2 research outputs found
A Formal Verification Methodology for DDD Mode Pacemaker Control Programs
Pacemakers are safety-critical devices whose faulty behaviors can cause harm or even death. Often these faulty behaviors are caused due to bugs in programs used for digital control of pacemakers. We present a formal verification methodology that can be used to check the correctness of object code programs that implement the safety-critical control functions of DDD mode pacemakers. Our methodology is based on the theory of Well-Founded Equivalence Bisimulation (WEB) refinement, where both formal specifications and implementation are treated as transition systems. We develop a simple and general formal specification for DDD mode pacemakers. We also develop correctness proof obligations that can be applied to validate object code programs used for pacemaker control. Using our methodology, we were able to verify a control program with millions of transitions against the simple specification with only 10 transitions. Our method also found several bugs during the verification process
Recommended from our members
The ZARF Architecture for Recursive Functions
For highly critical workloads, the legitimate fear of catastrophic failure leads to both highlyconservative design practices and excessive assurance costs. One import part of the problem isthat modern machines, while providing impressive performance and efficiency, are difficult toreason about formally. We explore the microarchitectural support needed to create a machinewith a compact and well defined semantics, lowering the difficulty of sound and compositionalreasoning across the hardware/software interface. Specifically, we explore implementationoptions for a machine organization devoid of programmer-visible memory, registers, or stateupdate, built instead around function primitives. The resulting machine can be precisely andmathematically described in a brief set of semantics, which we quantitatively and qualitativelydemonstrate is amenable to software proofs at the binary level.As time continues, we become increasingly dependent on computational devices for allfacets of our lives — including our health, well-being, and safety. Many of these devices live“in the wild,” in resource-constrained and/or embedded environments, without access to largesoftware stacks and heavy language run-times. At the same, increasing trends in heterogeneityin computer architecture gives the opportunity for new cores in system-on-chips (SoC’s) thatprovide support for increasing critical workloads. We propose an implementation and providean evaluation of such a device, the Zarf Architecture for Recursive Functions (Zarf), provid-ing a interface of reduced semantic complexity at the ISA level, giving designers a platformamenable to reasoning and static analysis. The described prototype is comparable to normalembedded systems in size and resource usage, but it is far easier to reason about programsaccording to analysis. This can serve both resource-constrained devices, providing a new hard-ware platform, and resource-rich SoC’s, serving as a small, trusted co-processor that can handlecritical workloads in the larger ecosystem