Abstract
The design and implementation of software for medical devices is challenging due to their rapidly increasing functionality and the tight coupling of computation, control, and communication. The safety-critical nature and the lack of existing industry standards for verification, make this an ideal domain for exploring applications of formal modeling and analysis. In this study, we use a dual chamber implantable pacemaker as a case study for modeling and verification of control algorithms for medical devices in UPPAAL. We begin with detailed models of the pacemaker, based on the specifications and algorithm descriptions from Boston Scientific. We then define the state space of the closed-loop system based on its heart rate and developed a heart model which can non-deterministically cover the whole state space. For verification, we first specify unsafe regions within the state space and verify the closed-loop system against corresponding safety requirements. As stronger assertions are attempted, the closed-loop unsafe state may result from healthy open-loop heart conditions. Such unsafe transitions are investigated with two clinical cases of Pacemaker Mediated Tachycardia and their corresponding correction algorithms in the pacemaker. Along with emerging tools for code generation from UPPAAL models, this effort enables model-driven design and certification of software for medical devices.
This research was partially supported by NSF research grants MRI 0923518, CNS 0931239, CNS 1035715 and CCF 0915777.
Chapter PDF
Similar content being viewed by others
References
List of Device Recalls, U.S. Food and Drug Admin. (last visited July 19, 2010)
Sandler, K., Ohrstrom, L., Moy, L., McVay, R.: Killed by Code: Software Transparency in Implantable Medical Devices. Software Freedom Law Center (2010)
AUTOSAR website: http://www.autosar.org/
AVSI website: http://www.avsi.aero
Alur, R., Arney, D., Gunter, E.L., Lee, I., Lee, J., Nam, W., Pearce, F., Van Albert, S., Zhou, J.: Formal Specifications and Analysis of the Computer-Assisted Resuscitation Algorithm (CARA) Infusion Pump Control System. Intl. Journal on Software Tools for Technology Transfer (STTT) 5, 308–319 (2004)
ten Teije, A., et al.: Improving medical protocols by formal methods. Artificial Intelligence in Medicine 36(3), 193–209 (2006)
PACEMAKER System Specification. Boston Scientific (2007)
The Compass - Technical Guide to Boston Scientific Cardiac Rhythm Management Products (2007)
Larsen, K.G., Pettersson, P., Yi, W.: Uppaal in a Nutshell. International Journal on Software Tools for Technology Transfer (STTT), 134–152 (1997)
Jiang, Z., Pajic, M., Moarref, S., Alur, R., Mangharam, R.: Pacemaker UPPAAL model download: http://www.seas.upenn.edu/~zhihaoj/VHM/PM_verify.zip
Pajic, M., Jiang, Z., Sokolsky, O., Lee, I., Mangharam, R.: From Verification to Implementation: A Model Translation Tool and a Pacemaker Case Study. In: 18th IEEE Real-Time and Embedded Technology and Applications Symposium, IEEE RTAS (2012)
Barold, S., Stroobandt, R., Sinnaeve, A.: Cardiac Pacemakers Step by Step. Blackwell Futura (2004)
Alur, R., Dill, D.L.: A Theory of Timed Automata. Theoretical Computer Science 126, 183–235 (1994)
Behrmann, G., David, A., Larsen, K.G.: A Tutorial on Uppaal. In: Bernardo, M., Corradini, F. (eds.) SFM-RT 2004. LNCS, vol. 3185, pp. 200–236. Springer, Heidelberg (2004)
Clarke, E.M., Allen Emerson, E.: Design and synthesis of synchronization skeletons using branching-time temporal logic. In: Logic of Programs, Workshop, pp. 52–71 (1982)
Jiang, Z., Pajic, M., Mangharam, R.: Model-based Closed-loop Testing of Implantable Pacemakers. In: ICCPS 2011: ACM/IEEE 2nd Intl. Conf. on Cyber-Physical Systems (2011)
Jee, E., Wang, S., Kim, J.K., Lee, J., Sokolsky, O., Lee, I.: A Safety-Assured Development Approach for Real-Time Software. In: The Proceedings of 16th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications, pp. 133–142 (2010)
Tuan, L.A., Zheng, M.C., Tho, Q.T.: Modeling and Verification of Safety Critical Systems: A Case Study on Pacemaker. In: Fourth International Conference on Secure Software Integration and Reliability Improvement, pp. 23–32 (2010)
Wiggelinkhuizen, J.E.: Feasibility of Formal Model Checking in the Vitatron Environment. Master thesis, Eindhoven University of Technology (2007)
Macedo, H.D., Larsen, P.G., Fitzgerald, J.S.: Incremental Development of a Distributed Real-Time Model of a Cardiac Pacing System Using VDM. In: Cuellar, J., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 181–197. Springer, Heidelberg (2008)
Gomes, A.O., Oliveira, M.V.M.: Formal Specification of a Cardiac Pacing System. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 692–707. Springer, Heidelberg (2009)
Mery, D., Singh, N.K.: Pacemaker’s Functional Behaviors in Event-B. Research report, INRIA (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jiang, Z., Pajic, M., Moarref, S., Alur, R., Mangharam, R. (2012). Modeling and Verification of a Dual Chamber Implantable Pacemaker. In: Flanagan, C., König, B. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2012. Lecture Notes in Computer Science, vol 7214. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28756-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-28756-5_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28755-8
Online ISBN: 978-3-642-28756-5
eBook Packages: Computer ScienceComputer Science (R0)