Building Heterogeneous Safety Cases for Automatically Generated Code

Safety cases provide a mechanism for representing evidence-based arguments that a system is acceptably safe to operate in its intended context. We show how we can automatically combine diverse types of information from heterogeneous sources into a single integrated safety case for a system implemented using automatically generated software. The core argument structure of the safety case is generated from a formal analysis of automatically generated code, based on automated theorem proving, and driven by a set of formal requirements and assumptions. This is then extended by separately specified auxiliary information giving contexts, assumptions, justifications, and constraints, or additional forms of evidence derived from other verification activities, such as testing. The resulting safety case thus combines formal and informal argumentation and makes explicit assumptions which would otherwise be left implicit.