zhihao jiang, rahul mangharam precise center university of pennsylvania
TRANSCRIPT
MODEL-BASED CLOSED-LOOP EVALUATION
FOR IMPLANTABLE PACEMAKER
Zhihao Jiang, Rahul Mangharam
PRECISE CenterUniversity of Pennsylvania
FIRST, THE BAD NEWS
• Over 600,000 cardiac medical devices recalled from 1990-2000
• 40% of recent recalls were due to software issues
Implantable Pacemaker Implantable Cardioverter-Defibrillator (ICD)
IMPLANTABLE PACEMAKER
• Two leads in heart chambers
• Deliver electrical signals when heart rate is low
• Device malfunction may result in death or injury
• Flawed devices are recalled
CYBER-PHYSICAL CHALLENGES
• Pacemaker – Autonomous device with minimum human interaction– Limited diagnostic/therapy capability– Its safety is evaluated regarding to its environment– Evaluation requires extensive domain knowledge
• The physical plant is stochastic:– Complex dynamics of the heart– Interaction between the heart and other parts of the
body
TRADITIONAL EMBEDDED SOFTWARE DESIGN
DomainExpert
Safety/EfficacyRequirements
TRADITIONAL EMBEDDED SOFTWARE DESIGN
DomainExpert
Software Engineer
Safety/EfficacyRequirements
Software specifications
TRADITIONAL EMBEDDED SOFTWARE DESIGN
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
TRADITIONAL EMBEDDED SOFTWARE DESIGN
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
TRADITIONAL FDA CERTIFICATION
• Examining documents before device released to the market– Software specifications– Justification of the specifications– Test reports
• Responsibility on manufactures• Issue recalls when incidents
happen
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
MODEL-BASED EMBEDDED SOFTWARE DESIGN
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
Systemmodel
MODEL-BASED EMBEDDED SOFTWARE DESIGN
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
Safety/Efficacy properties
Systemmodel
Environmentmodel
Model Checking
TRADITIONAL EMBEDDED SOFTWARE DESIGN
Conformance Testing
Test Generation
DomainExpert
Software Engineer
Electricalengineer
Safety/EfficacyRequirements
Software specifications
Implementation
Safety/Efficacy properties
Systemmodel
Test Cases
Environmentmodel
Model Checking
HEART MODELING
Refractory
Time
Vo
ut
Rest ERP RRP Rest
Refractory
Time
Vo
ut
Rest ERP RRP Rest
node
path
node
HEART MODELING
Node AutomataPath Automata
GRANULARITY
Level of detail
Abstraction Refinement
CEGAR
Abstraction
TCTL Safe?
No
Yes
Yes
Heart
Pacemaker Timed automata model
PhysicianPhysiological requirements
No
Bug foundSystem Safe
Refinement
Valid?
Counter-examples
Ambiguous?
No
Yes
Model Checker
H0 H1 H2 H3 H4
ON-GOING RESEARCH
• Quantitative Verification– Cost functions• Oxygen demand/debt• Battery consumption for the device
– Evaluate algorithms with same objectives– Optimal parameter setting for specific patient• Patient-specific heart model learning
“Let our heart catch bugs before your heart does.”