Systems Theoretic Process Analysis (STPA) is a systematic approach for hazard analysis that has been effective in the safety analysis of systems across industrial sectors from transportation, energy, to national defence. The unstoppable trend of using Machine Learning (ML) in safety-critical systems has led to the pressing need of extending STPA to Learning-Enabled Systems (LESs). However, while work has been carried out over different example systems, without a systematic review, it is unclear how effective and generalisable the extended STPA methods are and, more importantly, if further improvements can be made. To this end, we present our survey on 29 papers selected through a systematic literature search. We summarise and compare relevant research from five perspectives (attributes of concern, object under study, modifications to STPA, derivatives of the analysis, and process modelled as a control loop) to conclude insights. Furthermore, based on the survey results, we identify room for improvement and accordingly introduce a new method named DeepSTPA, which enhances STPA from two aspects that are missing from the state-of-the-art: (i) it explicitly models how the control loop structures are extended to identify hazards from the data-driven development process at every stage of the ML lifecycle; (ii) it models fine-grained functionalities deep into the layer-levels of ML models to detect root causes. We demonstrate DeepSTPA through a case study on an autonomous underwater vehicle (AUV).

翻译：系统理论过程分析（STPA）是一种系统化的危害分析方法，已在交通、能源到国防等工业部门的安全分析中展现出有效性。机器学习在安全关键系统中不可阻挡的应用趋势，迫切要求将STPA扩展至学习增强系统。然而，尽管已有针对不同示例系统的研究工作，但缺乏系统性的综述，尚不明确这些扩展STPA方法的有效性与可推广性，更关键的是，是否还能进一步改进。为此，我们通过系统性文献检索筛选出29篇论文进行综述。从五个维度（关注属性、研究对象、STPA改进、分析衍生物、作为控制回路建模的过程）对相关研究进行总结与比较，凝练出关键见解。此外，基于综述结果，我们识别出改进空间，并提出名为DeepSTPA的新方法。该方法从两个方面增强了现有最先进STPA的不足：（1）显式建模控制回路结构的扩展方式，以识别机器学习生命周期各阶段数据驱动开发过程中的危害；（2）深入建模至ML模型层级粒度的细粒度功能，以检测根因。我们通过一个自主水下航行器的案例研究对DeepSTPA进行验证。