arxiv: 2605.04837 · v1 · submitted 2026-05-06 · 💻 cs.SE · cs.OS

Recognition: unknown

Shedding Light onto Safety Integrity Level and Basic Software Constraints in a Real-World Automotive Application: Case Study with Driverator Framework

Tobias Denzinger (CARIAD SE) , Matthias Becker (KTH Royal Institute of Technology) , Peter Ulbrich (TU Dortmund University)

Authors on Pith no claims yet

Pith reviewed 2026-05-08 16:05 UTC · model grok-4.3

classification 💻 cs.SE cs.OS

keywords automotive ECUssafety integrity levelAUTOSAR basic softwarememory requirementstask allocationconfiguration frameworkcase study

0 comments

The pith

Safety integrity levels dictate task colocation and basic software complexity in automotive ECUs, with memory rules adding further allocation limits, as mapped in one real system via the Driverator framework.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper examines a real automotive electronic control unit with hundreds of functions organized in cause-effect chains. It shows how SIL ratings force specific rules on which tasks can share processors without risking safety violations. AUTOSAR basic software layers add varying overhead and diagnostic needs that scale with those SIL ratings. Memory layouts and their SIL dependencies further restrict where functions can be placed. The authors respond with the Driverator configuration framework that lets engineers analyze and configure such systems at larger scales.

Core claim

This paper thoroughly characterizes a real-world automotive application, describing an automotive application based on SIL constraints, the impact of basic software, and memory requirements. In this context, the Driverator configuration framework is introduced for scalable system analysis.

What carries the argument

The Driverator configuration framework, which models SIL-driven task colocation, BSW complexity variations, and SIL-specific memory constraints to support scalable analysis of automotive ECU designs.

Load-bearing premise

A single detailed real-world automotive application is representative enough for the observed SIL, BSW, and memory constraints and for the Driverator framework to apply more broadly.

What would settle it

Documentation of a second automotive ECU whose task allocation patterns, BSW overheads, or memory dependencies fall outside the constraint classes captured by the Driverator model.

read the original abstract

Automotive electronic control units (ECUs) are intricate systems with hundreds of individual functions, numerous software components, and multiple interdependent tasks. A prevalent structural pattern in these systems are so-called cause-effect chains. While significant research efforts have been dedicated to the temporal analysis and optimization of these chains, particularly minimizing data age and function response times, other crucial non-functional properties remain relatively underexplored. In particular, the safety integrity level (SIL) classification substantially influences the system design by determining task colocation strategies. Improper sharing of functions or interweaving tasks with different safety levels can compromise the integrity of critical functions. Additionally, AUTOSAR basic software (BSW) (e.g. OS, runtime environment, communication stacks, or diagnostics) introduces complexity that varies based on task characteristics and SIL categories. Furthermore, memory requirements present another critical challenge, given the diversity of memory architectures and SIL-specific dependencies that strongly constrain task allocations. This paper thoroughly characterizes a real-world automotive application, describing an automotive application based on SIL constraints, the impact of basic software, and memory requirements. In this context, the Driverator configuration framework is introduced for scalable system analysis.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper gives a concrete walk-through of SIL, BSW, and memory constraints on one real automotive ECU and introduces Driverator as a configuration aid, but supplies no measurements to show the framework actually scales.

read the letter

The paper walks through how safety integrity levels, AUTOSAR basic software components, and memory architecture limits affect task colocation and allocation in a real automotive cause-effect chain. It introduces the Driverator framework to manage these constraints together for system configuration and analysis. This moves past the timing-only focus common in earlier work and shows the combined impact on design decisions for an ECU with hundreds of functions and tasks. The description of why certain SIL combinations are forbidden, how BSW overhead varies by task type, and how memory types add further restrictions is the clearest part and matches what industrial engineers actually face. The framework is presented as a practical tool for handling the resulting complexity at scale. The main gap is the absence of any supporting numbers. The text does not report analysis runtimes, memory use of the tool itself, scaling behavior as task count grows, or comparisons against manual configuration or other tools. The scalability claim therefore rests on the single example rather than demonstrated results. The single-application scope also leaves open how far the specific constraint patterns generalize. Engineers working on AUTOSAR-based automotive systems would find the constraint details useful for their own setups. Readers looking for general methods or formal results will see less value. The work is worth sending to peer review because the topic is relevant and the characterization is grounded in real constraints; referees can ask for the quantitative checks that would make the framework contribution more solid.

Referee Report

2 major / 1 minor

Summary. The paper characterizes a real-world automotive ECU application with respect to Safety Integrity Level (SIL) constraints on task colocation, the complexity introduced by AUTOSAR basic software (BSW) components, and memory-architecture dependencies. In this setting it introduces the Driverator configuration framework, presented as enabling scalable system analysis of cause-effect chains and related non-functional properties.

Significance. A well-supported characterization of SIL/BSW/memory interactions in an industrial automotive context would be useful for practitioners and could highlight underexplored design trade-offs. If the Driverator framework were shown through quantitative evaluation to scale to realistic task counts while respecting these constraints, the work would offer a concrete analysis tool for the automotive software-engineering community.

major comments (2)

Abstract: the central claim that Driverator provides 'scalable system analysis' is unsupported; the manuscript supplies no execution times, memory footprints of the analyzer, scaling curves with task or function count, or head-to-head comparisons against manual configuration or prior tools.
Abstract: the characterization rests on a single real-world application. No quantitative metrics, validation results, error analysis, or additional case studies are reported, leaving the described SIL, BSW, and memory constraints without visible empirical grounding.

minor comments (1)

The abstract refers to 'hundreds of individual functions' and 'numerous software components' but does not supply concrete counts or distributions from the case study that would allow readers to assess scale.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address each major comment below and indicate where revisions will be made.

read point-by-point responses

Referee: Abstract: the central claim that Driverator provides 'scalable system analysis' is unsupported; the manuscript supplies no execution times, memory footprints of the analyzer, scaling curves with task or function count, or head-to-head comparisons against manual configuration or prior tools.

Authors: We agree that the abstract asserts 'scalable system analysis' without quantitative support such as runtime measurements or scaling data. The Driverator framework is presented as a configuration approach that systematically incorporates SIL, BSW, and memory constraints into cause-effect chain analysis, which is intended to support larger systems through its modular structure. However, the manuscript does not include the requested empirical evidence. We will revise the abstract to qualify or remove the term 'scalable' and add a brief discussion of the framework's design rationale for handling increased task counts. No new benchmarks can be added at this stage. revision: partial
Referee: Abstract: the characterization rests on a single real-world application. No quantitative metrics, validation results, error analysis, or additional case studies are reported, leaving the described SIL, BSW, and memory constraints without visible empirical grounding.

Authors: The work is explicitly framed as a case study of one industrial automotive ECU application, as indicated by the title and abstract. The described constraints on task colocation, BSW complexity, and memory architectures are drawn directly from detailed examination of this application and the resulting Driverator model. While we recognize the lack of quantitative metrics or additional studies, this aligns with the depth-focused nature of case-study research in software engineering. We will expand the body of the paper with additional concrete examples and data excerpts from the application to make the grounding more explicit. revision: partial

Circularity Check

0 steps flagged

No circularity: purely descriptive case study with no derivations or predictions

full rationale

The paper is a case study characterizing one real-world automotive ECU under SIL/BSW/memory constraints and introducing the Driverator framework. No equations, formal derivations, predictions, or load-bearing self-citations appear in the provided abstract or described content. The central claims rest on empirical description of a single application rather than any chain that reduces to its own inputs by construction. Absence of benchmarks for scalability is a separate evidentiary gap, not circularity. This matches the default expectation for non-circular descriptive work.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 1 invented entities

The central claim rests on the assumption that the described real-world application accurately reflects typical automotive ECU structures and that the introduced framework provides scalable analysis without additional validation.

invented entities (1)

Driverator configuration framework no independent evidence
purpose: scalable system analysis of SIL, BSW, and memory constraints in automotive applications
Newly introduced tool whose utility is asserted but not independently evidenced in the abstract.

pith-pipeline@v0.9.0 · 5532 in / 1176 out tokens · 47854 ms · 2026-05-08T16:05:51.464608+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

46 extracted references · 7 canonical work pages

[1]

E/E Architecture Synthesis: Challenges and Technologies , volume =

Askaripoor, Hadi and Farzaneh, Morteza and Knoll, Alois , year =. E/E Architecture Synthesis: Challenges and Technologies , volume =. Electronics , doi =
[2]

2026 , version =

Denzinger, Tobias and Becker, Matthias and Ulbrich, Peter , publisher =. 2026 , version =. doi:10.17877/TUDODATA-2026-MOR12ARE , url =

work page doi:10.17877/tudodata-2026-mor12are 2026
[3]

2024 , howpublished =

2024
[4]

2022 , howpublished =

2022
[5]

2018 , howpublished = "

2018
[6]

6th International Workshop on Analysis Tools and Methodologies for Embedded and Real-time Systems (WATERS) , volume=

Real world automotive benchmarks for free , author=. 6th International Workshop on Analysis Tools and Methodologies for Embedded and Real-time Systems (WATERS) , volume=
[7]

Waters industrial challenge 2017 , author=

2017
[8]

29th Euromicro Conference on Real-Time Systems (ECRTS 2017) , pages=

Communication centric design in complex automotive embedded systems , author=. 29th Euromicro Conference on Real-Time Systems (ECRTS 2017) , pages=. 2017 , organization=

2017
[9]

IEEE Real-Time Systems Symposium , year=

A Compositional Framework for End-to-End Path Delay Calculation of Automotive Systems under Different Path Semantics , author=. IEEE Real-Time Systems Symposium , year=
[10]

Synthesizing Job-Level Dependencies for Automotive Multi-rate Effect Chains , year=

Becker, Matthias and Dasari, Dakshina and Mubeen, Saad and Behnam, Moris and Nolte, Thomas , booktitle=. Synthesizing Job-Level Dependencies for Automotive Multi-rate Effect Chains , year=
[11]

23rd IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA) , pages=

A generic framework facilitating early analysis of data propagation delays in multi-rate systems , author=. 23rd IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA) , pages=. 2017 , organization=

2017
[12]

End-to-End Timing Analysis of Cause-Effect Chains in Automotive Embedded Systems , volume =

Becker, Matthias and Dasari, Dakshina and Mubeen, Saad and Behnam, Moris and Nolte, Thomas , year =. End-to-End Timing Analysis of Cause-Effect Chains in Automotive Embedded Systems , volume =
[13]

IEE Proceedings-Computers and Digital Techniques , volume=

System level performance analysis--the SymTA/S approach , author=. IEE Proceedings-Computers and Digital Techniques , volume=. 2005 , publisher=

2005
[14]

TA Tool Suite , howpublished = "
[15]

chronSUITE , howpublished = "
[16]

2018 , KEYWORDS =

Ernst, Rolf and Kuntz, Stefan and Quinton, Sophie and Simons, Martin , JOURNAL =. 2018 , KEYWORDS =

2018
[17]

System-level Logical Execution Time: Augmenting the Logical Execution Time Paradigm for Distributed Real-time Automotive Software , year =

Gemlau, Kai-Bj\". System-level Logical Execution Time: Augmenting the Logical Execution Time Paradigm for Distributed Real-time Automotive Software , year =. doi:10.1145/3381847 , journal =

work page doi:10.1145/3381847
[18]

Reducing Overall Path Latency in Automotive Logical Execution Time Scheduling via Reinforcement Learning , year =

Xu, Risheng and K\". Reducing Overall Path Latency in Automotive Logical Execution Time Scheduling via Reinforcement Learning , year =. 31st International Conference on Real-Time Networks and Systems , pages =
[19]

2024 , MONTH = Jun, KEYWORDS =

Maia, Luiz and Fohler, Gerhard , URL =. 2024 , MONTH = Jun, KEYWORDS =

2024
[20]

A Real-Time Architecture Design Language for Multi-Rate Embedded Control Systems , year =

Forget, Julien and Boniol, Fr\'. A Real-Time Architecture Design Language for Multi-Rate Embedded Control Systems , year =. doi:10.1145/1774088.1774196 , booktitle =

work page doi:10.1145/1774088.1774196
[21]

Off-line mapping of multi-rate dependent task sets to many-core platforms , volume =

Puffitsch, Wolfgang and Noulard, Eric and Pagetti, Claire , year =. Off-line mapping of multi-rate dependent task sets to many-core platforms , volume =. Real-Time Systems , doi =
[22]

Data Propagation Delay Constraints in Multi-Rate Systems: Deadlines vs

Klaus, Tobias and Franzmann, Florian and Becker, Matthias and Ulbrich, Peter , year =. Data Propagation Delay Constraints in Multi-Rate Systems: Deadlines vs. Job-Level Dependencies , isbn =. Proceedings of the 26th International Conference on Real-Time Networks and Systems , doi =
[23]

SysWCET: Whole-System Response-Time Analysis for Fixed-Priority Real-Time Systems , year=

Dietrich, Christian and Wägemann, Peter and Ulbrich, Peter and Lohmann, Daniel , booktitle=. SysWCET: Whole-System Response-Time Analysis for Fixed-Priority Real-Time Systems , year=
[24]

Constrained Data-Age with Job-Level Dependencies: How to Reconcile Tight Bounds and Overheads , booktitle=

Klaus, Tobias and Becker, Matthias and Schroder-Preikschat, Wolfgang and Ulbrich, Peter , year =. Constrained Data-Age with Job-Level Dependencies: How to Reconcile Tight Bounds and Overheads , booktitle=
[25]

Scheduling Dependent Periodic Tasks without Synchronization Mechanisms , year=

Forget, Julien and Boniol, Frédéric and Grolleau, Emmanuel and Lesens, David and Pagetti, Claire , booktitle=. Scheduling Dependent Periodic Tasks without Synchronization Mechanisms , year=
[26]

, year =

Davis, R. , year =. A Survey of Hard Real-Time Scheduling for Multiprocessor Systems , volume =
[27]

A Review of Priority Assignment in Real-Time Systems , volume =

Davis, Robert and Cucu-Grosjean, Liliana and Bertogna, Marko and Burns, Alan , year =. A Review of Priority Assignment in Real-Time Systems , volume =. Journal of Systems Architecture , doi =
[28]

A Survey of Timing Verification Techniques for Multi-Core Real-Time Systems , volume =

Maiza, Claire and Rihani, Hamza and Rivas, Juan and Goossens, Joël and Altmeyer, Sebastian and Davis, Robert , year =. A Survey of Timing Verification Techniques for Multi-Core Real-Time Systems , volume =. ACM Computing Surveys , doi =
[29]

Multisource Software on Multicore Automotive ECUs—Combining Runnable Sequencing With Task Scheduling , year=

Monot, Aurélien and Navet, Nicolas and Bavoux, Bernard and Simonot-Lion, Françoise , journal=. Multisource Software on Multicore Automotive ECUs—Combining Runnable Sequencing With Task Scheduling , year=
[30]

Efficient mapping of runnables to tasks for embedded AUTOSAR applications , journal =

Fouad Khenfri and Khaled Chaaban and Maryline Chetto , keywords =. Efficient mapping of runnables to tasks for embedded AUTOSAR applications , journal =. 2020 , issn =. doi:https://doi.org/10.1016/j.sysarc.2020.101800 , url =

work page doi:10.1016/j.sysarc.2020.101800 2020
[31]

In: 2024 29th Asia and South Pacific Design Automation Conference (ASP-DAC)

Becker, Matthias , title =. 2024 , isbn =. doi:10.1109/ASP-DAC58780.2024.10473901 , booktitle =

work page doi:10.1109/asp-dac58780.2024.10473901 2024
[32]

2003 , issn =

Utilization Bounds for Multiprocessor Rate-Monotonic Scheduling , journal =. 2003 , issn =. doi:https://doi.org/10.1023/A:1021749005009 , author =

work page doi:10.1023/a:1021749005009 2003
[33]

Proceedings of the 31st International Conference on Real-Time Networks and Systems , numpages =

Druetto, Alessandro and Bini, Enrico and Grosso, Andrea and Puri, Stefano and Bacci, Silvio and Di Natale, Marco and Paladino, Francesco , title =. Proceedings of the 31st International Conference on Real-Time Networks and Systems , numpages =. 2023 , isbn =

2023
[34]

Definition of Task Allocation and Priority Assignment in Hard Real-Time Distributed Systems , year=

Zheng, Wei and Zhu, Qi and Natale, Marco Di and Vincentelli, Alberto Sangiovanni , booktitle=. Definition of Task Allocation and Priority Assignment in Hard Real-Time Distributed Systems , year=
[35]

, booktitle=

Wieder, Alexander and Brandenburg, Björn B. , booktitle=. Efficient partitioning of sporadic real-time tasks with shared resources and spin locks , year=
[36]

Data-Age Analysis and Optimisation for Cause-Effect Chains in Automotive Control Systems , year=

Schlatow, Johannes and Mostl, Mischa and Tobuschat, Sebastian and Ishigooka, Tasuku and Ernst, Rolf , booktitle=. Data-Age Analysis and Optimisation for Cause-Effect Chains in Automotive Control Systems , year=
[37]

Latency-Aware Generation of Single-Rate DAGs from Multi-Rate Task Sets , year=

Verucchi, Micaela and Theile, Mirco and Caccamo, Marco and Bertogna, Marko , booktitle=. Latency-Aware Generation of Single-Rate DAGs from Multi-Rate Task Sets , year=
[38]

Department of Computer Science, University of York, Tech

Burns, Alan and Davis, Robert , year =. Department of Computer Science, University of York, Tech. Rep , title =
[39]

Safety and Performance with ASIL D AUTOSAR Basic Software , journal =

Wolf, Jonas and M. Safety and Performance with ASIL D AUTOSAR Basic Software , journal =. 2016 , issn =

2016
[40]

and Chen, D

Mok, A.K. and Chen, D. , booktitle=. A multiframe model for real-time tasks , year=
[41]

N. C. Audsley , institution =. Optimal Priority Assignment and Feasibility of Static Priority Tasks With Arbitrary Start Times , year =
[42]

Liu, C. L. and Layland, James W. , title =. 1973 , issue_date =. doi:10.1145/321738.321743 , journal =

work page doi:10.1145/321738.321743 1973
[43]

AURIX™ Family – TC39xXX , howpublished = "
[44]

Comparing Communication Paradigms in Cause-Effect Chains , year=

Tang, Yue and Jiang, Xu and Guan, Nan and Ji, Dong and Luo, Xiantong and Yi, Wang , journal=. Comparing Communication Paradigms in Cause-Effect Chains , year=
[45]

Real-Time Systems , volume=

End-to-end latency characterization of task communication models for automotive systems , author=. Real-Time Systems , volume=. 2020 , publisher=

2020
[46]

Optimal Task Phasing for End-To-End Latency in Harmonic and Semi-Harmonic Automotive Systems , year=

Mario G. Optimal Task Phasing for End-To-End Latency in Harmonic and Semi-Harmonic Automotive Systems , year=