\documentclass[10pt,conference,a4paper]{IEEEtran}

\usepackage{fontspec}

\usepackage{unicode-math}

\setmainfont{Latin Modern Roman}

\setsansfont{Latin Modern Sans}

\setmonofont{Latin Modern Mono}

\setmathfont{Latin Modern Math}

\usepackage{amsmath}

\usepackage{mathtools}

\usepackage{amsthm}

\usepackage{aliascnt}

\newtheoremstyle{radfi-plain}%

{0.4em}{0.4em}{\itshape}{0pt}{\bfseries}{.}{0.5em}{}%

\theoremstyle{radfi-plain}

\newtheorem{definition}{Definition}[section]

\newaliascnt{theoremaux}{definition}

\newtheorem{theorem}[theoremaux]{Theorem}

\aliascntresetthe{theoremaux}

\newaliascnt{lemmaaux}{definition}

\newtheorem{lemma}[lemmaaux]{Lemma}

\aliascntresetthe{lemmaaux}

\newtheoremstyle{radfi-remark}%

{0.4em}{0.4em}{}{0pt}{\bfseries}{.}{0.5em}{}%

\theoremstyle{radfi-remark}

\newtheorem*{remark}{Remark}

\usepackage{booktabs}

\usepackage{tabularx}

\usepackage{multirow}

\usepackage{graphicx}

\usepackage{listings}

\usepackage{xcolor}

\lstset{

basicstyle=\ttfamily\footnotesize,

breaklines=true,

showstringspaces=false,

commentstyle=\itshape\color{gray!70!black},

keywordstyle=\bfseries,

language=C,

numbers=none,

xleftmargin=0.5em,

}

\usepackage{xurl}

\usepackage{seqsplit}

\usepackage[backend=biber,style=ieee,sorting=none,maxbibnames=5,

doi=true,url=true,isbn=false]{biblatex}

\addbibresource{refs.bib}

\usepackage{hyperref}

\hypersetup{

colorlinks=true,

linkcolor=blue!50!black,

citecolor=blue!50!black,

urlcolor=blue!50!black,

pdftitle={RadFI v1: An Algebraic Fault Injection Operator for Empirical Filesystem Resilience Validation},

pdfauthor={Aurelien DESBRIERES},

pdfsubject={Fault injection; SEU emulation; Filesystem resilience; Falsification; Linux kernel},

pdfkeywords={RadFI, fault injection, SEU emulation, filesystem resilience, falsification, BEAMFS, Reed-Solomon, Linux kernel, kprobe},

}

\usepackage[capitalize,noabbrev]{cleveref}

\crefname{theoremaux}{Theorem}{Theorems}

\Crefname{theoremaux}{Theorem}{Theorems}

\crefname{lemmaaux}{Lemma}{Lemmas}

\Crefname{lemmaaux}{Lemma}{Lemmas}

\usepackage{microtype}

\usepackage{xspace}

\usepackage{enumitem}

\usepackage{placeins}

\setlist{nosep,leftmargin=1.5em}

\title{\large\bfseries RadFI:\\

An Algebraic Fault Injection Operator for\\

Empirical Filesystem Resilience Validation\\

\normalsize\mdseries Falsifying Recovery Theorems through\\

Controlled SEU Emulation in the Linux Kernel\\

\small\itshape Technical Report -- Version 1}

\author{%

\IEEEauthorblockN{Aur\'elien Desbri\`eres \textemdash{} Independent researcher}

\IEEEauthorblockA{\href{https://orcid.org/0009-0002-0912-9487}{ORCID:~0009-0002-0912-9487} \quad

\texttt{[email protected]}}

}

\begin{document}

\begin{IEEEkeywords}

Fault injection, Single-event upset emulation, Filesystem resilience,

Falsification, Reed--Solomon, Linux kernel, kprobe, Recovery calculus,

BEAMFS, Empirical validation

\end{IEEEkeywords}

\begin{abstract}

\input{sections/00-abstract}

\end{abstract}

\input{sections/01-introduction}

\input{sections/02-threat-model}

\input{sections/03-perturbation-operator}

\input{sections/04-faithfulness-theorem}

\input{sections/05-from-math-to-code}

\input{sections/06-empirical-contribution}

\input{sections/07-scope-limitations}

\input{sections/08-conclusion}

\input{sections/09-reproducibility}

\input{sections/10-appendix-faithfulness-proof}

\end{document}

@misc{desbrieres2026beamfsv1,

author = {Aur{\'e}lien Desbri{\`e}res},

title = {{FTRFS}: {B}ringing Radiation-Robust Filesystem Principles to Contemporary {L}inux},

year = 2026, month = apr,

note = {Technical Report v1 (lineage paper; v1 Theorem IV.1 retracted following

falsification reported in the present paper)},

doi = {10.5281/zenodo.19824442},

url = {https://doi.org/10.5281/zenodo.19824442},

}

@misc{desbrieres2026beamfsv2,

author = {Aur{\'e}lien Desbri{\`e}res},

title = {{BEAMFS} v2: {A} {L}inux Filesystem with Electromagnetic Resilience

and {R}eed--{S}olomon Recovery},

year = 2026, month = apr,

note = {Technical Report v2. Companion to the present methodology paper.

commit \texttt{52260d0}.},

url = {https://github.com/roastercode/beamfs/tree/v1.0.0-paper-zenodo-pending/papers/2026-04-beamfs-v2},

}

@article{carreira1998xception,

author = {Jo{\~a}o Carreira and Henrique Madeira and Jo{\~a}o Gabriel Silva},

title = {{Xception}: {A} technique for the experimental evaluation of

dependability in modern computers},

journal = {IEEE Transactions on Software Engineering},

volume = 24, number = 2, pages = {125--136}, year = 1998,

doi = {10.1109/32.666826},

}

@article{hsueh1997faultinjection,

author = {Mei-Chen Hsueh and Timothy K. Tsai and Ravishankar K. Iyer},

title = {Fault injection techniques and tools},

journal = {Computer},

volume = 30, number = 4, pages = {75--82}, year = 1997,

doi = {10.1109/2.585157},

}

@inproceedings{giuffrida2013edfi,

author = {Cristiano Giuffrida and Anton Kuijsten and Andrew S. Tanenbaum},

title = {{EDFI}: {A} dependable fault injection tool for dependability

benchmarking experiments},

booktitle = {Proc. IEEE 19th Pacific Rim Int. Symp. Dependable Computing},

year = 2013, pages = {31--40},

doi = {10.1109/PRDC.2013.12},

}

@article{dodd2003seu,

author = {P. E. Dodd and L. W. Massengill},

title = {Basic mechanisms and modeling of single-event upset in digital

microelectronics},

journal = {IEEE Transactions on Nuclear Science},

volume = 50, number = 3, pages = {583--602}, year = 2003,

doi = {10.1109/TNS.2003.813129},

}

@article{baumann2005softerrors,

author = {R. C. Baumann},

title = {Radiation-induced soft errors in advanced semiconductor technologies},

journal = {IEEE Transactions on Device and Materials Reliability},

volume = 5, number = 3, pages = {305--316}, year = 2005,

doi = {10.1109/TDMR.2005.853449},

}

@article{petersen1996crosssection,

author = {E. L. Petersen},

title = {Cross section measurements and upset rate calculations},

journal = {IEEE Transactions on Nuclear Science},

volume = 43, number = 6, pages = {2805--2813}, year = 1996,

doi = {10.1109/23.556870},

}

@book{corbet2005ldd3,

author = {Jonathan Corbet and Alessandro Rubini and Greg Kroah-Hartman},

title = {Linux Device Drivers},

edition = {3rd},

publisher = {O'Reilly Media},

year = 2005,

note = {Block layer chapter; bio submission API has evolved,

see kernel source \texttt{block/blk-core.c} for current API.},

}

@article{blackman2021xoshiro,

author = {David Blackman and Sebastiano Vigna},

title = {Scrambled linear pseudorandom number generators},

journal = {ACM Transactions on Mathematical Software},

volume = 47, number = 4, year = 2021,

note = {article 36},

doi = {10.1145/3460772},

}

@misc{kernel-highmem,

author = {{Linux kernel contributors}},

title = {Highmem and \texttt{kmap\_local\_page} documentation},

howpublished = {Linux kernel source tree, \texttt{Documentation/mm/highmem.rst}},

year = 2026,

url = {https://www.kernel.org/},

}

@inproceedings{klein2009sel4,

author = {Gerwin Klein and others},

title = {{seL4}: {F}ormal verification of an {OS} kernel},

booktitle = {Proc. 22nd ACM SIGOPS Symp. Operating Systems Principles ({SOSP})},

year = 2009, pages = {207--220},

doi = {10.1145/1629575.1629596},

}

@misc{corbet2017kprobes,

author = {Jonathan Corbet},

title = {Notes on the kprobes interface},

howpublished = {LWN.net},

year = 2017,

url = {https://lwn.net/Articles/132196/},

}

@misc{kernel-kprobes,

author = {{Linux kernel contributors}},

title = {kprobes documentation},

howpublished = {Linux kernel source tree, \texttt{Documentation/trace/kprobes.rst}},

year = 2026,

url = {https://www.kernel.org/},

}

@book{popper1959logic,

author = {Karl R. Popper},

title = {The Logic of Scientific Discovery},

publisher = {Hutchinson},

address = {London},

year = 1959,

}

@misc{beamfs-impl,

author = {Aur{\'e}lien Desbri{\`e}res},

title = {{BEAMFS} reference implementation and on-disk format specification},

howpublished = {\texttt{roastercode/beamfs}, on-disk format normatively specified

in \texttt{Documentation/format-v4.md}},

year = 2026, month = apr,

url = {https://github.com/roastercode/beamfs},

}

@article{lecam1960poisson,

author = {Lucien {Le Cam}},

title = {An approximation theorem for the {P}oisson binomial distribution},

journal = {Pacific Journal of Mathematics},

volume = 10, number = 4, pages = {1181--1197}, year = 1960,

}

We present RadFI, an algebraic fault injection operator for the

empirical validation of filesystem resilience theorems. RadFI is the

falsification counterpart to the BEAMFS recovery

calculus~\cite{desbrieres2026beamfsv1}: where BEAMFS defines a

recovery operator \(\mathcal{G}\) that drives a corrupted filesystem

state back to consistency or to fail-closed, RadFI defines a

perturbation operator \(\varepsilon\) that injects controlled

bit-flips into the bio-layer payload of an instrumented filesystem,

modelling the action of a Single-Event Upset on volatile memory

transit between user space and storage.

We define \(\varepsilon\) formally over the same state space

\(\mathcal{S}\) used by BEAMFS, formulate a faithfulness property as

the statistical indistinguishability of \(\varepsilon\) from the

canonical SEU model under stated hypotheses, and derive a Linux

kernel implementation path through kprobe-based runtime

instrumentation. Three families of perturbation are treated:

write-side bit-flips on bio payloads bound for storage, read-side

bit-flips on bio payloads returning from storage (DRAM-bidirectional

model), and targeted block-level injection through a

sector-granularity filter.

This Technical Report v1 reports two empirical results obtained with

RadFI v0.1.0 to v0.1.2 against the BEAMFS implementation lineage.

First, on 2026-04-28, RadFI v0.1.0 produced a controlled bit-flip

pattern that the BEAMFS v1 recovery operator failed to correct,

exhibiting a state \(s\) such that

\(\mathcal{G}(\varepsilon(s)) \not\models\) and

\(\mathcal{G}(\varepsilon(s)) \neq \bot\). This is a counter-example

to the soundness theorem of~\cite{desbrieres2026beamfsv1} under the

actual perturbation distribution implementable by RadFI, which led

the BEAMFS author to retract Theorem IV.1 and revise the threat

model from radiation-only (v1) to full electromagnetic resilience

(v2 EMR). Second, on 2026-04-29, byte-level disk corruption of a

BEAMFS v2 INLINE-formatted filesystem

(\(\mathrm{RS}(255,239) \times 16\) per-block protection scheme)

was successfully recovered by the kernel module's

\texttt{read\_folio} path, with autonomic in-place repair persisting

the correction byte-perfect to disk. This is corroboration, not

proof, of the revised v2 recovery properties pending formal Theorem

v2.1 in~\cite{desbrieres2026beamfsv2}.

The reference implementation source is held in a private repository

(\texttt{roastercode/radfi}) pending coordinated public release

with this methodology paper. A reproducibility statement is provided in

Section~\ref{sec:repro}.