Mosterman, Pieter
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 3 of 3
Publication Technical Report: Abstraction-Tree For Closed-loop Model Checking of Medical Devices(2015-05-06) Jiang, Zhihao; Abbas, Houssam; Mosterman, Pieter J; Mangharam, RahulPublication Requirement-Guided Model Refinement(2014-12-02) Jiang, Zhihao; Mosterman, Pieter; Mangharam, RahulMedical device is a typical Cyber-Physical System and ensuring the safety and efficacy of the device requires closed-loop verification. Currently closed-loop verifications of medical devices are performed in the form of clinical trials in which the devices are tested on the patients.Publication Automated Closed-Loop Model Checking of Implantable Pacemakers using Abstraction Trees(2016-03-16) Jiang, Zhihao; Abbas, Houssam; Mosterman, Pieter; Mangharam, RahulAutonomous medical devices such as implantable cardiac pacemakers are capable of diagnosing the patient condition and delivering therapy without human intervention. Their ability to autonomously affect the physiological state of the patient makes them safety-critical. Sufficient evidence for the safety and efficacy of the device software, which makes these autonomous decisions, should be provided before these devices can be released on the market. Formal methods like model checking can provide safety evidence that the devices can safely operate under a large variety of physiological conditions. The challenge is to develop physiological models that are general enough to cover the large variability of human physiology, and also expressive enough to provide physiological contexts to counter-examples returned by the model checker. In this paper, the authors develop a set of physiological abstraction rules that introduce physiological constraints to heart models. By applying these abstraction rules to a initial set of heart models, an abstraction tree is created. The root model covers all possible inputs to a pacemaker and derived models cover inputs from different heart conditions. If a counter-example is returned by the model checker, the abstraction tree is traversed so that the most concrete counter-example(s) with physiological contexts can be returned to the domain experts for validity check. The abstraction tree framework replaces the manual abstraction and refinement framework, which reduced the amount of domain knowledge required to perform closed-loop model checking. It encourages the use of model checking during the development of autonomous medical devices, and identifies safety risks earlier in the design process.