un método de modelado utilizando grafos temporizados

Incluye bibliografía.Incluye archivos complementarios.Los sistemas de tiempo real, en general, requieren que su funcionamiento carezca de fallas. En el caso de los controladores de marcapasos, esto resulta de vital importancia. En el marco del desafío propuesto por el fabricante de marcapasos Boston Scientific, en este trabajo se plantea una metodología lo más didáctica posible que permita obtener una correcta especificación de los sistemas y detectar fallas en su diseño en las etapas más tempranas. Para que un sistema no falle, es necesario tener certeza de que su especificación es correcta, para luego continuar con su diseño y, finalmente, con su implementación. Luego de analizar diversos trabajos que intentan resolver este problema, se propone una notación gráfica, extensión de grafos temporizados con facilidades de abstracción, para la representación de los diferentes modos de operación de un marcapasos y se presenta una metodología con un enfoque pedagógico. Se propone, entonces, un modelo de corazón que permite reflejar diferentes anomalías en su funcionamiento real, analizándose su interacción con los diferentes modos de operación de marcapasos modelados. Los modelos se representan mediante el sistema UPPAAL. Posteriormente, usando el chequeador de modelos de UPPAAL se verifica un número de propiedades consideradas básicas para el correcto funcionamiento de los modelos: si el sistema no se bloquea, si no se detectan pulsos en los períodos refractarios, si no transcurre más de un tiempo prefijado entre dos estimulaciones o pulsos intrínsecos consecutivos. Finalmente se considera la posibilidad de continuar la línea de investigación y llegar a la generación del código del marcapasos o ampliar la línea de investigación y generalizar el método propuesto para contemplar otro tipo de dispositivos médicos implantables

From Verified Models to Verified Code for Safe Medical Devices

Medical devices play an essential role in the care of patients around the world, and can have a life-saving effect. An emerging category of autonomous medical devices like implantable pacemakers and implantable cardioverter defibrillators (ICD) diagnose conditions of the patient and autonomously deliver therapies. Without trained professionals in the loop, the software component of autonomous medical devices is responsible for making critical therapeutic decisions, which pose a new set of challenges to guarantee patient safety. As regulation effort to guarantee patient safety, device manufacturers are required to submit evidence for the safety and efficacy of the medical devices before they can be released to the market. Due to the closed-loop interaction between the device and the patient, the safety and efficacy of autonomous medical devices must ultimately be evaluated within their physiological context. Currently the primary closed-loop validation of medical devices is in form of clinical trials, in which the devices are evaluated on real patients. Clinical trials are expensive and expose the patients to risks associated with untested devices. Clinical trials are also conducted after device development, therefore issues found during clinical trials are expensive to fix. There is urgent need for closed-loop validation of autonomous medical devices before the devices are used in clinical trials. In this thesis, I used implantable cardiac devices to demonstrate the applications of model-based approaches during and after device development to provide confidence towards the safety and efficacy of the devices. A heart model structure is developed to mimic the electrical behaviors of the heart in various heart conditions. The heart models created with the model structure are capable of interacting with implantable cardiac devices in closed-loop and can provide physiological interpretations for a large variety of heart conditions. With the heart models, I demonstrated that closed-loop model checking is capable of identifying known and unknown safety violations within the pacemaker design. More importantly, I developed a framework to choose the most appropriate heart models to cover physiological conditions that the pacemaker may encounter, and provide physiological context to counter-examples returned by the model checker. A model translation tool UPP2SF is then developed to translate the pacemaker design in UPPAAL to Stateflow, and automatically generated to C code. The automated and rigorous translation ensures that the properties verified during model checking still hold in the implementation, which justifies the model checking effort. Finally, the devices are evaluated with a virtual patient cohort consists of a large number of heart models before evaluated in clinical trials. These in-silico pre-clinical trials provide useful insights which can be used to increase the success rate of a clinical trial. The work in this dissertation demonstrated the importance and challenges to represent physiological behaviors during closed-loop validation of autonomous medical devices, and demonstrated the capability of model-based approaches to provide safety and efficacy evidence during and after device development

The ZARF Architecture for Recursive Functions

For highly critical workloads, the legitimate fear of catastrophic failure leads to both highlyconservative design practices and excessive assurance costs. One import part of the problem isthat modern machines, while providing impressive performance and efficiency, are difficult toreason about formally. We explore the microarchitectural support needed to create a machinewith a compact and well defined semantics, lowering the difficulty of sound and compositionalreasoning across the hardware/software interface. Specifically, we explore implementationoptions for a machine organization devoid of programmer-visible memory, registers, or stateupdate, built instead around function primitives. The resulting machine can be precisely andmathematically described in a brief set of semantics, which we quantitatively and qualitativelydemonstrate is amenable to software proofs at the binary level.As time continues, we become increasingly dependent on computational devices for allfacets of our lives — including our health, well-being, and safety. Many of these devices live“in the wild,” in resource-constrained and/or embedded environments, without access to largesoftware stacks and heavy language run-times. At the same, increasing trends in heterogeneityin computer architecture gives the opportunity for new cores in system-on-chips (SoC’s) thatprovide support for increasing critical workloads. We propose an implementation and providean evaluation of such a device, the Zarf Architecture for Recursive Functions (Zarf), provid-ing a interface of reduced semantic complexity at the ISA level, giving designers a platformamenable to reasoning and static analysis. The described prototype is comparable to normalembedded systems in size and resource usage, but it is far easier to reason about programsaccording to analysis. This can serve both resource-constrained devices, providing a new hard-ware platform, and resource-rich SoC’s, serving as a small, trusted co-processor that can handlecritical workloads in the larger ecosystem