A formal methods approach to medical device review

With software playing an increasingly important role in medical devices, regulatory agencies such as the US Food and Drug Administration need effective means for assuring that this software is safe and reliable. The FDA has been striving for a more rigorous engineering-based review strategy to provide this assurance. The use of mathematics-based techniques in the development of software might help accomplish this. However, the lack of standard architectures for medical device software and integrated engineering-tool support for software analysis make a science-based software review process more difficult. The research presented here applies formal modeling methods and static analysis techniques to improve the review process. Regulation of medical device software encompasses reviews of device designs (premarket review) and device performance (postmarket surveillance). The FDA's Center for Devices and Radiological Health performs the premarket review on a device to evaluate its safety and effectiveness. As part of this process, the agency reviews software development life-cycle artifacts for appropriate quality-assurance attributes, which tend to reveal little about the device software integrity.     

SAT-Solving the Coverability Problem for Petri Nets

Net unfoldings have attracted great attention as a powerful technique for combating state space explosion in model checking, and have been applied to verification of finite state systems including 1-safe (finite) Petri nets and synchronous products of finite transition systems. Given that net unfoldings represent the state space in a distributed, implicit manner the verification algorithm is necessarily a two step process: generation of the unfolding and reasoning about it. In his seminal work McMillan (K.L. McMillan, Symbolic Model Checking. Kluwer Academic Publishers, 1993) showed that deadlock detection on unfoldings of 1-safe Petri nets is NP-complete. Since the deadlock problem on Petri nets is PSPACE-hard it is generally accepted that the two step process will yield savings (in time and space) provided the unfoldings are small.In this paper we show how unfoldings can be extended to the context of infinite-state systems. More precisely, we show how unfoldings can be constructed to represent sets of backward reachable states of unbounded Petri nets in a symbolic fashion. Furthermore, based on unfoldings, we show how to solve the coverability problem for unbounded Petri nets using a SAT-solver. Our experiments show that the use of unfoldings, in spite of the two-step process for solving coverability, has better time and space characteristics compared to a traditional reachability based implementation that considers all interleavings for solving the coverability problem.     

Apportioning: a technique for efficient reachability analysis ofconcurrent object-oriented programs

The object-oriented paradigm in software engineering provides support for the construction of modular and reusable program components and is attractive for the design of large and complex distributed systems. Reachability analysis is an important and well-known tool for static analysis of critical properties in concurrent programs, such as deadlock freedom. It involves the systematic enumeration of all possible global states of program execution and provides the same level of assurance for properties of the synchronization structure in concurrent programs, such as formal verification. However, direct application of traditional reachability analysis to concurrent object-oriented programs has many problems, such as incomplete analysis for reusable classes (not safe) and increased computational complexity (not efficient). We propose a novel technique called apportioning, for safe and efficient reachability analysis of concurrent object-oriented programs, that is based upon a simple but powerful idea of classification of program analysis points as local (having influence within a class) and global (having possible influence outside a class). We have developed a number of apportioning-based algorithms, having different degrees of safety and efficiency. We present the details of one of these algorithms, formally show its safety for an appropriate class of programs, and present experimental results to demonstrate its efficiency for various examples     

Java based replicated server objects and their remote method invocations in a distributed environment

A distributed system is said to be fault‐tolerant if it is able to provide important services despite partial failures of the computers or software objects in the system. These systems are needed to support applications such as remote access and control, virtual mobile offices and wide area collaborative systems where there are chances of failures in the network and software objects. Fault‐tolerance is usually achieved by replicating the objects in the system. Traditional distributed applications constructed using Java RMI (remote method invocation) are not fault‐tolerant because of the lack of support of object replication. The objective of the present work is to design a remote method invocation that supports server object replication. To provide a fault‐tolerant service to the remote client objects, server objects are actively replicated. The problems associated with the method invocation in the context of active server object replication are presented and solutions are discussed and implemented. Copyright © 2001 John Wiley & Sons, Ltd.     

Diagnosing rediscovered software problems using symptoms

This paper presents an approach to automatically diagnosing rediscovered software failures using symptoms, in environments in which many users run the same procedural software system. The approach is based on the observation that the great majority of field software failures are rediscoveries of previously reported problems and that failures caused by the same defect often share common symptoms. Based on actual data, the paper develops a small software failure fingerprint, which consists of the procedure call trace, problem detection location, and the identification of the executing software. The paper demonstrates that over 60 percent of rediscoveries can be automatically diagnosed based on fingerprints; less than 10 percent of defects are misdiagnosed. The paper also discusses a pilot that implements the approach. Using the approach not only saves service resources by eliminating repeated data collection for and diagnosis of reoccurring problems, but it can also improve service response time for rediscoveries     

Eddy current probe sensitivity as a function of coil construction parameters

We report the results of the first phase of a study designed to quantify the relationship between eddy current coil construction and the performance of these coils used in nondestructive evaluation (NDE) inspections. The ferrite core coils wound for this study are small but typical of the sizes commonly used in commercially manufactured eddy current probes. Coil diameters range from 1 mm to 7 mm with lengths from 0.5 mm to 4 mm. Seven parameters were studied and included ferrite diameter, ferrite permeability, coil aspect ratio, number of turns, distance of the windings from the inspection end of the ferrite, wire gauge, and length of the ferrite beyond the end of the windings. Additionally, the coil set was designed to provide some indication of the repeatability of identical constructions, what we have called winding inhomogeneity. The coils were incorporated into surface probes for scanning defects in flat plate specimens. The measure of sensitivity was the change of probe impedance (Z) as the probe was scanned from an unflawed area to the flawed area of the test specimen. Measurements were also made of the component of Z perpendicular to the liftoff vector.The data reported here were produced from a set of 27 probes scanned over a single defect. The defect was an electrical-discharge-machined (EDM) notch in a 19 mm thick 7075-T6 aluminum alloy specimen. The part-circular EDM notch was 9 mm long and 3 mm deep and 0.1 mm wide.Analysis of the data shows that the number of turns, the winding distance, the coil aspect ratio, and the backside ferrite length all affect the coil sensitivity. Winding inhomogeneity is significant for coils having many winding layers and can be considerably larger than the contribution made by variations in some of the construction factors. Wire gauge, ferrite diameter, and permeability showed no significant effects on our measure of sensitivity in this study.     

Simulating perfect channels with probabilistic lossy channels

We consider the problem of deciding whether an infinite-state system (expressed as a Markov chain) satisfies a correctness property with probability 1. This problem is, of course, undecidable for general infinite-state systems. We focus our attention on the model of probabilistic lossy channel systems consisting of finite-state processes that communicate over unbounded lossy FIFO channels. Abdulla and Jonsson have shown that safety properties are decidable while progress properties are undecidable for non-probabilistic lossy channel systems. Under assumptions of “sufficiently high” probability of loss, Baier and Engelen have shown how to check whether a property holds of probabilistic lossy channel system with probability 1. In this paper, we consider a model of probabilistic lossy channel systems, where messages can be lost only during send transitions. In contrast to the model of Baier and Engelen, once a message is successfully sent to channel, it can only be removed through a transition which receives the message. We show that checking whether safety properties hold with probability 1 is undecidable for this model. Our proof depends upon simulating a perfect channel, with a high degree of confidence, using lossy channels.     

Structural health monitoring of railway tracks using IoT-based multi-robot system

Neural Computing and Applications - A multi-robot-based fault detection system for railway tracks is proposed to eliminate manual human visual inspection. A hardware prototype is designed to...