The TOPCASED project

Patrick FARAIL (Airbus) and Hubert GARAVEL (INRIA)

http://www.topcased.org

The TOPCASED application domain

TOPCASED: The application domain

• TOPCASED = Toolkit in OPen-source for Critical Applications & SystEms Development

• Safety-critical embedded systems:

Aeronautical

Space

Automotive

Major TOPCASED industrial partners…

TOPCASED is backed by major companies

Safety-critical embedded systems

• Essential characteristics :"Systems": software AND hardware ReliabilityLong-term life cycle

Reliability

• Safety-critical software must be approved by (independent) certification authorities

• The software is thoroughly reviewed• Software correctness must be demonstrated• The development process is audited

=> Much attention is devoted to process and development tools, from early system design to final product

Long-term life cycle

• Example: AIRBUS A300

• Program began in 1972 and will stop in 20072007-1972 = 35 years

• Support will last until 2050 2050-1972 = 78 years !!!

Development tools for safety-critical

embedded systems

Which development tools for such systems?

• Various computer languages: Specification languages: SysML, SAM, UMLDesign languages: AADL, UML, ECORE for Java applicationsProgramming languages: Ada, C, C++, Java, Python

• Tools for these languages:Graphical editorsCompilers / Translators / Code generatorsCheckers: from coding rules to model checking

• Software engineering tools:Expression of needs – requirements captureManagement of versions, changes, configurations, processesDocumentation – Quality assurance

The traditional software business model

• In most cases, development tools are:first, designed in universities and public research labsthen, transferred to companies (software editors) if there is a potential market

• However, some innovative tools may not be distributed by classical software editors because:

they are too specializedthey are technically difficult to developthere are too few potential users

Examples:Static analyzersModel checkersQualification of tools for certification credit

Frequent issues with software editors

• 1) Pricing issues:Licenses are "too expensive" (wrt the "real value" of the tool)

Prices may increase suddenly (x2, x3, etc.)

Maintenance contracts are expensive too, but bring finally no real guarantee

• 2) Lack of controlability:Users do not really master the tools, nor their evolutions

They have little impact on software editors' strategies

Frequent issues with software editors

• 3) No long-term availability:Tools often travel from a software editor to another one, depending on market tendencies and financial decisions:

– ATTOL : Marben => Rational => IBM– SCADE : Verilog => CS => Telelogic => Esterel Technologies

Some tools disappear or their distribution stops:– ObjectGeode : Verilog => CS => Telelogic– ProLint code checker

• 4) Problems with the "extended enterprise" (outsourcing) modelLarge companies develop software with partners and sub-contractorsAvailability of development tools is problematic in this context (deployment costs, number of licenses, etc.)It may become impossible when partners/sub-contractors cannot acquire tools that are not distributed anymore

Frequent issues with software editors

•Several difficult constraints:Limited (but not "tiny") market for toolsLong-term availability and support

•A different software business model is needed

•Open source is a possible solution

Open Source and TOPCASED goals

The TOPCASED approach

• Open source tools for developing embedded systems

• Propose a common software platform (generic components)

• Federate a significant user community

• Co-operate with open source communities: Eclipse, OMG, etc.

• Co-operate with universities / research centers:

Integrate recent academic results in the TOPCASED platform

Teach students about industrial processes and tools

National / European funding: ANR, DGE, OSEO, ITEA, ARTEMIS

• Co-operate with software companies:

Services: training, support, maintenance

Editors can still commercialize high added-value components on top of the open source development platform

Expected benefits of an open source approach

• Ensure long-term availability of tools

• Avoid single-source dependency

• Share knowledge and risks between industrial users

• Take advantage of innovation

• Contribute to standardization effort

• (Reduce costs)

Potential risks

• The success of an open source approach is not guaranteed

• Need to build a user community:Provide significant software components

Provide a well-designed global architecture

Federate all the contributors and users

• Need to build an international ecosystem:With users and contributors dispatched all over the world,

With software editors developing tools on top of the platform

With a light structure for marketing and communication

With the support of research funding agencies

The TOPCASED project

• Long-term goals:Perennial software tools for embedded systems (aerospace, automotive, etc.)seamless processes and tools, from early design to final product

• Current focus:Specification and architecture at equipment, software and hardware levelDetailed system specification for software-intensive systems

• Already 5 years of active work:Project launched in 2004Project extended until the end of 2010Leader: Airbus (Patrick Farail)Budget: 20 M€

Page 19

IndustriesSMEs

LaboratoriesSchool/Universities

Atlas

Triskell

Cesta

The TOPCASED consortium

Page 20

SPICES

EcoreTool, UML-PapyrusGMF

TOPCASED collaborations with other consortiums

TOPCASED platforms and tools

TOPCASED architecture wrt Eclipse

• Based on Eclipse plug-ins and features

• TOPCASED plug-ins can be extended, as any Eclipse plug-ins

• TOPCASED adds a simple service-oriented bus allows to connect non-Eclipse tools

TOPCASED wrt model-based and formal approaches

• TOPCASED supports model-based design:Based on Eclipse and OMG concepts: EMF, ECORE, MDA/MDE

A generic conceptual framework:– Specifications and programs seen as "models"

– Translations seens as "transformations" between models

– Language grammars seen as "meta-models"

• TOPCASED connects to formal methods:FIACRE pivot language

Connections to model checkers for asynchronous languages:– CADP (INRIA Grenoble)

– TINA (LAAS-CNRS Toulouse)

Connections to synchronous languages: Polychrony (INRIA Rennes)

Page 24

Configuration, Change and Requirements managementtools communication

TOPCASEDModel Editors

TOPCASEDModel to Model

Transformations

TOPCASEDSimulator Engines

TOPCASEDModel to Text

Transformations

TOPCASEDFormal Checking

Source code,Test code,Documentation,…

TOPCASED main functionalities

Page 25

model editors (almost entirely generated automatically)

UML2Editor

SysMLEditor

ruleschecker

doc generator

code generator

traceabilityengine

Eclipse RCP 3.4

TOPCASED SDKtemplates

Eclipse Modeling Framework Graphical Editor Framework

UML2 search

simulationengine

SAMEditor

ATL/QVT

Ecore

Editorcompare Acceleo/oAW

model checkers

XXXEditor

gPM

TVM

TCM

Ecore editor to define new editors(contributed to Eclipse)

model validation:• simulation• rule checking• V&V (model checking)

software engineering:• documentation• coverage and traceability• management of changes, versions, configurations

TOPCASED components

Page 26

2004 2005 2006

Project kickOff

First steerin

g

committee

1st open source

delivery

Partnership

Aerospace Valley

proposition

National fu

nding

First id

eas

2007 2008 2009

v 3.0

Model editors (U

ML,SysML,…)

+ change management (gPM)

+ collaborative work

Improvements + first

documentation generator

+ Verificatio

n (simulation

and rules checkers)

v 1.0v 2.0

Users feedback

Start of experim

entations

Full model process +

Model require

ment

traceability

Start of Industrial Improvements for A350 Deployment

TOPCASED chronology

Graphical editors: SAM, AADL, ECORE

SAM AADL

ECORE

Graphical editors: UML

● UML 2.1 compliant● Supported diagrams

− Class− Use cases− State charts− Sequence− Deployment− Activity− Components− Profiles

Conclusion

• TOPCASED: an open source approach for safety-critical embedded systems

• A large consortium: Major companiesSMEAcademics

• Significant software contributions:Already in use at Airbus, Astrium, Atos Origin, CS, Rockwell, etc.Partly integrated to Eclipse

• A stable release every year• More than 100,000 downloads on the last 12 months

Page 30

• Web site:http://www.topcased.org

• Contact: topcased-users@lists.gforge.enseeiht.fr

• Training on tools or processes:topcased-contact@lists.gforge.enseeiht.fr

More information