A key requirement in the development of a real-time system is the ability to demonstrate that the final target system has met its specified timing requirements. This can be carried out by constructing a model of system timing behaviour that can be used to make predictions about worst-case performance in terms of maximum response times, communication delays, delay variations and resource utilisation. In order to develop a modelling solution that is scalable, however, the timing analysis model must be constructed with this goal specifically in mind.
Scalability of the timing analysis solution can ultimately be achieved by meeting two key modelling objectives:
Partitionable Analysis
It was recognised by Audsley et al (1993) that the holistic nature of timing analysis models for distributed real-time systems (the inability to analyse the system in part due to circular inter-dependencies in the model) arises due to a combination of functional and physical integration effects. It therefore follows that the model could be partitioned by placing appropriate restrictions on the manner in which integration of the system software and hardware components is performed as follows:
- •
Functional partitioning: Constraints on data communication and ordering/ precedence relationships between related software components;
- •
Physical partitioning: Constraints on resource sharing policies (scheduling and communication protocols).
Functional partitioning can be implemented by breaking up end-to-end transactions (sequences of processing and communication activities required to meet some higher level system objective) into individual components based purely on knowledge of the end-to-end timing requirements of the system (and the transaction topology). The net result is that the timing behaviour of groups of software components allocated to individual processors (and other resources) can potentially be analysed independently.
Functional partitioning, in its extreme, results in a ‘federated’ timing analysis model where resource boundaries in the physical architecture dictate the partitions in the timing model. The resulting model can only be applied/evaluated after the physical integration stage of system development has been performed, i.e. the allocation of software components to hardware processors (and other resources) has been defined and the details of the scheduling solution and communication protocols have been finalised.
Physical partitioning can be implemented by applying resource scheduling mechanisms that support temporal partitioning between the components being scheduled. The net result is that the timing behaviour of functionally-dependent groups of components, ie. end-to-end transactions, can be analysed independently. This offers some key advantages over functional partitioning. Firstly, for systems that embody a degree of safety-critical functionality, this means that there is inherent temporal isolation between safety-critical and non-safety-critical software components that share processing resources and/or communication media. Secondly, and more generally from the perspective of an overall system engineering process, there is potential for supporting independent development and verification of groups of functionally-related components for a target computing environment that is physically integrated. Moreover, the analysis can potentially be applied before the physical integration stage of development has been performed, i.e. much earlier in the development life of the system.
The Reservation-Based Analysis (RBA) method described in this chapter uses a physical partitioning approach throughout but also supports functional partitioning with the guideline that this is to be used sparingly. Before going on to describe RBA, the second of the two key modelling requirements is discussed below.