Automata for Real-time Systems B. Srivathsan Chennai Mathematical Institute 1/26
In this lecture An academic case-study that investigates methods to build more reliable pacemakers 2/26
Lecture 10: Towards reliable pacemakers 3/26
References Modeling and verification of a dual chamber implantable pacemaker Jiang, Pajic, Moarref, Alur, Mangharam. TACAS’12 Heart-on-a-chip: A closed-loop testing platform for implantable pacemakers Jiang, Radhakrishnan, Sampath, Sarode, Mangharam. 2013 mlab.seas.upenn.edu 4/26
Heart and pacemaker basics Presentation of Zhihao Jiang (U Penn) 5/26
Pacemaker software In-built algorithms to detect and terminate various abnormal heart conditions 6/26
Pacemaker software In-built algorithms to detect and terminate various abnormal heart conditions At least 6 implanted medical devices were recalled in 2010 due to likely software defects Killed by Code: Software Transparency in Implantable Medical Devices Karen Sandler, Lysandra Ohrstrom, Laura Moy, Robert McVay 6/26
Two possible solutions for more reliable devices: ◮ Model-based system/software design ◮ Closed-loop testing 7/26
Model-based system/software design Heart Pacemaker UPPAAL Verification automaton automaton UPP2SF tool Simulink Simulink Simulink Simulation model model Code generation Heart on Conformance Testbench Pacemaker chip testing (Simulink is a commercial tool developed by Mathworks Inc.) 8/26
Closed-loop testing Boston ¡Scientific Pacemaker Heart ¡on ¡FPGA Analog ¡Interface Conformance Heart on Testbench Pacemaker testing chip 9/26
Coming next: Modeling and verification of heart and pacemaker 10/26
Heart as a timed automaton 11/26
Abstract electrical conduction system of heart into nodes and paths Picture credits: A Simulink hybrid heart model for quantitative verification of cardiac pacemakers Chen et. al . HSCC’13 12/26
Cond Cond Cond Refractory V out Time Rest ERP RRP Rest Rest ERP RRP Rest Abstraction 1 Idle Act_path_1? Act_path_2? t>Trest_min t=0 t1=0 t2=0 Rest temp t<=Trest_max Act_node? t>1 t=0 c Con fm ict t<=1 Ante Retro Act_node? t1>Tcond_min t2>Tcond_min t>Trrp_min t=0 Act_path! t=0 Act_node_2! Act_node_1! t2<=Tcond_max t1<=Tcond_max RRP ERP t>Terp_min t1+t2>Tcond_min t<=Trrp_max t<=Terp_max t=0 Act_node_2? Act_node_1? Double t1+t2<=Tcond_max N1 P1 Node Path Parameters Trest_max, Trrp_min, etc. chosen acc. to node placement and patient history 13/26
Heart automaton H: N 1 || P 1 || N 2 || P 2 || . . . || N k N i Node automaton P i Path automaton k Number of nodes to which heart is abstracted || Parallel composition (asynchronous product construction) 14/26
Pacemaker as a timed automaton 15/26
Heart-pacemaker interaction 3 Aget ! 2 1 AP ! Pacemaker Heart Vget ! VP ! N 1 . Act _ Path ! → Aget ! N 2 . Act _ Path ! → Vget N 1 node at atrial lead N 2 node at ventricular lead 16/26
Pacemaker timing cycles 3 2 1 17/26
AS? AS? VS? AP! VP! VS? VS? LRI AVI VP? URI VP? VP? (c) URI component (a) LRI component (b) AVI component Aget? AS! Vget? VS? VS! PVARP VRP VP? AR! VP? (d) PVARP component (e) VRP component Pacemaker automaton P: LRI || AVI || URI || PVARP || VRP 18/26
Heart-pacemaker automaton: H || P 19/26
An algorithm for Endless Loop Tachycardia 20/26
Endless Loop Tachycardia (ELT) Slides of Zhihao Jiang 21/26
◮ ELT-detection: If VP-AS pattern within 500ms for at least 8 times ◮ ELT-termination: Increase PVARP to 500ms once 3 1 2 1 VPAS 2 ELTct 3 PVARP’ Pacemaker P 1 : LRI || AVI || URI || PVARP ′ || VRP || ELTct || VPAS 22/26
Is the modified pacemaker safe? Question 1: Are 2 ventricular events within time? Vget? Vget? wait_1st wait_2nd secV t=0 VP? VP? t=0 t=0 (a) Monitor PLRI test Check in UPPAAL if in H || P 1 || PLRItest , all paths satisfy PLRItest . t ≤ TLRI 23/26
Is the modified pacemaker safe? Question 2: Are 2 ventricular events very fast? VP? wait_v wait_vp secV VP? t=0 Vget? t=0 t=0 Vget? t=0 (b) Monitor PURI test Check in UPPAAL if in H || P 1 || PURItest , all paths satisfy PURItest . t ≥ TURI 24/26
Each time new algorithm is added, model it and check if basic safety properties are satisfied 25/26
Take-home ◮ Model-based system/software design ◮ Closed-loop testing 26/26
Recommend
More recommend