We built an EPICS-based radiation therapy machine control program and are using it to treat patients at our hospital. To help ensure safety, the control program uses a restricted subset of EPICS constructs and programming techniques, and we developed several new automated formal verification tools for this subset. To check our control program, we built a Symbolic Interpeter that finds errors in EPICS database programs, using symbolic execution and satisfiability checking. It found serious errors in our control program that were missed by reviews and testing. To check the EPICS runtime (EPICS Core) itself, we first developed a Formal Semantics for EPICS database programs, based on the EPICS Record Reference Manual (RRM) and expressed in the specification language of an automated theorem prover. We built a formally-verified Trace Validator and used it to check the EPICS runtime against our semantics by differential testing with millions of randomly generated programs. The testing process generally corroborated that the EPICS runtime conforms to its specification in the RRM, but it did find several omissions and ambiguities in the RRM that might mislead users. Our formal semantics for EPICS enables valuable future developments: a full proof of correctness for our EPICS program, verified analyses for arbitrary EPICS programs, and a Verified Compiler that could compile an EPICS database to a verified standalone program, while dispensing with much of the unverified EPICS toolchain and runtime.
[1]
J. Adamczewski,et al.
EPICS - Experimental Physics and Industrial Control System at GSI
,
2006
.
[2]
Emina Torlak,et al.
Growing solver-aided languages with rosette
,
2013,
Onward!.
[3]
J.P.Jacky.
EPICS-based Control System for a Radiation Therapy Machine
,
2013
.
[4]
Xi Wang,et al.
Investigating Safety of a Radiotherapy Machine Using System Models with Pluggable Checkers
,
2016,
CAV.
[5]
Ira J. Kalet,et al.
25 YEARS OF CONTINUOUS OPERATION OF THE SEATTLE CLINICAL
,
2010
.
[6]
Jonathan Jacky.
Formal Safety Analysis of the Control Program for a Radiation Therapy Machine
,
2000
.
[7]
Jonathan Jacky,et al.
A Control System for a Radiation Therapy Machine
,
2001
.
[8]
Xi Wang,et al.
Toward a Dependability Case Language and Workflow for a Radiation Therapy System
,
2015,
SNAPL.