Rigorous Model-based Development of Programmable Electronic Medical Systems (PEMS): from Requirements to Code

Programmable Electronic Medical Systems (PEMS) are safety-critical system. They have effects on people health and, in case of malfunctions, they can seriously compromise human safety. For this reason, the software installed on these devices must be guaranteed through rigorous processes to assure safety and reliability. Moreover, correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. The rigorous process presented in this thesis is based on the Abstract State Machines (ASMs) formal method, a mathematically based technique for the specification, analysis and development of software systems. The ASM formal approach proposes an incremental life cycle model for software development based on model refinement. It covers the main software engineering activities (specification, validation, verification, conformance checking), and it is supported by a wide range of tools which are part of the Asmeta (ASM mETAmodeling) framework. In this thesis, the ASM development approach and its supporting Asmeta framework are used to propose a rigorous development process for PEMS. The final goal is to provide a process able to guarantee the development of correct and controllable systems in a correct and controllable way. The definition of this process has leaded to some improvements of the method, mainly regarding the textual and graphical notations, and the automatic code generation from models. A new rigorous notation, Unified Syntax for Abstract State Machine (UASM), has been defined to provide a stable language kernel for ASMs. Formal models are not widely used in practice, since they are considered difficult to develop and understand. For this reason, we here make a proposal of a tool for a graphical representation of ASM models in order to increase the readability. Moreover, we have devised a methodology to generate the desired source code from ASM models. The tool automatically translates the formal specification into the target code (C++ for Arduino in the present case) and it keeps true the system behavior and the properties verified during validation and verification. The hemodialysis machine and the stereoacuity test are used as real case studies to show the applicability and effectiveness of the ASM-based development process in the area of PEMS

A systematic literature review of the use of formal methods in medical software systems

The use of formal methods is often recommended to guarantee the provision of necessary ser-vices and to assess the correctness of critical properties, such as functional safety, cybersecurity,and reliability, in medical and health care devices. In the past, several formal and rigorous methodshave been proposed and consequently applied for trustworthy development of medical softwareand systems. In this paper, we perform a systematic literature review on the available state of theart in this domain. We collect the relevant literature on the use of formal methods for modeling,design, development, verification,andvalidationof software-intensivemedical systems. We applystandard systematic literature review techniques and run several queries in well-known reposito-ries to obtain information that can be useful for people who are either already working in this fieldor planning to start. Our study covers both quantitative and qualitative aspects of the subject

Diversity and distribution of nuclease bacteriocins in bacterial genomes revealed using Hidden Markov Models

<div><p>Bacteria exploit an arsenal of antimicrobial peptides and proteins to compete with each other. Three main competition systems have been described: type six secretion systems (T6SS); contact dependent inhibition (CDI); and bacteriocins. Unlike T6SS and CDI systems, bacteriocins do not require contact between bacteria but are diffusible toxins released into the environment. Identified almost a century ago, our understanding of bacteriocin distribution and prevalence in bacterial populations remains poor. In the case of protein bacteriocins, this is because of high levels of sequence diversity and difficulties in distinguishing their killing domains from those of other competition systems. Here, we develop a robust bioinformatics pipeline exploiting Hidden Markov Models for the identification of nuclease bacteriocins (NBs) in bacteria of which, to-date, only a handful are known. NBs are large (>60 kDa) toxins that target nucleic acids (DNA, tRNA or rRNA) in the cytoplasm of susceptible bacteria, usually closely related to the producing organism. We identified >3000 NB genes located on plasmids or on the chromosome from 53 bacterial species distributed across different ecological niches, including human, animals, plants, and the environment. A newly identified NB predicted to be specific for <i>Pseudomonas aeruginosa</i> (pyocin Sn) was produced and shown to kill <i>P</i>. <i>aeruginosa</i> thereby validating our pipeline. Intriguingly, while the genes encoding the machinery needed for NB translocation across the cell envelope are widespread in Gram-negative bacteria, NBs are found exclusively in γ-proteobacteria. Similarity network analysis demonstrated that NBs fall into eight groups each with a distinct arrangement of protein domains involved in import. The only structural feature conserved across all groups was a sequence motif critical for cell-killing that is generally not found in bacteriocins targeting the periplasm, implying a specific role in translocating the nuclease to the cytoplasm. Finally, we demonstrate a significant association between nuclease colicins, NBs specific for <i>Escherichia coli</i>, and virulence factors, suggesting NBs play a role in infection processes, most likely by enabling pathogens to outcompete commensal bacteria.</p></div

Gene clusters identified by Roary pangenome software and shown as significantly associated with nuclease colicins.

<p>Gene clusters identified by Roary pangenome software and shown as significantly associated with nuclease colicins.</p

Asm2C++: A tool for code generation from abstract state machines to Arduino

This paper presents Asm2C++, a tool that automatically generates executable C++ code for Arduino from a formal specification given as Abstract State Machines (ASMs). The code generation process follows the model-driven engineering approach, where the code is obtained from a formal abstract model by applying certain transformation rules. The translation process is highly configurable in order to correctly integrate the underlying hardware. The advantage of the Asm2C++ tool is that it is part of the Asmeta framework that allows to analyze, verify, and validate the correctness of a formal model

Pangenome analysis of colicinogenic bacteria shows evidence of an association between NBs and virulence factors.

<p>Association of pathogenicity and colicinogenicity genes based on a Cochran-Mantel-haenszel test. <i>Left-hand panel</i>, RAxML tree of a core genome alignment. Population structure was calculated using BAPS and tree nodes are coloured by cluster as predicted by BAPS. <i>Right-hand panel</i>, presence and absence of genes associated with colicinogenicity. Red genes show nuclease colicin of different cytotoxic domains. dnaC is a core gene and included as a control.</p

Distribution of NBs is restricted to the γ-proteobacteria.

<p>Taxonomic tree representing all γ-proteobacteria species in the pubMLST that have over 15 genomes, constructed using NCBI taxonomy commontree. The presence of different cytotoxic domains is indicated in the color key associated with each species. NBs are found throughout <i>Enterobacteriaceae</i> and <i>Pseudomonadaceae</i>.</p

Identifying genetically linked conserved cytotoxic and immunity motifs is a powerful and accurate way to identify NB operons.

<p><b><i>a</i></b>, Gene/protein organisation of a typical nuclease bacteriocin from <i>E</i>. <i>coli</i>. <b><i>b</i></b>, <i>Left-hand panel</i>, key interactions of conserved catalytic residues of the HNH motif of DNase bacteriocins. The two histidine residues of the HNH motif are involved in coordinating a divalent metal ion and the asparagine constrains the metal binding loop. The phosphate anion denotes the position of the scissile phosphate in substrate DNA (PDB code, 1V14 [<a href="http://www.ploscompbiol.org/article/info:doi/10.1371/journal.pcbi.1005652#pcbi.1005652.ref034" target="_blank">34</a>]). <i>Right-hand panel</i>, the helical immunity protein (<i>green</i>) showing the conserved aromatic residues of the α-helix III, which forms a critical part of the binding site for the DNase domain [<a href="http://www.ploscompbiol.org/article/info:doi/10.1371/journal.pcbi.1005652#pcbi.1005652.ref015" target="_blank">15</a>]. <b><i>c</i></b>, Conserved residues used to form the HMM profile of each protein are highlighted in the sequence alignments.</p

A conserved translocation motif was identified in all NBs.

<p><b><i>a</i></b>, Protein structure-based sequence alignment using PROMALS 3D indicates the conserved β-sheet secondary structure of a conserved domain identified in nuclease bacteriocins. Alignment features bacteriocins from <i>E</i>. <i>coli</i> (Colicin B, E9 and Cloacin DF13); <i>Klebsiella pneumoniae</i> (klebicin B), <i>Pseudomonas aeruginosa</i> (Pyocin AP41) and the pyocin_s domain from <i>Erwinia carotovora</i> The DPY motif was identified using MEME and is shown by a LOGO plot at the C-terminal end of the T-domain. <b><i>b</i></b>, Crystal structure of colicin E9, with its constituent domains identified, in complex with its immunity protein Im9 (PDB code, 5EW5). <b><i>c</i></b>, The conserved segment of the T-domain (<i>blue</i>) is annotated as the pyocin_S domain in the PFAM database (PFAM 06958), which is usually part of a larger T-domain, annotated as PFAM 03515 (<i>green</i>). <i>Inset</i>, Alignment of resides at the core of PFAM 06958 showing a conserved hydrogen bond network formed between the residues of the DPY motif; Asp270 and Tyr285 (colicin E9 numbering) and Arg185 at the beginning of PFAM 06958. <b><i>d</i></b>, Cytotoxic plate killing assay of DPY motif mutations. 100-fold serial dilutions of colicin E9 and DPY motif alanine mutants were spotted onto a lawn of sensitive <i>E</i>. <i>coli</i> showing that only the Tyr285Ala mutant abolishes colicin activity.</p