Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
A MODEL-DRIVEN DEVELOPMENT
AND
VERIFICATION APPROACH
FOR MEDICAL DEVICES
Major Professor: John Hatcliff
Committee members:...
Motivation
 Medical Devices Interoperability
 ICE (Integrated Clinical Environment)
 MDCF (Medical Device Coordination ...
Patient-Controlled Analgesia (PCA) Pump
 Method of pain control that gives patients the
power to control their pain
 Ope...
Integrated Clinical Environment
Integrated Clinical Environment
Medical Device Coordination Framework
Goals
 Create PCA Pump Prototype:
 ICE PCA Infusion Pump System Requirements
 PCA Pump models
 Analysis of implementat...
Technologies
 AADL (Architecture Analysis & Design Language)
 BLESS (Behavior Language for Embedded Systems with Softwar...
AADL (Architecture Analysis & Design Language)
 "UML for hardware and software”
 Used for:
 real-time sytems
 safety c...
BLESS(Behavior Language for Embedded Systems with Software)
 AADL annex sublanguage defining behavior of components
 BLES...
Ada
 Programming language:
 Object oriented
 Statically typed
 Designed for safety critical systems
 Railway systems
...
SPARK
 Subset of Ada for Software Verification
 Versions:
 SPARK 83 (based on Ada 83)
 SPARK 95 (based on Ada 95)
 SP...
SPARK – Concurrency
 Ravenscar profile – subset of Ada tasking features designed
for safety-critical hard real-time compu...
SPARK – Verification
 SPARK 2005
 Examiner
 Simplifier
 ZombieScope
 ViCToR
 POGS
 Bakar Kiasan
 AUnit tests
 SPA...
Platform for PCA Pump Prototype
 BeagleBoard-xM
 Single-board computer produced by Texas
Instrument
 Specification:
 1...
SPARK Ada on BeagleBoard-xM?
 No native GNAT compiler for ARM-based devices
 No official GNAT cross compiler for ARM-bas...
Research plan
 Compile SPARK Ada program for BeagleBoard-xM
 SPARK 2005 (single and multithreaded)
 SPARK 2014
 Start ...
SPARK Ada on BeagleBoard-xM
 AdaCore cross compiler for ARM-based device
(tested on Android)
 Cooperation with AdaCore t...
AADL/BLESS to SPARK Ada
 Translation schemas based on “Programming Language Annex Document”
 Data types (scalars, enums,...
PCA Pump Prototype implementation
 Implemented prototype in SPARK 2005
 Data types
 Operational module
 PCA Pump actua...
PCA Pump Verification
 Implemented PCA Pump verification with SPARK toolset
 Verification of module for maximum dose mon...
Contributions
 Developed approach for running SPARK/Ada programs on
BeagleBoard-xM platform
 Created PCA Prototype in SP...
Problems
 SPARK limitations
 Lack of industry experience in SPARK Ada
 No consultation with domain experts
 Technologi...
Future work
 Consultation with industry expert (in safety critical systems development)
 Automatic translator
 Translat...
Upcoming SlideShare
Loading in …5
×

A Model Driven Development and Verification Approach for Medical Devices (Jakub Jedryszek)

429 views

Published on

Master Thesis Defense: A Model Driven Development and Verification Approach for Medical Devices

Video from defense: https://www.youtube.com/watch?v=YNypDQ8st04

Master Thesis:
http://krex.k-state.edu/dspace/bitstream/handle/2097/18222/JakubJedryszek2014.pdf

Published in: Science
  • Be the first to comment

  • Be the first to like this

A Model Driven Development and Verification Approach for Medical Devices (Jakub Jedryszek)

  1. 1. A MODEL-DRIVEN DEVELOPMENT AND VERIFICATION APPROACH FOR MEDICAL DEVICES Major Professor: John Hatcliff Committee members: John Hatcliff, Robby, Eugene Vasserman Jakub Jedryszek www.jj09.net Computing and Information Sciences Department Kansas State University
  2. 2. Motivation  Medical Devices Interoperability  ICE (Integrated Clinical Environment)  MDCF (Medical Device Coordination Framework)  PCA Pump  Software Verification  Model-Driven Development
  3. 3. Patient-Controlled Analgesia (PCA) Pump  Method of pain control that gives patients the power to control their pain  Operational modes:  Stopped  Basal Rate  Bolus  Clinician Bolus (Square bolus)  Keep Vein Open (KVO)
  4. 4. Integrated Clinical Environment
  5. 5. Integrated Clinical Environment
  6. 6. Medical Device Coordination Framework
  7. 7. Goals  Create PCA Pump Prototype:  ICE PCA Infusion Pump System Requirements  PCA Pump models  Analysis of implementation details  Propose AADL to SPARK Ada translation  Verify aspects of PCA pump with SPARK tools
  8. 8. Technologies  AADL (Architecture Analysis & Design Language)  BLESS (Behavior Language for Embedded Systems with Software)  SPARK Ada programming language
  9. 9. AADL (Architecture Analysis & Design Language)  "UML for hardware and software”  Used for:  real-time sytems  safety critical systems  embedded systems  Graphical and textual representation package Thermometer public with Base_Types; system patient_thermometer end patient_thermometer; system implementation patient_thermometer.impl subcomponents thermomether : device thermometer_device.impl; opi : device operator_interface.impl; connections tdn : port thermomether.temp -> opi.display; end patient_thermometer.impl; device operator_interface features display : in data port Base_Types::Integer; end operator_interface; device implementation operator_interface.impl end operator_interface.impl; device thermometer_device features temp : out data port Base_Types::Integer; end thermometer_device; device implementation thermometer_device.impl end thermometer_device.impl; end Thermometer;
  10. 10. BLESS(Behavior Language for Embedded Systems with Software)  AADL annex sublanguage defining behavior of components  BLESS’s goal: auto-check correctness proofs of AADL models of embedded electronic systems with software  3 AADL Annex Sublanguages:  Assertion  subBLESS  BLESS thread Some_Thread features Some_Port : out event port {BLESS::Assertion => ”<<(Var1 < Var2 and COND2())>>”;}; end Some_Thread; thread implementation Some_Thread.impl annex BLESS {** invariant <<(Some_Var < Other_Var)>> assert <<COND2 : :(Var1 > 0)>> **}; end Some_Thread.impl;
  11. 11. Ada  Programming language:  Object oriented  Statically typed  Designed for safety critical systems  Railway systems  Airplanes software (e.g. Boeing 777)  Medical devices  (*) Ada was named after Ada Lovelace (1815–1852), who is credited as being the first computer programmer (women) with Ada.Text_IO; use Ada.Text_IO; procedure Hello is begin Put_Line ("Hello, world!"); end Hello;
  12. 12. SPARK  Subset of Ada for Software Verification  Versions:  SPARK 83 (based on Ada 83)  SPARK 95 (based on Ada 95)  SPARK 2005 (based on Ada 2005)  SPARK 2014 (based on Ada 2012)  SPARK 2005 = subset of Ada + code contracts (annotations)  SPARK 2014 = subset of Ada (code contracts in Ada 2012) SPARK 2005 (based on Ada 2005) SPARK 2014 (based on Ada 2012) procedure Inc (X : in out Integer); --# pre X < Integer’Last; --# post X = X~ + 1; procedure Inc (X : in out Integer) with Pre => X < Integer’Last, Post => X = X’Old + 1;
  13. 13. SPARK – Concurrency  Ravenscar profile – subset of Ada tasking features designed for safety-critical hard real-time computing  RavenSPARK – subset of Ravenscar profile, which allows to verify concurrent programs with SPARK verification tools  Used features:  tasks  protected types  Ada.Real_Time library
  14. 14. SPARK – Verification  SPARK 2005  Examiner  Simplifier  ZombieScope  ViCToR  POGS  Bakar Kiasan  AUnit tests  SPARK 2014  GNATprove  Bakar Kiasan v2  Verification Conditions (VC)  array index out of range  type range violation  division by zero  numerical overflow  Dead Path Conjectures (DPC)
  15. 15. Platform for PCA Pump Prototype  BeagleBoard-xM  Single-board computer produced by Texas Instrument  Specification:  1GHz ARM Processor  512 MB RAM  4 USB 2.0 ports  HDMI port  Ethernet  GPIO ports (PWM)  Linux OS (Angstrom) http://beagleboard.org/Products/BeagleBoard-xM
  16. 16. SPARK Ada on BeagleBoard-xM?  No native GNAT compiler for ARM-based devices  No official GNAT cross compiler for ARM-based devices  Cross compiler – compiler capable of creating executable code for a platform other thatn the on on which the compiler is running
  17. 17. Research plan  Compile SPARK Ada program for BeagleBoard-xM  SPARK 2005 (single and multithreaded)  SPARK 2014  Start PCA Pump Prototype implementation  Create AADL/BLESS to SPARK Ada translations  Based on Ocarina  Verification:  Implemented PCA Pump Prototype  Translated AADL models to SPARK Ada  Small separated module
  18. 18. SPARK Ada on BeagleBoard-xM  AdaCore cross compiler for ARM-based device (tested on Android)  Cooperation with AdaCore to run CrossCompiler  GNAT cross compiler for ARM-based devices  Supported platforms: Linux x86
  19. 19. AADL/BLESS to SPARK Ada  Translation schemas based on “Programming Language Annex Document”  Data types (scalars, enums, records, arrays)  Ports (event, data, in/out)  Threads to tasks  Subprograms  Feature groups  Packages  Property sets  BLESS to SPARK translations based on consultation with Brian Larson  Port-based communication
  20. 20. PCA Pump Prototype implementation  Implemented prototype in SPARK 2005  Data types  Operational module  PCA Pump actuator module (PCA Engine)  Simplified PCA Pump translated from AADL models
  21. 21. PCA Pump Verification  Implemented PCA Pump verification with SPARK toolset  Verification of module for maximum dose monitoring  SPARK 2005  SPARK Tools (Examiner, SPARKSimp, POGS)  Bakar Kiasan  SPARK 2014  GNATprove
  22. 22. Contributions  Developed approach for running SPARK/Ada programs on BeagleBoard-xM platform  Created PCA Prototype in SPARK 2005 (Ravenscar profile) running on BeagleBoard-xM  Designed AADL/BLESS to SPARK Ada translation schemas  Translated simplified AADL models of PCA Pump to SPARK Ada  Demonstrated example verification of PCA pump:  SPARK 2005 tools  Bakar Kiasan  GNATprove
  23. 23. Problems  SPARK limitations  Lack of industry experience in SPARK Ada  No consultation with domain experts  Technologies and tools are under development:  SPARK 2014  BLESS  Small community and limitation of resources:  728 Ada related questions on StackOverflow  3 SPARK Ada related questions on StackOverflow  673,721 C# questions and 682,308 Java questions on StackOverflow
  24. 24. Future work  Consultation with industry expert (in safety critical systems development)  Automatic translator  Translation extension:  AADL properties  Try apply generics for data translation  Try child/nested packages for feature group mapping  Decomposition  Extend BLESS mapping (states and transitions)  Translations for SPARK 2014  Review port communication  Extend PCA Prototype functionalities

×