Failure by Design: Influence of the RTOS Interface on Memory Fault Resilience

Soft errors are emerging with the ongoing reduction of structure sizes in current and future hardware designs. This problematic is generally tackled by employing fault detection or tolerance measures from an applications’ point of view. At the same time, research commences to harden the operating system, often considered as remaining single point of failure. Certainly, these measures can effectively treat the symptoms of hardware faults. However, we argue that the operating system design per se can offer an intrinsic resilience against errors. Dynamic operating system designs, often resembling Unix-like interfaces, are obliged to cope with pointers and list-based data structures to provide the demanded flexibility. In contrast, especially in the domain of embedded systems this flexibility is often not needed. Here, static system designs can be deployed, which allow to avoid error-prone pointer-based memory operations. We believe, that a fully static system design can enhance the resilience against memory errors solely by reduced memory consumption and inherently more robust data structures. This paper studies the influences of memory faults on both, a dynamic and a fully static embedded operating system. Extensive injection campaigns, covering the entire fault space within the kernel data structures, will show that even when applying hardware-based fault detection mechanisms to a dynamic kernel, a static kernel design is still more than 75 percent less susceptible to silent data corruptions.