When Repair Is Not Enough: Systematic Mitigation of Incomplete Knowledge Graphs

Safety analysis of knowledge graphs derived from system documentation is challenging because the documentation is often incomplete or ambiguous, and the analysis must support traceable risk-management actions. Existing validation methods that operate under the Open World Assumption miss hazards implied by missing information and do not provide a systematic path from hazard identification to minimal, traceable mitigation. We formalize the semantics of a knowledge graph (KG) using Kripke structures, enumerate feasible states, and classify the result of verification into four cases: satisfaction, repair, mitigation, and unrealizability. For repair and mitigation, we combine reachability analysis with delta debugging to compute minimal predicate-level changes and to synthesize a weakest safe completion that excludes unsafe terminal states while preserving maximal safe design freedom. We contribute a decision taxonomy for post-identification actions. We contribute an optimization-based synthesis of additions and flips for minimal mitigation. We contribute an unrealizability procedure that guides controlled relaxation of safety properties with explicit traceability to documentation and safety artifacts. For unrealizable specifications, the procedure escalates from model-level corrections to stakeholder-level actions, assigning follow-up decisions to appropriate stakeholders (e.g., the safety engineer, system designer, or user/operator) via safety-case traceability. In an automotive seatbelt case study, the framework identifies latent hazards, synthesizes minimal mitigation actions, and distinguishes system-actuated from occupant-actuated causes, thereby increasing the practical value of the analysis for assurance and certification.