Safety assurance of autonomous drones operating in dynamic, high-risk environments—such as mining sites—remains challenging due to the difficulty of systematically evaluating safety under diverse, evolving operational contexts. Method: This paper proposes a situation-coverage-driven safety verification paradigm: (i) a formal situation model is constructed; (ii) safety arguments are tightly coupled with quantifiable situation coverage metrics; and (iii) runtime monitoring, fault-injection testing, and uniquely identified logging are integrated to enable systematic safety testing, real-time behavioral supervision, and traceable violation analysis. Contribution/Results: The framework introduces situation coverage as a formally verifiable safety evidence criterion—the first such approach in this domain. It achieves 100% violation detection across multiple representative fault scenarios, significantly enhancing the reusability and interpretability of safety analyses. This work establishes a novel, rigorous methodology for trustworthiness assurance of autonomous systems in safety-critical, high-hazard settings.

The safety of autonomous systems in dynamic and hazardous environments poses significant challenges. This paper presents a testing approach named SCALOFT for systematically assessing the safety of an autonomous aerial drone in a mine. SCALOFT provides a framework for developing diverse test cases, real-time monitoring of system behaviour, and detection of safety violations. Detected violations are then logged with unique identifiers for detailed analysis and future improvement. SCALOFT helps build a safety argument by monitoring situation coverage and calculating a final coverage measure. We have evaluated the performance of this approach by deliberately introducing seeded faults into the system and assessing whether SCALOFT is able to detect those faults. For a small set of plausible faults, we show that SCALOFT is successful in this.