The CHESS UML profile:
- restricts the set of MARTE, SysML and UML entities that can be created in the CHESS model,
- provides the set of stereotypes required to enable the user to work with the CHESS component model,
- provides some MARTE stereotypes extensions to allow the specification of computation-independent real-time properties,
- defines a new set of stereotypes for the support of dependability modeling and contract-based design.
The CHESS editor extends the Papyrus UML editor and is activated when a CHESS model is created or opened (see Figure 1).
A CHESS model is a UML model with the CHESS profile applied to it; creating a CHESS model and applying the CHESS profile can be done using a dedicated wizard.
The CHESS editor allows working with the Papyrus UML by using the CHESS design views. Each design view applies specific constraints on the UML diagrams and entities that can be created, viewed or edited in that view.
The CHESS editor allows switching between views. It also keeps the status of the current view and during the modeling activity prevents the modeler from violating the constraints defined for the current diagram-view pair.
The native Papyrus palettes have been customized in order to show only the entities that are allowed to be created in the current diagram view.
The views defined in CHESS are the requirement, system, component, deployment and analysis views.
The requirement view is used to model requirements by using the standard requirement diagram from SysML.
The system view is used to model system entities by using SysML; it is an ongoing development that has been recently introduced in CHESS in order to support the system to software co-engineering phase.
The component view is used to model CHESS software components (also called the PIM model): is actually composed by two sub-views, the functional and the extra-functional ones, according to the CHESS separation of concerns principle.
The extra functional view (see Figure 3) allows the specification of real time properties like periodic and sporadic activation patterns, worst-case execution time and deadline. Regarding dependability it supports the specification of error models (i.e. fault-error-failure chains) for software and offers the possibility for the user to specify probabilistic values related to fault occurrence and failure propagation between components.
The deployment view (Figure 4) is used to describe the hardware platform where the software runs (i.e. CPUs, buses) and software to hardware components allocation. Dependability properties can be provided for the hardware as for the software components. Moreover failures propagation from hardware to software can be specified.
The analysis view (Figure 5) is used to provide information needed to run the specific analysis; in particular it is currently useful to set the information about the dependability measure of interest (i.e. reliability or availability) that needs to be evaluated.
For reasons of practicality, not all the constraints posed by the CHESS methodology on the model formalisms and contents can be enforced on the fly during user modeling; some of them must be checked in a batch mode. To this end the CHESS editor extends the standard UML model validator which ad-hoc checks that the user model conforms with the constraints imposed by the CHESS methodology, for example the well-formedness of entities, attributes, relations.
CHESS supports model-based analysis of the systems for schedulability, dependability, as well as code generation from model. Both features are implemented through model transformations which are invoked through the CHESS editor menu.
Dependability analysis currently supported are:
- failure propagation analysis,
- state-based quantitative analysis.
Schedulability Analysis and Ada 2005 Code Generation
Schedulability analysis allows the calculation of the worst case response time for each declared periodic or sporadic activity. The analysis results are back propagated to the proper PIM components, also a summary report is provided to the user (see Figure 7). The intent of the back-propagation feature is that the user need not be concerned with the specifics of the analysis tool and need not learn its input and output formats: back-propagation decorates the user model with the relevant information that results from the analysis in full transparency from the analysis engine and its actual operation.
The real-time properties of interest like period, offset and minimal inter-arrival time are specified in the model through a dedicated declarative language defined in the CHESS profile. The aforementioned properties are then automatically applied to the model implementation through model transformation in accord with the computational model chosen by the user. At the present time, CHESS supports the Ravenscar Computational Model  which meets the requirements of a large spectrum of real-time application domains. The generated implementation (called the PSM, for platform-specific model) is then given in input to the schedulability analysis and it also used during the code generation phase:
The preservation of other real-time properties related to the execution time like WCET and deadline is also enforced in the generated code through dedicated checks by using specific API of the target run-time environment (this feature is an on-going development).
This approach guarantees the preservation of the real-time properties statically assumed in the PIM and PSM models, and verified by the analysis down to the code.
The schedulability analysis is performed by using an adaptation of the third-party MAST tool developed and distributed by the University of Cantabria .
Regarding the transformation chain (Figure 8), first the CHESS PIM is transformed into the PSM model by using QVT-o. Then the PSM is transformed into the MAST input by using Acceleo and Java. Regarding the back propagation, Java is used first to load the MAST results into the PSM, then QVT-o traces are used to propagate the results back to the PIM model.
A. Burns, B. Dobbing, T. Vardanega. Guide to the Use of the Ada Ravenscar Profile in High Integrity Systems. Technical Report YCS-2003-348. University of York (UK), 2003. Available at http://www.sigada.org/ada_letters/jun2004/ravenscar_article.pdf. Universidad de Cantabria. Mast: Modeling and Analysis Suite for Real-Time Applications. http://mast.unican.es/