Environmental Assumptions in System Design: A Phenomenon-Based and Operational Perspective

Invalid environment assumptions have been identified as a root cause of failures in many systems. Industrial experience shows that it is often easier to overlook environmental behaviors than system specifications, largely because environment assumptions are rarely documented and tend to evolve during system development. This lack of explicit handling introduces uncertainty, which can compromise system safety and correctness. While several approaches address this issue at the code level, their impact at the model level remains underexplored. In this paper, we empirically investigate howenvironmental assumptions influence the satisfaction of safety requirements in behavioral system models.We collected 473 environment assumptions from 95 human modelers and examined them using Jackson’s formalization of the environment and the machine. Based on this analysis, we identify five reusable modeling patterns that enable the explicit integration of environment assumptions into state machine designs and demonstrate how these patterns support the safe evolution of models.