Templates as heuristics for proving properties of medical devices

This paper briefly describes how property templates have been used to analyse and explore the interactive behaviour of a specific medical device (an IV infusion pump). It is proposed that interactive devices that satisfy properties based on the templates are easier and safer to use. The property templates act as heuristics for the development of suitable properties tailored to the details of the particular device. A mathematically based approach is used to prove that a specification of the device satisfies the properties

Verification of User Interface Software: The Example of Use-Related Safety Requirements and Programmable Medical Devices

One part of demonstrating that a device is acceptably safe, often required by regulatory standards, is to show that it satisfies a set of requirements known to mitigate hazards. This paper is concerned with how to demonstrate that a user interface software design is compliant with use-related safety requirements. A methodology is presented based on the use of formal methods technologies to provide guidance to developers about addressing three key verification challenges: 1) how to validate a model, and show that it is a faithful representation of the device; 2) how to formalize requirements given in natural language, and demonstrate the benefits of the formalization process; and 3) how to prove requirements of a model using readily available formal verification tools. A model of a commercial device is used throughout the paper to demonstrate the methodology. A representative set of requirements are considered. They are based on US Food and Drug Administration (FDA) draft documentation for programmable medical devices, and on best practice in user interface design illustrated in relevant international standards. The methodology aims to demonstrate how to achieve the FDA's agenda of using formal methods to support the approval process for medical devices.This work was supported by the EPSRC research Grant EP/G059063/1: CHI+MED (Computer-Human Interaction for Medical Devices). The work of P. Masci and J.C. Campos was supported under Project NORTE-01-0145-FEDER-000016, financed by the North Portugal Regional Operational Programme (NORTE 2020), through the PORTUGAL 2020 Partnership Agreement, and through the European Regional Development Fund (ERDF)

Sharing HOL4 and HOL Light proof knowledge

New proof assistant developments often involve concepts similar to already formalized ones. When proving their properties, a human can often take inspiration from the existing formalized proofs available in other provers or libraries. In this paper we propose and evaluate a number of methods, which strengthen proof automation by learning from proof libraries of different provers. Certain conjectures can be proved directly from the dependencies induced by similar proofs in the other library. Even if exact correspondences are not found, learning-reasoning systems can make use of the association between proved theorems and their characteristics to predict the relevant premises. Such external help can be further combined with internal advice. We evaluate the proposed knowledge-sharing methods by reproving the HOL Light and HOL4 standard libraries. The learning-reasoning system HOL(y)Hammer, whose single best strategy could automatically find proofs for 30% of the HOL Light problems, can prove 40% with the knowledge from HOL4

Signatures of Reductive Magnetic Mineral Diagenesis From Unmixing of First-Order Reversal Curves

Diagenetic alteration of magnetic minerals occurs in all sedimentary environments and tends to be severe in reducing environments. Magnetic minerals provide useful information about sedimentary diagenetic processes, which makes it valuable to use magnetic properties to identify the diagenetic environment in which the magnetic minerals occur and to inform interpretations of paleomagnetic recording or environmental processes. We use a newly developed first-order reversal curve (FORC) unmixing method on well-studied samples to illustrate how magnetic properties can be used to assess diagenetic processes in reducing sedimentary environments. From our analysis of multiple data sets, consistent magnetic components are identified for each stage of reductive diagenesis. Relatively unaltered detrital and biogenic magnetic mineral assemblages in surficial oxic to manganous diagenetic environments undergo progressive dissolution with burial into ferruginous and sulfidic environments, and largely disappear at the sulfate-methane transition (SMT). Below the SMT, a weak superparamagnetic to largely non-interacting stable single domain (SD) greigite component is observed in all studied data sets. Moderately interacting stable SD authigenic pyrrhotite and strongly interacting stable SD greigite are observed commonly in methanic environments. Recognition of these characteristic magnetic components enables identification of key diagenetic processes and should help to constrain interpretation of magnetic mineral assemblages in future studies. A key question for future studies concerns whether stable SD greigite forms in the sulfidic or methanic zones, where formation in deeper methanic sediments will cause greater delays in paleomagnetic signal recording. Authigenic pyrrhotite forms in methanic environments, so it will usually record a delayed paleomagnetic signal.European Research Council (320750) Australian Research Council (DP160100805

Molecular composition of organic aerosols at urban background and road tunnel sites using ultra-high resolution mass spectrometry

Organic aerosol composition in the urban atmosphere is highly complex and strongly influenced by vehicular emissions which vary according to the make-up of the vehicle fleet. Normalized test measurements do not necessarily reflect real-world emission profiles and road tunnels are therefore ideal locations to characterise realistic traffic particle emissions with minimal interference from other particle sources and from atmospheric aging processes affecting their composition. In the current study, the composition of fine particles (diameter ≤2.5 μm) at an urban background site (Elms Road Observatory Site) and a road tunnel (Queensway) in Birmingham, UK, were analysed with direct infusion, nano-electrospray ionisation ultrahigh resolution mass spectrometry (UHRMS). The overall particle composition at these two sites is compared with an industrial harbour site in Cork, Ireland, with special emphasis on oxidised mono-aromatics, polycyclic aromatic hydrocarbons (PAHs) and nitro-aromatics. Different classification criteria, such as double bond equivalents, aromaticity index and aromaticity equivalent are used and compared to assess the fraction of aromatic components in the approximately one thousand oxidized organic compounds at the different sampling locations.University of Birmingham, European Research Council (Grant ID: 279405

GRUNGE: A Grand Unified ATP Challenge

This paper describes a large set of related theorem proving problems obtained by translating theorems from the HOL4 standard library into multiple logical formalisms. The formalisms are in higher-order logic (with and without type variables) and first-order logic (possibly with multiple types, and possibly with type variables). The resultant problem sets allow us to run automated theorem provers that support different logical formats on corresponding problems, and compare their performances. This also results in a new "grand unified" large theory benchmark that emulates the ITP/ATP hammer setting, where systems and metasystems can use multiple ATP formalisms in complementary ways, and jointly learn from the accumulated knowledge.Comment: CADE 27 -- 27th International Conference on Automated Deductio

Mitochondrial phylogeography and demographic history of the Vicuña: implications for conservation

The vicuña (Vicugna vicugna; Miller, 1924) is a conservation success story, having recovered from near extinction in the 1960s to current population levels estimated at 275 000. However, lack of information about its demographic history and genetic diversity has limited both our understanding of its recovery and the development of science-based conservation measures. To examine the evolution and recent demographic history of the vicuña across its current range and to assess its genetic variation and population structure, we sequenced mitochondrial DNA from the control region (CR) for 261 individuals from 29 populations across Peru, Chile and Argentina. Our results suggest that populations currently designated as Vicugna vicugna vicugna and Vicugna vicugna mensalis comprise separate mitochondrial lineages. The current population distribution appears to be the result of a recent demographic expansion associated with the last major glacial event of the Pleistocene in the northern (18 to 22°S) dry Andes 14–12 000 years ago and the establishment of an extremely arid belt known as the 'Dry Diagonal' to 29°S. Within the Dry Diagonal, small populations of V. v. vicugna appear to have survived showing the genetic signature of demographic isolation, whereas to the north V. v. mensalis populations underwent a rapid demographic expansion before recent anthropogenic impacts

Reusing models and properties in the analysis of similar interactive devices

"Published online: 03 Apr. 2013"The paper is concerned with the comparative analysis of interactive devices. It compares two devices by checking a battery of template properties that are designed to explore important interface characteristics. The two devices are designed to support similar tasks in a clinical setting but differ in a number of respects as a result of judgements based on a range of considerations including software. Variations between designs are often relatively subtle and do not always become evident through even relatively thorough user testing. Notwithstanding their subtlety these differences may be important to the safety or usability of the device. The illustrated approach uses formal techniques to provide the analysis. This means that similar analysis can be applied systematically.This project was partly funded by the CHI+MED project: Multidisciplinary Computer Human Interaction Research for the design and safe use of interactive medical devices (UK EPSRC Grant EP/G059063/1). Patrick Oladimeji of Swansea University provided help with the Alaris pump and Chris Vincent of UCL provided access to the B. Braun simulation. We are grateful to reviewers for helpful comments