Case Study Computer Assisted Resuscitation Algorithm CARA System
- Slides: 26
Case Study: Computer Assisted Resuscitation Algorithm (CARA) System Insup Lee Department of Computer and Information Science University of Pennsylvania 6/22/01 1
SDRL & RTG University of Pennsylvania People • • • Alwyn Goodloe (Penn) Dr. Jitka Stribna (Penn) Jiaxiang Zhou (Penn) Prof. Insup Lee (Penn) Dr. Oleg Sokolsky (Penn) Prof. Elsa Gunter (NJIT) 6/22/01 2
SDRL & RTG University of Pennsylvania Goals of CARA case study • Facilitate the development of reliable and robust (current and future) CARA systems • Use the state-of-the-art formal methods and techniques – Requirement capture and analyzer, model checker, equivalance checker, test generator, etc) – Evaluate the effectiveness of tools – Development of domain specific framework and methodology 6/22/01 3
SDRL & RTG University of Pennsylvania Embedded Systems • Difficulties – – Increasing complexity Decentralized Safety critical Resource constrained • Non-functional: power, size, etc. • Development of reliable and robust embedded software • Increased development cost implies greater emphasis on reuse … 6/22/01 4
SDRL & RTG University of Pennsylvania Properties of embedded systems • • • Adherence to safety-critical properties Meeting timing constraints Satisfaction of resource constraints Confinement of resource accesses Supporting fault tolerance Domain specific requirements 6/22/01 5
SDRL & RTG University of Pennsylvania Progress to date • Translated parts of informal requirements to EFSM (Extended Finite State Machines) • Our analysis of the requirements (3/19/01) and Questions/Answers (1/24/01) generated 29 questions of the following types: – Identifying Inconsistencies (4) – Identifying Incompleteness (10) – Clarification of specific terms (15) 6/22/01 6
SDRL & RTG University of Pennsylvania Sample Questions • Clarifications of specific term – What is an infusate (Req 16) • Infusate is the ‘stuff’ usually a saline solution that is being pumped into the person • Identifying Incompleteness – Is hardware setting on pump active in Auto-Control mode? What happens if the user meddles with the hardware flow knob in Auto-Control mode? • The computer can take control of the pumping rate and thus lock out the hardware flow knob. The pump can still be shut off though. 6/22/01 7
SDRL & RTG University of Pennsylvania Sample Questions (Cntd. ) • Identifying Inconsistencies – There were several exchanges requesting clarification on the fact that the requirements indicate that a beat-to-beat source is lost after 3 minutes (Req 42 and 43), but the Q/A document says it should be 2 minutes (Q 120). 6/22/01 8
SDRL & RTG University of Pennsylvania Overall System • Pump – The hardware • Cara system – The software • Environment – The user • Patient – The object 6/22/01 9
SDRL & RTG University of Pennsylvania Overall System Structure Back 6/22/01 10
SDRL & RTG University of Pennsylvania The Cara System • Component – – 6/22/01 Pump Monitor Blood Pressure Detector Control Algorithm Display/Alarm 11
SDRL & RTG University of Pennsylvania 6/22/01 Back 12
SDRL & RTG University of Pennsylvania Pump Monitor • Signal from Pump hardware – Plugged-in • Whether the pump is plugged in is the pre-condition of the Cara system. Whenever the monitor finds the pump is not plugged in, it will trigger the alarm system and the Cara will revert back to “Manual mode” – back EMF • Monitors the voltage of the pump – Air Ok line • Monitors the infused liquid for presence of air bubbles – Occlusion line • Monitors whether an occlusion fault is found – Wire-continuity • Checks continuity of all lines connecting the pump 6/22/01 13
SDRL & RTG University of Pennsylvania Pump Monitor 6/22/01 14
SDRL & RTG University of Pennsylvania State Flow to Check Plugged-in Back 6/22/01 15
SDRL & RTG University of Pennsylvania BP Detector • Read BP – Read & Check Cuff Pressure – Read & Check Beat-to-Beat BP • Select BP Source – Several sources: cuff pressure, arterial line, pulse wave transmission, etc) – Select control BP • Corroborate BP – Corroboration Algorithm – Re-Corroboration • Monitor BP Level – Check with BP Set Point – Check BP falls 6/22/01 16
SDRL & RTG University of Pennsylvania 6/22/01 17
SDRL & RTG University of Pennsylvania BP Source Selection Back 6/22/01 18
SDRL & RTG University of Pennsylvania Control Algorithm • Pump-control Algorithm – Computes drive voltage for the pump – Consists of some modes • Polling-control Algorithm – Checks the pumping rate by polling the back EMF line – Computes flow rate, cumulative volume & impedance value and send them to display – Checks impedance of the infused liquid 6/22/01 19
SDRL & RTG University of Pennsylvania Pump-Control Algorithm 6/22/01 20
SDRL & RTG University of Pennsylvania Polling-Control Algorithm Back 6/22/01 21
SDRL & RTG University of Pennsylvania Display/Alarm • Message Display – Pump status • Pump mode • Unexpected status – Pumping data • Flow rate • Cumulative volume – Override windows • Alarm – Alarm messages • Alarm type • Directions to fix alarm – Audible alarms 6/22/01 22
SDRL & RTG University of Pennsylvania 6/22/01 23
SDRL & RTG University of Pennsylvania Alarm State Machine 6/22/01 Back 24
SDRL & RTG University of Pennsylvania Preliminary Plan • Understand informal requirements (tech report): Aug ‘ 01 • Check consistency of EFSM (paper): Nov ’ 01 • Identify and verify safety properties: Jan ’ 02 • Other possibilities – Translate informal requirements to EFSM – Identify assumptions on four subsystems: environment, patient, pump hardware, CARA systems – Failure modes: detection and handling – Completeness (of events and conditions) – Complete treatment of failures – Extract safety properties from hazard analysis document – Talk to designer – – 6/22/01 Timing modeling and analysis Reliability modeling and analysis Generate tests Code generation • API, hardware spec. , what control algorithms • Simulator/emulator (? ) 25
SDRL & RTG University of Pennsylvania Announcements • 14 th IEEE Symposium on computer-based medical systems (CBMS), NIH, Bethesda, July 26 -27. www. cvial. ttu. edu/conferences/cbms 2001 • Web page – www. cis. upenn. edu/hasten/cara (two part: public and password) 6/22/01 26