This work addresses the limitation of existing runtime safety mechanisms that prioritize immediate vehicle safety while neglecting task-level success when high-level driving commands are unreliable. To overcome this, the authors propose a runtime assurance framework that jointly evaluates both driving safety and task feasibility before executing any command, thereby avoiding actions destined to fail. This approach is the first to incorporate task-level feasibility into runtime safety decisions, moving beyond the conventional focus on platform-level safety alone. The evaluation employs an extended highway-env simulation environment featuring task-level failure scenarios such as skipping checkpoints or entering restricted zones. Integrating an enhanced Simplex-Drive architecture with a dynamic controller switching mechanism, experiments demonstrate that the proposed method effectively rejects infeasible commands and significantly improves task success rates under random faults, outperforming baseline approaches relying solely on platform-level safety guarantees.

This paper studies runtime safety for autonomous driving when high-level driving commands become faulty or unreliable. Unlike conventional runtime-safety approaches that mainly focus on immediate vehicle safety, the proposed framework evaluates both driving safety and whether the vehicle can still successfully complete its mission before a command is executed. The framework extends highway-env with mission-level fault scenarios such as skipping required checkpoints, entering restricted areas, and generating future routes that can no longer complete the mission successfully. A runtime monitoring system is introduced to detect and reject unsafe or mission-infeasible commands before execution. For comparison, an adapted Simplex-Drive runtime-safety baseline with learning-based driving control, safety fallback control, and runtime controller switching is implemented using the public Simplex-Drive framework. Experimental results show that platform-level runtime safety alone cannot detect mission-level planning faults, while the proposed framework successfully rejects mission-infeasible commands and improves mission success under randomized fault conditions.