Implantable cardiac pacemakers restore normal heart rhythm by delivering external electrical pacing to the heart. The pacemaker software is life-critical as the timing of the pulses determine its ability to control the heart rate. Recalls due to software issues have been on the rise with the increasing complexity of pacing algorithms. Open-loop testing remains the primary approach to evaluate the safety of pacemaker software. While this tests how the pacemaker responds to stimulus, it cannot reveal pacemaker malfunctions which drive the heart into an unsafe state over multiple cycles. The safety and efficacy of pacemaker software should be considered in closed-loop with the physical environment of the heart. Formal Methods-based Model Checking has been an effective method for mathematically verifying all possible executions of the closed-loop system against safety properties. In this work, we used Timed automata to develop a series of heart models at different abstraction levels, which capture the timing behavior of the heart. By maintaining the Timed Simulation relation between each abstraction level, properties satisfied by the abstract model also hold in the actual system. With a Counter-Example-Guided Abstraction and Refinement (CEGAR) framework we can verify pacemaker efficiently without sacrificing accuracy.

This content is only available via PDF.
You do not currently have access to this content.