to
.
Positive values indicate that the target vessel is on the starboard side of the own ship, whereas negative values indicate that it is on the port side. The course difference is defined as follows:
The geometric quantities used for deterministic encounter abstraction are illustrated in
Figure 2. Relative bearing, course difference, DCPA, and TCPA provide the numerical basis for identifying head-on, crossing, overtaking, and non-conflict situations before LLM semantic reasoning is performed.
Figure 2 emphasizes that the LLM does not infer vessel responsibility from raw coordinates. Instead, the encounter is first transformed into a bounded geometric representation. This design reduces ambiguity in LLM semantic reasoning and provides a reference for geometry-consistency validation.
Table 2 summarizes the rule-based encounter abstraction used before LLM semantic reasoning. These thresholds are used as initial simulation settings and can be adjusted according to vessel size, traffic density, sensor range, and operating area.
The deterministic abstraction is not intended to replace COLREGs interpretation. Rather, it provides a bounded and repeatable input to the LLM. The LLM may help organize the semantics of uncertain or multi-vessel scenarios, but its outputs must remain consistent with the geometric encounter state.
3.4. LLM Semantic Governor and Structured Output Schema
This paper uses the GPT-4-Turbo model accessed through the OpenAI API as the foundation of the LLM semantic governor because of its strong natural-language understanding and instruction-following capability. To reduce hallucination and improve reproducibility, the prompt temperature is set to 0.1.
The LLM semantic governor is designed as an interpretable rule-reasoning module rather than a direct control module. At each semantic decision interval, the system converts the numerical encounter state into a condensed structured description, including target-vessel state, relative bearing, range, DCPA, TCPA, risk level, deterministic encounter abstraction, own-ship role, and candidate maneuver labels. This design provides the LLM with a constrained COLREGs context and prevents unconstrained inference about vessel responsibility based only on coordinates.
The LLM is allowed to output only semantic navigation labels. It cannot output rudder angle, thrust, yaw rate, acceleration, waypoints, or other actuator-level commands. The required semantic fields are listed in
Table 3; they define the information that may be accepted from the LLM and transferred to the validation layer.
Table 3 shows that the LLM output is restricted to a fixed semantic vocabulary. The output is therefore not treated as a navigation command but as a set of auditable semantic labels used to construct the soft semantic compliance envelope. Before these labels are allowed to influence the MPC-CBF safety filter, they are examined by the validation layer through schema, vocabulary, geometry, confidence, and temporal-consistency checks.
3.5. Semantic Validation Layer
Figure 3 summarizes the validation process for LLM-generated semantic labels. The structured LLM output is not sent directly to the controller; it must pass schema validation, vocabulary validation, geometry-consistency checking, confidence validation, and freshness validation.
The validation pipeline in
Figure 3 is a key safety boundary of the proposed design. It ensures that semantically plausible but machine-unacceptable or geometrically inconsistent LLM outputs cannot influence the optimization problem. A failed validation stage causes the runtime assurance supervisor to select a fallback mode rather than treating the LLM output as trusted advice.
The semantic validation layer blocks untrusted language output from entering the control problem. Each LLM response is stamped with the encounter state used in the prompt, and the response is accepted only after passing the following five checks.
To begin with, schema validation checks whether the response is a valid JSON and contains all required fields. Second, vocabulary validation verifies that each field is part of the pre-established list of permitted labels. Third, geometry validation verifies whether the stated encounter type and own-ship role are consistent with the relative bearing, DCPA, TCPA, and deterministic encounter abstraction. Fourth, confidence validation checks whether the confidence value is higher than the minimum threshold . Fifth, temporal validation discards stale outputs whose age surpasses the semantic freshness threshold .
If any validation step fails, the runtime assurance supervisor prevents the LLM output from directly influencing the control problem. Depending on the failure mode and risk level, the supervisor may hold the last valid semantic compliance envelope, activate a conservative envelope, skip the semantic layer, or enter emergency mode. The validation checks for LLM-generated semantic outputs are summarized in
Table 4.
When multiple LLM backbones are available, disagreement in own-ship obligation or encounter type is treated as semantic uncertainty rather than majority-vote truth. Under such disagreement, the supervisor demotes or bypasses the semantic compliance envelope.
3.6. Semantic Compliance Envelope
The semantic compliance envelope converts validated COLREGs semantics into soft optimization constraints and penalties. The envelope is not imposed as a hard constraint because collision avoidance must retain priority. Instead, slack variables represent semantic consistency and record when the controller deviates from the nominal COLREGs preference.
In a starboard-crossing encounter, the semantic compliance envelope for a give-way vessel penalizes passing ahead of the target vessel and favors starboard alteration, deceleration, or pass-astern geometry. In a port-crossing encounter, the semantic compliance envelope for a stand-on vessel favors maintaining course and speed unless the target vessel fails to give way or the predictive risk envelope indicates increasing danger. In an overtaking encounter, the envelope penalizes actions that fail to keep clear of the vessel being overtaken.
where
is the predicted own-ship state at prediction step
,
is the corresponding control input,
is the validated semantic-label set at the current update step, and
is the semantic slack variable.
Semantic slack has two roles. Quantitatively, it keeps the optimizer feasible when semantic preferences conflict with urgent collision avoidance. Semantically, it serves as an audit signal: a large semantic slack value indicates that the controller had to depart from the nominal COLREGs preference to preserve physical safety. This is particularly important in stand-on situations, where the own ship should initially maintain course and speed but may need to maneuver if the give-way vessel does not respond. Thus, the semantic term guides rule-consistent behavior during normal operation, whereas the physical safety envelope and CBF constraints retain priority in safety-critical cases.
3.7. Predictive Risk Envelope
The predictive risk envelope is based on short-horizon target-vessel predictions. The prediction module provides the mean target position
and covariance
of each target vessel
and time step
. As the default predictor, constant-velocity or constant-turn-rate models can be considered. When sufficient trajectory data are available, a learned predictor may be used as an advisory prediction module, but it should not be treated as a safety authority. Final safety enforcement remains with the MPC-CBF safety filter and the runtime assurance supervisor.
where
is the base safety radius,
is the uncertainty inflation coefficient,
(
) is the maximum eigenvalue of the predicted covariance matrix, and
denotes the relative velocity-related risk term.
where
is the predicted own-ship position. The discrete-time CBF condition is written as follows:
where
is the CBF decay variable and
is the safety slack variable. Safety slack is retained only to preserve numerical feasibility and has a significantly greater penalty than semantic slack. Persistent activation of safety slack indicates that the controller, constraints, or scenario have moved into an unsafe or infeasible area.
3.8. MPC-CBF Safety Filter
Figure 4 shows how the semantic compliance envelope and predictive risk envelope are combined before entering the MPC-CBF safety filter. The semantic compliance envelope represents validated COLREGs-consistent maneuver preferences as soft penalties, whereas the predictive risk envelope represents uncertainty-inflated physical collision risk as safety constraints.
Figure 4 illustrates the distinct roles of the two envelopes. The predictive risk envelope defines the safety-critical region that the vessel should not enter, whereas the semantic compliance envelope represents the desired avoidance behavior derived from validated COLREGs semantics. This separation allows collision avoidance to override semantic preference when the two objectives conflict.
The safety filter of the MPC-CBF computes the latest admissible control command in a receding horizon. Nominal input can be provided by a path-following controller, line-of-sight guidance law, or waypoint tracker. The safety filter is not an alternative to nominal navigation. In the presence of risk or COLREGs-related constraints, it modifies the nominal command as little as possible.
With prediction horizon
N, state
, and control input
, the safety-filter optimization problem is formulated as the safety-filter optimization problem as follows:
Here,
denotes the reference state,
denotes the nominal control input, U is the admissible input set, and X is the admissible state set. The penalty weights satisfy
>>
, ensuring that collision avoidance takes precedence over semantic preference when the two objectives conflict. The first feasible control input of the optimized sequence is applied to the ASV, and the optimization is repeated at the next MPC replanning step using the updated own-ship and target-vessel states.
Table 5 defines the authority boundaries of the proposed control architecture.
3.9. Runtime Assurance Supervisor
The runtime assurance supervisor manages the interaction between the semantic layer and the deterministic control layer. It operates through discrete assurance modes and switches modes according to LLM validity, semantic uncertainty, predictive risk, and solver status.
Nominal mode uses both the validated semantic compliance envelope and the predictive risk envelope. Semantic-hold mode reuses the most recent valid semantic compliance envelope when LLM output is temporarily unavailable. Conservative-semantic mode applies a predefined conservative envelope under low LLM confidence or ambiguous encounters. Pure-MPC-CBF mode removes the semantic compliance envelope when LLM output is malformed, geometrically inconsistent, or persistently stale. Emergency mode is activated when the optimizer becomes infeasible, safety slack grows excessively, or collision risk cannot be reduced by ordinary commands.
In emergency fallback mode (M4), the ASV does not simply cut propulsion because drifting in environmental disturbances may lead to loss of steerage. Instead, the supervisor executes a safe-harbor dynamic maneuver: it commands a full-rudder turn to starboard, consistent with COLREGs Rule 2, or initiates a dynamic-positioning braking sequence. This strategy dissipates kinetic energy while preserving heading control against wind and currents.
Figure 5 shows the mode transitions of the runtime assurance supervisor. The supervisor switches among nominal mode, semantic-hold mode, conservative-semantic mode, pure MPC-CBF mode, and emergency fallback mode according to LLM validity, semantic freshness, geometric consistency, solver feasibility, and safety-slack activation.
As illustrated in
Figure 5, fallback activation is not treated as a software anomaly but as an anticipated safety response. When the LLM output is delayed, malformed, low-confidence, or geometrically inconsistent, the supervisor prevents it from directly affecting the control command and shifts the system to a safer operating mode.
The runtime assurance supervisor monitors the validity, freshness, consistency, and safety influence of both the semantic layer and the MPC-CBF solver. When the LLM output is unreliable, the supervisor prevents it from influencing the control problem and either retains the last valid semantic compliance envelope, activates a conservative envelope, bypasses the semantic layer, or enters emergency safety mode. The monitoring logic and fallback actions are summarized in
Table 6. Algorithm 1 summarizes the runtime-assured dual-envelope COLREGs control loop.
| Algorithm 1. Runtime-assured dual-envelope COLREGs control loop. |
| Input: |
| Own-ship state (k), target-vessel states (k), |
| COLREGs rule set R, LLM semantic governor G, prediction horizon N, |
| . |
| Output: |
| (k). |
| 1: Initialize the runtime-assurance supervisor .
|
| 2: Initialize the semantic compliance envelope as . |
| 3: Set the last accepted LLM update time as . |
| 4: Set the asynchronous LLM query handle as . |
| 5: Let . |
| |
| 6: while the ASV mission is active do
|
7: (k) and (k). |
| 8: Compute range, relative bearing, DCPA, TCPA, encounter class, and risk level. |
| 9: Rank target vessels and construct the high-risk target set H(k). |
| 10: Construct the structured encounter description z(k). |
| |
| 11: = ∅ then |
12: Launch an asynchronous LLM query:
← G(z(k), H(k), R). |
| 13: end if |
| |
| 14: has returned a new semantic output then |
15: using schema, vocabulary, confidence, geometric-consistency, and freshness checks. |
| 16: is valid then |
| 17: ). |
| 18: . |
| 19: to nominal semantic-governance mode. |
| 20: else |
| 21: . |
| 22: ). |
| 23: end if |
| 24: . |
| 25: end if |
| |
| 26: then |
| 27: Mark the semantic output as stale. |
| 28: ). |
| 29: end if |
| |
| 30: Predict target-vessel trajectories over the MPC horizon. |
| 31: Construct the predictive risk envelope with uncertainty inflation. |
| 32: Formulate the dual-envelope MPC-CBF optimization problem using . |
| 33: Solve the MPC-CBF optimization problem. |
| |
| 34: if the optimization is feasible and the solver time is acceptable then |
35: Apply the first optimal control input: . |
| 36: else |
| 37: Activate emergency runtime-assurance mode. |
38: Apply the predefined safe fallback command: . |
| 39: end if |
| |
40: Log semantic labels, , slack variables, CPA, CBF margin, fallback mode, and solver time. |
| 41: end while |
The framework addresses the natural time-scale mismatch between the 10 Hz deterministic command-publishing layer, the 2 Hz MPC-CBF replanning task, and the asynchronous LLM semantic governor. At each 100 ms command tick, the RTA supervisor publishes the newest validated MPC-CBF command, a cached safe command, or an emergency fallback command. The MPC-CBF optimizer runs at a 500 ms replanning period and is terminated by a 480 ms watchdog if it does not return in time. The LLM semantic governor runs asynchronously and updates the cached semantic compliance envelope only after validation.
4. Experiments and Results Analysis
4.1. Experimental Objectives and Contribution-to-Experiment Mapping
To provide the physical simulation with an engineering background, the simulated autonomous surface vehicle is represented as scaled to a typical survey USV (e.g., like the Maritime Otter USV platform), having a length overall (LOA) of m and beam of m. The base safety radius is therefore m, and the minimum physical collision boundary is m (about 2.5 times the LOA) which provides a physically reasonable safety margin when the environment is disturbed.
The experiments are designed to answer the six research questions related to the main contributions. Firstly, is MPC more effective in anticipatory behavior compared to reactive or rule-based approaches? Secondly, are CBF limitations less prone to safety-margin infringements than unconstrained MPC? Thirdly, does COLREGs-aware encoding minimize rule-inconsistent maneuvers over generic collision-avoidance MPC-CBF? Fourthly, is runtime assurance able to prevent rare but catastrophic failures when the nominal optimizer fails or is delayed? Fifthly, can a dual-envelope mechanism minimize unnecessary emergency intervention over a single conservative envelope? Sixthly, can semantic uncertainty awareness enhance robustness in the case of ambiguous target-vessel behavior without making the controller excessively conservative in clear encounters?
Table 7 maps the proposed technical contributions to the required validation experiments.
4.2. Experimental Platform and Common Protocol
4.2.1. Simulation and Vessel Dynamics
All methods are evaluated in the same closed-loop simulation framework. The own ship obtains target-vessel states, classifies the encounter, predicts the future motion of nearby vessels, computes a nominal control action, and implements it after safety verification. The vessel model has three degrees of freedom in the horizontal plane, including surge, sway, and yaw. Current and wave-induced perturbations are introduced as environmental disturbances so that the controller is not tested only in an ideal deterministic environment.
Each baseline and ablation use the same ship model, actuator limits, prediction horizon, sampling time, traffic scenarios, initial conditions, and random seeds. This protocol is essential because the proposed method adds several modules; otherwise, observed differences could reflect changed experimental conditions rather than the algorithm itself.
Wind and ocean currents are represented as bounded, unmodeled dynamics and added to the vessel’s kinetic equations. Robustness to these disturbances is addressed through the uncertainty inflation coefficient in the predictive risk envelope.
4.2.2. Hardware and Software Configuration
Computational-time reproducibility and system stability are assessed using a single platform. The hardware configuration consists of an Intel Core i9-13900K processor (5.8 GHz), 64 GB of DDR5 RAM, and an NVIDIA RTX 4090 graphics card with 24 GB of VRAM. Environment rendering and lightweight perception processing are accelerated on the GPU, whereas MPC-CBF optimization is executed on the CPU to characterize worst-case control latency.
The software environment is based on Ubuntu 22.04 LTS. Vessel dynamics, environment simulations, and COLREGs baseline scenarios are implemented in Python 3.10 and Robot Operating System 2 (ROS 2 Humble). Nonlinear MPC and CBF constraints are formulated using CasADi (v3.5.5) and solved with the IPOPT nonlinear programming solver (v3.14.4). The semantic-governance layer uses asynchronous LLM inference through the OpenAI API (GPT-4-Turbo-1106-preview) to decouple the high-frequency 10 Hz control loop from network latency. The 10 Hz rate refers to the deterministic RTA command-publishing layer rather than the nonlinear MPC-CBF solve rate. At each 100 ms command tick, the RTA layer publishes the newest validated MPC-CBF command, a cached safe command, or an emergency fallback command; it does not wait synchronously for a new MPC solution at every tick.
4.2.3. Fair Comparison Protocol and Baselines
To strictly assess the incremental contribution of each of the proposed modules and provide a statistically valid comparison, we define a rigorous assessment protocol using randomized Monte Carlo simulations. Each of the seven test scenarios (S1–S7) is run with every baseline and the proposed method on 100 randomized trials. On every trial, the initial states of both the own ship (OS) and the target vessels (TS) are perturbed. Specifically, the initial positions are perturbed with a uniform distribution of m, headings with , and initial speeds with . The state measurements are perturbed with additive Gaussian noise to reproduce realistic maritime perception constraints with standard deviations of m and m/s on position and velocity, respectively.
To ensure a fair comparison, all approaches were tested using the same randomized seeds so that each of them encounters the same environmental disturbances and target maneuvers. All optimization-based planners (B2 to Ours) have a uniform prediction horizon of
steps with a sampling interval of
s giving a look-ahead horizon of 15 s. The baselines are designed progressively as indicated in
Table 8:
B0 (Rule-based COLREGs): a deterministic lookup-table baseline that applies preset rudder commands according to geometric encounter sectors.
B1 (APF/VO): a reactive geometric collision-avoidance baseline that uses artificial potential fields or velocity obstacles to generate steering corrections.
B2 (MPC-only): a basic model predictive controller that optimizes path following and nominal collision avoidance without formal CBF safety constraints.
B3 (MPC-CBF): a controller that introduces control barrier functions into the MPC problem to enforce hard safety margins, but does not include semantic COLREGs rules.
B4 (COLREGs-MPC-CBF): a controller that embeds static COLREGs constraints into the MPC-CBF objective without runtime adaptation.
B5 (RTA-MPC-CBF): a controller that adds runtime assurance and switches to fallback mode under solver failure while using a fixed safety envelope.
B6 (Single-envelope RTA): a controller that uses a single highly conservative safety envelope with RTA supervision to maintain safety at all times.
A trial is considered successful when all three of the following conditions are satisfied throughout the run:
The minimum physical separation between the own ship and any target vessel i must exceed the collision boundary, i.e., (where = 5.0 m in this study).
The own ship reaches the target waypoint within the maximum time limit of 200 s.
Control stability is maintained, meaning that unrecoverable solver timeouts and actuator-command losses do not occur, and all primary solver infeasibilities are handled by the RTA supervisor.
If any of these conditions is not satisfied, the trial is classified as a failure, such as a collision, deadlock, or computational crash, and is counted toward the failure rate.
4.2.4. Simulation and Test Scenarios
The scenario suite includes canonical two-vessel COLREGs problems, multi-vessel mixed encounters, realistic traffic replay, and uncertainty-stress cases. Canonical scenarios test whether the controller behaves correctly under interpretable rules, whereas dense and uncertain scenarios evaluate whether the added MPC, runtime assurance, and semantic-uncertainty modules provide practical benefit beyond demonstration.
4.2.5. Evaluation Metrics
The metrics are selected to avoid a common weakness in collision-avoidance evaluation: reporting only collision-free completion. A controller may avoid collision by generating unrealistically circuitous routes, violating COLREGs, or continuously activating emergency overrides. Therefore, safety, rule compliance, efficiency, smoothness, robustness, and runtime are reported jointly. The metrics used for all baselines and ablations are listed in
Table 9.
4.3. Baseline Methods
To evaluate the proposed architecture systematically, we define a progressive sequence of baseline methods (B0–B6). This structure isolates the contribution of each added component, from reactive potential fields to runtime-assured control, so that performance improvements can be interpreted and attributed to the proposed dual-envelope modules. For brevity, quantitative results for all randomized Monte Carlo trials are summarized in
Table 10.
4.4. Main Comparative Experiments
4.4.1. Overall Comparison Across All Scenarios
The main comparison evaluates whether the complete proposed approach improves safety and compliance while maintaining reasonable efficiency and real-time feasibility.
As shown in
Table 11, the proposed SU-RA-MPC-CBF method does not achieve the highest absolute success rate among all baselines. The single-envelope RA baseline obtains the highest success rate of 91.2% and the largest minimum CPA of 22.5 m, indicating that a highly conservative safety envelope can improve physical separation. However, this improvement is achieved at the cost of a substantial path-length penalty of 38.4% and an ETA penalty of 42.5%, which may be undesirable for practical navigation.
In comparison, the proposed dual-envelope method achieves a slightly lower success rate of 89.5%, but it reduces the path-length penalty to 16.5% and the ETA penalty to 17.8%. These results suggest that the proposed method provides a more balanced compromise between safety, COLREGs compliance, and navigation efficiency, rather than simply maximizing conservatism. Therefore, the main advantage of the proposed method lies in improving the safety–efficiency trade-off under semantic uncertainty.
4.4.2. Scenario-Level Comparison of the Full Method
Scenario-level analysis prevents the overall average from masking weaknesses in specific COLREGs cases. For example, a controller may perform well in head-on scenarios but poorly in stand-on crossing situations if it reacts excessively and violates expected stand-on behavior. Therefore, each scenario is evaluated separately using the full method. The scenario-level results of the proposed method are presented in
Table 12.
The scenario-level results in
Table 12 further show that the proposed method performs well in canonical two-vessel encounters, including head-on, crossing, and overtaking scenarios. In S1–S4, the success rates remain above 95%, the minimum CBF margins are positive, and the COLREGs violation rates are relatively low. This indicates that the proposed semantic-RTA framework is effective when the encounter geometry is structurally clear and the COLREGs role assignment is not strongly conflicting.
However, the dense multi-vessel scenario (S5) and AIS replay scenario (S6) expose the main limitation of the current implementation. In these two cases, the minimum CBF margins become negative (−0.15 and −0.28, respectively), while the fallback ratios increase to 42.5% and 55.4%. These negative CBF margins should not be interpreted as continuous violation of the safety constraint throughout the entire trajectory. Instead, they indicate short-duration constraint violations or slack-activated relaxations that occur during highly congested or semantically conflicting encounters. In such cases, the runtime assurance layer prevents prolonged open-loop execution and switches to fallback commands, but it cannot fully eliminate all transient constraint violations under severe multi-vessel conflicts.
Therefore, the proposed method should be interpreted as improving robustness and reducing the severity of unsafe behavior in dense scenarios, rather than guaranteeing strict CBF feasibility under all operating conditions. This limitation motivates further work on multi-vessel priority assignment, less conservative yet formally bounded slack design, and scalable optimization for dense maritime traffic. The spatial trajectories in
Figure 6 are consistent with the statistical results reported in
Table 11 and
Table 12. The proposed approach manages shrinking geometric gaps by temporarily relaxing COLREGs semantic preferences, thereby avoiding the extreme path penalty typically associated with rigid conservative envelopes. It is important to note that the observed performance degradation in these dense scenarios is partly attributed to the inherent limitations of our current simulation model. Specifically, the discrepancy between the simplified vessel dynamics used in the optimizer and the more complex reality of maritime environmental perturbations (e.g., non-uniform wind and current disturbances) makes the ‘worst-case’ state more difficult to predict. Furthermore, the reliance on target-motion prediction, which assumes constant-velocity or constant-turn-rate behavior, can lead to under-inflation of the risk envelope in scenarios with highly non-linear target maneuvers. These factors, combined with the computational latency induced by dense constraints, contribute to the frequent trigger of the runtime assurance fallback mechanism. This underscores that while the proposed framework enhances robustness, it remains constrained by the fidelity of the underlying prediction and dynamics models.
To further characterize the failure mechanisms, we conducted a diagnostic analysis of the trial failures in scenarios S5 and S6. The analysis reveals three primary drivers for the triggered fallback modes:
Optimizer Latency (approx. 45% of fallback events): In high-density encounters, the increased number of constraints leads to non-convex optimization problems that occasionally exceed the 500 ms replanning deadline, triggering the RTA watchdog to force a fallback.
Transient Constraint Conflict (approx. 35% of fallback events): In scenarios with complex crossing geometries, the MPC-CBF solver experiences transient infeasibility due to the strict collision-avoidance constraints conflicting with the desired semantic maneuver preferences.
Semantic Uncertainty/Confidence Degradation (approx. 20% of fallback events): When LLM semantic confidence drops below the threshold, the system proactively switches to the conservative fallback mode to prevent the execution of potentially unreliable semantic guidance.
This breakdown demonstrates that the fallback mechanism serves as an effective safety valve, preventing ‘catastrophic’ failures by defaulting to conservative control when the optimization or semantic layers approach their operating limits.
Regarding the transient violations of CBF constraints, our analysis indicates that these are primarily caused by the ‘geometric squeeze’ effect in multi-vessel encounters, where simultaneous constraints from multiple targets occasionally push the optimization problem towards the boundary of the feasible set. Since the CBF is a hard safety constraint, its violation in the optimization solver, though short-lived, signals that the current controller is operating under extreme safety-vs-maneuverability trade-offs. To further optimize this, future iterations could implement the following:
Adaptive CBF margins: Dynamically adjusting the safety radius based on local traffic density to prevent the solver from reaching infeasible states.
Hierarchical constraint prioritization: Implementing a ‘soft’ relaxation for secondary constraints, allowing the solver to focus strictly on collision-avoidance with the highest-risk target while treating lower-risk obstacles with a slightly lower priority.
These modifications would enhance system robustness in dense traffic while ensuring the safety-critical integrity of the MPC-CBF filter.
4.5. Module-by-Module Ablation Experiments
To systematically test the contribution of each architectural component, a module-by-module ablation design is implemented. Each variant removes one core mechanism while leaving the remaining control pipeline intact, allowing performance degradation to be directly associated with the removed component.
Table 13 summarizes the ablation variants, retained modules, tested claims, and expected failure modes.
4.5.1. Quantitative Ablation Results
Following the quantitative evaluation protocol, the most challenging scenarios, S5–S7, are used to expose potential weaknesses under dense vessel interactions, AIS noise, and conflicting COLREGs obligations. These scenarios support joint assessment of collision-avoidance success, rule compliance, fallback demand, path efficiency, and solver robustness. The ablation results are reported in
Table 14.
The results in
Table 14 reveal a counterintuitive but physically consistent observation: Variant A2 (without COLREGs encoding) achieves a higher success rate (84.5%) than the full method (78.1%) in difficult cases. Without maritime-rule restrictions, the MPC optimizer behaves aggressively and exploits any geometric gap to avoid collision. However, this unrestricted behavior produces an unacceptable COLREGs violation rate of 4.25 per run, making vessel maneuvers unpredictable and unsafe for human navigators. This result supports the central principle of the dual-envelope design: a modest reduction in pure geometric success is accepted to improve predictability and rule interpretability. In addition, the catastrophic failure of Variant A3 (no runtime assurance), which shows a 14.5% solver-timeout rate and multiple collisions, demonstrates the necessity of deterministic safety supervision when optimization and LLM semantics are integrated.
Figure 7 shows the dynamic interaction between physical safety and semantic compliance. Collision risk rises sharply during the most dangerous phase of the encounter, around t = 35 s. The optimizer does not become mathematically infeasible; instead, it activates the semantic slack variable, meaning that it temporarily relaxes the ideal COLREGs maneuver to maintain a strictly positive CBF margin. This explicit time-dependent behavior demonstrates that, in extreme edge cases, the controller prioritizes collision avoidance over strict rule adherence.
4.5.2. Specific Experiment for MPC Necessity
Although the complete framework includes multiple safety and semantic modules, the specific contribution of finite-horizon predictive optimization must be isolated. A dedicated MPC necessity experiment is therefore conducted to compare reactive avoidance, MPC-only prediction, and the full safety-filtered design, with emphasis on intervention timing, maneuver smoothness, and unsafe nominal commands. The results are shown in
Table 15.
The specific experiment presented in
Table 15 verifies the importance of finite-horizon predictive optimization. The reactive APF/VO baseline initiates avoidance only 12.5 s before the predicted CPA, indicating that its response is triggered too late in rapidly developing encounters. In contrast, the MPC-only baseline identifies the conflict much earlier, with an intervention lead time of 45.2 s before the predicted CPA, and therefore produces smoother maneuvers. However, because MPC-only lacks formal safety constraints, it still generates 18.2 unsafe nominal commands per run. The proposed architecture preserves the early-intervention and smooth-control advantages of predictive MPC while using the CBF safety filter and runtime assurance layer to substantially reduce unsafe nominal commands under the simulated experimental conditions.
4.5.3. Specific Experiment for Semantic Uncertainty
Because semantic labels derived from ambiguous encounter observations may become unreliable in noisy or unclear scenarios, the uncertainty-handling mechanism is examined separately. The stress test gradually increases intention ambiguity and state uncertainty to determine whether adaptive uncertainty inflation can maintain safety as semantic confidence degrades. The results are presented in
Table 16.
Table 16 illustrates system behavior near the breaking point of semantic uncertainty. At the highest level of target-intention noise and state ambiguity, the baseline without uncertainty inflation fails catastrophically: its success rate drops to 45.2%, with frequent collisions. By contrast, the full architecture maintains a success rate of 68.5%. To cope with severe ambiguity, the proposed approach actively enlarges the safety radius and initiates early conservative actions, as reflected by the elevated false-intervention rate (48.6%) and higher path penalty (35.6%). This behavior indicates that the system degrades gracefully by sacrificing efficiency to preserve safety margins when perception and semantic reasoning are unreliable.
4.6. Runtime, Solver Stability, and Embedded Feasibility
The proposed controller is not implemented as a single-rate 10 Hz MPC loop. Instead, it uses a multi-rate safety architecture: the deterministic RTA command-publishing layer runs at 10 Hz, the MPC-CBF optimizer replans at 2 Hz with a 500 ms replanning period, and the LLM semantic governor runs asynchronously. The 480 ms watchdog deadline is therefore defined with respect to the MPC-CBF replanning deadline, not the 100 ms actuator-level command interval.
In addition to navigation performance, the proposed approach must satisfy real-time execution requirements for integrated ASV deployment. The runtime experiment measures solver time, timeout frequency, fallback activation, and MPC replanning-deadline feasibility across controller variants. These computational-stability results are summarized in
Table 17.
Table 17 indicates that, with both semantic constraints and uncertainty inflation, the mean solver time is 165.2 ms. However, the raw MPC-CBF solver time may exceed the 500 ms MPC replanning budget in dense encounters, reaching up to 648 ms. Therefore, the 480 ms watchdog is applied to the MPC-CBF replanning task, not to the 10 Hz actuator-level command interval. When the optimizer becomes trapped in a local minimum during dense encounters, the RTA supervisor terminates the delayed optimization and applies a safe fallback command. This architectural protection prevents open-loop execution and maintains actuator-level command continuity even when the primary optimization layer fails to return on time.
The use of Ubuntu 22.04 and ROS 2 Humble as the main software platform supports a smooth transition from simulation to edge hardware. The modular nodes, including the LLM query node, RTA supervisor node, and CasADi MPC-CBF optimizer, can be implemented on embedded computational devices, such as an NVIDIA Jetson Orin for high-level semantic reasoning and an industrial x86 controller for low-level 10 Hz real-time safety filtering. Autopilot microcontrollers such as Pixhawk/ArduPilot can communicate natively through micro-ROS, supporting practical deployment of the proposed control loop.
Figure 8 illustrates the role of the runtime assurance (RTA) module. Although average computation time does not grow unbounded, dense and noisy state constraints may occasionally trap the nonlinear optimizer in local minima, causing substantial computation delays with peak times above 600 ms. The RTA supervisor prevents control-loop starvation by terminating MPC-CBF optimization that exceeds the specified MPC replanning deadline. At the 10 Hz command-publishing layer, the supervisor then sends the newest validated MPC-CBF command, a cached safe command, or an emergency fallback command to the ASV actuators.
4.7. Recommended Parameter Sensitivity Study
The proposed framework contains several tunable parameters that may influence the trade-off among safety, efficiency, semantic conservatism, and computational load. Since the present study focuses on validating the integrated SU-RA-MPC-CBF architecture, a full factorial sensitivity analysis is not conducted in this version. Instead, this subsection summarizes the key parameters that should be examined in future sensitivity experiments and explains their expected influence on system behavior.
Table 18 lists the recommended parameter ranges for future validation. These settings are not reported as completed sensitivity-analysis results, but as a structured guide for subsequent experiments on prediction horizon, CBF gain, uncertainty inflation, semantic confidence threshold, and slack penalty.
Regarding the choice of the number of active high-risk vessels, M, we adopt M = 3 to maintain a balance between collision-avoidance capability and real-time computational feasibility. Pilot simulations (not fully detailed here for brevity) indicated that M = 1 is often insufficient to address multi-target interactions in congested scenarios, leading to safety infringements when secondary obstacles are ignored. Conversely, increasing M to 5 or higher significantly increases the complexity of the non-convex MPC optimization problem, often causing the solver to exceed the 500 ms replanning budget, which in turn triggers frequent runtime fallback events. Thus, M = 3 is identified as an effective heuristic for the navigation scenarios considered in this study. In future extensions, we recommend a dynamic selection of M based on traffic density to further optimize the trade-off between safety coverage and computational load.
4.8. Summary of Experimental Insights
The overall evaluation provides three key lessons for LLM-assisted ASV control. First, safety and COLREGs compliance can form a stringent trade-off in multi-vessel settings, where perfect rule adherence may create dynamic infeasibility; this motivates the semantic slack in the proposed framework. Second, excessive fallback-free optimization without rule constraints may avoid obstacles geometrically while producing socially unacceptable and unpredictable navigation behavior. Third, and most importantly, solver timeouts and perception-driven uncertainty demonstrate that LLMs must never be connected directly to actuators. A robust architecture should assume that high-level semantics may fail, freeze, or become stale, and safety should depend on a separate deterministic filter and runtime monitor.
5. Discussion
The broader implication of this study is that the role of LLMs in safety-related ASV navigation must be deliberately constrained. The proposed framework does not use the LLM as a controller, waypoint generator, or actuator-level decision-maker. Instead, the LLM is restricted to semantic governance: it interprets the encounter according to COLREGs-related conditions, and its output is considered only after schema, confidence, freshness, and geometry-consistency checks. This separation is critical because the main challenge in applying LLMs to collision avoidance is not generating a plausible rule explanation, but ensuring that an unreliable explanation cannot become a physical command.
This perspective is useful when comparing the pure MPC-CBF baseline with the full dual-envelope method. A CBF-based controller may preserve geometric spacing, but geometric safety alone does not necessarily produce behavior that is readily justifiable under COLREGs. For example, an avoidance maneuver may increase CPA while still passing ahead of a stand-on vessel, or it may cause unnecessary early divergence in a stand-on scenario. The semantic compliance envelope addresses this gap by shaping the optimization problem according to the rule responsibility of the own ship. Final decision authority, however, remains with the MPC-CBF layer. This distinction separates semantic guidance from semantic control.
The semantic slack variable is more than a numerical convenience. In real interactions, COLREGs preference and short-term collision avoidance may occasionally indicate different actions. A hard semantic constraint would make such situations fragile because the controller could become infeasible when the preferred rule-consistent maneuver conflicts with the current safety boundary. By penalizing and logging semantic deviations rather than strictly prohibiting them, the proposed approach preserves optimization feasibility while providing an auditable record of when and why the controller departed from the nominal COLREGs envelope. This makes the resulting behavior easier to interpret than black-box maneuver selection.
The runtime assurance results further reinforce that LLM output should be treated as advisory rather than authoritative. Malformed JSON, delayed responses, low confidence, geometry conflicts, and backbone disagreement are not rare edge cases in an LLM-assisted system; they are foreseeable failure modes that must be handled at runtime. The supervisor is therefore an architectural necessity. It converts LLM failure into a bounded control condition by holding the last valid semantic state, switching to a safe envelope, or engaging emergency fallback. In this sense, fallback activation should not automatically be interpreted as poor performance. In experiments with injected failures, fallback activation is successful when it prevents unvalidated semantic outputs from entering the safety filter while allowing the deterministic layer to continue operating.
Although the current baseline uses a cloud-hosted LLM service and therefore depends on internet connectivity, the proposed architecture is intentionally designed so that it need not rely on cloud inference. Because the LLM is restricted to a semantic-governance role with a well-structured schema (
Table 3), the backend can be migrated to an edge-deployable small language model (SLM) running locally on the ASV. Recent open-source quantized models, such as LLaMA-3-8B-Instruct or Phi-3-Mini, can run on embedded GPUs, such as NVIDIA Jetson Orin, using TensorRT-LLM v1.0.0. Local deployment would remove dependence on satellite communication, reduce inference latency to below 100 ms, and maintain semantic operation in offshore environments where connectivity is unavailable.
The AIS replay experiment provides evidence that differs from synthetic COLREGs scenarios. Hand-designed encounters are useful because they isolate rule responsibility and allow qualitative behavior to be examined clearly. Replay-based counterfactual testing is also valuable because it exposes the controller to irregular spacing, speed variation, and multi-vessel timing patterns. These two evaluation modes answer different questions: synthetic scenarios test whether the method behaves correctly in known COLREGs cases, whereas AIS replay tests whether the same architecture remains consistent under less idealized encounter geometry. Taken separately, neither experiment proves live-water readiness.
Several limitations remain. The safety claim depends on the vessel model, target-motion prediction, and uncertainty inflation used in simulation. Simplified own-ship dynamics may overestimate control feasibility relative to a real vessel operating under wind, currents, waves, actuator saturation, or communication delays. In addition, AIS replay provides realistic traffic geometry but no ground-truth autonomous-control labels. It can show that a counterfactual controller would have generated a safer or more rule-compliant path under replayed target motion, but it cannot validate perception reliability or human-operator interaction in live traffic.
From a theoretical standpoint, this work views maritime navigation as the integration of two distinct paradigms: the symmetric physics of vessel motion—governed by homogeneous kinematic constraints—and the asymmetric semantics of maritime law—governed by situational, role-dependent rules. The dual-envelope framework acts as a mathematical bridge, where the predictive risk envelope preserves the symmetry of physical safety, and the semantic compliance envelope injects the asymmetry of COLREGs, thereby reconciling the two in a unified optimization structure.
A further limitation is that COLREGs interpretation is no longer clear-cut in dense multi-vessel encounters. When the own ship must overtake one target, cross another, and address a head-on situation with a third, a single own-ship role may be insufficient. In such cases, target ranking and encounter abstraction strongly influence the semantic compliance envelope. Although the LLM can help organize rule interpretation, it should not be expected to eliminate all legal or seamanship ambiguity. Future work should therefore study target-priority assignment, reasoning under mixed obligations, and human-readable post-event explanations when the controller must trade one rule preference against another.
In summary, the present framework relies on a restrictive prompt, a fixed output schema, and explicit validation rules. This is a safety strength because it reduces LLM autonomy. It is also a limitation because changes in the LLM backbone, decoding settings, or prompt design may affect semantic stability. Each deployment-specific implementation should therefore use version-locked prompts, canonical encounter regression tests, and continuous monitoring of semantic rejection and fallback rates. The practical value of the LLM lies not in replacing deterministic safety logic, but in adding a rule-aware semantic layer whose influence is observable, bounded, and removable at runtime.
A limitation of the present study is that the parameter sensitivity analysis has not yet been fully quantified. The recommended parameter ranges in
Table 18 provide a structured basis for future experiments, but they should not be interpreted as empirical sensitivity results. Future work will conduct systematic sensitivity tests to quantify how the prediction horizon, CBF gain, uncertainty inflation gain, semantic confidence threshold, and slack penalty affect safety, efficiency, and solver feasibility.
6. Conclusions
This paper proposed a runtime-assured dual-envelope predictive safety-control architecture for COLREGs-compliant ASV collision avoidance. The main novelty is the strict separation between semantic rule interpretation and physical low-level control. The LLM is limited to semantic governance, producing structured, auditable COLREGs labels, and is not allowed to issue actuator-level commands. Its validated output is transformed into a soft semantic compliance envelope, whereas the final safe command is computed by an MPC-CBF safety filter that also applies a predictive risk envelope to target vessels. Ultimately, this dual-envelope design successfully bridges the gap between the symmetric local dynamic interactions of maritime vessels and the asymmetric global objectives of COLREGs compliance, providing a highly scalable and resilient decision and control framework for future maritime autonomy.
The simulation results suggest that strict COLREGs adherence and physical safety may involve a trade-off during complex multi-vessel interactions. The dual-envelope design balances this trade-off, achieving an 89.5% collision-avoidance success rate with a moderate path-length penalty of 16.5%. It outperforms the overly conservative single-envelope baseline, which produces an impractically high 38.4% path penalty. The ablation experiments also reveal a counterintuitive result: removing maritime-rule restrictions can artificially increase collision-avoidance success, but it causes excessive fallback activation and unacceptable rule violations (4.25 violations per run). More importantly, the stress tests show that the RTA module improves runtime robustness under the simulated conditions by clipping dangerous solver timeouts, which reached up to 648 ms in dense traffic, and by reducing the influence of low-confidence LLM outputs.
This study provides a cautious but practical answer to the use of foundation models in maritime autonomy: LLMs can be valuable for interpreting ambiguous and situation-dependent maritime regulations, but they should never be treated as certified direct controllers. A safe architecture must enforce deterministic physical constraints, actively reject stale or inconsistent semantic outputs, and maintain a robust emergency fallback path when the optimization layer or semantic layer fails. Under this design philosophy, the LLM is not a single point of catastrophic failure but a useful and removable interpretive component.
Future research will extend this framework to more realistic vessel dynamics and more complex multi-vessel encounter reasoning under wind, currents, waves, and other severe environmental conditions. Hardware-in-the-loop (HIL) experiments and live open-water field tests will also be essential for closing the gap between simulation and deployment-ready ASV navigation.