Google Git
Sign in
eclipse / www.eclipse.org / proposals / 05809a8f6fda4552c089851b0af89921ddc3d082 / . / polarsys.chess / proposal.html
blob: 11941a1bc1287600de958769703c4827be981420 [file] [log] [blame]
<!--
This document is provided as a template along with some guidance for creating
your project proposal. This is just a template. Feel free to change it as
you see fit (add sections, remove section). We feel, however, that the
suggestions represented in this document represent the reasonable minimum
amount of information to move forward.
Please keep the formatting in this document simple. Please do not edit
this document in Microsoft Word as it adds huge piles of markup that make
it difficult to restyle.
More information is available here:
http://wiki.eclipse.org/Development_Resources/HOWTO/Pre-Proposal_Phase
Direct any questions about this template to emo@eclipse.org
-->
<html>
<head>
<!--
Include the title here. We will parse it out of here and include it on the
rendered webpage. Do not duplicate the title within the text of your page.
-->
<title>CHESS</title>
</head>
<!--
We make use of the 'classic' HTML Definition List (dl) tag to specify
committers. I know... you haven't seen this tag in a long while...
-->
<style>
dt {
display: list-item;
list-style-position: outside;
list-style-image:
url(/eclipse.org-common/themes/Phoenix/images/arrow.gif);
margin-left: 16px;
}
dd {
margin-left: 25px;
margin-bottom: 5px;
}
</style>
<body>
<p>
The CHESS (Composition with Guarantees for High-integrity Embedded
Software Components Assembly) project (<a
href="http://www.chess-project.org">www.chess-project.org</a>)
is a proposed open source project under the <a
href="http://polarsys.org/">Polarsys Top Level Project</a>.
</p>
<p>
This proposal is in the Project Proposal Phase (as defined in the
Eclipse Development Process) and is written to declare its intent and
scope. We solicit additional participation and input from the
Eclipse community. Please send all feedback to the <a
href="http://www.eclipse.org/forums/eclipse.proposals">Eclipse
Proposals</a> Forum.
</p>
<h2>Background</h2>
<p>Distributed dependable real-time embedded software systems, like
Satellite on board software, are becoming increasingly complex due to
the demand for extended functionalities or the reuse of legacy code
and components. Model-Driven Engineering (MDE) approaches are good
solutions to help build such complex systems. Addressing domain
specific modeling (like component description and interaction,
real-time constraints, ...) while keeping the flexibility and
generality offered by languages like UML is a challenge in a context
where software must be qualified according to safety and reliability
standards.</p>
<p>That's why the CHESS project was created to address the
development of high-integrity embedded systems by combining
component-based development on top of model driven engineering and
addressing dependability and real-time specific constraints.</p>
<h2>Scope</h2>
<p>The CHESS project provides a model-driven, component-based
methodology [1] and tool support for the development of high-integrity
systems for different domains. The methodology is particularly suited
for space systems and industrial domains.</p>
<p>Thanks to a dedicated MARTE and UML profile and associated
tooling, CHESS addresses solutions to problems of property-preserving
component assembly in real-time and dependable embedded systems, and
supports the description, verification, and preservation of real-time
properties (like sporadic/periodic activation patterns, worst case
execution time, deadline) of software components at the level of
component design down to the execution level.</p>
<p>CHESS also addresses the description and verification of system
and component dependability properties (like fault, error, failures
and failures propagations); however it is worth mentioning here that the
dependability support (also described later in the proposal) is not
part of the current CHESS contribution.</p>
<p>CHESS tooling extends Papyrus editor to properly support the
CHESS methodology, in particular allowing working with different views on
the model including requirements, system, components, deployment and
analysis view.</p>
<h2>Description</h2>
<p>CHESS implements the CHESS UML profile, a specialization of the
Modeling and Analysis of Real-Time and Embedded Systems (MARTE)
profile, by producing extensions to Papyrus that provide
component-based engineering methodology and tool support for the
development of high-integrity embedded systems in different domains
like satellite on board systems</p>
<p>The CHESS tool environment is composed by: (1) a MARTE/UML
profile, (2) an extension to the Papyrus UML graphical editor that
supports the notion of design views, (3) a model validator that
assesses the well-formedness of the model before model transformations
can be undertaken, and (4) a set of model to model and model to text
transformations, the former for the purpose of model-based
schedulability and dependability analysis and the latter for code
generation toward multiple language targets.</p>
<h3>CHESS Profile</h3>
<p>The CHESS UML profile [1]:</p>
<ul>
<li>restricts the set of MARTE and UML entities that can be
created in the CHESS model,</li>
<li>provides the set of stereotypes required to enable the user
to work with the CHESS component model,</li>
<li>provides some MARTE stereotypes extensions to allow the
specification of computation-independent real-time properties,</li>
<li>defines a new set of stereotypes for the support of
dependability modeling.</li>
</ul>
<h3>CHESS Editor</h3>
<p>The CHESS editor extends the Papyrus UML editor and is activated
when a CHESS model is created or opened (see Figure 1).</p>
<p>A CHESS model is a UML model with the CHESS profile applied to
it; creating a CHESS model and applying the CHESS profile can be done
using a dedicated wizard.</p>
<p>The CHESS editor allows working with the Papyrus UML by using
the CHESS design views. Each design view applies specific constraints
on the UML diagrams and entities that can be created, viewed or edited
in that view.</p>
<p>The CHESS editor allows switching between views. It also keeps
the status of the current view and during the modeling activity
prevents the modeler from violating the constraints defined for the
current diagram-view pair.</p>
<p>The native Papyrus palettes have been customized in order to
show only the entities that are allowed to be created in the current
diagram view.</p>
<h5>CHESS Views</h5>
<p>The views defined in CHESS are the requirement, system,
component, deployment and analysis views.</p>
<p>The requirement view is used to model requirements by using the
standard requirement diagram from SysML.</p>
<p>The system view is used to model system entities by using SysML;
it is an ongoing development that has been recently introduced in
CHESS in order to support the system to software co-engineering phase.</p>
<p>The component view is used to model CHESS software components
(also called the PIM model): is actually composed by two sub-views,
the functional and the extra-functional ones, according to the CHESS
separation of concerns principle.</p>
<p>The functional view allows the functional specification of the
CHESS components (see Figure 1 and Figure 2).</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image002.png" />
</p>
<p>Figure 1: Component View - Functional View - Component Types</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image004.jpg" />
</p>
<p>Figure 2: Component View - Functional View - Component Instances</p>
<p>The extra functional view (see Figure 3) allows the
specification of real time properties like periodic and sporadic
activation patterns, worst-case execution time and deadline. Regarding
dependability it supports the specification of error models (i.e.
fault-error-failure chains) for software and offers the possibility for the
user to specify probabilistic values related to fault occurrence and
failure propagation between components.</p>
<p></p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image006.jpg" />
</p>
<p>Figure 3: Component View - Extra Functional View - Component
Instances</p>
<p>The deployment view (Figure 4) is used to describe the hardware
platform where the software runs (i.e. CPUs, buses) and software to
hardware components allocation. Dependability properties can be
provided for the hardware as for the software components. Moreover
failures propagation from hardware to software can be specified.</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image008.jpg" />
</p>
<p>Figure 4: Deployment View - HW Component instance and SW
allocation</p>
<p>The analysis view (Figure 5) is used to provide information
needed to run the specific analysis; in particular it is currently
useful to set the information about the dependability measure of
interest (i.e. reliability or availability) that needs to be evaluated.</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image010.jpg" />
</p>
<p>Figure 5: Analysis View</p>
<h3>Model validator</h3>
<p>For reasons of practicality, not all the constraints posed by
the CHESS methodology on the model formalisms and contents can be
enforced on the fly during user modeling; some of them must be checked
in a batch mode. To this end the CHESS editor extends the standard UML
model validator which ad-hoc checks that the user model
conforms with the constraints imposed by the CHESS methodology, for example
the well-formedness of entities, attributes, relations.</p>
<p></p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image012.png" />
</p>
<p>Figure 6: Invoking CHESS model validator</p>
<h3>Model transformations</h3>
<p>CHESS supports model-based analysis of the systems for
schedulability and dependability, as well as code generation from
model. Both features are implemented through model transformations
which are invoked through the CHESS editor menu.</p>
<h4>Schedulability Analysis and Ada 2005 Code Generation</h4>
<p>Schedulability analysis allows the calculation of the worst case
response time for each declared periodic or sporadic activity. The
analysis results are back propagated to the proper PIM components,
also a summary report is provided to the user (see Figure 7). The
intent of the back-propagation feature is that the user need not be
concerned with the specifics of the analysis tool and need not learn
its input and output formats: back-propagation decorates the user
model with the relevant information that results from the analysis in
full transparency from the analysis engine and its actual operation.</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image014.png" />
</p>
<p>Figure 7: Schedulability Analysis Report</p>
<p>The real-time properties of interest like period, offset and
minimal inter-arrival time are specified in the model through a
dedicated declarative language defined in the CHESS profile. The
aforementioned properties are then automatically applied to the model
implementation through model transformation in accord with the
computational model chosen by the user. At the present time, CHESS
supports the Ravenscar Computational Model [2] which meets the
requirements of a large spectrum of real-time application domains. The
generated implementation (called the PSM, for platform-specific model)
is then given in input to the schedulability analysis and it also used
during the code generation phase:</p>
<p>The preservation of other real-time properties related to the
execution time like WCET and deadline is also enforced in the
generated code through dedicated checks by using specific API of the
target run-time environment (this feature is an on-going development).</p>
<p>This approach guarantees the preservation of the real-time
properties statically assumed in the PIM and PSM models, and verified
by the analysis down to the code.</p>
<p>The schedulability analysis is performed by using an adaptation
of the third-party MAST tool developed and distributed by the
University of Cantabria [3].</p>
<p>Regarding the transformation chain (Figure 7), first the CHESS
PIM is transformed into the PSM model by using QVT-o. Then the PSM is
transformed into the MAST input by using Acceleo and Java. Regarding
the back propagation, Java is used first to load the MAST results into
the PSM, then QVT-o traces are used to propagate the results back to
the PIM model</p>
<p>
<img width="400" src="CHESS%20proposal%2020131008_file/image016.png" />
</p>
<p>Figure 8: transformation chain</p>
<p>Acceleo and Java services are then used to generate the Ada 2005
code from the PSM.</p>
<h2>Why Polarsys?</h2>
<p>Adding CHESS to the PolarSys portfolio is a good way to serve
the Space industry community which has expressed interest in and
support for the CHESS concept, method, and features, and to reach out
to new industry domains likes Aerospace, Railway, Automotive or
Telecommunications, some of which have already been exposed to CHESS
with good reverberations.</p>
<h2>Initial Contribution</h2>
<p>The proposed initial contribution includes the following
features:</p>
<p>The CHESS Editor supporting the CHESS Methodology, this editor
is developed by means of a number of extensions and plug-ins for
Papyrus, including support for design through views.</p>
<p>Integration of PIM to PSM transformation with QVT, and code
generation for ADA 2005 with Acceleo</p>
<p>Integration of PSM to MAST for schedulability analysis and MAST
to PIM back annotation transformations .</p>
<h2>Legal Issues</h2>
<p>All the code of to the initial contribution is provided by
Intecs and the University of Padova under EPL.</p>
<h2>Committers</h2>
<p>The following individuals are proposed as initial committers to
the project:</p>
<dl>
<dt>Stefano Puri, INTECS</dt>
<dd>Stefano is a committer on the CHESS methodology basis and on
the related toolset development where he made significant
contributions over many years. He will coordinate and contribute to
the extension, qualification and maintenance of the CHESS
capabilities in this new project.</dd>
<dt>Nicholas Pacini, INTECS</dt>
<dd>Nicholas provided significant contributions to the existing
code base. He will contribute to the development and qualification
activities in this new project.</dd>
<dt>Lei PI, INTECS</dt>
<dd>Lei is involved in Topcased since 2006, he will contribute to
smooth the integration of CHESS projects in the Polarsys bundles.</dd>
<dt>Alessandro Zovi, University of Padova</dt>
<dd>Alessandro was a key developer of the CHESS toolset and in
that effort he acquired profound knowledge of the Eclipse stack and
of the Papyrus internals. He will coordinate with Stefano Puri in all
the activities related with the CHESS evolution to Polarsys.</dd>
</dl>
<p>We welcome additional committers and contributions.</p>
<h2>Project Leads</h2>
<dl>
<dt>Silvia Mazzini, Intecs</dt>
<dd>Silvia MAZZINI has more than 25 years of experience in the
System and Software Engineering field. She is Methodologies and
R&amp;D Manager at Intecs, where she is involved both in technical
leadership and management activities in the context of several
international industrial and research projects. Ms. Mazzini took her
master degree in Computer Science at Pisa University in Italy.</dd>
<dt>Tullio Vardanega, University of Padova</dt>
<dd>Tullio has a curriculum that traverses organizational,
industrial, didactic and research work, for a total span of 25 years
of professional activity. With a master degree in Computer Science at
the University of Pisa in Italy, a PhD in Computer Science at the
Technical University of Delft (Netherlands), an 11-year period of
service at the European Space Agency, vast experience with the
conception, evaluation, review and execution of international
collaborative research projects, he is now an associate professor at
the University of Padova in Italy where he runs a group of nearly a
dozen young collaborators from graduate to doctoral to post-doc
students.</dd>
</dl>
<h2>Mentors</h2>
<p>The following Architecture Council members will mentor this
project:</p>
<ul>
<li>Maximilian Koegel</li>
<li>Jonas Helming</li>
</ul>
<h2>Interested Parties</h2>
<p>The following individuals, organisations, companies and projects
have expressed interest in this project:</p>
<ul>
<li>CNES</li>
<li>Airbus</li>
<li>Astrium</li>
<li>Obeo</li>
</ul>
<h2>Project Scheduling</h2>
<ul>
<li>Creation - November 2013</li>
<li>CHESS roadmap</li>
</ul>
<h2>Changes to this Document</h2>
<table border="0" cellpadding="0">
<tbody>
<tr>
<td>
<p>Date</p>
</td>
<td>
<p>Change</p>
</td>
</tr>
<tr>
<td>
<p>3-May-2013</p>
</td>
<td>
<p>Document created</p>
</td>
</tr>
<tr>
<td>
<p>08-October-2013</p>
</td>
<td>
<p>Added description about CHESS editor and model
transformations.</p>
</td>
</tr>
<tr>
<td>
<p>18-October-2013</p>
</td>
<td>
<p>Document Review.</p>
</td>
</tr>
</tbody>
</table>
<p></p>
<h2>References</h2>
<ol>
<li>D2.3.2 - Multi-concern Component Methodology (MCM) and
Toolset, Version 1.0 ,10 January 2012, CHESS public deliverables
available at <a href="http://www.chess-project.org/page/results">http://www.chess-project.org/page/results</a>
</li>
<li>A. Burns, B. Dobbing, T. Vardanega. Guide to the Use of the
Ada Ravenscar Profile in High Integrity Systems. Technical Report
YCS-2003-348. University of York (UK), 2003. Available at <a
href="http://www.sigada.org/ada_letters/jun2004/ravenscar_article.pdf">http://www.sigada.org/ada_letters/jun2004/ravenscar_article.pdf</a>
</li>
<li>Universidad de Cantabria. Mast: Modeling and Analysis Suite
for Real-Time Applications. <a href="http://mast.unican.es/">http://mast.unican.es/</a>
</li>
</ol>
</body>
</html>