Arguing safety of an improved autonomous vehicle from safe operation before the change: new results

Autonomous vehicles (AVs) are gradually appearing on the roads. However, how to demonstrate their safety is still under debate. While operational testing seems essential for building confidence in AV safety, the amount of testing required can be prohibitively expensive. Additionally, current AV s evolve continuously and are used in a changing set of environmentsRepeating substantial operational testing for each new AV version, or new use of an AV, seems unaffordable. Therefore, the idea of applying operational experience from before such a change towards claims of safety after the change is attractive. We present new results, addressing the frequent case in which a new version of the AV can be proved to be safer than a previous one, bar major errors in design or analysis assumptions. Mathematically, our new solution applies to all those scenarios in which the new version or environment is, with high probability, no less safe than the old one “no matter how safe the old one was”. We call this scenario “unconditional improvement” (UI). Various previous papers addressed related scenarios in which there is some confidence that the change has improved, or at least not degraded, safety, but they solved the problem under weaker conditions: our new results substantially improve the safety claims that can be supported, especially for operation soon after the change.