Microcontrollers pose a challenge to software development as they have very limited resources and are expected to run for years without failure. For complex applications a real-time operating system (RTOS) is typically used. C is predominantly chosen for these systems and applications for its efficiency. But the language strongly relies on unsafe void pointer casting to pass data around. This can lead to obscure behavior and system crashes at runtime.

The objective of the Bern RTOS is to overcome these issues by implementing a fail-safe RTOS from scratch. Rust was chosen as programming language, because it offers strong guaranties such as memory-safety and thread-safety at compile time. In this first project the goal was to define a concept for Bern RTOS, which will serve as a baseline for the implementation in the next project. In order to work out a concept, though, we must first familiarize ourselves with RTOS internals and Rust on embedded systems.

A comparison of existing RTOS shows that the target application has shifted from general purpose towards internet of things (IoT). This is indicated by the support of network stacks and the recent interest in RTOS from cloud computing providers. Similar to the Bern RTOS, IoT targeted systems also value safety and security. The analysis also shows how Silicon Labs μC/OS-III implements a scheduler and synchronization. And further, how Zephyr from the Linux Foundation is structured and what tools it provides.

The Rust programming language is introduced with an overview of its characteristics, such as ownership model and type system. A demo application on a microcontroller proves that the language is capable of generating efficient and stable code. A generic yet strong type system allows writing portable device drivers.

Based on the RTOS analysis and the introduction into Rust, a concept and an architecture draft for the Bern RTOS is developed. To achieve a fail-safe system, the Bern RTOS will rely on Rust to catch as many bugs at compile time as possible and on memory protection hardware to keep a faulty task from crashing the whole system.

In the next project we will have to prove the concept and start with the implementation of the Bern RTOS.