Minimap of introduction diagram
Minimap of stage diagram

SACE outline

AS verification Log

The verification log shall explicitly detail the verification activities as well documenting the rationale for those activities. Some of the key considerations that should be included in the verification log are given below.


Details of the test cases shall be provided along with the required result for that test case. A justification for the sufficiency of the coverage that the test cases provide shall be included in the verification log. For AS the coverage should in particular consider:

  • Safety requirements ‐ Are there test cases relating to each of the safety requirements defined for the relevant tier?
  • ODM ‐ Are there a sufficient range of test cases for each of the relevant ODM features? Are a sufficient range of combinations of ODM features represented by the test cases?
  • Operating scenarios ‐ Do the test cases provide sufficient coverage of the possible operating scenarios of the AS? [44] provides a survey of the coverage criteria that have been proposed for verification of autonomous vehicles and possible techniques for maximising coverage.
  • Edge cases ‐ Do the test cases include sufficient examples of edge cases (low probability, hard to predict events or situations with high potential safety impact) to which the AS may be exposed during operation?

Details of the test environment shall be included in the verification log. A justification shall also be provided that the test environment is sufficiently representative of the real operating domain of the AS. This justification is required in order to provide confidence that the results obtained for the test cases for the AS in operation would match the results observed in the test environment.

Formal verification

The formal properties shall be specified in the verification log along with the rationale for the specification and a justification that the specified properties are equivalent to the relevant safety requirements. The formal models that are used for verification shall be documented in the verification log along with a justification for all assumptions and abstractions made in the model, both with respect to the AS itself, and with respect to the operating environment.

Continue to: Activity 30. Verify AS

Our site depends on cookies to provide our service to you. If you continue to use this site we will assume that you are happy with that. View our privacy policy.