pith. sign in

arxiv: 2604.17391 · v1 · submitted 2026-04-19 · 💻 cs.SE · cs.AR· cs.LG

RISC-V Functional Safety for Autonomous Automotive Systems: An Analytical Framework and Research Roadmap for ML-Assisted Certification

Nick Andreasyan , Mikhail Struve , Alexey Popov , Maksim Nikolaev , Vadim Vashkelis This is my paper

Pith reviewed 2026-05-10 05:42 UTC · model grok-4.3

classification 💻 cs.SE cs.ARcs.LG
keywords RISC-Vfunctional safetyISO 26262ASIL-Dautomotive systemsmachine learningcertificationautonomous driving
0
0 comments X

The pith

RISC-V becomes viable for ASIL-D automotive use when ML automates the dominant costs of functional safety certification.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that functional safety certification, not processor speed, is the central barrier to deploying RISC-V in autonomous driving systems. It maps ISO 26262, SOTIF, and cybersecurity requirements to RISC-V features such as ISA openness, custom extensions, and debug transparency. The authors present an analytical framework that treats certification economics as the primary goal and outline a research roadmap using ML techniques to automate FMEDA generation, safety-case construction, fault injection, and diagnostic coverage analysis. A sympathetic reader cares because lower certification costs could open vendor-independent hardware options for safety-critical embedded systems.

Core claim

The paper presents an analytical framework and research roadmap for RISC-V in automotive functional safety. Rather than a single algorithmic advance, it centers certification economics as the optimization objective and shows how selected ML methods, including LLM-assisted FMEDA generation, knowledge-graph-based safety case automation, reinforcement learning for fault injection, and graph neural networks for diagnostic coverage, can support the workflows needed for ASIL-D readiness under ISO 26262, ISO 21448, and ISO/SAE 21434.

What carries the argument

An analytical framework that treats certification economics as the primary optimization objective, supported by a research roadmap for ML-assisted certification workflows.

If this is right

  • RISC-V ISA openness and formal verifiability directly aid toolchain qualification and safety-case generation for mixed-criticality systems.
  • Custom extension control and safety-island mechanisms become practical for lockstep execution and secure debug in autonomous driving controllers.
  • LLM-assisted FMEDA and knowledge-graph automation lower the effort required for diagnostic coverage and compliance documentation.
  • An ASIL-D-ready certifiable RISC-V platform replaces the need for faster proprietary cores as the key deliverable.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • If the roadmap succeeds, open hardware could enter other regulated domains such as industrial controls or medical devices where similar certification economics dominate.
  • The same ML-assisted certification approach might later be applied to emerging open-source toolchains or alternative ISAs facing comparable safety standards.
  • Vendor-independent qualification enabled by this work would reduce single-source risks in long-lifecycle automotive supply chains.

Load-bearing premise

Selected ML methods can reduce the dominant costs of diagnostic coverage analysis, safety-case generation, and fault injection without introducing new qualification requirements or additional risks.

What would settle it

A documented attempt to reach ASIL-D certification on a RISC-V platform that applies the proposed ML tools and either achieves certification with substantially lower effort than current proprietary flows or fails because the ML outputs introduce undetected errors in safety artifacts.

Figures

Figures reproduced from arXiv: 2604.17391 by Alexey Popov, Maksim Nikolaev, Mikhail Struve, Nick Andreasyan, Vadim Vashkelis.

Figure 1
Figure 1. Figure 1: Certification economics optimization flow: cost decomposition, ML-assisted reduction, and advantage scoring. [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: RISC-V Safety Maturity Model progression. Current commercially certified platforms correspond to Level 3. [PITH_FULL_IMAGE:figures/full_fig_p007_2.png] view at source ↗
Figure 3
Figure 3. Figure 3: Seven-layer certification workflow for automotive RISC-V autonomous driving platforms, integrating ISO 26262, ISO 21448 (SOTIF), and [PITH_FULL_IMAGE:figures/full_fig_p009_3.png] view at source ↗
read the original abstract

RISC-V is emerging as a viable platform for automotive-grade embedded computing, with recent ISO 26262 ASIL-D certifications demonstrating readiness for safety-critical deployment in autonomous driving systems. However, functional safety in automotive systems is fundamentally a certification problem rather than a processor problem. The dominant costs arise from diagnostic coverage analysis, toolchain qualification, fault injection campaigns, safety-case generation, and compliance with ISO 26262, ISO 21448 (SOTIF), and ISO/SAE 21434. This paper analyzes the role of RISC-V in automotive functional safety, focusing on ISA openness, formal verifiability, custom extension control, debug transparency, and vendor-independent qualification. We examine autonomous driving safety requirements and map them to RISC-V architectural challenges such as lockstep execution, safety islands, mixed-criticality isolation, and secure debug. Rather than proposing a single algorithmic breakthrough, we present an analytical framework and research roadmap centered on certification economics as the primary optimization objective. We also discuss how selected ML methods, including LLM-assisted FMEDA generation, knowledge-graph-based safety case automation, reinforcement learning for fault injection, and graph neural networks for diagnostic coverage, can support certification workflows. We argue that the strongest outcome is not a faster core, but an ASIL-D-ready certifiable RISC-V platform.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 2 minor

Summary. The paper presents an analytical framework and research roadmap for RISC-V in automotive functional safety, arguing that certification economics (diagnostic coverage, toolchain qualification, fault injection, safety-case generation under ISO 26262, SOTIF, and ISO/SAE 21434) is the primary optimization target rather than core performance. It maps autonomous driving requirements to RISC-V challenges such as lockstep execution, safety islands, and mixed-criticality isolation, and proposes that selected ML techniques—LLM-assisted FMEDA generation, knowledge-graph safety-case automation, reinforcement learning for fault injection, and graph neural networks for diagnostic coverage—can reduce dominant certification costs, with the strongest outcome being an ASIL-D-ready certifiable RISC-V platform.

Significance. If the ML-assisted certification aids can be shown to deliver net reductions in qualification effort without introducing new systematic risks or qualification overheads, the framework could guide practical adoption of open RISC-V cores in ASIL-D autonomous systems. The paper correctly identifies certification as the bottleneck and highlights RISC-V advantages in openness and verifiability, but its prospective nature means significance depends on subsequent empirical validation of the proposed ML workflows.

major comments (3)
  1. [ML-assisted certification workflows section] The central claim that ML methods will lower dominant certification costs is load-bearing, yet the manuscript provides no mapping of how LLM outputs in FMEDA generation or GNN diagnostic-coverage estimates would themselves be qualified under ISO 26262 Clause 8.11 (toolchain qualification). No discussion appears of demonstrating freedom from interference, controlling training-data provenance, or managing model drift for these tools.
  2. [Analytical framework and research roadmap] The analytical framework is described at a high level without quantitative models, cost equations, or even illustrative examples of certification-economics optimization. No metrics, baselines, or sensitivity analysis are supplied to support the assertion that the listed ML techniques produce net savings.
  3. [Discussion of ML methods] Potential new failure modes introduced by the ML layer (prompt injection in safety-case generation, adversarial attacks on GNN coverage estimates, or RL fault-injection bias) are not analyzed, leaving open the possibility that these methods increase rather than decrease overall risk.
minor comments (2)
  1. [Introduction] The abstract and introduction would benefit from explicit citations to existing RISC-V ASIL-D certification efforts and ISO 26262 tool-qualification case studies to ground the roadmap.
  2. [Throughout] Notation for safety concepts (e.g., ASIL-D, FMEDA, SOTIF) is used without a dedicated glossary or first-use definitions, which may hinder readers outside the automotive-safety community.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for their constructive feedback on our manuscript. We address each major comment below.

read point-by-point responses

  1. Referee: [ML-assisted certification workflows section] The central claim that ML methods will lower dominant certification costs is load-bearing, yet the manuscript provides no mapping of how LLM outputs in FMEDA generation or GNN diagnostic-coverage estimates would themselves be qualified under ISO 26262 Clause 8.11 (toolchain qualification). No discussion appears of demonstrating freedom from interference, controlling training-data provenance, or managing model drift for these tools.

    Authors: We agree that the qualification of ML-assisted tools under ISO 26262 is a critical aspect not addressed in the current manuscript. The paper proposes these methods as part of a research roadmap but does not detail their own certification requirements. We will add a new subsection discussing toolchain qualification for LLM, GNN, and RL-based certification aids, including considerations for freedom from interference, training data provenance, and model drift. This revision will better support the central claim by identifying the necessary qualification steps as future research directions. revision: yes

  2. Referee: [Analytical framework and research roadmap] The analytical framework is described at a high level without quantitative models, cost equations, or even illustrative examples of certification-economics optimization. No metrics, baselines, or sensitivity analysis are supplied to support the assertion that the listed ML techniques produce net savings.

    Authors: As the manuscript is an analytical framework and research roadmap, it intentionally remains at a conceptual level without introducing new quantitative data or models. We recognize that illustrative examples would enhance clarity. We will incorporate high-level examples of certification cost optimization drawn from existing literature on ISO 26262 compliance costs to illustrate the potential impact of the proposed ML techniques, while clarifying that these are not new empirical results. revision: partial

  3. Referee: [Discussion of ML methods] Potential new failure modes introduced by the ML layer (prompt injection in safety-case generation, adversarial attacks on GNN coverage estimates, or RL fault-injection bias) are not analyzed, leaving open the possibility that these methods increase rather than decrease overall risk.

    Authors: We acknowledge the importance of analyzing potential risks introduced by the ML layer to provide a complete picture. The current text focuses on opportunities but omits discussion of new failure modes. We will revise the discussion section to include an analysis of risks such as prompt injection, adversarial attacks on GNNs, and biases in RL fault injection, along with mitigation strategies within the safety case framework. This will ensure the roadmap addresses both benefits and risks. revision: yes

Circularity Check

0 steps flagged

No circularity: descriptive roadmap without derivations or reductions

full rationale

The paper is an analytical framework and research roadmap focused on certification economics for RISC-V in automotive systems. It contains no equations, fitted parameters, derivations, or load-bearing self-citations. Central claims (e.g., ASIL-D readiness as strongest outcome, ML methods supporting workflows) are prospective arguments rather than reductions to prior inputs by construction. No self-definitional steps, uniqueness theorems, or ansatzes are present. The work is self-contained as discussion without circular elements.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

The work is conceptual and relies on established ISO standards and RISC-V features without introducing new free parameters, unproven axioms, or postulated entities.

pith-pipeline@v0.9.0 · 5560 in / 1030 out tokens · 38580 ms · 2026-05-10T05:42:23.864328+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. GenAI-Driven Approach to RISC-V Supply Chain Exploration

    cs.AR 2026-05 unverdicted novelty 4.0

    An LLM- and VLM-powered workflow integrated with knowledge graphs and model-driven engineering is proposed for analyzing RISC-V semiconductor supply chain data and resilience.

Reference graph

Works this paper leans on

31 extracted references · 31 canonical work pages · cited by 1 Pith paper

  1. [1]

    Key safety design overview in ai-driven autonomous vehicles,

    V . Vyas and Z. Xu, “Key Safety Design Overview in AI-Driven Autonomous Vehicles,”arXiv preprint, vol. arXiv:2412.08862, 2024

    work page arXiv 2024

  2. [2]

    Safety Integrity Framework for Automated Driving,

    M. Werling, J. Betz, and M. Lienkamp, “Safety Integrity Framework for Automated Driving,”arXiv preprint, vol. arXiv:2503.20544, 2025

    work page arXiv 2025

  3. [3]

    Autonomous Vehicle Safety: An Interdisciplinary Challenge,

    P. Koopman and M. Wagner, “Autonomous Vehicle Safety: An Interdisciplinary Challenge,”IEEE Intelligent Transportation Systems Magazine, vol. 9, no. 1, pp. 90–96, 2019. [4]ISO 26262-2018: Road Vehicles—Functional Safety, International Organization for Standardization Std., 2018. [5]ISO 21448:2022: Road Vehicles—Safety of the Intended Functionality (SOTIF),...

    work page 2019

  4. [4]

    Arm Holdings,Arm Cortex-R52+ Processor for ASIL-D Safety-Critical Applications, Technical Reference Manual, 2023

    work page 2023

  5. [5]

    AURIX TC4x: Next-Generation Automotive Microcontroller for ADAS and Domain Control,

    Infineon Technologies, “AURIX TC4x: Next-Generation Automotive Microcontroller for ADAS and Domain Control,” Product Brief, 2023

    work page 2023

  6. [6]

    Towards a RISC-V Open Platform for Next-Generation Automotive ECUs,

    L. Cuomo, F. Casini, and M. Luise, “Towards a RISC-V Open Platform for Next-Generation Automotive ECUs,”arXiv preprint, vol. arXiv:2307.04148, 2023

    work page arXiv 2023

  7. [7]

    Waterman and K

    A. Waterman and K. Asanovi ´c,The RISC-V Instruction Set Manual, Volume I: User-Level ISA, Version 2.2, RISC-V Foundation, 2019

    work page 2019

  8. [8]

    D45-SE Processor Achieves ISO 26262 ASIL-D Certification by SGS-T ¨UV Saar,

    Andes Technology, “D45-SE Processor Achieves ISO 26262 ASIL-D Certification by SGS-T ¨UV Saar,” Press Release, 2025

    work page 2025

  9. [9]

    First RISC-V Vendor to Accomplish ISO 26262 ASIL-D Development Process Certification,

    ——, “First RISC-V Vendor to Accomplish ISO 26262 ASIL-D Development Process Certification,” 2022

    work page 2022

  10. [10]

    D23-SE Functional Safety Core with DCLS and Split-Lock Architecture,

    ——, “D23-SE Functional Safety Core with DCLS and Split-Lock Architecture,” Product Brief, 2025

    work page 2025

  11. [11]

    Automotive-Grade RISC-V IP for ISO 26262 Functional Safety Applications,

    SiFive, “Automotive-Grade RISC-V IP for ISO 26262 Functional Safety Applications,” 2023

    work page 2023

  12. [12]

    Customizable RISC-V Processors for Safety-Critical Automotive Applications,

    Codasip, “Customizable RISC-V Processors for Safety-Critical Automotive Applications,” Product Brief, 2024

    work page 2024

  13. [13]

    RISC-V Needs Secure Wheels: The MCU Initiator-Side Perspective,

    S. Pinto, H. Santos, and D. Oliveira, “RISC-V Needs Secure Wheels: The MCU Initiator-Side Perspective,”arXiv preprint, vol. arXiv:2410.09839, 2024

    work page arXiv 2024

  14. [14]

    An Analysis of ISO 26262: Using Machine Learning Safely in Automotive Software

    R. Salay, R. Queiroz, and K. Czarnecki, “An Analysis of ISO 26262: Using Machine Learning Safely in Automotive Software,”arXiv preprint, vol. arXiv:1709.02435, 2017

    work page Pith review arXiv 2017

  15. [15]

    Using Machine Learning Safely in Automotive Software: An Assessment and Adaption of Software Process Requirements in ISO 26262,

    R. Salay and K. Czarnecki, “Using Machine Learning Safely in Automotive Software: An Assessment and Adaption of Software Process Requirements in ISO 26262,”arXiv preprint, vol. arXiv:1808.01614, 2018. 10

    work page arXiv 2018

  16. [16]

    A Systematic Approach to Enhancing ISO 26262 with Machine Learning-Specific Life Cycle Phases and Testing Methods,

    P. Iyengharet al., “A Systematic Approach to Enhancing ISO 26262 with Machine Learning-Specific Life Cycle Phases and Testing Methods,”IEEE Access, vol. 12, 2024

    work page 2024

  17. [17]

    Quantitative Projection of ISO 26262 on ML-Based Functions in Automated Driving,

    C. H. Chenget al., “Quantitative Projection of ISO 26262 on ML-Based Functions in Automated Driving,” inProc. SafeAI Workshop. AAAI, 2020

    work page 2020

  18. [18]

    A Safety Case Pattern for Systems with Machine Learning Components,

    S. Kochantharaet al., “A Safety Case Pattern for Systems with Machine Learning Components,” inProc. Ada-Europe, 2021, pp. 129–143

    work page 2021

  19. [19]

    Ergo, SMIRK Is Safe: A Safety Case for a Machine Learning Component in a Pedestrian Automatic Emergency Brake System,

    M. Borget al., “Ergo, SMIRK Is Safe: A Safety Case for a Machine Learning Component in a Pedestrian Automatic Emergency Brake System,”Software Quality Journal, vol. 30, pp. 335–367, 2022

    work page 2022

  20. [20]

    Making the Case for Safety of Machine Learning in Highly Automated Driving,

    S. Burton, L. Gauerhof, and C. Heinzemann, “Making the Case for Safety of Machine Learning in Highly Automated Driving,” inProc. SAFECOMP Workshops, 2017, pp. 5–16

    work page 2017

  21. [21]

    Trustworthy Specifications of ARM v8-A and v8-M System Level Architecture,

    A. Reid, “Trustworthy Specifications of ARM v8-A and v8-M System Level Architecture,” inProc. FMCAD, 2016, pp. 161–168

    work page 2016

  22. [22]

    A RISC-V Formal Verification Framework,

    C. Wolfet al., “A RISC-V Formal Verification Framework,” inProc. RISC-V Workshop, 2018. [26]IEC 61508:2010: Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems, International Electrotechnical Commission Std., 2010

    work page 2018

  23. [23]

    On the Application of ISO 26262 in Control Design for Automated Vehicles,

    G. Schildbach, “On the Application of ISO 26262 in Control Design for Automated Vehicles,”arXiv preprint, vol. arXiv:1804.04349, 2018

    work page arXiv 2018

  24. [24]

    Bridging the Gaps: A Comparative Analysis of ISO 21434, ISO 26262 and Machine Learning in Autonomous Vehicles,

    S. Bastos, K. Castelo Branco, and A. Oliveira, “Bridging the Gaps: A Comparative Analysis of ISO 21434, ISO 26262 and Machine Learning in Autonomous Vehicles,” inProc. Brazilian Symp. Robotics, 2025

    work page 2025

  25. [25]

    Split’n’Cover: ISO 26262 Hardware Safety Analysis with SystemC,

    A. Beckeret al., “Split’n’Cover: ISO 26262 Hardware Safety Analysis with SystemC,”Int. J. Parallel Programming, vol. 53, 2025

    work page 2025

  26. [26]

    Automotive FMEDA: Challenges and Best Practices,

    G. Macheret al., “Automotive FMEDA: Challenges and Best Practices,” inProc. SAFECOMP, 2019, pp. 299–314

    work page 2019

  27. [27]

    HighTec C/C++ Compiler Suite Supports Andes ISO 26262 Certified RISC-V IP,

    Andes Technology, “HighTec C/C++ Compiler Suite Supports Andes ISO 26262 Certified RISC-V IP,” Press Release, 2024

    work page 2024

  28. [28]

    Safety and Security for Automated Driving: Challenges and Solutions,

    R. Bosch GmbH, “Safety and Security for Automated Driving: Challenges and Solutions,” inProc. SAE World Congress, 2021

    work page 2021

  29. [29]

    Framework for Automated Driving System Safety,

    NHTSA, “Framework for Automated Driving System Safety,” U.S. Department of Transportation, 2022

    work page 2022

  30. [30]

    NLP-Based Fault Test Case Generation for ISO 26262 Validation Using BERT and Word2Vec,

    M. Kimet al., “NLP-Based Fault Test Case Generation for ISO 26262 Validation Using BERT and Word2Vec,”Sensors, vol. 24, no. 3, 2024

    work page 2024

  31. [31]

    Functional Safety Assessment for RISC-V Processor IP,

    UL Solutions, “Functional Safety Assessment for RISC-V Processor IP,” Assessment Report, 2023. 11

    work page 2023