Systematic review on contract-based safety assurance and guidance for future research

The safety requirements are often described via specifications called contracts. To verify that the system fulfils certain safety requirements, for instance, in the assume-guarantee contract specification, the key safety indicators are organized, so that if certain assumptions hold then the respective behaviour is guaranteed. Safety contracts provide a means of exposing potential incompatibilities early in the development process, selecting components to reuse, certifying systems, and identifying uncertainty sources during the operational phase. There exist several studies on contract-based safety assurance, however, there is not any systematic study in this field. For this, a first Systematic Literature Review (SLR) is carried out to obtain an overview of the various contract-based safety assurance concepts, problems, proposed solutions, and their usefulness. In our study, the identification and selection of the primary studies were based on a well-planned search strategy. The search process identified a total of 2881 studies published between 1969 and 2021, out of which 66 studies were selected through a multi-stage process according to our predefined SLR protocol. This SLR aims to highlight the state-of-the-art of contract-based safety assurance and identify potential gaps for future research. Based on research topics in selected studies, we identified the following main categories: contract type, analysis techniques for system safety, compliance with standards, development stage, domain, level of automation, type of study and evaluation, and tool support. The findings of the systematic review not only highlight that the contracts are even more important for advanced safety-critical systems but also strategies to exploit their full potential should be considered in future studies. The suggestions revealed for future research include the usage of contracts for adapting new behaviour, defining system boundaries, interacting with other systems, managing risk during operation, dynamic/runtime safety assurance, and integration of safety with security.