A Memory Protection Strategy for Resource Constrained Devices in Safety Critical Applications

Abstract

In modern safety-related applications, software has achieved an increasingly critical role. Their safety-critical nature, however, requires special attention: industry-specific functional-safety standards guide designers, developers, integrators, and testers during all phases of the software life-cycle and the final artifacts undergo a rigorous certification process.In the field, it is not uncommon to find very resource-constrained devices performing real-time sensing and actuating tasks. Although these devices, typically microcontroller units, offer a rich plethora of on-chip devices for communication, sensing, and interaction with the physical world, they often have quite reduced computational capabilities, and barely provide memory protection functionalities, relying solely upon rudimentary Memory Protection Units (MPUs). In this perspective, guaranteeing fault-confinement through spatial isolation – i.e., the isolation between the memory used by each of the tasks, as mandated by in force regulations – is quite challenging.In this paper, we present an MPU-based memory management and protection strategy that enables achieving spatial isolation in multi-application real-time operating systems (RTOS) tailored for safety-critical domains, while allowing a good degree of flexibility and combinability. Furthermore, we discuss the implementation of the proposed strategy as part of a RTOS from the industry domain, in order to provide a case-study pertaining to its actual implementation.