UniSTPA: A Safety Analysis Framework for End-to-End Autonomous Driving

TL;DR

UniSTPA is a comprehensive safety analysis framework for end-to-end autonomous driving systems, extending hazard analysis across the entire lifecycle and internal model layers to identify risks overlooked by traditional methods.

Contribution

It introduces UniSTPA, a novel safety analysis approach that covers the full lifecycle and internal model layers of autonomous driving systems, improving hazard detection and safety assurance.

Findings

Uncovered hazards like scene design defects and sensor biases

Identified internal model flaws affecting safety

Developed a safety monitoring mechanism for continuous improvement

Abstract

As autonomous driving technology continues to advance, end-to-end models have attracted considerable attention owing to their superior generalisation capability. Nevertheless, such learning-based systems entail numerous safety risks throughout development and on-road deployment, and existing safety-analysis methods struggle to identify these risks comprehensively. To address this gap, we propose the Unified System Theoretic Process Analysis (UniSTPA) framework, which extends the scope of STPA from the operational phase to the entire lifecycle of an end-to-end autonomous driving system, including information gathering, data preparation, closed loop training, verification, and deployment. UniSTPA performs hazard analysis not only at the component level but also within the model's internal layers, thereby enabling fine-grained assessment of inter and intra module interactions. Using a highway Navigate on Autopilot function as a case study, UniSTPA uncovers multi-stage hazards overlooked by conventional approaches including scene design defects, sensor fusion biases, and internal model flaws, through multi-level causal analysis, traces these hazards to deeper issues such as data quality, network architecture, and optimisation objectives. The analysis result are used to construct a safety monitoring and safety response mechanism that supports continuous improvement from hazard identification to system optimisation. The proposed framework thus offers both theoretical and practical guidance for the safe development and deployment of end-to-end autonomous driving systems.