Foundations and Trends® in Electronic Design Automation > Vol 9 > Issue 4

High-Confidence Medical Device Software Development

By Zhihao Jiang, University of Pennsylvania, USA, zhihaoj@seas.upenn.edu | Rahul Mangharam, University of Pennsylvania, USA, rahulm@seas.upenn.edu

 
Suggested Citation
Zhihao Jiang and Rahul Mangharam (2015), "High-Confidence Medical Device Software Development", Foundations and Trends® in Electronic Design Automation: Vol. 9: No. 4, pp 309-391. http://dx.doi.org/10.1561/1000000040

Publication Date: 10 Dec 2015
© 2015 Z. Jiang and R. Mangharam
 
Subjects
Test,  Verification,  Risk Analysis,  Program Verification,  Software Model Checking
 

Free Preview:

Download extract

Share

Download article
In this article:
1. Medical Devices: Current State and Challenges
2. Modeling the Physiological Environment
3. Identifying and Validating the Environment Model
4. A Dual Chamber Pacemaker Specification
5. Closed-loop Model Checking
6. Closed-loop Model Simulation and Testing
7. Discussion and Open Challenges
Acknowledgements
References

Abstract

The design of bug-free and safe medical device software is challenging, especially in complex implantable devices. This is due to the device’s closed-loop interaction with the patient’s organs, which are stochastic physical environments. The life-critical nature and the lack of existing industry standards to enforce software validation make this an ideal domain for exploring design automation challenges for integrated functional and formal modeling with closed-loop analysis. The primary goal of high-confidence medical device software is to guarantee the device will never drive the patient into an unsafe condition even though we do not have complete understanding of the physiological plant. There are two major differences between modeling physiology and modeling man-made systems: first, physiology is much more complex and less well-understood than man-made systems like cars and airplanes, and spans several scales from the molecular to the entire human body. Secondly, the variability between humans is orders of magnitude larger than that between two cars coming off the assembly line. Using the implantable cardiac pacemaker as an example of closed-loop device, and the heart as the organ to be modeled, we present several of the challenges and early results in model-based device validation. We begin with detailed timed automata model of the pacemaker, based on the specifications and algorithm descriptions from Boston Scientific. For closed-loop evaluation, a real-time Virtual Heart Model (VHM) has been developed to model the electrophysiological operation of the functioning and malfunctioning (i.e., during arrhythmia) hearts. By extracting the timing properties of the heart and pacemaker device, we present a methodology to construct timed-automata models for formal model checking and functional testing of the closed-loop system. The VHM’s capability of generating clinically-relevant response has been validated for a variety of common arrhythmias. Based on a set of requirements, we describe a framework of Abstraction Trees that allows for interactive and physiologically relevant closed-loop model checking and testing for basic pacemaker device operations such as maintaining the heart rate, atrial-ventricle synchrony and complex conditions such as avoiding pacemaker-mediated tachycardia. Through automatic model translation of abstract models to simulation-based testing and code generation for platform-level testing, this model-based design approach ensures the closed-loop safety properties are retained through the design toolchain and facilitates the development of verified software from verified models. This system is a step toward a validation and testing approach for medical cyber-physical systems with the patient-in-the-loop.

DOI:10.1561/1000000040
ISBN: 978-1-68083-068-2
94 pp. $70.00
Buy book (pb)
 
ISBN: 978-1-68083-069-9
94 pp. $125.00
Buy E-book (.pdf)
Table of contents:
1. Medical Devices: Current State and Challenges
2. Modeling the Physiological Environment
3. Identifying and Validating the Environment Model
4. A Dual Chamber Pacemaker Specification
5. Closed-loop Model Checking
6. Closed-loop Model Simulation and Testing
7. Discussion and Open Challenges
Acknowledgements
References

High-Confidence Medical Device Software Development

The design of bug-free and safe medical device software is challenging, especially in complex implantable devices. This is due to the device’s closed-loop interaction with the patient’s organs, which are stochastic physical environments. The life-critical nature and the lack of existing industry standards to enforce software validation make this an ideal domain for exploring design automation challenges for integrated functional and formal modeling with closed-loop analysis. The primary goal of high-confidence medical device software is to guarantee that the device will never drive the patient into an unsafe condition, even though we do not have complete understanding of the physiological plant. To address the safety gap between ensuring the device satisfies its therapeutic requirements with the patient-in-the-loop and testing its software specifications, new approaches for closed-loop validation of the device software within the physiological context are needed - this is the primary focus of this monograph.

In High-Confidence Medical Device Software Development, the authors use an implantable cardiac pacemaker as a working example to demonstrate how model-based design can help improve the safety and efficacy of medical device software. It demonstrates the application of model-based design in several design activities during the development process, from the perspective of the manufacturer’s design validation team.

 
EDA-040