Formalizing the Cardiac Pacemaker Resynchronization Therapy

  • Neeraj Kumar SinghEmail author
  • Mark Lawford
  • Thomas S.E. Maibaum
  • Alan Wassyng
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9185)


For many years, formal methods have been used to design and develop critical systems in order to guarantee safety and security and the correctness of desired behaviours, through formal verification and validation techniques and tools. The development of high confidence medical devices such as the cardiac pacemaker, is one of the grand challenges in the area of verified software that need formal reasoning and proof-based development. This paper presents an example of how we used previous experience in developing a cardiac pacemaker using Event-B, to build an incremental proof-based development of a new pacemaker that uses Cardiac Resynchronization Therapy (CRT), also known as biventricular pacing or multisite pacing. In this work, we formalized the required behaviours of CRT including timing constraints and safety properties. We formalized the system using Event-B, and made use of the included Rodin tools to check the internal consistency with respect to safety properties, invariants and events. The system behaviours of the proven model were validated through the use of the ProB model checker.


Pacemaker resynchronization therapy Event-B Refinement Formal methods Verification Validation 


  1. 1.
    Carayon, P., Wood, K.E.: Patient safety. Inf. Knowl. Syst. Manage. 8(1–4), 23–46 (2009)zbMATHGoogle Scholar
  2. 2.
    Maisel, W.H., Moynahan, M., Zuckerman, B.D., Gross, T.P., Tovar, O.H., Tillman, D.B., Schultz, D.B.: Pacemaker and ICD generator malfunctions: Analysis of food and drug administration annual reports. JAMA 295(16), 1901–1906 (2006)CrossRefGoogle Scholar
  3. 3.
    Boston scientific: pacemaker system specification. Technical report (2007).
  4. 4.
    Dagstuhl seminar 14062: The pacemaker challenge: developing certifiable medical devices (2014)Google Scholar
  5. 5.
    Abrial, J.R.: Modeling in Event-B: System and Software Engineering, 1st edn. Cambridge University Press, New York (2010)CrossRefGoogle Scholar
  6. 6.
    Leuschel, M., Butler, M.: ProB: A model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 855–874. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  7. 7.
    Barold, S.S., Stroobandt, R.X., Sinnaeve, A.F.: Cardiac Pacemakers Step by Step. Futura Publishing (2004). ISBN 1-4051-1647-1Google Scholar
  8. 8.
    Project RODIN: Rigorous open development environment for complex systems (2004).
  9. 9.
    Wang, P., Kramer, A., Mark Estes, N.A., Hayes, D.L.: Timing cycles for biventricular pacing. Pacing Clin. Electrophysiol. 25, 62–75 (2002)CrossRefzbMATHGoogle Scholar
  10. 10.
    Mills, H.D.: Stepwise refinement and verification in box-structured systems. IEEE Comput. 21(6), 23–36 (1988)CrossRefGoogle Scholar
  11. 11.
    Macedo, H.D., Larsen, P.G., Fitzgerald, J.S.: Incremental development of a distributed real-time model of a cardiac pacing system using VDM. In: Cuellar, J., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 181–197. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  12. 12.
    Gomes, A.O., Oliveira, M.V.M.: Formal Specification of a cardiac pacing system. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 692–707. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  13. 13.
    Jiang, Z., Pajic, M., Moarref, S., Alur, R., Mangharam, R.: Modeling and verification of a dual chamber implantable pacemaker. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 188–203. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  14. 14.
    Tuan, L.A., Zheng, M.C., Tho, Q.T.: Modeling and verification of safety critical systems: A case study on pacemaker. In: Secure System Integration and Reliability Improvement, june 2010, pp. 23–32 (2010)Google Scholar
  15. 15.
    Singh, N.K.: Using Event-B for Critical Device Software Systems. Springer GmbH, London (2013)CrossRefGoogle Scholar
  16. 16.
    Méry, D., Singh, N.K.: Functional behavior of a cardiac pacing system. Int. J. Discrete Event Control Syst. 1(2), 129–149 (2011)Google Scholar
  17. 17.
    Méry, D., Singh, N.K.: Formalization of Heart Models Based on the Conduction of Electrical Impulses and Cellular Automata. In: Liu, Z., Wassyng, A. (eds.) FHIES 2011. LNCS, vol. 7151, pp. 140–159. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  18. 18.
    Méry, D., Singh, N.K.: Automatic code generation from Event-B models. In: Proceedings of the Second Symposium on Information and Communication Technology, SoICT 2011, pp. 179–188. ACM, New York (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Neeraj Kumar Singh
    • 1
    Email author
  • Mark Lawford
    • 1
  • Thomas S.E. Maibaum
    • 1
  • Alan Wassyng
    • 1
  1. 1.McMaster Centre for Software CertificationMcMaster UniversityHamiltonCanada

Personalised recommendations