<!-- 
	This document is provided as a template along with some guidance for creating
	your project proposal. This is just a template. Feel free to change it as
	you see fit (add sections, remove section). We feel, however, that the
	suggestions represented in this document represent the reasonable minimum
	amount of information to move forward.
	
	Please keep the formatting in this document simple. Please do not edit 
	this document in Microsoft Word as it adds huge piles of markup that make
	it difficult to restyle.
	
	More information is available here:
	
	http://wiki.eclipse.org/Development_Resources/HOWTO/Pre-Proposal_Phase
	
	Direct any questions about this template to emo@eclipse.org
 -->

<html>
<head>

<!-- 
	Include the title here. We will parse it out of here and include it on the
	rendered webpage. Do not duplicate the title within the text of your page.
 -->

<title>CHESS</title>
</head>

<!-- 
	We make use of the 'classic' HTML Definition List (dl) tag to specify
	committers. I know... you haven't seen this tag in a long while...
 -->

<style>
dt {
	display: list-item;
	list-style-position: outside;
	list-style-image:
		url(/eclipse.org-common/themes/Phoenix/images/arrow.gif);
	margin-left: 16px;
}

dd {
	margin-left: 25px;
	margin-bottom: 5px;
}
</style>

<body>

	<p>
		The CHESS (Composition with Guarantees for High-integrity Embedded
		Software Components Assembly) project (<a
			href="http://www.chess-project.org">www.chess-project.org</a>)
		is a proposed open source project under the <a
			href="http://polarsys.org/">Polarsys Top Level Project</a>.
	</p>

	<p>
		This proposal is in the Project Proposal Phase (as defined in the
		Eclipse Development Process) and is written to declare its intent and
		scope. We solicit additional participation and input from the
		Eclipse community. Please send all feedback to the <a
			href="http://www.eclipse.org/forums/eclipse.proposals">Eclipse
			Proposals</a> Forum.
	</p>

	<h2>Background</h2>

	<p>Distributed dependable real-time embedded software systems, like
		Satellite on board software, are becoming increasingly complex due to
		the demand for extended functionalities or the reuse of legacy code
		and components. Model-Driven Engineering (MDE) approaches are good
		solutions to help build such complex systems. Addressing domain
		specific modeling (like component description and interaction,
		real-time constraints, ...) while keeping the flexibility and
		generality offered by languages like UML is a challenge in a context
		where software must be qualified according to safety and reliability
		standards.</p>

	<p>That's why the CHESS project was created to address the
		development of high-integrity embedded systems by combining
		component-based development on top of model driven engineering and
		addressing dependability and real-time specific constraints.</p>

	<h2>Scope</h2>

	<p>The CHESS project provides a model-driven, component-based
		methodology [1] and tool support for the development of high-integrity
		systems for different domains. The methodology is particularly suited
		for space systems and industrial domains.</p>

	<p>Thanks to a dedicated MARTE and UML profile and associated
		tooling, CHESS addresses solutions to problems of property-preserving
		component assembly in real-time and dependable embedded systems, and
		supports the description, verification, and preservation of real-time
		properties (like sporadic/periodic activation patterns, worst case
		execution time, deadline) of software components at the level of
		component design down to the execution level.</p>

	<p>CHESS also addresses the description and verification of system
		and component dependability properties (like fault, error, failures
		and failures propagations); however it is worth mentioning here that the
		dependability support (also described later in the proposal) is not
		part of the current CHESS contribution.</p>

	<p>CHESS tooling extends Papyrus editor to properly support the
		CHESS methodology, in particular allowing working with different views on
		the model including requirements, system, components, deployment and
		analysis view.</p>

	<h2>Description</h2>

	<p>CHESS implements the CHESS UML profile, a specialization of the
		Modeling and Analysis of Real-Time and Embedded Systems (MARTE)
		profile, by producing extensions to Papyrus that provide
		component-based engineering methodology and tool support for the
		development of high-integrity embedded systems in different domains
		like satellite on board systems</p>

	<p>The CHESS tool environment is composed by: (1) a MARTE/UML
		profile, (2) an extension to the Papyrus UML graphical editor that
		supports the notion of design views, (3) a model validator that
		assesses the well-formedness of the model before model transformations
		can be undertaken, and (4) a set of model to model and model to text
		transformations, the former for the purpose of model-based
		schedulability and dependability analysis and the latter for code
		generation toward multiple language targets.</p>

	<h3>CHESS Profile</h3>

	<p>The CHESS UML profile [1]:</p>

	<ul>
		<li>restricts the set of MARTE and UML entities that can be
			created in the CHESS model,</li>
		<li>provides the set of stereotypes required to enable the user
			to work with the CHESS component model,</li>
		<li>provides some MARTE stereotypes extensions to allow the
			specification of computation-independent real-time properties,</li>
		<li>defines a new set of stereotypes for the support of
			dependability modeling.</li>
	</ul>

	<h3>CHESS Editor</h3>

	<p>The CHESS editor extends the Papyrus UML editor and is activated
		when a CHESS model is created or opened (see Figure 1).</p>

	<p>A CHESS model is a UML model with the CHESS profile applied to
		it; creating a CHESS model and applying the CHESS profile can be done
		using a dedicated wizard.</p>

	<p>The CHESS editor allows working with the Papyrus UML by using
		the CHESS design views. Each design view applies specific constraints
		on the UML diagrams and entities that can be created, viewed or edited
		in that view.</p>

	<p>The CHESS editor allows switching between views. It also keeps
		the status of the current view and during the modeling activity
		prevents the modeler from violating the constraints defined for the
		current diagram-view pair.</p>

	<p>The native Papyrus palettes have been customized in order to
		show only the entities that are allowed to be created in the current
		diagram view.</p>

	<h5>CHESS Views</h5>

	<p>The views defined in CHESS are the requirement, system,
		component, deployment and analysis views.</p>

	<p>The requirement view is used to model requirements by using the
		standard requirement diagram from SysML.</p>

	<p>The system view is used to model system entities by using SysML;
		it is an ongoing development that has been recently introduced in
		CHESS in order to support the system to software co-engineering phase.</p>

	<p>The component view is used to model CHESS software components
		(also called the PIM model): is actually composed by two sub-views,
		the functional and the extra-functional ones, according to the CHESS
		separation of concerns principle.</p>

	<p>The functional view allows the functional specification of the
		CHESS components (see Figure 1 and Figure 2).</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image002.png" />
	</p>

	<p>Figure 1: Component View - Functional View - Component Types</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image004.jpg" />
	</p>

	<p>Figure 2: Component View - Functional View - Component Instances</p>

	<p>The extra functional view (see Figure 3) allows the
		specification of real time properties like periodic and sporadic
		activation patterns, worst-case execution time and deadline. Regarding
		dependability it supports the specification of error models (i.e.
		fault-error-failure chains) for software and offers the possibility for the
		user to specify probabilistic values related to fault occurrence and
		failure propagation between components.</p>

	<p></p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image006.jpg" />
	</p>

	<p>Figure 3: Component View - Extra Functional View - Component
		Instances</p>

	<p>The deployment view (Figure 4) is used to describe the hardware
		platform where the software runs (i.e. CPUs, buses) and software to
		hardware components allocation. Dependability properties can be
		provided for the hardware as for the software components. Moreover
		failures propagation from hardware to software can be specified.</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image008.jpg" />
	</p>

	<p>Figure 4: Deployment View - HW Component instance and SW
		allocation</p>

	<p>The analysis view (Figure 5) is used to provide information
		needed to run the specific analysis; in particular it is currently
		useful to set the information about the dependability measure of
		interest (i.e. reliability or availability) that needs to be evaluated.</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image010.jpg" />
	</p>

	<p>Figure 5: Analysis View</p>

	<h3>Model validator</h3>

	<p>For reasons of practicality, not all the constraints posed by
		the CHESS methodology on the model formalisms and contents can be
		enforced on the fly during user modeling; some of them must be checked
		in a batch mode. To this end the CHESS editor extends the standard UML
		model validator which ad-hoc checks that the user model
		conforms with the constraints imposed by the CHESS methodology, for example
		the well-formedness of entities, attributes, relations.</p>

	<p></p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image012.png" />
	</p>

	<p>Figure 6: Invoking CHESS model validator</p>

	<h3>Model transformations</h3>

	<p>CHESS supports model-based analysis of the systems for
		schedulability and dependability, as well as code generation from
		model. Both features are implemented through model transformations
		which are invoked through the CHESS editor menu.</p>

	<h4>Schedulability Analysis and Ada 2005 Code Generation</h4>

	<p>Schedulability analysis allows the calculation of the worst case
		response time for each declared periodic or sporadic activity. The
		analysis results are back propagated to the proper PIM components,
		also a summary report is provided to the user (see Figure 7). The
		intent of the back-propagation feature is that the user need not be
		concerned with the specifics of the analysis tool and need not learn
		its input and output formats: back-propagation decorates the user
		model with the relevant information that results from the analysis in
		full transparency from the analysis engine and its actual operation.</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image014.png" />
	</p>

	<p>Figure 7: Schedulability Analysis Report</p>

	<p>The real-time properties of interest like period, offset and
		minimal inter-arrival time are specified in the model through a
		dedicated declarative language defined in the CHESS profile. The
		aforementioned properties are then automatically applied to the model
		implementation through model transformation in accord with the
		computational model chosen by the user. At the present time, CHESS
		supports the Ravenscar Computational Model [2] which meets the
		requirements of a large spectrum of real-time application domains. The
		generated implementation (called the PSM, for platform-specific model)
		is then given in input to the schedulability analysis and it also used
		during the code generation phase:</p>

	<p>The preservation of other real-time properties related to the
		execution time like WCET and deadline is also enforced in the
		generated code through dedicated checks by using specific API of the
		target run-time environment (this feature is an on-going development).</p>

	<p>This approach guarantees the preservation of the real-time
		properties statically assumed in the PIM and PSM models, and verified
		by the analysis down to the code.</p>

	<p>The schedulability analysis is performed by using an adaptation
		of the third-party MAST tool developed and distributed by the
		University of Cantabria [3].</p>

	<p>Regarding the transformation chain (Figure 7), first the CHESS
		PIM is transformed into the PSM model by using QVT-o. Then the PSM is
		transformed into the MAST input by using Acceleo and Java. Regarding
		the back propagation, Java is used first to load the MAST results into
		the PSM, then QVT-o traces are used to propagate the results back to
		the PIM model</p>

	<p>
		<img width="400" src="CHESS%20proposal%2020131008_file/image016.png" />
	</p>

	<p>Figure 8: transformation chain</p>

	<p>Acceleo and Java services are then used to generate the Ada 2005
		code from the PSM.</p>

	<h2>Why Polarsys?</h2>

	<p>Adding CHESS to the PolarSys portfolio is a good way to serve
		the Space industry community which has expressed interest in and
		support for the CHESS concept, method, and features, and to reach out
		to new industry domains likes Aerospace, Railway, Automotive or
		Telecommunications, some of which have already been exposed to CHESS
		with good reverberations.</p>

	<h2>Initial Contribution</h2>

	<p>The proposed initial contribution includes the following
		features:</p>

	<p>The CHESS Editor supporting the CHESS Methodology, this editor
		is developed by means of a number of extensions and plug-ins for
		Papyrus, including support for design through views.</p>

	<p>Integration of PIM to PSM transformation with QVT, and code
		generation for ADA 2005 with Acceleo</p>

	<p>Integration of PSM to MAST for schedulability analysis and MAST
		to PIM back annotation transformations .</p>

	<h2>Legal Issues</h2>

	<p>All the code of to the initial contribution is provided by
		Intecs and the University of Padova under EPL.</p>

	<h2>Committers</h2>

	<p>The following individuals are proposed as initial committers to
		the project:</p>
	<dl>
		<dt>Stefano Puri, INTECS</dt>

		<dd>Stefano is a committer on the CHESS methodology basis and on
			the related toolset development where he made significant
			contributions over many years. He will coordinate and contribute to
			the extension, qualification and maintenance of the CHESS
			capabilities in this new project.</dd>

		<dt>Nicholas Pacini, INTECS</dt>

		<dd>Nicholas provided significant contributions to the existing
			code base. He will contribute to the development and qualification
			activities in this new project.</dd>

		<dt>Lei PI, INTECS</dt>

		<dd>Lei is involved in Topcased since 2006, he will contribute to
			smooth the integration of CHESS projects in the Polarsys bundles.</dd>

		<dt>Alessandro Zovi, University of Padova</dt>
		<dd>Alessandro was a key developer of the CHESS toolset and in
			that effort he acquired profound knowledge of the Eclipse stack and
			of the Papyrus internals. He will coordinate with Stefano Puri in all
			the activities related with the CHESS evolution to Polarsys.</dd>
	</dl>
	<p>We welcome additional committers and contributions.</p>

	<h2>Project Leads</h2>
	<dl>
		<dt>Silvia Mazzini, Intecs</dt>

		<dd>Silvia MAZZINI has more than 25 years of experience in the
			System and Software Engineering field. She is Methodologies and
			R&amp;D Manager at Intecs, where she is involved both in technical
			leadership and management activities in the context of several
			international industrial and research projects. Ms. Mazzini took her
			master degree in Computer Science at Pisa University in Italy.</dd>

		<dt>Tullio Vardanega, University of Padova</dt>

		<dd>Tullio has a curriculum that traverses organizational,
			industrial, didactic and research work, for a total span of 25 years
			of professional activity. With a master degree in Computer Science at
			the University of Pisa in Italy, a PhD in Computer Science at the
			Technical University of Delft (Netherlands), an 11-year period of
			service at the European Space Agency, vast experience with the
			conception, evaluation, review and execution of international
			collaborative research projects, he is now an associate professor at
			the University of Padova in Italy where he runs a group of nearly a
			dozen young collaborators from graduate to doctoral to post-doc
			students.</dd>
	</dl>
	<h2>Mentors</h2>

	<p>The following Architecture Council members will mentor this
		project:</p>
	<ul>
		<li>Mentor 1</li>
		<li>Mentor 2</li>
	</ul>
	<h2>Interested Parties</h2>

	<p>The following individuals, organisations, companies and projects
		have expressed interest in this project:</p>

	<ul>
		<li>CNES</li>
		
		<li>Airbus</li>
		
		<li>Astrium</li>
		
		<li>Obeo</li>
	</ul>

	<h2>Project Scheduling</h2>

	<ul>
	<li>Creation - November 2013</li>

	<li>CHESS roadmap</li>
	</ul>
	
	<h2>Changes to this Document</h2>

	<table border="0" cellpadding="0">
		<tbody>
			<tr>
				<td>
					<p>Date</p>
				</td>
				<td>
					<p>Change</p>
				</td>
			</tr>
			<tr>
				<td>
					<p>3-May-2013</p>
				</td>
				<td>
					<p>Document created</p>
				</td>
			</tr>
			<tr>
				<td>
					<p>08-October-2013</p>
				</td>
				<td>
					<p>Added description about CHESS editor and model
						transformations.</p>
				</td>
			</tr>
			<tr>
				<td>
					<p>18-October-2013</p>
				</td>
				<td>
					<p>Document Review.</p>
				</td>
			</tr>
		</tbody>
	</table>

	<p></p>

	<h2>References</h2>

	<ol>
		<li>D2.3.2 - Multi-concern Component Methodology (MCM) and
			Toolset, Version 1.0 ,10 January 2012, CHESS public deliverables
			available at <a href="http://www.chess-project.org/page/results">http://www.chess-project.org/page/results</a>
		</li>
		<li>A. Burns, B. Dobbing, T. Vardanega. Guide to the Use of the
			Ada Ravenscar Profile in High Integrity Systems. Technical Report
			YCS-2003-348. University of York (UK), 2003. Available at <a
			href="http://www.sigada.org/ada_letters/jun2004/ravenscar_article.pdf">http://www.sigada.org/ada_letters/jun2004/ravenscar_article.pdf</a>
		</li>
		<li>Universidad de Cantabria. Mast: Modeling and Analysis Suite
			for Real-Time Applications. <a href="http://mast.unican.es/">http://mast.unican.es/</a>
		</li>
	</ol>


</body>
</html>