SlideShare une entreprise Scribd logo

Insulin pump overview

Télécharger en tant que PPTX, PDF
S
software-engineering-book

An overview of the operation of a software-controlled insulin pump

Technologie
1  sur  36
The embedded control software for a personal insulin pump Case study: Insulin pump overview 1
Medical systems  More and more medical instruments now include embedded control software.  These software systems are often critical systems as a patient’s life (or at least their health) may depend on the correct and timely functioning of these systems  The systems themselves are often relatively small and are therefore understandable unlike, for example, industrial control systems Case study: Insulin pump overview 2
Diabetes  People with diabetes cannot make their own insulin, a hormone that is normally secreted by the pancreas. Insulin is essential to metabolise sugar and hence generate energy  Currently most diabetics inject insulin 2 or more times per day, with the dose injected based on readings of their blood sugar level  However, this results in artificial blood sugar fluctuations as it does not reflect the on-demand insulin production of the pancreas Case study: Insulin pump overview 3
A personal insulin pump  A personal insulin pump is an external device that mimics the function of the pancreas  It uses an embedded sensor to measure the blood sugar level at periodic intervals and then injects insulin to maintain the blood sugar at a ‘normal’ level.  I will draw on this example at various points in the course to illustrate aspects of critical systems engineering Case study: Insulin pump overview 4
Insulin pump hardware schematic Case study: Insulin pump overview 5
Activity model of the personal insulin pump Case study: Insulin pump overview 6
Concept of operation  Using readings from an embedded sensor, the system automatically measures the level of glucose in the sufferer’s body  Consecutive readings are compared and, if they indicate that the level of glucose is rising (see next slide) then insulin is injected to counteract this rise  The ideal situation is a consistent level of sugar that is within some ‘safe’ band Case study: Insulin pump overview 7
Sugar levels  Unsafe  A very low level of sugar (arbitrarily, we will call this 3 units) is dangerous and can result in hypoglaecemia which can result in a diabetic coma and ultimately death.  Safe  Between 3 units and about 7 units, the levels of sugar are ‘safe’ and are comparable to those in people without diabetes. This is the ideal band.  Undesirable  Above 7 units of insulin is undesirable but high levels are not dangerous in the short-term. Continuous high-levels however can result in long-term side-effects. Case study: Insulin pump overview 8
Insulin injection  The decision when to apply insulin does NOT depend on the absolute level of glucose that is measured in the sufferer’s blood.  The reason for this is that insulin does not act instantaneously and the change in sugar level does not simply depend on a single injection but also on previous injections.  A more complex decision based on previous levels and rate of change of sugar level is used. Case study: Insulin pump overview 9
Injection scenarios  Level of sugar is in the unsafe band  Do not inject insulin;  Initiate warning for the sufferer.  Level of sugar is falling  Do not inject insulin if in safe band. Inject insulin if rate of change of level is decreasing.  Level of sugar is stable  Do not inject insulin if level is in the safe band;  Inject insulin if level is in the undesirable band to bring down glucose level;  Amount injected should be proportionate to the degree of undesirability ie inject more if level is 20 rather than 10. Case study: Insulin pump overview 10
Injection scenarios  Level of sugar is increasing  Reading in unsafe band • No injection.  Reading in safe band • Inject only if the rate of increase is constant or increasing. If constant, inject standard amount; if increasing, compute amount based on increase.  Reading in unsafe band • Inject constant amount if rate of increase is constant or decreasing. • Inject computed amount if rate of increase is increasing. Case study: Insulin pump overview 11
Glucose measurements Undesirable area Safe area Time Sugar level Unsafe area Inject t1 t2 t3 Inject Do not inject Do not inject Do not inject Case study: Insulin pump overview 12
System specification  Functional specification  How to carry out the computation to determine if insulin should be administered  Dependability specification  Requirements to ensure safe operation of the pump Case study: Insulin pump overview 13
Functional requirements  If the reading is below the safe minimum, no insulin shall be delivered.  If the reading is within the safe zone, then insulin is only delivered if the level of sugar is rising and the rate of increase of sugar level is increasing.  If the reading is above the recommended level, insulin is delivered unless the level of blood sugar is falling and the rate of decrease of the blood sugar level is increasing. Case study: Insulin pump overview 14
Formal specification  Because of the complexity of the functional specification, there is considerable scope for misinterpretation  This system is an example where formal specification can be used to define the insulin to be delivered in each case Case study: Insulin pump overview 15
Dependability specification  Availability  The pump should have a high level of availability but the nature of diabetes is such that continuous availability is unnecessary  Reliability  Intermittent demands for service are made on the system  Safety  The key safety requirements are that the operation of the system should never result in a very low level of blood sugar. A fail-safe position is for no insulin to be delivered  Security  Not really applicable in this case Case study: Insulin pump overview 16
System availability  In specifying the availability, issues that must be considered are:  The machine does not have to be continuously available as failure to deliver insulin on a single occasion (say) is not a problem  However, no insulin delivery over a few hours would have an effect on the patient’s health  The machine software can be reset by switching it on and off hence recovery from software errors is possible without compromising the usefulness of the system  Hardware failures can only be repaired by return to the manufacturer. This means, in practice, a loss of availability of at least 3 days Case study: Insulin pump overview 17
Availability  A general specification of availability suggests that the machine should not have to be returned to the manufacturer more than once every year years (this repair time dominates everything else) so  System availability = 727/730 *100 = 0.99  It is much harder to specify the software availability as the demands are intermittent. In this case, you would subsume availability under reliability Case study: Insulin pump overview 18
Reliability metric  Demands on the system are intermittent (several times per hour) and the system must be able to respond to these demands  In this case, the most appropriate metric is therefore Probability of Failure on Demand  Other metrics  Short transactions so MTTF not appropriate  Insufficient number of demands for ROCOF to be appropriate Case study: Insulin pump overview 19
System failures  Transient failures  can be repaired by user actions such as resetting or recalibrating the machine. For these types of failure, a relatively low value of POFOD (say 0.002) may be acceptable. This means that one failure may occur in every 500 demands made on the machine. This is approximately once every 3.5 days.  Permanent failures  require the machine to be repaired by the manufacturer. The probability of this type of failure should be much lower. Roughly once a year is the minimum figure so POFOD should be no more than 0.00002. Case study: Insulin pump overview 20
System hazard analysis  Physical hazards  Hazards that result from some physical failure of the system  Electrical hazards  Hazards that result from some electrical failure of the system  Biological hazards  Hazards that result from some system failure that interferes with biological processes Case study: Insulin pump overview 21
Insulin system hazards  insulin overdose or underdose (biological)  power failure (electrical)  machine interferes electrically with other medical equipment such as a heart pacemaker (electrical)  parts of machine break off in patient’s body(physical)  infection caused by introduction of machine (biol.)  allergic reaction to the materials or insulin used in the machine (biol). Case study: Insulin pump overview 22
Risk analysis example Case study: Insulin pump overview 23
Software-related hazards  Only insulin overdose and insulin underdose are software related hazards  The other hazards are related to the hardware and physical design of the machine  Insulin underdose and insulin overdose can be the result of errors made by the software in computing the dose required Case study: Insulin pump overview 24
Software problems  Arithmetic error  Some arithmetic computation causes a representation failure (overflow or underflow)  Specification may state that arithmetic error must be detected and an exception handler included for each arithmetic error. The action to be taken for these errors should be defined  Algorithmic error  Difficult to detect anomalous situation  May use ‘realism’ checks on the computed dose of insulin Case study: Insulin pump overview 25
Insulin pump fault tree
General dependability requirements  SR1: The system shall not deliver a single dose of insulin that is greater than a specified maximum dose for a system user.  SR2: The system shall not deliver a daily cumulative dose of insulin that is greater than a specified maximum for a system user.  SR3: The system shall include a hardware diagnostic facility that should be executed at least 4 times per hour.  SR4: The system shall include an exception handler for all of the exceptions that are identified in Table 3.  SR5: The audible alarm shall be sounded when any hardware anomaly is discovered and a diagnostic message as defined in Table 4 should be displayed. Case study: Insulin pump overview 27
Safety proofs  Safety proofs are intended to show that the system cannot reach in unsafe state Weaker than correctness proofs which must show that the system code conforms to its specification  Generally based on proof by contradiction  Assume that an unsafe state can be reached  Show that this is contradicted by the program code Case study: Insulin pump overview 28
Insulin delivery system  Safe state is a shutdown state where no insulin is delivered  If hazard arises,shutting down the system will prevent an accident  Software may be included to detect and prevent hazards such as power failure  Consider only hazards arising from software failure  Arithmetic error The insulin dose is computed incorrectly because of some failure of the computer arithmetic  Algorithmic error The dose computation algorithm is incorrect Case study: Insulin pump overview 29
Arithmetic errors  Use language exception handling mechanisms to trap errors as they arise  Use explicit error checks for all errors which are identified  Avoid error-prone arithmetic operations (multiply and divide). Replace with add and subtract  Never use floating-point numbers  Shut down system if exception detected (safe state) Case study: Insulin pump overview 30
Algorithmic errors  Harder to detect than arithmetic errors. System should always err on the side of safety  Use reasonableness checks for the dose delivered based on previous dose and rate of dose change  Set maximum delivery level in any specified time period  If computed dose is very high, medical intervention may be necessary anyway because the patient may be ill Case study: Insulin pump overview 31
Insulin delivery code Case study: Insulin pump overview 32
Informal safety argument Case study: Insulin pump overview 33
System testing  System testing of the software has to rely on simulators for the sensor and the insulin delivery components.  Test for normal operation using an operational profile. Can be constructed using data gathered from existing diabetics  Testing has to include situations where rate of change of glucose is very fast and very slow  Test for exceptions using the simulator Case study: Insulin pump overview 34
Safety assertions  Predicates included in the program indicating conditions which should hold at that point.  May be based on pre-computed limits e.g. number of insulin pump increments in maximum dose.  Used in formal program inspections or may be pre-processed into safety checks that are executed when the system is in operation. Case study: Insulin pump overview 35
Safety assertions Case study: Insulin pump overview 36

Recommandé

Airbus fcs
Airbus fcsAirbus fcs
Airbus fcssoftware-engineering-book
 
Context model
Context modelContext model
Context modelUbaid423
 
hci in software development process
hci in software development processhci in software development process
hci in software development processKainat Ilyas
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirements
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirementsHCI 3e - Ch 13: Socio-organizational issues and stakeholder requirements
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirementsAlan Dix
 
Interaction Modeling
Interaction ModelingInteraction Modeling
Interaction ModelingHemant Sharma
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 

Recommandé

Airbus fcs
Airbus fcsAirbus fcs
Airbus fcssoftware-engineering-book
 
Context model
Context modelContext model
Context modelUbaid423
 
hci in software development process
hci in software development processhci in software development process
hci in software development processKainat Ilyas
 
Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Ian Sommerville, Software Engineering, 9th Edition Ch2
Ian Sommerville, Software Engineering, 9th Edition Ch2Mohammed Romi
 
Communication primitives
Communication primitivesCommunication primitives
Communication primitivesStudent
 
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirements
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirementsHCI 3e - Ch 13: Socio-organizational issues and stakeholder requirements
HCI 3e - Ch 13: Socio-organizational issues and stakeholder requirementsAlan Dix
 
Interaction Modeling
Interaction ModelingInteraction Modeling
Interaction ModelingHemant Sharma
 
Communications is distributed systems
Communications is distributed systemsCommunications is distributed systems
Communications is distributed systemsSHATHAN
 
Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
HCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rulesHCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rulesAlan Dix
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introductionsoftware-engineering-book
 
Software Process Models
Software Process ModelsSoftware Process Models
Software Process ModelsAtul Karmyal
 
Software maintenance Unit5
Software maintenance Unit5Software maintenance Unit5
Software maintenance Unit5Mohammad Faizan
 
HCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration modelsHCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration modelsAlan Dix
 
System dependability
System dependabilitySystem dependability
System dependabilitysommerville-videos
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
HCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive modelsHCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive modelsAlan Dix
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systemssumitjain2013
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
Memory management
Memory managementMemory management
Memory managementRajni Sirohi
 
HCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interactionHCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interactionAlan Dix
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6koolkampus
 
Software maintenance
Software maintenance Software maintenance
Software maintenance Rajeev Sharan
 
Ch5 system modeling
Ch5 system modelingCh5 system modeling
Ch5 system modelingsoftware-engineering-book
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)Er. Shiva K. Shrestha
 
insulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdfinsulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdfDirceu23
 
Simulation of insulin pump
Simulation of insulin pump Simulation of insulin pump
Simulation of insulin pump Rishu Seth
 

Contenu connexe

Tendances

Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systemsDr. Loganathan R
 
HCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rulesHCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rulesAlan Dix
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed systemSunita Sahu
 
Software Process Models
Software Process ModelsSoftware Process Models
Software Process ModelsAtul Karmyal
 
Software maintenance Unit5
Software maintenance Unit5Software maintenance Unit5
Software maintenance Unit5Mohammad Faizan
 
HCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration modelsHCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration modelsAlan Dix
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency ModelRajat Kumar
 
HCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive modelsHCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive modelsAlan Dix
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systemssumitjain2013
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Mohammed Romi
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed SystemSunita Sahu
 
HCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interactionHCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interactionAlan Dix
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6koolkampus
 
Software maintenance
Software maintenance Software maintenance
Software maintenance Rajeev Sharan
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)Er. Shiva K. Shrestha
 

Tendances (20)

Software engineering critical systems
Software engineering critical systemsSoftware engineering critical systems
Software engineering critical systems
 
HCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rulesHCI 3e - Ch 7: Design rules
HCI 3e - Ch 7: Design rules
 
Intruders
IntrudersIntruders
Intruders
 
Clock synchronization in distributed system
Clock synchronization in distributed systemClock synchronization in distributed system
Clock synchronization in distributed system
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introduction
 
Software Process Models
Software Process ModelsSoftware Process Models
Software Process Models
 
Software maintenance Unit5
Software maintenance Unit5Software maintenance Unit5
Software maintenance Unit5
 
HCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration modelsHCI 3e - Ch 14: Communication and collaboration models
HCI 3e - Ch 14: Communication and collaboration models
 
System dependability
System dependabilitySystem dependability
System dependability
 
Client Centric Consistency Model
Client Centric Consistency ModelClient Centric Consistency Model
Client Centric Consistency Model
 
HCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive modelsHCI 3e - Ch 12: Cognitive models
HCI 3e - Ch 12: Cognitive models
 
Fault tolerance in distributed systems
Fault tolerance in distributed systemsFault tolerance in distributed systems
Fault tolerance in distributed systems
 
Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4Ian Sommerville, Software Engineering, 9th Edition Ch 4
Ian Sommerville, Software Engineering, 9th Edition Ch 4
 
Introduction to Distributed System
Introduction to Distributed SystemIntroduction to Distributed System
Introduction to Distributed System
 
Memory management
Memory managementMemory management
Memory management
 
HCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interactionHCI 3e - Ch 3: The interaction
HCI 3e - Ch 3: The interaction
 
Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6Requirements Engineering Processes in Software Engineering SE6
Requirements Engineering Processes in Software Engineering SE6
 
Software maintenance
Software maintenance Software maintenance
Software maintenance
 
Ch5 system modeling
Ch5 system modelingCh5 system modeling
Ch5 system modeling
 
Software Configuration Management (SCM)
Software Configuration Management (SCM)Software Configuration Management (SCM)
Software Configuration Management (SCM)
 

Similaire à Insulin pump overview

insulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdfinsulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdfDirceu23
 
Simulation of insulin pump
Simulation of insulin pump Simulation of insulin pump
Simulation of insulin pump Rishu Seth
 
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...robelegemechu1
 
Implantable biosensor with programmed insulin pump
Implantable biosensor with programmed insulin pumpImplantable biosensor with programmed insulin pump
Implantable biosensor with programmed insulin pumpjitisha chhettri
 
C1 cda in hospital management of diabetes 2015
C1 cda in hospital management of diabetes 2015C1 cda in hospital management of diabetes 2015
C1 cda in hospital management of diabetes 2015Diabetes for all
 
Microcontroller Based infusion Pump
Microcontroller Based infusion PumpMicrocontroller Based infusion Pump
Microcontroller Based infusion PumpAthiraR23
 
GLUCAGON: AI-Based Insulin Dosage Prediction Application
GLUCAGON: AI-Based Insulin Dosage Prediction ApplicationGLUCAGON: AI-Based Insulin Dosage Prediction Application
GLUCAGON: AI-Based Insulin Dosage Prediction ApplicationIRJET Journal
 
NEW TECHNOLOGY OF DIABETES.pptx
NEW TECHNOLOGY OF DIABETES.pptxNEW TECHNOLOGY OF DIABETES.pptx
NEW TECHNOLOGY OF DIABETES.pptxSemilunar Helaly
 
Guide to Infusion Pump Testing USA by Rigel Medical
Guide to Infusion Pump Testing USA by Rigel MedicalGuide to Infusion Pump Testing USA by Rigel Medical
Guide to Infusion Pump Testing USA by Rigel MedicalMedical IT
 
Diabetics blood glucose control based on GA-FOPID technique
Diabetics blood glucose control based on GA-FOPID techniqueDiabetics blood glucose control based on GA-FOPID technique
Diabetics blood glucose control based on GA-FOPID techniquejournalBEEI
 
insulin pump CSII
insulin pump CSII insulin pump CSII
insulin pump CSIIAbdo sayed
 
Ndei Beta Cell Slide Kit Can We Assess B Cell Health
Ndei Beta Cell Slide Kit Can We Assess B Cell HealthNdei Beta Cell Slide Kit Can We Assess B Cell Health
Ndei Beta Cell Slide Kit Can We Assess B Cell HealthPPSCME
 
Multipara monitor -Application and Maintenance
Multipara monitor -Application and MaintenanceMultipara monitor -Application and Maintenance
Multipara monitor -Application and Maintenanceshashi sinha
 
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docx
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docxORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docx
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docxalfred4lewis58146
 
managing diabetes in critically ill hospitalized patients
managing diabetes in critically ill hospitalized patientsmanaging diabetes in critically ill hospitalized patients
managing diabetes in critically ill hospitalized patientssumitverma88
 
Backward chaining rule-based system
Backward chaining rule-based systemBackward chaining rule-based system
Backward chaining rule-based systemJenny Padillo
 

Similaire à Insulin pump overview (20)

insulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdfinsulinpumpoverview-141212105807-conversion-gate01 (2).pdf
insulinpumpoverview-141212105807-conversion-gate01 (2).pdf
 
Simulation of insulin pump
Simulation of insulin pump Simulation of insulin pump
Simulation of insulin pump
 
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...
LOW-COST INSULIN PUMP WITH PREDICTIVE BASED MITIGATION OF HYPERGLYCEMIA AND H...
 
Implantable biosensor with programmed insulin pump
Implantable biosensor with programmed insulin pumpImplantable biosensor with programmed insulin pump
Implantable biosensor with programmed insulin pump
 
C1 cda in hospital management of diabetes 2015
C1 cda in hospital management of diabetes 2015C1 cda in hospital management of diabetes 2015
C1 cda in hospital management of diabetes 2015
 
Microcontroller Based infusion Pump
Microcontroller Based infusion PumpMicrocontroller Based infusion Pump
Microcontroller Based infusion Pump
 
Insulin pump
Insulin pump Insulin pump
Insulin pump
 
GLUCAGON: AI-Based Insulin Dosage Prediction Application
GLUCAGON: AI-Based Insulin Dosage Prediction ApplicationGLUCAGON: AI-Based Insulin Dosage Prediction Application
GLUCAGON: AI-Based Insulin Dosage Prediction Application
 
NEW TECHNOLOGY OF DIABETES.pptx
NEW TECHNOLOGY OF DIABETES.pptxNEW TECHNOLOGY OF DIABETES.pptx
NEW TECHNOLOGY OF DIABETES.pptx
 
Artificial pancreas
Artificial pancreasArtificial pancreas
Artificial pancreas
 
Guide to Infusion Pump Testing USA by Rigel Medical
Guide to Infusion Pump Testing USA by Rigel MedicalGuide to Infusion Pump Testing USA by Rigel Medical
Guide to Infusion Pump Testing USA by Rigel Medical
 
Insulin in icu 2
Insulin in icu 2Insulin in icu 2
Insulin in icu 2
 
Diabetics blood glucose control based on GA-FOPID technique
Diabetics blood glucose control based on GA-FOPID techniqueDiabetics blood glucose control based on GA-FOPID technique
Diabetics blood glucose control based on GA-FOPID technique
 
insulin pump CSII
insulin pump CSII insulin pump CSII
insulin pump CSII
 
Ndei Beta Cell Slide Kit Can We Assess B Cell Health
Ndei Beta Cell Slide Kit Can We Assess B Cell HealthNdei Beta Cell Slide Kit Can We Assess B Cell Health
Ndei Beta Cell Slide Kit Can We Assess B Cell Health
 
Multipara monitor -Application and Maintenance
Multipara monitor -Application and MaintenanceMultipara monitor -Application and Maintenance
Multipara monitor -Application and Maintenance
 
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docx
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docxORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docx
ORIGINAL ARTICLEThe Hybrid Closed-Loop SystemEvolution .docx
 
52065 routing
52065 routing52065 routing
52065 routing
 
managing diabetes in critically ill hospitalized patients
managing diabetes in critically ill hospitalized patientsmanaging diabetes in critically ill hospitalized patients
managing diabetes in critically ill hospitalized patients
 
Backward chaining rule-based system
Backward chaining rule-based systemBackward chaining rule-based system
Backward chaining rule-based system
 

Plus de software-engineering-book

Engineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementEngineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementsoftware-engineering-book
 
Engineering Software Products: 8. Reliable programming
Engineering Software Products: 8. Reliable programmingEngineering Software Products: 8. Reliable programming
Engineering Software Products: 8. Reliable programmingsoftware-engineering-book
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacysoftware-engineering-book
 
Engineering Software Products: 6. microservices architecture
Engineering Software Products: 6. microservices architectureEngineering Software Products: 6. microservices architecture
Engineering Software Products: 6. microservices architecturesoftware-engineering-book
 
Engineering Software Products: 5. cloud based software
Engineering Software Products: 5. cloud based softwareEngineering Software Products: 5. cloud based software
Engineering Software Products: 5. cloud based softwaresoftware-engineering-book
 
Engineering Software Products: 4. software architecture
Engineering Software Products: 4. software architectureEngineering Software Products: 4. software architecture
Engineering Software Products: 4. software architecturesoftware-engineering-book
 
Engineering Software Products: 3. features, scenarios and stories
Engineering Software Products: 3. features, scenarios and storiesEngineering Software Products: 3. features, scenarios and stories
Engineering Software Products: 3. features, scenarios and storiessoftware-engineering-book
 
Engineering Software Products: 2. agile software engineering
Engineering Software Products: 2. agile software engineeringEngineering Software Products: 2. agile software engineering
Engineering Software Products: 2. agile software engineeringsoftware-engineering-book
 
Engineering Software Products: 1. software products
Engineering Software Products: 1. software productsEngineering Software Products: 1. software products
Engineering Software Products: 1. software productssoftware-engineering-book
 

Plus de software-engineering-book (20)

Engineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code managementEngineering Software Products: 10. Devops and code management
Engineering Software Products: 10. Devops and code management
 
Engineering Software Products: 9. testing
Engineering Software Products: 9. testingEngineering Software Products: 9. testing
Engineering Software Products: 9. testing
 
Engineering Software Products: 8. Reliable programming
Engineering Software Products: 8. Reliable programmingEngineering Software Products: 8. Reliable programming
Engineering Software Products: 8. Reliable programming
 
Engineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacyEngineering Software Products: 7. security and privacy
Engineering Software Products: 7. security and privacy
 
Engineering Software Products: 6. microservices architecture
Engineering Software Products: 6. microservices architectureEngineering Software Products: 6. microservices architecture
Engineering Software Products: 6. microservices architecture
 
Engineering Software Products: 5. cloud based software
Engineering Software Products: 5. cloud based softwareEngineering Software Products: 5. cloud based software
Engineering Software Products: 5. cloud based software
 
Engineering Software Products: 4. software architecture
Engineering Software Products: 4. software architectureEngineering Software Products: 4. software architecture
Engineering Software Products: 4. software architecture
 
Engineering Software Products: 3. features, scenarios and stories
Engineering Software Products: 3. features, scenarios and storiesEngineering Software Products: 3. features, scenarios and stories
Engineering Software Products: 3. features, scenarios and stories
 
Engineering Software Products: 2. agile software engineering
Engineering Software Products: 2. agile software engineeringEngineering Software Products: 2. agile software engineering
Engineering Software Products: 2. agile software engineering
 
Engineering Software Products: 1. software products
Engineering Software Products: 1. software productsEngineering Software Products: 1. software products
Engineering Software Products: 1. software products
 
Ch25 configuration management
Ch25 configuration managementCh25 configuration management
Ch25 configuration management
 
Ch24 quality management
Ch24 quality managementCh24 quality management
Ch24 quality management
 
Ch23 project planning
Ch23 project planningCh23 project planning
Ch23 project planning
 
Ch22 project management
Ch22 project managementCh22 project management
Ch22 project management
 
Ch21 real time software engineering
Ch21 real time software engineeringCh21 real time software engineering
Ch21 real time software engineering
 
Ch20 systems of systems
Ch20 systems of systemsCh20 systems of systems
Ch20 systems of systems
 
Ch19 systems engineering
Ch19 systems engineeringCh19 systems engineering
Ch19 systems engineering
 
Ch18 service oriented software engineering
Ch18 service oriented software engineeringCh18 service oriented software engineering
Ch18 service oriented software engineering
 
Ch17 distributed software engineering
Ch17 distributed software engineeringCh17 distributed software engineering
Ch17 distributed software engineering
 
Ch16 component based software engineering
Ch16 component based software engineeringCh16 component based software engineering
Ch16 component based software engineering
 

Dernier

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Dernier (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 

Insulin pump overview

  • 1. The embedded control software for a personal insulin pump Case study: Insulin pump overview 1
  • 2. Medical systems  More and more medical instruments now include embedded control software.  These software systems are often critical systems as a patient’s life (or at least their health) may depend on the correct and timely functioning of these systems  The systems themselves are often relatively small and are therefore understandable unlike, for example, industrial control systems Case study: Insulin pump overview 2
  • 3. Diabetes  People with diabetes cannot make their own insulin, a hormone that is normally secreted by the pancreas. Insulin is essential to metabolise sugar and hence generate energy  Currently most diabetics inject insulin 2 or more times per day, with the dose injected based on readings of their blood sugar level  However, this results in artificial blood sugar fluctuations as it does not reflect the on-demand insulin production of the pancreas Case study: Insulin pump overview 3
  • 4. A personal insulin pump  A personal insulin pump is an external device that mimics the function of the pancreas  It uses an embedded sensor to measure the blood sugar level at periodic intervals and then injects insulin to maintain the blood sugar at a ‘normal’ level.  I will draw on this example at various points in the course to illustrate aspects of critical systems engineering Case study: Insulin pump overview 4
  • 5. Insulin pump hardware schematic Case study: Insulin pump overview 5
  • 6. Activity model of the personal insulin pump Case study: Insulin pump overview 6
  • 7. Concept of operation  Using readings from an embedded sensor, the system automatically measures the level of glucose in the sufferer’s body  Consecutive readings are compared and, if they indicate that the level of glucose is rising (see next slide) then insulin is injected to counteract this rise  The ideal situation is a consistent level of sugar that is within some ‘safe’ band Case study: Insulin pump overview 7
  • 8. Sugar levels  Unsafe  A very low level of sugar (arbitrarily, we will call this 3 units) is dangerous and can result in hypoglaecemia which can result in a diabetic coma and ultimately death.  Safe  Between 3 units and about 7 units, the levels of sugar are ‘safe’ and are comparable to those in people without diabetes. This is the ideal band.  Undesirable  Above 7 units of insulin is undesirable but high levels are not dangerous in the short-term. Continuous high-levels however can result in long-term side-effects. Case study: Insulin pump overview 8
  • 9. Insulin injection  The decision when to apply insulin does NOT depend on the absolute level of glucose that is measured in the sufferer’s blood.  The reason for this is that insulin does not act instantaneously and the change in sugar level does not simply depend on a single injection but also on previous injections.  A more complex decision based on previous levels and rate of change of sugar level is used. Case study: Insulin pump overview 9
  • 10. Injection scenarios  Level of sugar is in the unsafe band  Do not inject insulin;  Initiate warning for the sufferer.  Level of sugar is falling  Do not inject insulin if in safe band. Inject insulin if rate of change of level is decreasing.  Level of sugar is stable  Do not inject insulin if level is in the safe band;  Inject insulin if level is in the undesirable band to bring down glucose level;  Amount injected should be proportionate to the degree of undesirability ie inject more if level is 20 rather than 10. Case study: Insulin pump overview 10
  • 11. Injection scenarios  Level of sugar is increasing  Reading in unsafe band • No injection.  Reading in safe band • Inject only if the rate of increase is constant or increasing. If constant, inject standard amount; if increasing, compute amount based on increase.  Reading in unsafe band • Inject constant amount if rate of increase is constant or decreasing. • Inject computed amount if rate of increase is increasing. Case study: Insulin pump overview 11
  • 12. Glucose measurements Undesirable area Safe area Time Sugar level Unsafe area Inject t1 t2 t3 Inject Do not inject Do not inject Do not inject Case study: Insulin pump overview 12
  • 13. System specification  Functional specification  How to carry out the computation to determine if insulin should be administered  Dependability specification  Requirements to ensure safe operation of the pump Case study: Insulin pump overview 13
  • 14. Functional requirements  If the reading is below the safe minimum, no insulin shall be delivered.  If the reading is within the safe zone, then insulin is only delivered if the level of sugar is rising and the rate of increase of sugar level is increasing.  If the reading is above the recommended level, insulin is delivered unless the level of blood sugar is falling and the rate of decrease of the blood sugar level is increasing. Case study: Insulin pump overview 14
  • 15. Formal specification  Because of the complexity of the functional specification, there is considerable scope for misinterpretation  This system is an example where formal specification can be used to define the insulin to be delivered in each case Case study: Insulin pump overview 15
  • 16. Dependability specification  Availability  The pump should have a high level of availability but the nature of diabetes is such that continuous availability is unnecessary  Reliability  Intermittent demands for service are made on the system  Safety  The key safety requirements are that the operation of the system should never result in a very low level of blood sugar. A fail-safe position is for no insulin to be delivered  Security  Not really applicable in this case Case study: Insulin pump overview 16
  • 17. System availability  In specifying the availability, issues that must be considered are:  The machine does not have to be continuously available as failure to deliver insulin on a single occasion (say) is not a problem  However, no insulin delivery over a few hours would have an effect on the patient’s health  The machine software can be reset by switching it on and off hence recovery from software errors is possible without compromising the usefulness of the system  Hardware failures can only be repaired by return to the manufacturer. This means, in practice, a loss of availability of at least 3 days Case study: Insulin pump overview 17
  • 18. Availability  A general specification of availability suggests that the machine should not have to be returned to the manufacturer more than once every year years (this repair time dominates everything else) so  System availability = 727/730 *100 = 0.99  It is much harder to specify the software availability as the demands are intermittent. In this case, you would subsume availability under reliability Case study: Insulin pump overview 18
  • 19. Reliability metric  Demands on the system are intermittent (several times per hour) and the system must be able to respond to these demands  In this case, the most appropriate metric is therefore Probability of Failure on Demand  Other metrics  Short transactions so MTTF not appropriate  Insufficient number of demands for ROCOF to be appropriate Case study: Insulin pump overview 19
  • 20. System failures  Transient failures  can be repaired by user actions such as resetting or recalibrating the machine. For these types of failure, a relatively low value of POFOD (say 0.002) may be acceptable. This means that one failure may occur in every 500 demands made on the machine. This is approximately once every 3.5 days.  Permanent failures  require the machine to be repaired by the manufacturer. The probability of this type of failure should be much lower. Roughly once a year is the minimum figure so POFOD should be no more than 0.00002. Case study: Insulin pump overview 20
  • 21. System hazard analysis  Physical hazards  Hazards that result from some physical failure of the system  Electrical hazards  Hazards that result from some electrical failure of the system  Biological hazards  Hazards that result from some system failure that interferes with biological processes Case study: Insulin pump overview 21
  • 22. Insulin system hazards  insulin overdose or underdose (biological)  power failure (electrical)  machine interferes electrically with other medical equipment such as a heart pacemaker (electrical)  parts of machine break off in patient’s body(physical)  infection caused by introduction of machine (biol.)  allergic reaction to the materials or insulin used in the machine (biol). Case study: Insulin pump overview 22
  • 23. Risk analysis example Case study: Insulin pump overview 23
  • 24. Software-related hazards  Only insulin overdose and insulin underdose are software related hazards  The other hazards are related to the hardware and physical design of the machine  Insulin underdose and insulin overdose can be the result of errors made by the software in computing the dose required Case study: Insulin pump overview 24
  • 25. Software problems  Arithmetic error  Some arithmetic computation causes a representation failure (overflow or underflow)  Specification may state that arithmetic error must be detected and an exception handler included for each arithmetic error. The action to be taken for these errors should be defined  Algorithmic error  Difficult to detect anomalous situation  May use ‘realism’ checks on the computed dose of insulin Case study: Insulin pump overview 25
  • 27. General dependability requirements  SR1: The system shall not deliver a single dose of insulin that is greater than a specified maximum dose for a system user.  SR2: The system shall not deliver a daily cumulative dose of insulin that is greater than a specified maximum for a system user.  SR3: The system shall include a hardware diagnostic facility that should be executed at least 4 times per hour.  SR4: The system shall include an exception handler for all of the exceptions that are identified in Table 3.  SR5: The audible alarm shall be sounded when any hardware anomaly is discovered and a diagnostic message as defined in Table 4 should be displayed. Case study: Insulin pump overview 27
  • 28. Safety proofs  Safety proofs are intended to show that the system cannot reach in unsafe state Weaker than correctness proofs which must show that the system code conforms to its specification  Generally based on proof by contradiction  Assume that an unsafe state can be reached  Show that this is contradicted by the program code Case study: Insulin pump overview 28
  • 29. Insulin delivery system  Safe state is a shutdown state where no insulin is delivered  If hazard arises,shutting down the system will prevent an accident  Software may be included to detect and prevent hazards such as power failure  Consider only hazards arising from software failure  Arithmetic error The insulin dose is computed incorrectly because of some failure of the computer arithmetic  Algorithmic error The dose computation algorithm is incorrect Case study: Insulin pump overview 29
  • 30. Arithmetic errors  Use language exception handling mechanisms to trap errors as they arise  Use explicit error checks for all errors which are identified  Avoid error-prone arithmetic operations (multiply and divide). Replace with add and subtract  Never use floating-point numbers  Shut down system if exception detected (safe state) Case study: Insulin pump overview 30
  • 31. Algorithmic errors  Harder to detect than arithmetic errors. System should always err on the side of safety  Use reasonableness checks for the dose delivered based on previous dose and rate of dose change  Set maximum delivery level in any specified time period  If computed dose is very high, medical intervention may be necessary anyway because the patient may be ill Case study: Insulin pump overview 31
  • 32. Insulin delivery code Case study: Insulin pump overview 32
  • 33. Informal safety argument Case study: Insulin pump overview 33
  • 34. System testing  System testing of the software has to rely on simulators for the sensor and the insulin delivery components.  Test for normal operation using an operational profile. Can be constructed using data gathered from existing diabetics  Testing has to include situations where rate of change of glucose is very fast and very slow  Test for exceptions using the simulator Case study: Insulin pump overview 34
  • 35. Safety assertions  Predicates included in the program indicating conditions which should hold at that point.  May be based on pre-computed limits e.g. number of insulin pump increments in maximum dose.  Used in formal program inspections or may be pre-processed into safety checks that are executed when the system is in operation. Case study: Insulin pump overview 35
  • 36. Safety assertions Case study: Insulin pump overview 36