33 research outputs found
Formal Verification of Real-Time Function Blocks Using PVS
A critical step towards certifying safety-critical systems is to check their
conformance to hard real-time requirements. A promising way to achieve this is
by building the systems from pre-verified components and verifying their
correctness in a compositional manner. We previously reported a formal approach
to verifying function blocks (FBs) using tabular expressions and the PVS proof
assistant. By applying our approach to the IEC 61131-3 standard of Programmable
Logic Controllers (PLCs), we constructed a repository of precise specification
and reusable (proven) theorems of feasibility and correctness for FBs. However,
we previously did not apply our approach to verify FBs against timing
requirements, since IEC 61131-3 does not define composite FBs built from
timers. In this paper, based on our experience in the nuclear domain, we
conduct two realistic case studies, consisting of the software requirements and
the proposed FB implementations for two subsystems of an industrial control
system. The implementations are built from IEC 61131-3 FBs, including the
on-delay timer. We find issues during the verification process and suggest
solutions.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Positioning Verfification in the Context of Software/System Certification
Formal verification applied to software has been seen as an important focus in research for determining the acceptability of that software for use. However, in examining the requirements for determining the safety of a software intensive system for use in critical situations, it is quite clear that verification plays a role,but not necessarily a central role. It is entirely possible that a piece of software satisfies its specification, but is unsafe to use. (The first and foremost reason for this is that the program satisfies an unsafe specification.) In this paper we will address the nature of certification in the context of critical systems, decomposing it,by means of a new philosophical framework, into four aspects: evidence, confidence, determination and certification. Our point of view is that establishing the safety (in a very general sense) of a system is a confidence building exercise much in the same vein as the scientific method; our framework serves as a setting in which we can properly understand and develop such an exercise. We will then place formal verification and assurance cases in this setting, discussing their roles and limitations.Keywords: Software certification, System certification, Formal specification, Verification,Critical systems, Safety, Assurance cases, Safety case
Novel Fundus Image Preprocessing for Retcam Images to Improve Deep Learning Classification of Retinopathy of Prematurity
Retinopathy of Prematurity (ROP) is a potentially blinding eye disorder
because of damage to the eye's retina which can affect babies born prematurely.
Screening of ROP is essential for early detection and treatment. This is a
laborious and manual process which requires trained physician performing
dilated ophthalmological examination which can be subjective resulting in lower
diagnosis success for clinically significant disease. Automated diagnostic
methods can assist ophthalmologists increase diagnosis accuracy using deep
learning. Several research groups have highlighted various approaches. This
paper proposes the use of new novel fundus preprocessing methods using
pretrained transfer learning frameworks to create hybrid models to give higher
diagnosis accuracy. The evaluations show that these novel methods in comparison
to traditional imaging processing contribute to higher accuracy in classifying
Plus disease, Stages of ROP and Zones. We achieve accuracy of 97.65% for Plus
disease, 89.44% for Stage, 90.24% for Zones with limited training dataset.Comment: 10 pages, 4 figures, 7 tables. arXiv admin note: text overlap with
arXiv:1904.08796 by other author
Separating Technological and Clinical Safety Assurance for Medical Devices
The safety and clinical effectiveness of medical devices are closely
associated with their specific use in clinical treatments. Assuring safety and
the desired clinical effectiveness is challenging. Different people may react
differently to the same treatment due to variability in their physiology and
genetics. Thus, we need to consider the outputs and behaviour of the device
itself as well as the effect of using the device to treat a wide variety of
patients. High-intensity focused ultrasound systems and radiation therapy
machines are examples of systems in which this is a primary concern.
Conventional monolithic assurance cases are complex, and this complexity
affects our ability to address these concerns adequately. Based on the
principle of separation of concerns, we propose separating the assurance of the
use of these types of systems in clinical treatments into two linked assurance
cases. The first assurance case demonstrates the safety of the manufacturer's
device independent of the clinical treatment. The second demonstrates the
safety and clinical effectiveness of the device when it is used in a specific
clinical treatment. We introduce the idea of these separate assurance cases,
and describe briefly how they are separated and linked
Is current incremental safety assurance sound ?
International audienceIncremental design is an essential part of engineering. Without it, engineering would not likely be an economic, nor an effective, aid to economic progress. Further, engineering relies on this view of incrementality to retain the reliability attributes of the engineering method. When considering the assurance of safety for such artifacts, it is not surprising that the same economic and reliability arguments are deployed to justify an incremental approach to safety assurance. In a sense, it is possible to argue that, with engineering artifacts becoming more and more complex, it would be economically disastrous to not “do” safety incrementally. Indeed, many enterprises use such an incremental approach, reusing safety artifacts when assuring incremental design changes. In this work, we make some observations about the inadequacy of this trend and suggest that safety practices must be rethought if incremental safety approaches are ever going to be fit for purpose. We present some examples to justify our position and comment on what a more adequate approach to incremental safety assurance may look like
Formalizing the Cardiac Pacemaker Resynchronization Therapy
For many years, formal methods have been used to design and develop critical systems in order to guarantee safety and security and the correctness of desired behaviours, through formal verification and validation techniques and tools. The development of high confidence medical devices such as the cardiac pacemaker, is one of the grand challenges in the area of verified software that need formal reasoning and proof-based development. This paper presents an example of how we used previous experience in developing a cardiac pacemaker using Event-B, to build an incremental proof-based development of a new pacemaker that uses Cardiac Resynchronization Therapy (CRT), also known as biventricular pacing or multisite pacing. In this work, we formalized the required behaviours of CRT including timing constraints and safety properties. We formalized the system using Event-B, and made use of the included Rodin tools to check the internal consistency with respect to safety properties, invariants and events. The system behaviours of the proven model were validated through the use of the ProB model checker