openETCS@ITEA2
Project Overview
supported by:

openETCS@ITEA2 Project
Klaus-Rüdiger Hase
Paris, 03.07.2013
Signals need ATP: Drivers cantrust (safety).
we have been able to make mistakes

&
openETCS@ITEA2, openETCS Open License T...
Automatic Train Protection (e.g. PZB since 1934)
In case I am
missing that halt signal,
PZB will stop my train
automatical...
European Signaling Diversity due to History
Today: Diversity

openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013...
ETCS Level 2
European
Vital
Computer

EVC

openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013

„Go ahead“
comes ...
Computer for “SAFETY” ? … have „Bugs“ !

EVC
First ever
documented
„Computer Bug“
9. Sept. 1947, 15:45
(Harvard Mark II)
o...
Computer Bugs

August 14, 2003:
A programming
error has been
identified as the
cause of the
Northeast power
blackout.

Jun...
How many „Bugs“ to expect?
 Typical quality SW: 1 … 10 bugs per 1.000 lines of code (TLOC).
 Very mature, long-term, wel...
Characteristics of Complex Software
1.200
8

600.000

Lines of Code
500.000

7

1.000

Fault Density

Faults Detected

6

...
ETCS
SRS
“Prose”
Human
Factor

Human
Factor

Human
Factor

Human
Factor

Human
Factor

Software & HW
Specification 3

Soft...
Low Level of Standardization Today

Most hardware, software
and interfaces are
proprietary design

 Vendor Lock-in
FIS

E...
What means „Vendor Lock-in“?

“Warranty
Bidder
Survival”
selection

Call
OBU
for
Bidding Design
Fitting
Tender
1st
General...
How to improve?

Lower Complexity

 1. Standardization

Reduce Ambiguities  2. Make it “Formal”

Master “Bug” Surprises ...
Institute for Defense Analyses,
“Open proof” idea
a US military think tank

openETCS@ITEA2, openETCS Open License Terms ap...
openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013

16
EU supports FLOSS
EU Parliament Report A5-0264/2001:
“Calls … source code not made public
to be… in … ‘least reliable’ cat...
Get it
right !

ETCS
SRS

Human
Factor

“Prose”

Human
Factor

Formal System
Requirement Spec.

Formal Language
Functional...
Scope of openETCS
Open Source Software
Engineering Tools

openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13

Open Source
Sof...
API in AUTOSAR

20

Referenz: www.autosar.org
21

Reference: www.autosar.org
AUTOSAR – Core Partners and Members
Status: 30th September 2009

10 Development Member

9 Core Partner

86 Associate Membe...
Scope of openETCS

Open Software
Engineering Tools

23
FLOSS Tools Suite for TOPCASED

24

Reference: www.topcased.org
Toolkit in Open-Source for Critical
Application &
System Development

25

Reference: www.topcased.org
openETCS - Architecture

Hardware & Software
Interfaces  “open”

openETCS

 Reusability
 Obsolescence proof

EVC

FFFIS...
Why is OSS essential for SW Service?

“Deliver & Care”
Urgent
bug fix
 Win Win

“Warranty
Bidder
Survival”
selection

Cal...
openETCS Implementation Time Line
DB„s ICE-T /3 ETCS
DB‘s ICE-T /3
retrofit program
UNISIG Vendor R&D and Product Launchin...
openETCS @ ITEA2 Project

Funded by:

openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013

29

29
openETCS Project Schedule Overview

Phases

I (2011)

Prepare

II (2012-2013)

III (2014-2015)

VI (2016-2020)

Project Ma...
Project Structure and
Proof of Concept utilizing TCSim at DB

WP3a
WP3b

openETCS@ITEA2, openETCS Open License Terms apply...
http://www.openETCS.org

openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013

32

32
What is new? What is the innovation?

 First industrial implementation of „open Proofs“
 First technical system using EU...
What has been accomplished so far?
DB‟s contract with
DB‘s ICE-T /3
Alstom to OSS
UNISIG Vendor R&D and Product Launching ...
What is the status so far?
ICE-T

1. Standardizing
2. Formal Methods
ICE-T

3. Software Service
ICE-T
better:

“Open Proof...
One last word …

Arthur Schopenhauer:
[German Philosopher, 1788-1860]:

“New ideas are first ridiculed,
then fought bitter...
That was it …

Thank you very much
for your attention.

openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013

37
Upcoming SlideShare
Loading in …5
×

openETCS ITEA2 2013 Review Overview

1,457 views

Published on

This talk has been the overview presentation at the first openETCS@ITEA2 review event in July 2013 in Paris

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,457
On SlideShare
0
From Embeds
0
Number of Embeds
115
Actions
Shares
0
Downloads
22
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

openETCS ITEA2 2013 Review Overview

  1. 1. openETCS@ITEA2 Project Overview supported by: openETCS@ITEA2 Project Klaus-Rüdiger Hase Paris, 03.07.2013
  2. 2. Signals need ATP: Drivers cantrust (safety). we have been able to make mistakes & openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 2
  3. 3. Automatic Train Protection (e.g. PZB since 1934) In case I am missing that halt signal, PZB will stop my train automatically openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 3
  4. 4. European Signaling Diversity due to History Today: Diversity openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 Future: Unity 4
  5. 5. ETCS Level 2 European Vital Computer EVC openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 „Go ahead“ comes via radio 5
  6. 6. Computer for “SAFETY” ? … have „Bugs“ ! EVC First ever documented „Computer Bug“ 9. Sept. 1947, 15:45 (Harvard Mark II) openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13
  7. 7. Computer Bugs August 14, 2003: A programming error has been identified as the cause of the Northeast power blackout. June 4, 1996: The European Ariane5 rocket Courtesy of © Microsoft. explodes 40 s into its maiden flight due to a October 16,software bug. 2007: Derailment at the Lötschberg Baseline near Frutigen (CH) due to a software bug in the ETCS Radio Block Center (RBC) *) *) published at: http://www.uus.admin.ch//pdf/07101601_SB.pdf
  8. 8. How many „Bugs“ to expect?  Typical quality SW: 1 … 10 bugs per 1.000 lines of code (TLOC).  Very mature, long-term, well proven SW: 0,5 bugs per TLOC  Highest software quality ever reported : • Less than 1 bug per 10 TLOC • At cost of more than 1.000 US$ per LOC (1977) • US Space Shuttle with 3m LOC costing 3b US$ (out of 12b$ total R&D)  Cost level not typical for the railway sector (< 100€/LOC)  Typical ETCS Kernel software size from 100 to 500 TLOC That means: 100 … 1.000 undisclosed BUGS per EVC 8
  9. 9. Characteristics of Complex Software 1.200 8 600.000 Lines of Code 500.000 7 1.000 Fault Density Faults Detected 6 400.000 800 5 300.000 4 600 3 200.000 400 2 100.000 200 Remaining Bugs 1 1 2 3 4 5 6 7 8 - 9 10 11 12 13 14 15 161 172 1 2 3 10 4 3 5 4 6 5 7 11 6 78 89 910 10 11121213 14 15 16 17 13 14 15 16 17
  10. 10. ETCS SRS “Prose” Human Factor Human Factor Human Factor Human Factor Human Factor Software & HW Specification 3 Software & HW Specification 2 Software & HW Specification 1 ETCS OBU design today: Human Factor Software & HW Specification 4 Human Factor Human Factor EVC EVC EVC EVC Vehicle Equipment 1 Vehicle Equipment 2 Vehicle Equipment 3 Vehicle Equipment 4 ≠ openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013 ≠ 11 ≠
  11. 11. Low Level of Standardization Today Most hardware, software and interfaces are proprietary design  Vendor Lock-in FIS EVC Vehicle Equipment Parameters proprietary ETCS SW HW
  12. 12. What means „Vendor Lock-in“? “Warranty Bidder Survival” selection Call OBU for Bidding Design Fitting Tender 1st General Inspection Software update , 09.11.2013 Operation beyond Warranty Authorization Approval Urgent bug fix Operation Warranty beyond Periode Warranty 2nd General Inspection Up to 30 more years to come Risk steadily growing for original Urgent Obsolescence Software Problem System bug fix supplier update out of update going market 13
  13. 13. How to improve? Lower Complexity  1. Standardization Reduce Ambiguities  2. Make it “Formal” Master “Bug” Surprises  3. Life-time Service better: Go Open Source No Vendor Lock-in  4. “Open Proofs” openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 14
  14. 14. Institute for Defense Analyses, “Open proof” idea a US military think tank openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013 15 http://www.dwheeler.com
  15. 15. openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013 16
  16. 16. EU supports FLOSS EU Parliament Report A5-0264/2001: “Calls … source code not made public to be… in … ‘least reliable’ category;” UNU-MERIT Study 2007: “Study on the economic impact … of FLOSS” 36% R&D cost savings European Union Public License Compatible with popular OSS: GNU GPL v.2 , OSL, CPL, EPL, Cecill In line with the EU legal system: 22 EU Languages & Copyright & Liability OSOR FLOSS Procurement Guide , 09.11.2013 17
  17. 17. Get it right ! ETCS SRS Human Factor “Prose” Human Factor Formal System Requirement Spec. Formal Language Functional Vehicle Specification Synthetic & real life test cases & response pattern Human Factor Safety Case Docs openETCS Tools openETCS Project SW Code Generator Parameters openETCS Lab openETCS Test Simulator STI EVC Vehicle Equipment API HW Manufacturer
  18. 18. Scope of openETCS Open Source Software Engineering Tools openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13 Open Source Software Architecture 19
  19. 19. API in AUTOSAR 20 Referenz: www.autosar.org
  20. 20. 21 Reference: www.autosar.org
  21. 21. AUTOSAR – Core Partners and Members Status: 30th September 2009 10 Development Member 9 Core Partner 86 Associate Member 16 Attendees 56 Premium Member General OEM Generic Tier 1 Standard Software 10th Feb. 2009 Semiconductors Courtesy of Up-to-date status see: http://www.autosar.org 22 22 10th Feb. 2009 Tools and Services Overview on AUTOSAR Members Overview on AUTOSAR Members
  22. 22. Scope of openETCS Open Software Engineering Tools 23
  23. 23. FLOSS Tools Suite for TOPCASED 24 Reference: www.topcased.org
  24. 24. Toolkit in Open-Source for Critical Application & System Development 25 Reference: www.topcased.org
  25. 25. openETCS - Architecture Hardware & Software Interfaces  “open” openETCS  Reusability  Obsolescence proof EVC FFFIS ETCS On-Board Unit openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013 Parameter 26 API HW
  26. 26. Why is OSS essential for SW Service? “Deliver & Care” Urgent bug fix  Win Win “Warranty Bidder Survival” selection Call OBU for Bidding Design Fitting Tender 1st General Inspection Authorization Approval Operation beyond 2nd SLA Warranty Urgent bug fix Operation Warranty beyond Periode Warranty 1st SLA 2nd General rd to 30 more years to come 2nd, 3 Up … SLA , Inspection Obsolescence Software Problem update Software Open Proofs  Open SW Service System Market update update , 09.11.2013 27
  27. 27. openETCS Implementation Time Line DB„s ICE-T /3 ETCS DB‘s ICE-T /3 retrofit program UNISIG Vendor R&D and Product Launching Schedule ETCS retrofit requesting OSS program 4Q 2013 Commercial  Project  ITEA2 2009 1Q 2012 ICE-T ICE-T 2015 + “openETCS Option” EUPL 2.3.0 proprietary 2.3.0d proprietary “hand made” 3.0.0 OSS proprietary 3.x.y proprietary Open Formal Specifications MoU Non-vital openETCS Lab Test Reference OBU Open Tools openETCS-Project implementing “Open Proofs” openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 28 Vital openETCS OBU Products
  28. 28. openETCS @ ITEA2 Project Funded by: openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 29 29
  29. 29. openETCS Project Schedule Overview Phases I (2011) Prepare II (2012-2013) III (2014-2015) VI (2016-2020) Project Management / Governance Organization openETCS Foundation e.V. openETCS Option Call M1 M2 M3 M4 M5 M6 M8 M9 Commercializing SW Tools Basics M7 (semi) Formal Specification  ERA, EUG, Railways Goal:  New Industrial Standard Interfaces: STI / API openETCS Reference OBU Implementation Commercializing „Track Use Cases“ Adoption ERTMS Users Gr. TCSim Prototype Commercializing openETCS@ITEA2-Projekt openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 30 30
  30. 30. Project Structure and Proof of Concept utilizing TCSim at DB WP3a WP3b openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 31
  31. 31. http://www.openETCS.org openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 32 32
  32. 32. What is new? What is the innovation?  First industrial implementation of „open Proofs“  First technical system using EUPL  First open project in the railway safety domain  First attempt to combine CENELEC EN50128 with:   Open source software production scheme Agile methods  First training simulator with formal approach  First open source reference device in railway sector openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013 33
  33. 33. What has been accomplished so far? DB‟s contract with DB‘s ICE-T /3 Alstom to OSS UNISIG Vendor R&D and Product Launching Schedule ICE-T ETCS retrofit ETCS OBU Software program 4Q 2013 Commercial  Project    ITEA2 2009 1Q 2012 ICE-T Tools evaluation: 9 “Candidates” too 2.3.0 2.3.0d proprietary chose from. proprietary ICE-T EUPL 2015 + “openETCS Option” “hand made” 3.0.0 OSS proprietary 3.x.y proprietary Open Formal Specifications MoU Non-vital openETCS Lab Test Reference OBU Open Tools Vital openETCS OBU Products TCSim ERTMS Formal Specs® ERSA ETCS OBU openETCS-Project implementing “Open Proofs” licensed under EULP Software under EUPL openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 34
  34. 34. What is the status so far? ICE-T 1. Standardizing 2. Formal Methods ICE-T 3. Software Service ICE-T better: “Open Proofs” 4. Open Source SW openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 35 35
  35. 35. One last word … Arthur Schopenhauer: [German Philosopher, 1788-1860]: “New ideas are first ridiculed, then fought bitterly, and when they got their way, everyone was always for it.“ 36
  36. 36. That was it … Thank you very much for your attention. openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 37

×