openETCS ITEA2 2013 Review Overview
-
Upload
klaus-ruediger-hase -
Category
Technology
-
view
524 -
download
0
description
Transcript of openETCS ITEA2 2013 Review Overview
Paris, 03.07.2013
Klaus-Rüdiger Hase
openETCS@ITEA2 Projectsupported by:
openETCS@ITEA2 Project Overview
Signals we have been able to trust (safety).
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
&
need ATP: Drivers can make mistakes
2
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
Automatic Train Protection (e.g. PZB since 1934)
In case I am missing that halt signal, PZB will stop my train
automatically
3
4
European Signaling Diversity due to History
Future: UnityToday: Diversity
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
EVC
EuropeanVitalComputer
„Go ahead“ comes via
radio
ETCS Level 2
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 5
EVC
Computer for “SAFETY” ? … have „Bugs“ !
First ever documented „Computer Bug“9. Sept. 1947, 15:45
(Harvard Mark II)openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13
Computer Bugs
Courtesy of © Microsoft.
August 14, 2003: A programming error has been identified as the cause of the Northeast power blackout.
June 4, 1996: The European Ariane5 rocket explodes 40 s into its maiden flight due to a software bug.
October 16, 2007: Derailment at the Lötschberg Baseline near Frutigen (CH) due to a software bug in the ETCS Radio Block Center (RBC) *)
*) published at: http://www.uus.admin.ch//pdf/07101601_SB.pdf
8
Typical quality SW: 1 … 10 bugs per 1.000 lines of code (TLOC).Very mature, long-term, well proven SW: 0,5 bugs per TLOCHighest software quality ever reported :
• Less than 1 bug per 10 TLOC• At cost of more than 1.000 US$ per LOC (1977)• US Space Shuttle with 3m LOC costing 3b US$ (out of 12b$ total R&D)
Cost level not typical for the railway sector (< 100€/LOC)
Typical ETCS Kernel software size from 100 to 500 TLOC
That means: 100 … 1.000 undisclosed BUGS per EVC
How many „Bugs“ to expect?
10
Fault Density
-
1
2
3
4
5
6
7
8
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Lines of Code
-
100.000
200.000
300.000
400.000
500.000
600.000
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Characteristics of Complex Software
Faults Detected
-
200
400
600
800
1.000
1.200
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Remaining Bugs
Complex
software needs
long-term care!
11openETCS@ITEA2, openETCS Open License Terms apply, 04/10/2023
Software & HW Specification 1
EVC
Vehicle Equipment 1
Software & HW Specification 2
EVC
Vehicle Equipment 2
Software & HW Specification 3
EVC
Vehicle Equipment 3
Software & HW Specification 4
EVC
Vehicle Equipment 4
Human Factor
Human Factor
Human Factor
Human Factor
Human Factor
Human Factor
Human Factor
Human Factor
≠ ≠≠
ETCS SRS“Prose”
ETCS OBU design today:
Low Level of Standardization Today
Most hardware, software and interfaces are proprietary design
Vendor Lock-in
proprietaryETCS SW
HW
Parameters
EVC
Vehicle Equipment
EVC
Vehicle Equipment
FIS
13, 09.11.2013
OperationbeyondWarranty
Warranty Periode
Authorization
Approval OBUFitting
What means „Vendor Lock-in“?
Bidder selectio
n
DesignBiddingCall for
Tender
Software update
Software update
System update
Urgentbug fix
Obsolescence Problem
Urgentbug fix
2nd
General Inspec-
tion
Up to 30 more years to come1st
General Inspec-
tion
OperationbeyondWarranty
Risk steadily growing for original
supplier going out of market
“Warranty Survival”
We need a better
business model!
14openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
{Lower Complexity
Reduce Ambiguities
Master “Bug” Surprises
No Vendor Lock-in
How to improve?
1. Standardization
2. Make it “Formal”
3. Life-time Service
4. Go Open Sourcebetter:“Open Proofs”
15openETCS@ITEA2, openETCS Open License Terms apply, 04/10/2023
“Open proof” idea
http://www.dwheeler.com
Institute for Defense Analyses, a US military think tank
openETCS@ITEA2, openETCS Open License Terms apply, 04/10/2023 16
17, 09.11.2013
EU supports FLOSS
EU Parliament Report A5-0264/2001:“Calls … source code not made public to be… in … ‘least reliable’ category;”
36% R&D cost
savings
European Union Public LicenseCompatible with popular OSS:
GNU GPL v.2 , OSL, CPL, EPL, Cecill
In line with the EU legal system:22 EU Languages & Copyright & Liability
UNU-MERIT Study 2007: “Study on the economic impact … of FLOSS”
OSOR FLOSS Procurement Guide
ETCS SRS
openETCS Project
Human Factor
Manufacturer
SW CodeGenerator
openETCS
APIHW
Parameters
openETCS Tools
openETCS Simulator
EVC
Vehicle Equipment
Synthetic & reallife test cases &response pattern
Formal LanguageFunctional Vehicle
Specification
Human Factor
Get it right
!
Formal SystemRequirement Spec.
SRS
STI
Human Factor
SafetyCaseDocs
Lab Test
“Prose”
Scope of openETCS
Open Source Software
Architecture
Open Source Software
Engineering Tools
openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13 19
20
API in AUTOSAR
Referenz: www.autosar.org
21 Reference: www.autosar.org
Overview on AUTOSAR Members
10th Feb. 2009
22 Overview on AUTOSAR Members10th Feb. 200922 Overview on AUTOSAR Members22
86 Associate Member16 Attendees56 Premium Member
GeneralOEM
GenericTier 1
StandardSoftware
Tools andServices
Semi-conductors
Up-to-date status see: http://www.autosar.org
9 Core Partner
AUTOSAR – Core Partners and MembersStatus: 30th September 2009 10 Development Member
Courtesy of
23
Open Software Engineering Tools
Scope of openETCS
25
Toolkit in Open-Source for Critical Application & System Development
Reference: www.topcased.org
26openETCS@ITEA2, openETCS Open License Terms apply, 04/10/2023
EVC
ETCS On-Board Unit
FFFIS
API
openETCS
HW
Parameter
openETCS - Architecture
Hardware & Software Interfaces “open” Reusability Obsolescence proof
27, 09.11.2013
OperationbeyondWarranty
Warranty Periode
Authorization
Approval OBUFitting
Why is OSS essential for SW Service?
Bidder selectio
n
DesignBiddingCall for
Tender
Software update
Software update
System update
Urgentbug fix
Obsolescence Problem
Urgentbug fix
2nd
General Inspec-
tion
Up to 30 more years to come1st
General Inspec-
tion
OperationbeyondWarranty
2nd SLA
“Deliver & Care” Win Win
1st SLA
Open Proofs Open SW Service Market
“Warranty Survival”
2nd, 3rd, … SLA
28openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
UNISIG Vendor R&D and Product Launching Schedule
openETCS Implementation Time Line
2.3.0proprietary
2009
2.3.0dproprietary
1Q 2012ICE-T
openETCS-Project implementing “Open Proofs”
“hand made” OSS
“openETCS Option”
EUPL
Refere
nce O
BU
for Lab Test
ing3.0.0proprietary
4Q 2013ICE-T
MoU
VitalopenETCS
OBU Products
Non-vital openETCSLab Test Reference OBU
Open Formal Specifications
Open Tools
2015 +
3.x.yproprietary
DB‘s ICE-T /3 ETCS retrofit
program
ü
ü
DB‘s ICE-T /3 ETCS retrofit program requesting OSS
Commercial ProjectProjectITEA2
openETCS @ ITEA2 Project
Funded by:
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 2929
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
openETCS Project Schedule Overview
Organization
Basics
Implemen-tation
openETCS@ITEA2-Projekt
I (2011) II (2012-2013) III (2014-2015)Phases
openETCS Foundation e.V.
Prepare Project Management / Governance
„Track Use Cases“ Adoption ERTMS Users Gr.
SW Tools
ERA, EUG, Railways
Goal: New Industrial Standard
openETCS Option Call
M1 M5 M6M2 M3 M4 M9M7 M8
Commercializing
VI (2016-2020)
Commercializing
Commercializing
3030
Interfaces: STI / API
(semi) Formal Specification
TCSim Prototype
openETCS Reference OBU
Project Structure and Proof of Concept utilizing TCSim at DB
31openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
WP3b
WP3a
http://www.openETCS.org
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013 3232
What is new? What is the innovation?
First industrial implementation of „open Proofs“ First technical system using EUPL First open project in the railway safety domain First attempt to combine CENELEC EN50128 with:
Open source software production scheme Agile methods
First training simulator with formal approach First open source reference device in railway sector
33openETCS@ITEA2, openETCS Open License Terms apply, 04/10/2023
34openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
UNISIG Vendor R&D and Product Launching Schedule
Commercial ProjectProjectITEA2
2.3.0proprietary
2009
2.3.0dproprietary
1Q 2012ICE-T
openETCS-Project implementing “Open Proofs”
“hand made” OSS
“openETCS Option”EUPL
3.0.0proprietary
4Q 2013ICE-T
MoU
VitalopenETCS
OBU Products
Non-vital openETCSLab Test Reference OBU
Open Formal Specifications
Open Tools
2015 +
3.x.yproprietary
ü
ü
DB’s contract with Alstom to OSS ICE-T ETCS OBU Software
DB‘s ICE-T /3 ETCS retrofit
program
What has been accomplished so far?
Tools evaluation: 9 “Candidates” too
chose from.
ERTMS Formal Specs® licensed under EULP
ERSA ETCS OBU TCSim Software under EUPL
Refere
nce O
BU
for Lab Test
ing
ü ü
1. Standardizing
2. Formal Methods
3. Software Service
4. Open Source SW
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
{What is the status so far?
better:“Open Proofs”
ICE-T
ICE-T
ICE-T
3535
Arthur Schopenhauer: [German Philosopher, 1788-1860]:
“New ideas are first ridiculed, then fought bitterly, and when they got their way, everyone was always for it.“
36
One last word …
That was it …
Thank you very much for your attention.
37openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013