This paper introduces a top-down approach to analyzing safety of self-driving vehicles. A System-Theoretic Process Analysis (STPA) is applied to a real case study involving human safety driver interactions, engineering and management interactions, and complex software interactions. Specific software functions like path planning and perception are analyzed to understand indirect and subtle causes of potential accidents and to drive key design decisions. The process identifies haards and accident scenarios, and generates safety requirements for related to all levels of operation including program managment, safety driver training, and software interactions.
