class: center, middle # ENOS - A kernel for Energy-Neutral Real-Time Systems with Mixed Criticalities --- # Agenda 1. What are real-time systems? 2. Why care about energy-neutral real-time systems? 3. The design of the ENOS kernel 4. Implementation of ENOS 5. Evaluation 6. Conclusion ??? - First, introduction to real-time systems, then pivoting into energy-neutral real-time systems - After we have the required background, we will walk through the design of the ENOS kernel - Then the implementation of ENOS on a physical device and the test setup - Evaluation of the kernel - Conclude --- # What are real-time systems? - An information processing system which has to respond to external input within a finite and specified period - Correctness is determined by both the logical result and the time it was delivered - Failure to meet the time limit is as wrong as a wrong response ??? - Explain in general the constraints of real-time systems and what make them real-time --- ## Main categories of real-time systems - Hard real-time systems - Deadline overruns can lead to loss of life and/or big financial damage - Often considered safety critical ??? - What you generally think of when hearing real-time system - Examples are: - Flight control - Systems in cars -- - Soft real-time systems - Deadline overruns are tolerable, but not desired - Often connected to QoS ??? - Generally not thought of as real-time systems - Examples are: - Multimedia applications - Game servers -- - Firm real-time systems - The result of the computation if obsolete if the deadline is overrun - Weather forcast system ??? - Not generally thought of as a real-time system - Weather forcasting system is an example - These categories have been mentioned and explained simply to make sure you understand that real-time systems are really only different from non-real-time systems due to their inherit time constraints. - Thus, generally very few limits on what can be a real-time system. --- # Why are about energy-neutral real-time systems? - Computing systems that harvest the entirity of it's available energy from the environment - Energy is just as essential as time - Lifetime is not restricted by their initial battery charge, but by energy from the environment - Especially beneficial where replenishing the energy storage is not possible, e.g. an airborne system - Google's Loon balloon or Facebook's solar drone Aquila ??? - Energy-neutral systems harvest the entirity of it's energy from the environment, like solar or wind. - This mean that energy is just as vital a resource as time, and at times even more vital as we will see. - Because of the energy-neutral property, the lifetime is not restricted by the battery charge as is with numerous embedded systems. - They are simply limited by their ability to extract energy from the environment, meaning the presence of energy sources such as wind and/or sun. - This is especially beneficial where replenishing batteries are not possible, like in an airborne system. - Examples of energy-neutral systems are Google's Project Loon and Facebook's Aquila. --- # The design of the ENOS kernel - Nature of energy-neutral systems result in hard real-time constraints are only guaranteed while running - - Energy query and energy interrupt - Scheduling require information regarding WCET and WCEC - Cannot be precisely measured - Must be estimated; both pessimistically and optimistically ??? - Because energy is such a scarce resource at times, there are times where the system is not running and no time constraints can be upheld. - Energy is scarce, so it is possible to both query the energy level as well as being interrupted by an energy interrupt, which is triggered once the power level falls below a programmed threshold. - Because it is a real-time operating system, we need information regarding the worst-case execution time, and because of the enery-neutral side, we also need the worst-case energy consumption. - The problem with both of these, as many other problems like it; it is either infeasible or impossible to gain perfect knowledge, so the information must be estimated. - Two types of estimates are used; optimistic and pessimistic. - The optimistic estimates(often measurement-based) tend to be quite good, but can be wrong(lower than WCEC and WCET), which is not acceptable - Pessimistic estimate(static path enumeration) tend to be very pessimistic, but can guarantee that the WCEC and WCET are not greater. --- # The design of the ENOS kernel scheduling - Mixed criticalities regarding both energy and time - Scheduling have distinct energy criticality modes - Each energy criticality mode contain an ordered task set - The task sets must not be disjoint, nor super- or subsets - Specific final modes, suspend or emergency ??? - The importance of timeliness and energy change based on the amount of energy left. - Scheduling is split into distinct energy levels, based of the current criticality of energy. Ranging from not critial at all to so critial that we must suspend. - Each energy mode contain a specific set of tasks that are ordered by time criticality. - These sets do not need to be super- or subsets of each other; nor do they have to be disjoint. E.g. a task that should only run when energy is plenty (like sending data), and a task that should only be run when energy is scarce(like an abort and perform an emergency landing in case of a flying drone), and tasks that will be run (pretty much) regardless (like collecting data). - For the drone example, the final energy criticality level would be emergency which it will not return from on it's own, but a stationary system would rather have a suspend mode, which can be switched out of. --- # The design of the ENOS kernel scheduling - Basic switching between energy criticality modes - Increasing mode level threshold - Decreasing mode level threshold - Energy interrupt in the middle of a hyperperiod - Extended mechanism with execution budgets - Surviving blackouts - Suspend-mode - Ferroelectric RAM - Simplifies application programming due to FRAM ??? - Provide two methods for switching between energy criticality modes - Hyperperiod is the execution of an entire task set. - Basic switching guarantee that at least one hyperperiod will be executed before the next switch must take place. - If you want to switch to a lower energy criticality level, there must be at least enough energy to switch back and execute one hyperperiod before switching to an even higher energy criticality level, this to guarantee that all necessary tasks of a set will be completed. - Because this is applied at all levels, it is guaranteed that at least one hyperperiod will and can be executed at a given energy criticality level before it must be changed. - The energy interrupt is fired once there is not enough energy to complete another hyperperiod at the current level, which result in the current hyperperiod finishind and the system switching to a higher energy criticality level. - Another mechanism instead of the basic one just presented is also possible, that allow for a specified number of hyperperiods before switching again. - If the system is solar powered, and there is a solar blackout, the system will eventually end up in suspend mode. - This require the state to be stored 'indefinitely', which is not possible using volatile storage. - Rather than regular RAM, Ferroelectric RAM is used, which is non-volatile - This also simplify the application programming due to the memory always being consistent. --- # Implementation and test setup - Solar cells with supercapacitors for energy storage - Ferroelectric RAM for persistence and a Cortex-M0+ processor - FRAM has great data retention(200 years) and sufficient read/write endurance(up to 10e12 per byte) - WCEC and WCET estimated by 0g ??? - The test setup was using solar cells for energy and supercapacitors for energy storage - FRAM has great data retention - 0g is a framework for assessing the worst-case energy consumption, and was extended to support execution time as well. --- # Evaluation - ENOS is able to operate with up to 17.5% smaller energy budgets due to only considering energy as critical in certain situations - The energy execution budget at the lowest energy criticality level, it over-approximates 4.3% of the actual value measured - But because ENOS has lower energy budgets for lower energy modes, it can switch back 21% and 11% earlier because energy is less critical - ENOS is able to assess the amount of energy available very precisely - The difference between the calulated and observed thresholds for energy mode switching are between 0.3% and 3%. ??? --- # Conclusion - ENOS is the first energy-neutral real-time operating system kernel with both mixed criticalities and mixed constraints. - The result is a resillient system that is able to schedule based on both energy constraints and time.