Papers
Topics
Authors
Recent
Search
2000 character limit reached

AMLAS-RL: Assurance Framework for Safe RL

Updated 6 July 2026
  • AMLAS-RL is a safety assurance framework that adapts AMLAS to meet the unique challenges of reinforcement learning within cyber-physical systems.
  • It employs a six-stage lifecycle integrating data management, simulation testing, model verification, and runtime monitoring for comprehensive safety assurance.
  • The framework addresses RL-specific issues such as trajectory-based safety constraints, reward hacking, and the simulation-reality gap through iterative evidence generation.

Searching arXiv for the cited paper to ground the article in current literature. AMLAS-RL is a framework for assuring the safety of reinforcement learning components in cyber-physical systems by adapting AMLAS, the “Assurance of Machine Learning in Autonomous Systems” methodology, to the distinctive requirements of RL. It is presented as a repeatable, end-to-end assurance framework integrated into the RL development lifecycle, with emphasis on allocation and decomposition of system-level safety requirements, data and training planning for state-action coverage, model learning with safe-RL adaptations, evidence generation through simulation tests, formal model checking, and statistical validation, and synthesis of a Goal Structuring Notation-style safety argument (Imrie et al., 8 Jul 2025).

1. Rationale for adapting AMLAS to reinforcement learning

AMLAS is described as a structured, stage-wise methodology for developing safety assurance arguments and collecting supporting evidence for ML components, but it was originally focused on supervised learning. AMLAS-RL arises from the claim that RL poses distinct assurance problems: sequential decision-making under uncertainty formalized as an MDP, an interactive and dynamic environment in which policies evolve through trial-and-error, the requirement that safety be guaranteed during training and exploration as well as deployment, and exposure to reward hacking and the simulation-reality gap (Imrie et al., 8 Jul 2025).

The adaptation therefore extends AMLAS in four directions. First, it requires specification of safety constraints over entire trajectories rather than only pointwise predictions. Second, it incorporates safe-RL techniques such as reward shaping, constrained Markov decision processes, and shielding. Third, it introduces formal verification over abstracted Markov models. Fourth, it makes the assurance process iterative, with feedback between system safety analysis and RL development. A plausible implication is that AMLAS-RL treats safety assurance not as a final certification step but as a lifecycle property of RL-enabled CPS.

The stated scope is the assurance of an RL controller’s safety properties in CPS. The methodology is oriented toward the derivation of RL-specific safety requirements from system-level hazards, the production of evidence that the learned controller satisfies those requirements, and the construction of an explicit assurance case. In that sense, AMLAS-RL addresses a common misconception in safe-RL practice: incorporating a safety mechanism into learning does not by itself provide systematic assurance across the RL lifecycle.

2. Six-stage lifecycle and assurance artefacts

AMLAS-RL comprises six iterative stages. At each stage, specific artefacts are produced and used by distinct roles, including system safety engineer, ML safety engineer, RL engineer, RL developer, test engineer, verification engineer, independent verification engineer, system integrator, and safety engineer (Imrie et al., 8 Jul 2025).

Stage Principal activities Outputs
1. RL Safety Assurance Scoping Allocate system-level safety requirements from HAZOP/HAZID, environment, architecture, and high-level RL description to the RL component E. Safety requirements allocated to RL component
2. RL Safety Requirements Assurance Translate allocated system safety requirements into RL-specific safety requirements that can be measured or enforced H. RL safety requirements
3. Data Management Assurance Define data requirements for state-action exploration; produce training, internal test, and verification plans N. Training plan; O. Internal test plan; P. Verification plan
4. Model Learning Assurance Develop RL models, train according to plan, conduct internal testing, and select the best model compliant with H U. RL model development log; V. Trained RL model; X. Internal test results
5. Model Verification Assurance Execute verification plan through statistical trials and formal model checking on an abstract DTMC Z. RL verification results; AA. Verification log
6. Model Deployment Assurance Integrate the RL model into the CPS, run integration tests under operational scenarios, and apply runtime monitors or shields if necessary DD. Erroneous behaviour log; FF. Integration testing results

The framework is organized around artefact traceability. Stage 1 yields the allocated safety requirements EE; Stage 2 turns these into RL safety requirements HH; Stage 3 prepares the training, testing, and verification basis through NN, OO, and PP; Stage 4 documents development in UU, produces the trained model VV, and collects internal results XX; Stage 5 produces independent verification evidence ZZ and AAAA; Stage 6 records deployment behaviour in HH0 and HH1. This suggests that AMLAS-RL is designed to preserve a chain of evidence from hazard analysis to deployment monitoring.

3. Assurance argument and evidence structure

AMLAS-RL uses a GSN-style claim-argument-evidence structure. Its top-level claim is stated as: “RL component is acceptably safe under all defined operational scenarios.” That claim is decomposed into five subclaims covering requirements derivation, adequacy of training and simulation data, internal model satisfaction of safety constraints, independent verification, and preservation of safety during integration into the full CPS (Imrie et al., 8 Jul 2025).

The first subclaim, HH2, asserts that RL safety requirements HH3 are soundly derived from system requirements HH4. The corresponding argument, Arg1, relies on a traceability matrix HH5 and a requirements specification document. The second subclaim, HH6, asserts that training data and simulations suffice to explore the critical state-action space. Arg2 is supported by data requirement justification and by evidence HH7 together with training plan HH8.

The third subclaim, HH9, concerns satisfaction of safety constraints under internal tests. Arg3 is tied to internal test results NN0 showing three thresholded properties: NN1, NN2, and NN3. The fourth subclaim, NN4, states that independent verification confirms safety under general and targeted tests plus formal proofs; this is divided into statistical verification NN5 and formal model checking results. The fifth subclaim, NN6, concerns deployment, with Arg5 grounded in integration test results NN7 and erroneous behaviour log NN8.

This structure is significant because it separates development evidence from independent verification evidence and from deployment evidence. A plausible implication is that AMLAS-RL aims to avoid conflating successful training performance with an assurance case.

4. Formalization of RL, safety constraints, and verification targets

The framework adopts the standard MDP tuple NN9, with transition OO0 and reward OO1, and policy OO2. It also states the usual value functions: OO3

OO4

For safe-RL, it introduces a constrained MDP formulation that minimizes OO5 subject to OO6 (Imrie et al., 8 Jul 2025).

The running example is governed by three system-level safety constraints. OO7 requires reaching the goal before energy depletion with probability at least OO8: OO9 PP0 requires total time in the unsafe zone PP1 timesteps. PP2 requires collision probability PP3.

For abstraction, the paper defines distance

PP4

The abstract state is

PP5

where PP6 is coded as PP7 for travelling safely, PP8 for in unsafe zone, PP9 for collision, and UU0 for goal reached. The episode is terminal if UU1 or UU2.

Formal verification is expressed in PCTL. Two stated properties are

UU3

and

UU4

The paper also includes a property UU5 associated with unsafe occupancy. Taken together, these definitions anchor the assurance argument in explicit probabilistic and temporal constraints rather than informal safety desiderata.

5. Evidence generation mechanisms

AMLAS-RL combines safe-RL techniques, simulation-based testing, formal verification, statistical validation, and runtime monitoring. The safe-RL techniques explicitly named are reward shaping with penalty cost UU6 for unsafe states or collisions, CMDP formulation with a separate cost function, and shielding to override unsafe actions at runtime (Imrie et al., 8 Jul 2025).

Simulation-based testing uses Safety-Gymnasium to emulate UU7-ray LIDAR sensors, obstacles, and unsafe zones. The training protocol specified for the running example uses 500 episodes with randomized initial placements, while tracking reward, successes, collisions, and unsafe time. Internal testing uses 1000 trials to obtain empirical estimates for UU8, UU9, and VV0.

Formal verification proceeds by abstracting the learned controller and environment interaction to a discrete-time Markov chain via state aggregation, extracting transition probabilities from 5000 simulation runs, and applying model checking with PRISM against the PCTL properties. Statistical validation estimates collision probability VV1 over VV2 trials, constructs a 95% confidence interval, and compares the interval bounds against the VV3 threshold.

Runtime monitoring is represented by the erroneous behaviour log VV4, which collects any sequence of state-action pairs leading to violations of the safety requirements during deployment. The paper states that this enables post-hoc analysis for reward hacking or out-of-distribution inputs. A plausible implication is that AMLAS-RL reserves part of the safety case for operational evidence rather than assuming that pre-deployment evidence is complete.

6. Running example: wheeled vehicle and reported results

The demonstration system is a wheeled vehicle tasked with reaching a target goal without collision. The vehicle state is VV5, the goal is VV6, and the action is VV7. The observation space is 48-dimensional, obtained from three sets of 16 range sensors VV8. The system also includes energy VV9, which depletes at 1 unit per timestep, eight unsafe zones XX0, and one obstacle XX1 (Imrie et al., 8 Jul 2025).

The six AMLAS-RL stages are instantiated directly in this example. Stage 1 defines the three safety requirements XX2–XX3. Stage 2 translates them into RL safety requirements identical to XX4–XX5. Stage 3 produces a training plan XX6 with 500 episodes, random object placement, and an episode cut-off at 500 timesteps; an internal test plan XX7 with 1000 random trials; and a verification plan XX8 comprising 500 general trials, 250 obstacle-proximal trials, and formal DTMC abstraction.

In Stage 4, the controller is a DDPG actor-critic with reward

XX9

The internal test results are reported as 60.2% probability of reaching the goal with ZZ0, average time in unsafe zones of 15.94, and collision rate of 7.56%. Stage 5 verification reports statistical results of 60.8% success on general trials, 57.6% success on targeted trials, and collision at most 7.6%; model checking is reported to satisfy the PCTL properties with 60.4% success and 17.52 unsafe steps. Stage 6 deployment includes operational scenarios such as post-mission goods integrity, records hazardous sequences in the erroneous log, and considers post-shielding if failure is detected.

These results matter in the logic of AMLAS-RL not because they are high or low in isolation, but because they are aligned to pre-specified assurance thresholds. The example therefore functions as a worked safety case rather than merely a benchmark result.

7. Limitations, challenges, and practitioner guidance

The paper identifies several recurring challenges in RL assurance and associates them with corresponding AMLAS-RL responses. For safety defined over trajectories, it recommends using CMDP and cost signals in the reward. For reward hacking, it recommends the development log ZZ1, runtime logs ZZ2, and iterative refinement. For the simulation-reality gap, it recommends physical fine-tuning and extension of the verification plan ZZ3 to cover real-world uncertainties. For interpretability, it states that formal abstraction encourages deeper system understanding (Imrie et al., 8 Jul 2025).

The practitioner checklist is organized by stage. Stage 1 should ensure traceability from system HAZOP to RL allocations. Stage 2 should express each safety requirement as a measurable probabilistic or temporal constraint. Stage 3 should justify simulator fidelity and state-action coverage while producing distinct test and verification plans. Stage 4 should log model architecture, reward and cost functions, and convergence metrics. Stage 5 should include broad statistical tests, targeted worst-case scenarios, and formal methods. Stage 6 should record erroneous sequences, deploy runtime monitors or shields, and plan for incremental updates.

A common misunderstanding is that assurance for RL can be reduced either to safe exploration during training or to verification of a final trained policy. AMLAS-RL rejects both reductions. Its central claim is procedural: assurance requires traceable requirements, staged evidence generation, independent verification, and deployment monitoring within a unified, iterative lifecycle.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (1)

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to AMLAS-RL.