Formal Specifications and Analysis of the Computer Assisted Resuscitation Algorithm (CARA) Infusion Pump Control System

Reliability of medical devices such as the CARA Infusion Pump Control System is of extreme importance given that these devices are being used on patients in critical condition. The Infusion Pump Control System includes embedded processors and accompanying embedded software for monitoring as well as controlling sensors and actuators that allow the embedded systems to interact with their environments. This nature of the Infusion Pump Control System adds to the complexity of assuring the reliability of the total system. The traditional methods of developing embedded systems are inadequate for such safety-critical devices. In this paper, we study the application of formal methods to the requirements capture and analysis for the Infusion Pump Control System. Our approach consists of two phases. The first phase is to convert the informal design requirements into a set of reference specifications using a formal system, in this case EFSMs (Extended Finite State Machines). The second phase is to translate the reference specifications to the tools supporting formal analysis, such as SCR and Hermes. This allows us to conclude properties of the reference specifications. Our research goal is to develop a framework and methodology for the integrated use of formal methods in the development of embedded medical systems that require high assurance and confidence

Environment Behavior Models for Scenario Generation and Testing Automation

In Proceedings of the First International Workshop on Advances in Model-Based Software Testing (A-MOST'05), the 27th International Conference on Software Engineering ICSE’05, May 15-16, 2005, St. Louis, USAThis paper suggests an approach to automatic scenario generation from environment models for testing of real-time reactive systems. The behavior of the system is defined as a set of events (event trace) with two basic relations: precedence and inclusion. The attributed event grammar (AEG) specifies possible event traces and provides a uniform approach for automatically generating, executing, and analyzing test cases. The environment model includes a description of hazardous states in which the system may arrive and makes it possible to gather statistics for system safety assessment. The approach is supported by a generator that creates test cases from the AEG models. We demonstrate the approach with case studies of prototypes for the safety-critical computer-assisted resuscitation algorithm (CARA) software for a casualty intravenous fluid infusion pump and the Paderborn Shuttle System

Distributed Real-Time Emulation of Formally-Defined Patterns for Safe Medical Device Control

Safety of medical devices and of their interoperation is an unresolved issue causing severe and sometimes deadly accidents for patients with shocking frequency. Formal methods, particularly in support of highly reusable and provably safe patterns which can be instantiated to many device instances can help in this regard. However, this still leaves open the issue of how to pass from their formal specifications in logical time to executable emulations that can interoperate in physical time with other devices and with simulations of patient and/or doctor behaviors. This work presents a specification-based methodology in which virtual emulation environments can be easily developed from formal specifications in Real-Time Maude, and can support interactions with other real devices and with simulation models. This general methodology is explained in detail and is illustrated with two concrete scenarios which are both instances of a common safe formal pattern: one scenario involves the interaction of a provably safe pacemaker with a simulated heart; the other involves the interaction of a safe controller for patient-induced analgesia with a real syringe pump.Comment: In Proceedings RTRTS 2010, arXiv:1009.398

Simulation and mathematical notation of alarms unit for computer assisted resuscitation algorithm

The Computer Assisted Resuscitation Algorithm [CARA] is a system that is used to drive a high output infusion pump used for infusing saline into patients suffering from conditions that lead to hypotension. The infusion pump infuses saline at a particular rate into the patient depending on the blood pressure of the patient. The alarms unit of CARA was simulated for the infusion pump in which the occurrence of alarms depends on the various criteria the infusion pump encounters when saline is being infused into patients. Various criteria may vary from an air bubble in the line to varying high and low blood pressure. Using the alarms finite state machine already provided simulation of the alarms unit was done. The alarms finite state machine was constructed by using the requirements [2] provided by WRAIR [Walter Reed Army Institute of Research]. A mathematical specification was written which relates the English language description of the alarms unit and the alarms finite state machine. The Design Oriented Verification and Evaluation [DOVE] tool [5] was used to prove that the extended finite state machine satisfies the mathematical specification. The simulation of the alarms unit was done as per the requirements [2] and extended finite state machines were created according to the code of the simulation. Safety properties and linear temporal logic for these safety properties were also written