Core Concepts
Lemmatica is built around Goal Structuring Notation (GSN) — the most widely used notation for structured safety cases. Before building your first argument, it helps to understand the building blocks.
Goal Structuring Notation (GSN)
GSN is a graphical notation for documenting safety arguments, first developed at the University of York in the 1990s. The current version, GSN Community Standard V3, is maintained by the Safety-Critical Systems Club (SCSC).
At its core, GSN gives you a visual way to show:
- What you are claiming (Goals)
- How you are arguing it (Strategies)
- What evidence supports it (Solutions)
- What context and assumptions apply (Annotations)
Node types
Structural nodes
These form the tree hierarchy of your argument:
Goals are safety claims — assertions that something is acceptably safe. Every safety argument starts with a top-level goal and decomposes it into sub-goals.
Strategies describe the argumentation approach — how a goal is broken down into sub-goals. A strategy explains the reasoning between a parent goal and its child goals.
Solutions are evidence — the concrete artifacts (test reports, analysis documents, review records) that substantiate a claim. Solutions are always leaf nodes; they cannot have children.
Annotation nodes
These attach supporting information to structural nodes:
Context provides environmental information that scopes a claim — what system, what operating conditions, what definitions apply.
Assumptions are things taken to be true without proof within the argument. Making assumptions explicit is critical for argument integrity.
Justifications explain why a particular approach or decomposition strategy is appropriate.
Tree structure rules
GSN V3 defines strict rules about how nodes connect:
| Parent | Allowed children | Not allowed |
|---|---|---|
| Goal | Strategy or Solution | Goal directly (must go through a Strategy) |
| Strategy | Goal | Strategy or Solution |
| Solution | None (leaf node) | Any children |
These rules ensure arguments follow a consistent pattern: Goal → Strategy → sub-Goals → ... → Solutions.
Automatic validation
Lemmatica validates these rules as you build. Invalid connections are flagged with inline errors so you can fix issues immediately — no need to run a separate check.
Structural nodes are connected by parent-child edges (Goal → Strategy, Strategy → Goal, Goal → Solution). Annotation nodes connect via separate annotation edges that don't participate in the tree hierarchy.
Away goals
Real-world safety arguments can grow to hundreds of nodes. Rather than managing everything in a single document, GSN V3 supports modular decomposition through away goals.
An away goal is a leaf goal in one document that links to a separate document where the argument continues. This lets teams work on different parts of a safety case independently — each sub-case has its own document, its own root goal, and its own evidence — while Lemmatica maintains traceability between them.
Dialectic extension
GSN V3 includes a dialectic extension for formally challenging claims within the safety case itself. A challenge is a counter-argument raised against a goal or solution — questioning whether a claim is valid or whether evidence is sufficient.
If a challenge is accepted, the target node becomes defeated, and that status propagates upward through the argument tree, making the impact of unresolved objections visible at every level.
The dialectic extension is on Lemmatica's roadmap. The notation reference below documents the full GSN V3 specification, including planned features.