Engineering of Safety in Automated Safety-Critical Systems through Design-time Verification and Runtime Validation of Environment Assumptions

Automated systems are widely used in safety- and mission-critical applications. Their failure can lead to mission breakdowns and pose serious risks to human life. Due to their complexity, these systems require structured and rigorous development processes, including clearly defined verification and validation tasks to ensure safety. Formal verification methods applied during design-time provide proofs against specified safety properties. However, these methods are limited to the information available at design-time and face scalability challenges, restricting the size of verifiable systems. Testing complements these methods by using property monitors to check whether system behavior meets requirements during system tests.

Despite rigorous design-time verification, unforeseen events in the operational environment can introduce safety hazards. These hazards do not stem from system faults but rather from outdated or incorrect assumptions about the environment made during system design. The property monitors designed to check the system requirements cannot detect the assumption violation, because no explicit definition of the environment assumptions exists at design-time.

This thesis proposes an engineering approach that extends quality assurance goals in automated safety-critical systems to include the verification and validation of environment assumptions. During design, these assumptions are explicitly specified, and corresponding monitors are created. System testing then involves validating both the system's safety requirements and the environment assumptions. The approach is integrated in the system development process and is evaluated using two case studies: a mobile service robot performing hospital transportation tasks and an automotive function for precise vehicle speed estimation.