Real-time middleware services must guarantee predictable performance under
specified load and failure conditions, and ensure graceful degradation when
these conditions are violated. Guaranteed predictable performance typicall
y entails reservation of resources and use of admission control. Graceful d
egradation, on the other hand, requires dynamic reallocation of resources t
o maximize the application-perceived system utility while coping with unant
icipated overload and failures. We propose a model for quality-of-service (
QoS) negotiation in building real-time services to meet both of the above r
equirements. QoS negotiation is shown to 1) outperform "binary" admission c
ontrol schemes (either guaranteeing the required QoS or rejecting the servi
ce request), 2) achieve higher application-perceived system utility, and 3)
deal with violations of the load and failure hypotheses. We incorporated t
he proposed QoS-negotiation model into an example real-time middleware serv
ice, called RTPOOL, which manages a distributed pool of shared computing re
sources (processors) to guarantee timeliness QoS for real-time applications
. In order to guarantee timeliness QoS, the resource pool is encapsulated w
ith its own schedulability analysis, admission control, and load-sharing su
pport. This support differs from others in that it adheres to the proposed
QoS-negotiation model. The efficacy and power of QoS negotiation are demons
trated for an automated flight control system implemented on a network of P
Cs running RTPOOL. This system is used to fly an F-16 fighter aircraft mode
led using the Aerial Combat (ACM) F-16 Flight Simulator. Experimental resul
ts indicate that QoS negotiation, while maintaining real-time guarantees, e
nables graceful QoS degradation under conditions in which traditional sched
ulability analysis and admission control schemes fail.