2. Signals need ATP: Drivers cantrust (safety).
we have been able to make mistakes
&
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
2
3. Automatic Train Protection (e.g. PZB since 1934)
In case I am
missing that halt signal,
PZB will stop my train
automatically
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
3
4. European Signaling Diversity due to History
Today: Diversity
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
Future: Unity
4
8. How many „Bugs“ to expect?
Typical quality SW: 1 … 10 bugs per 1.000 lines of code (TLOC).
Very mature, long-term, well proven SW: 0,5 bugs per TLOC
Highest software quality ever reported :
•
Less than 1 bug per 10 TLOC
•
At cost of more than 1.000 US$ per LOC (1977)
•
US Space Shuttle with 3m LOC costing 3b US$ (out of 12b$ total R&D)
Cost level not typical for the railway sector (< 100€/LOC)
Typical ETCS Kernel software size from 100 to 500 TLOC
That means: 100 … 1.000 undisclosed BUGS per EVC
8
11. Low Level of Standardization Today
Most hardware, software
and interfaces are
proprietary design
Vendor Lock-in
FIS
EVC
Vehicle Equipment
Parameters
proprietary
ETCS SW
HW
12. What means „Vendor Lock-in“?
“Warranty
Bidder
Survival”
selection
Call
OBU
for
Bidding Design
Fitting
Tender
1st
General
Inspection
Software
update
, 09.11.2013
Operation
beyond
Warranty
Authorization
Approval
Urgent
bug fix
Operation
Warranty
beyond
Periode
Warranty
2nd
General
Inspection
Up to 30 more years to come
Risk steadily
growing for original
Urgent
Obsolescence
Software Problem
System
bug fix
supplier update out of update
going
market
13
13. How to improve?
Lower Complexity
1. Standardization
Reduce Ambiguities 2. Make it “Formal”
Master “Bug” Surprises 3. Life-time Service
better:
Go Open Source
No Vendor Lock-in 4. “Open Proofs”
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
14
14. Institute for Defense Analyses,
“Open proof” idea
a US military think tank
openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013
15
http://www.dwheeler.com
16. EU supports FLOSS
EU Parliament Report A5-0264/2001:
“Calls … source code not made public
to be… in … ‘least reliable’ category;”
UNU-MERIT Study 2007: “Study on
the economic impact … of FLOSS”
36% R&D
cost
savings
European Union Public License
Compatible with popular OSS:
GNU GPL v.2 , OSL, CPL, EPL, Cecill
In line with the EU legal system:
22 EU Languages & Copyright & Liability
OSOR FLOSS Procurement Guide
, 09.11.2013
17
17. Get it
right !
ETCS
SRS
Human
Factor
“Prose”
Human
Factor
Formal System
Requirement Spec.
Formal Language
Functional Vehicle
Specification
Synthetic & real
life test cases &
response pattern
Human
Factor
Safety
Case
Docs
openETCS
Tools
openETCS
Project
SW Code
Generator
Parameters
openETCS
Lab
openETCS
Test
Simulator
STI
EVC
Vehicle Equipment
API
HW
Manufacturer
18. Scope of openETCS
Open Source Software
Engineering Tools
openETCS, Klaus-Rüdiger Hase, SafeTech 25.04.13
Open Source
Software Architecture
19
21. AUTOSAR – Core Partners and Members
Status: 30th September 2009
10 Development Member
9 Core Partner
86 Associate Member
16 Attendees
56 Premium Member
General
OEM
Generic
Tier 1
Standard
Software
10th Feb. 2009
Semiconductors
Courtesy of
Up-to-date status see: http://www.autosar.org
22 22
10th Feb. 2009
Tools and
Services
Overview on AUTOSAR Members
Overview on AUTOSAR Members
26. Why is OSS essential for SW Service?
“Deliver & Care”
Urgent
bug fix
Win Win
“Warranty
Bidder
Survival”
selection
Call
OBU
for
Bidding Design
Fitting
Tender
1st
General
Inspection
Authorization
Approval
Operation
beyond 2nd SLA
Warranty
Urgent
bug fix
Operation
Warranty
beyond
Periode
Warranty
1st SLA
2nd
General rd to 30 more years to come
2nd, 3 Up … SLA
,
Inspection
Obsolescence
Software Problem
update
Software
Open Proofs Open SW Service System
Market
update
update
, 09.11.2013
27
27. openETCS Implementation Time Line
DB„s ICE-T /3 ETCS
DB‘s ICE-T /3
retrofit program
UNISIG Vendor R&D and Product Launching Schedule
ETCS retrofit
requesting OSS
program
4Q 2013
Commercial
Project
ITEA2
2009
1Q 2012
ICE-T
ICE-T
2015 +
“openETCS Option”
EUPL
2.3.0
proprietary
2.3.0d
proprietary
“hand made”
3.0.0
OSS
proprietary
3.x.y
proprietary
Open Formal
Specifications
MoU
Non-vital openETCS
Lab Test Reference OBU
Open Tools
openETCS-Project implementing “Open Proofs”
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
28
Vital
openETCS
OBU Products
32. What is new? What is the innovation?
First industrial implementation of „open Proofs“
First technical system using EUPL
First open project in the railway safety domain
First attempt to combine CENELEC EN50128 with:
Open source software production scheme
Agile methods
First training simulator with formal approach
First open source reference device in railway sector
openETCS@ITEA2, openETCS Open License Terms apply, 11/9/2013
33
33. What has been accomplished so far?
DB‟s contract with
DB‘s ICE-T /3
Alstom to OSS
UNISIG Vendor R&D and Product Launching Schedule ICE-T
ETCS retrofit
ETCS OBU Software
program
4Q 2013
Commercial
Project
ITEA2
2009
1Q 2012
ICE-T
Tools evaluation:
9 “Candidates” too
2.3.0
2.3.0d
proprietary chose from.
proprietary
ICE-T
EUPL
2015 +
“openETCS Option”
“hand made”
3.0.0
OSS
proprietary
3.x.y
proprietary
Open Formal
Specifications
MoU
Non-vital openETCS
Lab Test Reference OBU
Open Tools
Vital
openETCS
OBU Products
TCSim
ERTMS Formal Specs®
ERSA ETCS OBU
openETCS-Project implementing “Open Proofs”
licensed under EULP
Software under EUPL
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
34
34. What is the status so far?
ICE-T
1. Standardizing
2. Formal Methods
ICE-T
3. Software Service
ICE-T
better:
“Open Proofs”
4. Open Source SW
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
35
35
35. One last word …
Arthur Schopenhauer:
[German Philosopher, 1788-1860]:
“New ideas are first ridiculed,
then fought bitterly,
and when they got their way,
everyone was always for it.“
36
36. That was it …
Thank you very much
for your attention.
openETCS@ITEA2, openETCS Open License Terms apply, 6/26/2013
37