Automata for Real-time Systems B. Srivathsan Chennai Mathematical - - PowerPoint PPT Presentation

automata for real time systems
SMART_READER_LITE
LIVE PREVIEW

Automata for Real-time Systems B. Srivathsan Chennai Mathematical - - PowerPoint PPT Presentation

Dec 26, 2022 199 likes •483 views

Automata for Real-time Systems B. Srivathsan Chennai Mathematical Institute 1/26 In this lecture An academic case-study that investigates methods to build more reliable pacemakers 2/26 Lecture 10: Towards reliable pacemakers 3/26 References

slide-1
SLIDE 1

Automata for Real-time Systems

  • B. Srivathsan

Chennai Mathematical Institute

1/26

slide-2
SLIDE 2

In this lecture

An academic case-study that investigates methods to build more reliable pacemakers

2/26

slide-3
SLIDE 3

Lecture 10: Towards reliable pacemakers

3/26

slide-4
SLIDE 4

References

Modeling and verification of a dual chamber implantable pacemaker

Jiang, Pajic, Moarref, Alur, Mangharam. TACAS’12

Heart-on-a-chip: A closed-loop testing platform for implantable pacemakers

Jiang, Radhakrishnan, Sampath, Sarode, Mangharam. 2013 mlab.seas.upenn.edu

4/26

slide-5
SLIDE 5

Heart and pacemaker basics

Presentation of Zhihao Jiang (U Penn)

5/26

slide-6
SLIDE 6

Pacemaker software

In-built algorithms to detect and terminate various abnormal heart conditions

6/26

slide-7
SLIDE 7

Pacemaker software

In-built algorithms to detect and terminate various abnormal heart conditions At least 6 implanted medical devices were recalled in 2010 due to likely software defects

Killed by Code: Software Transparency in Implantable Medical Devices

Karen Sandler, Lysandra Ohrstrom, Laura Moy, Robert McVay 6/26

slide-8
SLIDE 8

Two possible solutions for more reliable devices:

◮ Model-based system/software design ◮ Closed-loop testing

7/26

slide-9
SLIDE 9

Model-based system/software design

Heart automaton Pacemaker automaton Simulink model Simulink model Heart on chip Pacemaker UPPAAL Simulink Testbench Verification Simulation Conformance testing

UPP2SF tool Code generation (Simulink is a commercial tool developed by Mathworks Inc.)

8/26

slide-10
SLIDE 10

Closed-loop testing

Heart ¡on ¡FPGA Boston ¡Scientific Pacemaker Analog ¡Interface

Heart on chip Pacemaker

Testbench Conformance testing

9/26

slide-11
SLIDE 11

Coming next: Modeling and verification of heart and pacemaker

10/26

slide-12
SLIDE 12

Heart as a timed automaton

11/26

slide-13
SLIDE 13

Abstract electrical conduction system of heart into nodes and paths

Picture credits: A Simulink hybrid heart model for quantitative verification of cardiac pacemakers Chen et. al. HSCC’13

12/26

slide-14
SLIDE 14

Refractory Time

Vout

ERP RRP Rest Rest Cond ERP RRP Rest Rest

Cond RRP t<=Trrp_max ERP t<=Terp_max temp Rest t<=Trest_max t>Trest_min t=0 Act_node? t=0 t>Trrp_min t=0 t>Terp_min t=0 Act_path! Act_node? t=0

Abstraction 1 N1

c

Cond Confmict t<=1 Double t1+t2<=Tcond_max Ante t1<=Tcond_max Retro t2<=Tcond_max Idle t1+t2>Tcond_min Act_node_1? Act_node_2? t>1 t1>Tcond_min Act_node_2! t2>Tcond_min Act_node_1! Act_path_2? t2=0 Act_path_1? t1=0

P1

Node Path Parameters Trest_max, Trrp_min, etc. chosen acc. to node placement and patient history

13/26

slide-15
SLIDE 15

Heart automaton H: N1 || P1 || N2 || P2|| . . . || Nk

Ni Node automaton Pi Path automaton k Number of nodes to which heart is abstracted || Parallel composition (asynchronous product construction)

14/26

slide-16
SLIDE 16

Pacemaker as a timed automaton

15/26

slide-17
SLIDE 17

Heart-pacemaker interaction

Heart

Pacemaker

Aget ! Vget ! VP ! AP !

1 2 3

  • N1. Act_Path! → Aget!
  • N2. Act_Path! → Vget

N1 node at atrial lead N2 node at ventricular lead

16/26

slide-18
SLIDE 18

Pacemaker timing cycles

1 2 3

17/26

slide-19
SLIDE 19

PVARP Aget? VS? VP? AS! AR! LRI AS? VS? VP? AP! AVI AS? VS? VP? VP! VS? URI VP? VRP Vget? VS! VP? (a) LRI component (b) AVI component (c) URI component (d) PVARP component (e) VRP component

Pacemaker automaton P: LRI || AVI || URI || PVARP || VRP

18/26

slide-20
SLIDE 20

Heart-pacemaker automaton: H || P

19/26

slide-21
SLIDE 21

An algorithm for Endless Loop Tachycardia

20/26

slide-22
SLIDE 22

Endless Loop Tachycardia (ELT)

Slides of Zhihao Jiang

21/26

slide-23
SLIDE 23

◮ ELT-detection: If VP-AS pattern within 500ms for at least 8 times ◮ ELT-termination: Increase PVARP to 500ms once

2 1 3

1 VPAS 2 ELTct 3 PVARP’

Pacemaker P1: LRI || AVI || URI || PVARP′ || VRP || ELTct || VPAS

22/26

slide-24
SLIDE 24

Is the modified pacemaker safe?

Question 1: Are 2 ventricular events within time?

secV wait_2nd wait_1st t=0 VP? Vget? VP? t=0 Vget? t=0 (a) Monitor PLRI test

Check in UPPAAL if in H || P1 || PLRItest, all paths satisfy PLRItest.t ≤ TLRI

23/26

slide-25
SLIDE 25

Is the modified pacemaker safe?

Question 2: Are 2 ventricular events very fast?

secV wait_vp wait_v Vget? t=0 t=0 VP? Vget? t=0 VP? t=0 (b) Monitor PURI test

Check in UPPAAL if in H || P1 || PURItest, all paths satisfy PURItest.t ≥ TURI

24/26

slide-26
SLIDE 26

Each time new algorithm is added, model it and check if basic safety properties are satisfied

25/26

slide-27
SLIDE 27

Take-home

◮ Model-based system/software design ◮ Closed-loop testing

26/26