Safety analysis is used to identify hazards and build knowledge during the design phase of safety-relevant functions. This is especially true for complex AI-enabled and software intensive systems such as Autonomous Drive (AD). System-Theoretic Process Analysis (STPA) is a novel method applied in safety-related fields like defense and aerospace, which is also becoming popular in the automotive industry. However, STPA assumes prerequisites that are not fully valid in the automotive system engineering with distributed system development and multi-abstraction design levels. This would inhibit software developers from using STPA to analyze their software as part of a bigger system, resulting in a lack of traceability. This can be seen as a maintainability challenge in continuous development and deployment (DevOps). In this paper, STPA's different guidelines for the automotive industry, e.g. J31887/ISO21448/STPA handbook, are firstly compared to assess their applicability to the distributed development of complex AI-enabled systems like AD. Further, an approach to overcome the challenges of using STPA in a multi-level design context is proposed. By conducting an interview study with automotive industry experts for the development of AD, the challenges are validated and the effectiveness of the proposed approach is evaluated.

翻译：安全分析用于在安全关键功能的设计阶段识别危险并构建知识。这对于复杂的人工智能驱动及软件密集型系统（如自动驾驶）尤其如此。系统理论过程分析（STPA）是一种应用于国防和航空航天等安全相关领域的新方法，在汽车行业也日益普及。然而，STPA假设的前提条件在具有分布式系统开发和多抽象层设计的汽车系统工程中并不完全成立。这会阻碍软件开发人员将STPA用于分析其软件（作为更大系统的一部分），从而导致可追溯性的缺失。在持续开发与部署（DevOps）中，这可视作可维护性挑战。本文首先比较了STPA针对汽车行业的不同指南（例如J31887/ISO21448/STPA手册），以评估其适用于复杂AI驱动系统（如自动驾驶）分布式开发的程度。此外，提出了一种克服在多层级设计环境中使用STPA所面临挑战的方法。通过对自动驾驶开发领域的汽车行业专家进行访谈研究，验证了这些挑战，并评估了所提方法的有效性。