Developers of safety-critical real-time systems have to ensure that their systems react within given time bounds. Ideally, the system is designed to provide sufficient computing power and network bandwidth, is cost efficient and provides the necessary safety level. To achieve this goal, three challenges have to be addressed. First, it must be possible to account for timing during early development stages in the architecture exploration phase. Second, during software development, timing behavior and the effects of software changes on timing must be observable. Third, there must be a technology for formally verifying the final timing behavior for industry-size applications.In this article we present a comprehensive methodology for dealing with timing which addresses all three issues based on state-of-the-art commercial tools. AbsInt's TimingExplorer provides execution time estimates for an early code-level ECU exploration, while Symtavision's SymTA/S Architecture Explorer provides execution time budgets for the selected hardware and software at the system level. Gliwa T1 can deliver measurement-based information about the worst-case execution time of basic blocks, the core execution time and the response time of tasks and interrupts. AbsInt's aiT is a static analyzer which determines safe upper bounds for the worst-case execution times of non-interrupted tasks. It can be used during software development as a part of the build process and at the validation stage to provide guaranteed WCET bounds. Both task-level analysis results and measurement information can be fed into the system-level analysis tool SymTA/S from Symtavision, which computes the worst-case response times (WCRTs) of the entire system. For an efficient, integrated flow, all these tools share a common abstraction level and are coupled by well-defined interfaces. Starting from a system model, designers can now seamlessly perform timing budgeting, monitor and observe timing during software development, and do performance optimization and timing verification. This is possible both on the code of individual functions, as well as for function and subsystem integration.