Departmental Papers (CIS)

Date of this Version


Document Type

Conference Paper


The International Conference on Embedded Software (EMSOFT 2011), Taipei, Taiwan, October 9-14 2011.


This paper presents our effort of using model-driven engineering to establish a safety-assured implementation of Patient-Controlled Analgesic (PCA) infusion pump software based on the generic PCA reference model provided by the U.S. Food and Drug Administration (FDA). The reference model was first translated into a network of timed automata using the UPPAAL tool. Its safety properties were then assured according to the set of generic safety requirements also provided by the FDA. Once the safety of the reference model was established, we applied the TIMES tool to automatically generate platform-independent code as its preliminary implementation. The code was then equipped with auxiliary facilities to interface with pump hardware and deployed onto a real PCA pump. Experiments show that the code worked correctly and effectively with the real pump. To assure that the code does not introduce any violation of the safety requirements, we also developed a testbed to check the consistency between the reference model and the code through conformance testing. Challenges encountered and lessons learned during our work are also discussed in this paper.

Subject Area

CPS Medical

Publication Source

International Conference on Embedded Software (EMSOFT 2011)

Start Page


Last Page




Copyright/Permission Statement

© ACM 2011. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the International Conference on Embedded Software (EMSOFT 2011),


Software, Program Verification, Formal methods, Model checking, Validation, PCA infusion pump, model-based engineering, formalization, verification, code synthesis, timed automata



Date Posted: 10 September 2011

This document has been peer reviewed.