TOPCASED (The Open-Source Toolkit for Critical Systems) is a software environment primarily dedicated to the realization of critical embedded systems including hardware and/or software. Started in 2004, TOPCASED covers specification, design and coding stages, including usual fonctionalities such as configuration and change management. TOPCASED is based on Eclipse, and promotes model-driven engineering and formal methods as key technologies. It is developed by a consortium gathering more than 35 partners (big, medium, and small companies, research centers and universities) and is released as free/libre/open-source software. It has been downloaded about 100,000 times during the last twelve months.

1. The TOPCASED project
Patrick FARAIL (Airbus) and Hubert GARAVEL (INRIA)
http://www.topcased.org

2. The TOPCASED application
domain

3. TOPCASED: The application domain
• TOPCASED = Toolkit in OPen-source for Critical
Applications & SystEms Development
• Safety-critical embedded systems:
Aeronautical
Space
Automotive

4. Major TOPCASED industrial partners…
TOPCASED is backed by major companies

5. Safety-critical embedded systems
• Essential characteristics :
"Systems": software AND hardware
Reliability
Long-term life cycle

6. Reliability
• Safety-critical software must be approved by
(independent) certification authorities
• The software is thoroughly reviewed
• Software correctness must be demonstrated
• The development process is audited
=> Much attention is devoted to process and
development tools, from early system design to
final product

7. Long-term life cycle
• Example: AIRBUS A300
• Program began in 1972
and will stop in 2007
2007-1972 = 35 years
• Support will last until 2050
2050-1972 = 78 years !!!

8. Development tools for
safety-critical
embedded systems

9. Which development tools for such
systems?
• Various computer languages:
Specification languages: SysML, SAM, UML
Design languages: AADL, UML, ECORE for Java applications
Programming languages: Ada, C, C++, Java, Python
• Tools for these languages:
Graphical editors
Compilers / Translators / Code generators
Checkers: from coding rules to model checking
• Software engineering tools:
Expression of needs – requirements capture
Management of versions, changes, configurations, processes
Documentation – Quality assurance

10. The traditional software business model
• In most cases, development tools are:
first, designed in universities and public research labs
then, transferred to companies (software editors) if there is a
potential market
• However, some innovative tools may not be distributed by classical
software editors because:
they are too specialized
they are technically difficult to develop
there are too few potential users
Examples:
Static analyzers
Model checkers
Qualification of tools for certification credit

11. Frequent issues with software editors
• 1) Pricing issues:
Licenses are "too expensive" (wrt the "real value" of the tool)
Prices may increase suddenly (x2, x3, etc.)
Maintenance contracts are expensive too, but bring finally no
real guarantee
• 2) Lack of controlability:
Users do not really master the tools, nor their evolutions
They have little impact on software editors' strategies

12. Frequent issues with software editors
• 3) No long-term availability:
Tools often travel from a software editor to another one, depending on
market tendencies and financial decisions:
– ATTOL : Marben => Rational => IBM
– SCADE : Verilog => CS => Telelogic => Esterel Technologies
Some tools disappear or their distribution stops:
– ObjectGeode : Verilog => CS => Telelogic
– ProLint code checker
• 4) Problems with the "extended enterprise" (outsourcing) model
Large companies develop software with partners and sub-contractors
Availability of development tools is problematic in this context (deployment
costs, number of licenses, etc.)
It may become impossible when partners/sub-contractors cannot acquire
tools that are not distributed anymore

13. Frequent issues with software editors
• Several difficult constraints:
Limited (but not "tiny") market for tools
Long-term availability and support
• A different software business model is needed
• Open source is a possible solution

14. Open Source and TOPCASED
goals

15. The TOPCASED approach
• Open source tools for developing embedded systems
• Propose a common software platform (generic components)
• Federate a significant user community
• Co-operate with open source communities: Eclipse, OMG, etc.
• Co-operate with universities / research centers:
Integrate recent academic results in the TOPCASED platform
Teach students about industrial processes and tools
National / European funding: ANR, DGE, OSEO, ITEA, ARTEMIS
• Co-operate with software companies:
Services: training, support, maintenance
Editors can still commercialize high added-value components on top
of the open source development platform

16. Expected benefits of an open source
approach
• Ensure long-term availability of tools
• Avoid single-source dependency
• Share knowledge and risks between industrial users
• Take advantage of innovation
• Contribute to standardization effort
• (Reduce costs)

17. Potential risks
• The success of an open source approach is not guaranteed
• Need to build a user community:
Provide significant software components
Provide a well-designed global architecture
Federate all the contributors and users
• Need to build an international ecosystem:
With users and contributors dispatched all over the world,
With software editors developing tools on top of the platform
With a light structure for marketing and communication
With the support of research funding agencies

18. The TOPCASED project
• Long-term goals:
Perennial software tools for embedded systems (aerospace, automotive,
etc.)
seamless processes and tools, from early design to final product
• Current focus:
Specification and architecture at equipment, software and hardware
level
Detailed system specification for software-intensive systems
• Already 5 years of active work:
Project launched in 2004
Project extended until the end of 2010
Leader: Airbus (Patrick Farail)
Budget: 20 M€

19. The TOPCASED consortium
Industries
SMEs
Atlas
Triskel
l
Cesta
School/Universities Laboratories
Page 19

20. TOPCASED collaborations with other
consortiums
EcoreTool, UML-Papyrus
GMF
SPICES
Page 20

21. TOPCASED platforms and tools

22. TOPCASED architecture wrt Eclipse
• Based on Eclipse plug-
ins and features
• TOPCASED plug-ins
can be extended, as
any Eclipse plug-ins
• TOPCASED adds a
simple service-oriented
bus allows to connect
non-Eclipse tools

23. TOPCASED wrt model-based and formal
approaches
• TOPCASED supports model-based design:
Based on Eclipse and OMG concepts: EMF, ECORE, MDA/MDE
A generic conceptual framework:
– Specifications and programs seen as "models"
– Translations seens as "transformations" between models
– Language grammars seen as "meta-models"
• TOPCASED connects to formal methods:
FIACRE pivot language
Connections to model checkers for asynchronous languages:
– CADP (INRIA Grenoble)
– TINA (LAAS-CNRS Toulouse)
Connections to synchronous languages: Polychrony (INRIA Rennes)

24. TOPCASED main functionalities
TOPCASED
TOPCASED Simulator Engines
Model Editors
Source code,
Test code,
Documentation,
TOPCASED TOPCASED …
Model to Model Model to Text
Transformations Transformations
TOPCASED
Formal Checking
Configuration, Change and Requirements management
tools communication
Page 24

25. TOPCASED components
software engineering:
model validation:
Ecore editor to • documentation
• simulation
define new editors • coverage and traceability
• rule checking
(contributed to • management of changes,
• V&V (model checking)
Eclipse) versions, configurations gPM
model editors
(almost entirely TVM
generated
automatically) TCM
model
checkers
UML2 SysML SAM XXX simulation rules code doc traceability
Ecore Editor Editor Editor Editor engine checker generator generator engine
Editor TOPCASED SDK
templates
UML2 search compare Acceleo/oAW ATL/QVT
Eclipse Modeling Framework Graphical Editor Framework
Eclipse RCP 3.4
Page 25

26. TOPCASED chronology
ey ce
f Vall g ur g
Of ce n in so in
p k a o er n nd
s hi kic p i te e e fu
ea rs t os sit t s itte op ry l
ti
d e
jec
r rs t
1s elive na
irs r tn Ae ropo Fi mm io
F Pa Pr
o
p co d N at
)
2004 ,… ) 2006
2005 sML M ac
k
y P b
,S t (g t or ed +
ML en fi rs rat n fe ss
(U em k + ene atio er
s ce t
rs ag r s s Us ro en
ito an e wo tio
n nt n g mul
e o i
p
el irem
d a ) od u
l e e mativ
e g ent vem tati n (s ers m req ty
od an bor im ro en tio eck l
ul del bili
M ch la er p
Im cumifica s ch F o a
l xp M ace
+ co
of
e do Ver ule r
.0
+
ar
t .0 + nd r 0 t
3.
v1 St v2 a v
Start of Industrial
2007 2008 Improvements for 2009
A350 Deployment
Page 26

27. Graphical editors: SAM, AADL, ECORE
SAM AADL
ECORE

28. Graphical editors: UML
● UML 2.1 compliant
● Supported diagrams
− Class
− Use cases
− State charts
− Sequence
− Deployment
− Activity
− Components
− Profiles

29. Conclusion
• TOPCASED: an open source approach for safety-critical
embedded systems
• A large consortium:
Major companies
SME
Academics
• Significant software contributions:
Already in use at Airbus, Astrium, Atos Origin, CS, Rockwell, etc.
Partly integrated to Eclipse
• A stable release every year
• More than 100,000 downloads on the last 12 months

30. More information
• Web site:
http://www.topcased.org
• Contact:
topcased-users@lists.gforge.enseeiht.fr
• Training on tools or processes:
topcased-contact@lists.gforge.enseeiht.fr
Page 30