Formal Verification Techniques for Safety Critical Medical Device Software Control

Safety-critical medical devices play an important role in improving patients health and lifestyle. Faulty behaviors of such devices can cause harm or even death. Often these faulty behaviors are caused due to bugs in software programs used for digital control of the device. We present a formal verification methodology that can be used to check the correctness of object code programs that implement the safety-critical control functions of these medical devices. Our methodology is based on the theory of Well-Founded Equivalence Bisimulation (WEB) refinement, where both formal specifications and implementations are treated as transition systems. First, we present formal specification model for the medical device. Second, we develop correctness proof obligations that can be applied to validate object code programs used in these devices. Formal methods are not widely employed for the verification of safety critical medical devices. However, using our methodology we were able to bridge the gap between two very important phases of software life cycle: specification and verification.

[1]  Rajeev Alur,et al.  Closed-loop verification of medical devices with model abstraction and refinement , 2014, International Journal on Software Tools for Technology Transfer.

[2]  Zhihao Jiang,et al.  Cyber–Physical Modeling of Implantable Cardiac Medical Devices , 2012, Proceedings of the IEEE.

[3]  Raoul Praful Jetley,et al.  A formal methods approach to medical device review , 2006, Computer.

[4]  Stephen W. Sorensen,et al.  Lifetime risk for diabetes mellitus in the United States. , 2003, JAMA.

[5]  Nikolaj Bjørner,et al.  Satisfiability modulo theories , 2011, Commun. ACM.

[6]  Insup Lee,et al.  Safety-critical medical device development using the UPP2SF model translation tool , 2014, ACM Trans. Embed. Comput. Syst..

[7]  Hugo Daniel Macedo,et al.  Incremental Development of a Distributed Real-Time Model of a Cardiac Pacing System Using VDM , 2008, FM.

[8]  W. Stevenson,et al.  Recalls and safety alerts involving pacemakers and implantable cardioverter-defibrillator generators. , 2001, JAMA.

[9]  Marcel Vinícius Medeiros Oliveira,et al.  Formal Specification of a Cardiac Pacing System , 2009, FM.

[10]  Jun Sun,et al.  Developing Model Checkers Using PAT , 2010, ATVA.

[11]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[12]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[13]  Insup Lee,et al.  Model-Driven Safety Analysis of Closed-Loop Medical Systems , 2014, IEEE Transactions on Industrial Informatics.

[14]  Panagiotis Manolios,et al.  Automatic verification of safety and liveness for pipelined machines using WEB refinement , 2008, TODE.

[15]  Rance Cleaveland,et al.  High-confidence medical device software and systems , 2006, Computer.

[16]  Kim G. Larsen,et al.  Scenario-based verification of real-time systems using Uppaal , 2010, Formal Methods Syst. Des..

[17]  Insup Lee,et al.  Linking abstract analysis to concrete design: A hierarchical approach to verify medical CPS safety , 2014, 2014 ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS).

[18]  Zhihao Jiang,et al.  Real-Time Heart Model for Implantable Cardiac Device Validation and Verification , 2010, 2010 22nd Euromicro Conference on Real-Time Systems.

[19]  Wang Yi,et al.  TIMES: A Tool for Schedulability Analysis and Code Generation of Real-Time Systems , 2003, FORMATS.

[20]  Marta Z. Kwiatkowska,et al.  PRISM 4.0: Verification of Probabilistic Real-Time Systems , 2011, CAV.

[21]  Sudarshan K. Srinivasan,et al.  A Formal Verification Methodology for FPGA-Based Stepper Motor Control , 2015, IEEE Embedded Systems Letters.

[22]  Barbara König,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2012, Lecture Notes in Computer Science.

[23]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[24]  Stavros Tripakis,et al.  Checking Timed Büchi Automata Emptiness Efficiently , 2005, Formal Methods Syst. Des..

[25]  Insup Lee,et al.  From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study , 2012, 2012 IEEE 18th Real Time and Embedded Technology and Applications Symposium.

[26]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[27]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[28]  D. Mozaffarian,et al.  Heart disease and stroke statistics--2012 update: a report from the American Heart Association. , 2012, Circulation.

[29]  Sudarshan K. Srinivasan,et al.  A Formal Verification Methodology for DDD Mode Pacemaker Control Programs , 2015, J. Electr. Comput. Eng..

[30]  Insup Lee,et al.  Formal specifications and analysis of the computer-assisted resuscitation algorithm (CARA) Infusion Pump Control System , 2003, International Journal on Software Tools for Technology Transfer.

[31]  Jim Woodcock,et al.  First Steps in the Verified Software Grand Challenge , 2006, Computer.

[32]  Wang Yi,et al.  Developing UPPAAL over 15 years , 2011, Softw. Pract. Exp..

[33]  Arnab Ray,et al.  Generic Safety Requirements for Developing Safe Insulin Pump Software , 2011, Journal of diabetes science and technology.

[34]  Zhihao Jiang,et al.  Using the Virtual Heart Model to validate the mode-switch pacemaker operation , 2010, 2010 Annual International Conference of the IEEE Engineering in Medicine and Biology.

[35]  Mbbs Md FRCPath Donald N. Pritzker Vinay Kumar Robbins and Cotran pathologic basis of disease , 2015 .

[36]  Insup Lee,et al.  Formal Methods Based Development of a PCA Infusion Pump Reference Model: Generic Infusion Pump (GIP) Project , 2007, 2007 Joint Workshop on High Confidence Medical Devices, Software, and Systems and Medical Device Plug-and-Play Interoperability (HCMDSS-MDPnP 2007).

[37]  Shamim Nemati,et al.  An artificial vector model for generating abnormal electrocardiographic rhythms. , 2010, Physiological measurement.

[38]  Yi Zhang,et al.  Safety-assured development of the GPCA infusion pump software , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[39]  Andrea Milne,et al.  Diabetes education for children with type 1 diabetes mellitus and their families. , 2008, Evidence report/technology assessment.

[40]  Panagiotis Manolios A Compositional Theory of Refinement for Branching Time , 2003, CHARME.

[41]  Kim Guldstrand Larsen,et al.  Formal Methods for the Design of Real-Time Systems , 2004, Lecture Notes in Computer Science.

[42]  Man Chun Zheng,et al.  Modeling and Verification of Safety Critical Systems: A Case Study on Pacemaker , 2010, 2010 Fourth International Conference on Secure Software Integration and Reliability Improvement.

[43]  D. Goldstein,et al.  A Prospective Study of Symptomatic Hypoglycemia in Young Diabetic Patients , 1981, Diabetes Care.

[44]  Insup Lee,et al.  Toward patient safety in closed-loop medical device systems , 2010, ICCPS '10.

[45]  Rajeev Alur,et al.  Efficient Reachability Analysis of Hierarchical Reactive Machines , 2000, CAV.

[46]  Zhihao Jiang,et al.  Modeling cardiac pacemaker malfunctions with the Virtual Heart Model , 2011, 2011 Annual International Conference of the IEEE Engineering in Medicine and Biology Society.

[47]  Sudarshan K. Srinivasan,et al.  Timed Refinement for Verification of Real-Time Object Code Programs , 2014, VSTTE.

[48]  Jim Woodcock,et al.  Unifying theories in ProofPower-Z , 2006, Formal Aspects of Computing.

[49]  Taolue Chen,et al.  Quantitative Verification of Implantable Cardiac Pacemakers , 2012, 2012 IEEE 33rd Real-Time Systems Symposium.

[50]  Panagiotis Manolios Mechanical verification of reactive systems , 2001 .

[51]  Zhihao Jiang,et al.  Model-Based Closed-Loop Testing of Implantable Pacemakers , 2011, 2011 IEEE/ACM Second International Conference on Cyber-Physical Systems.

[52]  Mark A. Wood,et al.  Cardiac Pacemakers From the Patient’s Perspective , 2002 .

[53]  Panagiotis Manolios,et al.  A Refinement-Based Compositional Reasoning Framework for Pipelined Machine Verification , 2008, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[54]  Roland X. Stroobandt,et al.  Cardiac Pacemakers and Resynchronization Step-by-Step: An Illustrated Guide, Second Edition , 2010 .

[55]  Alfred E. Buxton,et al.  Implantable cardiac pacemakers and defibrillators : all you wanted to know , 2006 .

[56]  Measuring implantable cardioverter defibrillators (ICDs) during implantation surgery: Verification of a simulation , 2009, 2009 36th Annual Computers in Cardiology Conference (CinC).