How to assure correctness and safety of medical software: the hemodialysis machine case study

Medical devices are nowadaysmore and more software dependent, and software malfunctioning can lead to injuries or death for patients. Several standards have been proposed for the development and the validation of medical devices, but they establish general guidelines on the use of common software engineering activities without any indication regarding methods and techniques to assure safety and reliability. This paper takes advantage of the Hemodialysis machine case study to present a formal development process supporting most of the engineering activities required by the standards, and provides rigorous approaches for system validation and verification. The process is based on the Abstract State Machine formal method and its model refinement principle

Video Observations by Telepresence Reveal Two Types of Hydrothermal Venting on Kawio Barat Seamount

The INDEX-SATAL 2010 expedition began an international exploration of the seafloor in Indonesian waters using the methodology of telepresence, conducting EM302 multibeam mapping, water column CTD, and ROV high-definition video operations and sending data back to Exploration Command Centers in Indonesia and Seattle. Science observers in other locations in the US and Canada were engaged in real-time observations and interpretation of results. One mission goal was to locate hydrothermal or volcanic activity. Intense light scattering and redox potential measurements in the water column over Kawio Barat (KB)indicated a high level of hydrothermal activity, and direct video observations confirmed venting near the summit. None of the other volcanic features west of the Sangihe arc that were investigated during the mission had confirmed hydrothermal activity. ROV capabilities did not include physical sampling or temperature measurement, so our interpretation is based on visual comparison to other known sites. The steep western flank of KB from 2000 m depth to the summit (1850 m) has many areas of white and orange staining on exposed rocks, with some elemental sulfur, and broad areas covered with dark volcaniclastic sand, but no active venting was seen. KB has a summit ridge running WNW-ESE, with a major cross-cutting ridge on the western portion of the summit. Hydrothermal activity is concentrated near the eastern side of this intersection, on both the northern and southern sides of the summit ridge. Venting on the northern side of the summit ridge is characterized by intense white particle-rich fluids emanating directly from the rocky substrate with frozen flows of elemental sulfur down slope. This type of venting is visually very similar to the venting seen on NW Rota-1, an actively erupting volcano in the Mariana arc, and suggests that KB is actively releasing magmatic gases rich in sulfur dioxide to produce the elemental sulfur flows, inferred fine particulate sulfur particles, and apparent acidic alteration. These hydrothermal features along with the widespread occurrence of volcaniclastic deposits near the summit suggest that Kawio Barat has experienced recent eruptive activity. In contrast, however, the south side of the summit has active metal sulfide chimneys venting clear to gray/black fluids. The vents seen on the south slope appear identical to vents detected by camera tow and reported by McConnachy et al. 2004. The visually dominant vent fauna is a stalked barnacle that covers much of the chimney surfaces. The apparently stable hot vents on the south flank require a reaction zone with low water/rock ratio at depth within the volcano. Some aspect of the volcanic/hydrothermal plumbing at KB produces a separation of magmatic gases (north summit slope) from circulating hydrothermal fluids (south summit slope)

Bridging the Gap Between Informal Requirements and Formal Specifications Using Model Federation

International audienceSoftware development projects seeking a high level of accuracy reach out to formal methods as early as the requirements engineering phase. However the client perspective of the future system is presented in an informal requirements document. The gap between the formal and informal approaches (and the artifacts used and produced by them) adds further complexity to an already rigorous task of software development. Our goal is to bridge this gap through a fine-grained level of traceability between the client-side informal requirements document to the developer-side formal specifications using a semi-formal modeling technique, model federation. Such a level of traceability can be exploited by the requirements engineering process for performing different actions that involve either or both these informal and formal artifacts. The effort and time consumed in developing such a level of traceability pays back in the later phases of a development project. For example, one can accurately narrow down the requirements responsible for an inconsistency in proof obligations during the analysis phase. We illustrate our approach using a running example from a landing gear system case study