research-article

Formal Verification of Medical CPS: A Laser Incision Case Study

Authors:
André A. Geraldes

University of Verona, Italy, and Istituto Italiano di Tecnologia, Verona, Italy

University of Verona, Italy, and Istituto Italiano di Tecnologia, Verona, Italy
View Profile

,
Luca Geretti

University of Verona, Verona, Italy

University of Verona, Verona, Italy
View Profile

,
Davide Bresolin

University of Padova, Padova, Italy

University of Padova, Padova, Italy
View Profile

,
Riccardo Muradore

University of Verona, Verona, Italy

University of Verona, Verona, Italy
View Profile

,
Paolo Fiorini

University of Verona, Verona, Italy

University of Verona, Verona, Italy
View Profile

,
Leonardo S. Mattos

Istituto Italiano di Tecnologia, Via Morego, Genova, Italy

Istituto Italiano di Tecnologia, Via Morego, Genova, Italy
View Profile

,
Tiziano Villa

University of Verona, Verona, Italy

University of Verona, Verona, Italy
View Profile

Authors Info & Claims

ACM Transactions on Cyber-Physical Systems Volume 2 Issue 4Article No.: 35pp 1–29https://doi.org/10.1145/3140237

Published:05 July 2018Publication History

ACM Transactions on Cyber-Physical Systems

Abstract

The use of robots in operating rooms improves safety and decreases patient recovery time and surgeon fatigue, but it introduces new potential hazards that can lead to severe injury or even the loss of human life. Thus, safety has been perceived as a crucial system property since the early days by the industry, the medical community, and the regulatory agents. In this article, we discuss the application of the mathematically rigorous technique known as Formal Verification to analyze the safety properties of a laser incision case study, and we assess its safe and predictable operation. Like all formal methods approaches, our analysis has three distinct components: a method to create a model of the system, a language to specify the properties, and a strategy to prove rigorously that the behavior of the model fulfills the desired properties. The model of the system takes the form of a hybrid automaton consisting of a discrete control part that operates in a continuous environment. The safety constraints are formalized as reachability properties of the hybrid automaton model, while the verification strategy exploits the capabilities of the tool Ariadne to address the verification problem and answer the related questions ranging from safety to efficiency and effectiveness.

References

Rajeev Alur. 2011. Formal verification of hybrid systems. In Proceedings of the 9th ACM International Conference on Embedded Software (EMSOFT’11). ACM, 273--278. Google ScholarDigital Library
R. Alur, C. Courcoubetis, N. Halbwachs, T. A. Henzinger, P. h. Ho, X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. 1995. The algorithmic analysis of hybrid systems. Theor. Comput. Sci. 138 (1995), 3--34. Google ScholarDigital Library
Rajeev Alur and David L. Dill. 1994. A theory of timed automata. Theor. Comput. Sci. 126, 2 (1994), 183--235. Google ScholarDigital Library
Tobias Amnell, Elena Fersman, Leonid Mokrushin, Paul Pettersson, and Wang Yi. 2004. TIMES: A tool for schedulability analysis and code generation of real-time systems. In Proceedings of the 1st International Workshop on Formal Modeling and Analysis of Timed Systems (FORMATS’03). Springer, 60--72.Google ScholarCross Ref
Ryan A. Beasley. 2012. Medical robots: Current systems and research directions. J. Robot. 2012, Article 401613 (2012), 14 pages.Google Scholar
Gerd Behrmann, Alexandre David, Kim Guldstrand Larsen, Paul Pettersson, and Wang Yi. 2011. Developing UPPAAL over 15 years. Softw. Pract. Exper. 41, 2 (2011), 133--142. Google ScholarDigital Library
Luca Benvenuti, Davide Bresolin, Pieter Collins, Alberto Ferrari, Luca Geretti, and Tiziano Villa. 2014. Assume-guarantee verification of nonlinear hybrid systems with ARIADNE. Int. J. Robust. Nonlin. Control 24, 4 (2014), 699--724.Google ScholarCross Ref
P. Berkelman and others. 2009. A compact modular teleoperated robotic system for laparoscopic surgery. Int. J. Robot. Res. 28, 9 (2009), 1198. Google ScholarDigital Library
Davide Bresolin, Luca Geretti, Riccardo Muradore, Paolo Fiorini, and Tiziano Villa. 2014. Verification of robotic surgery tasks by reachability analysis: A comparison of tools. In Proceedings of the 17th Euromicro Conference on Digital System Design (DSD’14). IEEE, 659--662. Google ScholarDigital Library
Davide Bresolin, Luca Geretti, Riccardo Muradore, Paolo Fiorini, and Tiziano Villa. 2015. Formal verification of robotic surgery tasks by reachability analysis. Microprocess. Microsyst. 39, 8 (2015), 836--842. Google ScholarDigital Library
Xin Chen, Erika Abraham, and Sriram Sankaranarayanan. 2012. Taylor model flowpipe construction for non-linear hybrid systems. In Proceedings of the IEEE 33rd Real-Time Systems Symposium. IEEE Computer Society, 183--192. Google ScholarDigital Library
Xin Chen, Erika Ábrahám, and Sriram Sankaranarayanan. 2013. Flow*: An analyzer for non-linear hybrid systems. In Proceedings of the 25th International Conference on Computer Aided Verification (CAV’13) (LNCS), Vol. 8044. Springer, 258--263.Google ScholarCross Ref
Alessandro Cimatti, Alberto Griggio, Sergio Mover, and Stefano Tonetta. 2015. HyComp: An SMT-based model checker for hybrid systems. In Proceedings of the 21st International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’15) (LNCS), Vol. 9035. Springer, 52--67. Google ScholarDigital Library
Kevin Cleary and Charles Nguyen. 2001. State of the art in surgical robotics: Clinical applications and technology challenges. Comput. Aided Surg. 6, 6 (2001), 312--328.Google ScholarCross Ref
Brian L. Davies. 1996. A Discussion of Safety Issues for Medical Robots. MIT Press, Cambridge, MA, 287--296.Google Scholar
J. P. Desai and N. Ayache. 2009. Editorial special issue on medical robotics. Int. J. Robot. Res. 28, 9 (September 2009), 1099--1100. Google ScholarDigital Library
Baowei Fei, Wan Sing Ng, Sunita Chauhan, and Chee Keong Kwoh. 2001. The safety issues of medical robotics. Reliabil. Eng. Syst. Safety 73, 2 (2001), 183--192.Google ScholarCross Ref
Loris Fichera. 2016. Cognitive Supervision for Robot-Assisted Minimally Invasive Laser Surgery (1st ed.). Springer International Publishing, Switzerland. Google ScholarDigital Library
Loris Fichera, Diego Pardo, Placido Illiano, Jesus Ortiz, Darwin G. Caldwell, and Leonardo S. Mattos. 2015. Online estimation of laser incision depth for transoral microsurgery: Approach and preliminary evaluation. Int. J. Med. Robot. Comput. Assist. Surg. 12, 1 (March 2015), 53--61.Google Scholar
G. Frehse. 2008. PHAVer: Algorithmic verification of hybrid systems past HyTech. Int. J. Softw. Tools Technol. Transfer 10, 3 (2008), 263--279. Google ScholarDigital Library
G. Frehse, C. Le Guernic, A. Donzé, S. Cotton, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang, and O. Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In Proceedings of the 23rd International Conference on Computer Aided Verification (CAV’11) (LNCS), Vol. 6806. Springer, 379--395. Google ScholarDigital Library
N. Fulton, S. Mitsch, J. D. Quesel, M. Völp, and A. Platzer. 2015. KeYmaera X: An aXiomatic tactical theorem prover for hybrid systems. In Proceedings of the International Conference on Automated Deduction (CADE’15), Vol. 9195. Springer, 527--538.Google Scholar
E. Guglielmelli, M. J. Johnson, and T. Shibata. 2009. Guest editorial special issue on rehabilitation robotics. IEEE Trans. Robot. 25, 3 (June 2009), 477--480. Google ScholarDigital Library
T. A. Henzinger. 1996. The theory of hybrid automata. In Proceedings of the 11th IEEE Symposium on Logic in Computer Science (LICS’96). IEEE Computer Society, 278--292. Google ScholarDigital Library
T. A. Henzinger, P. W. Kopke, A. Puri, and P. Varaiya. 1998. What’s decidable about hybrid automata? J. Comput. Syst. Sci. 57, 1 (1998), 94--124. Google ScholarDigital Library
Thomas A. Henzinger and Joseph Sifakis. 2006. The embedded systems design challenge. In Proceedings of the 14th International Symposium on Formal Methods (FM’06) (LNCS), Vol. 4085. Springer, 1--15. Google ScholarDigital Library
Eunkyoung Jee, Shaohui Wang, Jeong-Ki Kim, Jaewoo Lee, Oleg Sokolsky, and Insup Lee. 2010. A safety-assured development approach for real-time software. In Proceedings of the 16th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA’10). IEEE, 133--142. Google ScholarDigital Library
R. Jetley, S. Purushothaman Iyer, and P. Jones. 2006. A formal methods approach to medical device review. Computer 39, 4 (April 2006), 61--67. Google ScholarDigital Library
Timothy L. Johnson. 2007. Improving automation software dependability: A role for formal methods? Control Eng. Practice 15, 11 (2007), 1403--1415.Google ScholarCross Ref
P. Kazanzides, G. Fichtinger, G. D. Hager, A. M. Okamura, L. L. Whitcomb, and R. H. Taylor. 2008. Surgical and interventional robotics-core concepts, technology, and design. IEEE Robot. Autom. Mag. 15, 2 (2008), 122--130.Google ScholarCross Ref
BaekGyu Kim, Anaheed Ayoub, Oleg Sokolsky, Insup Lee, Paul L. Jones, Yi Zhang, and Raoul Praful Jetley. 2011. Safety-assured development of the GPCA infusion pump software. In Proceedings of the 11th International Conference on Embedded Software (EMSOFT’11). ACM, 155--164. Google ScholarDigital Library
Yanni Kouskoulas, David Renshaw, André Platzer, and Peter Kazanzides. 2013. Certifying the safe design of a virtual fixture control algorithm for a surgical robot. In Proceedings of the 16th International Conference on Hybrid Systems: Computation and Control (HSCC’13). ACM, 263--272. Google ScholarDigital Library
H. Kress-Gazit. 2011. Robot challenges: Toward development of verification and synthesis techniques {from the Guest Editors}. IEEE Robot. Autom. Mag. 18, 3 (Sept. 2011), 22--23.Google Scholar
I. Lee, O. Sokolsky, S. Chen, J. Hatcliff, E. Jee, B. Kim, A. King, M. Mullen-Fortino, S. Park, A. Roederer, and K. K. Venkatasubramanian. 2012. Challenges and research directions in medical cyber--physical systems. Proc. IEEE 100, 1 (Jan 2012), 75--90.Google Scholar
Col Michael R. Marohn and Capt. Eric J. Hanly. 2004. Twenty-first century surgery using twenty-first century technology: surgical robotics. Curr. Surgery 61, 5 (2004), 466--473.Google ScholarCross Ref
Maja Matarić, Allison M. Okamura, and Henrik I. Christensen. 2013. Roadmap for medical and healthcare robotics. In A Roadmap for U.S. Robotics—From Internet to Robotics (2013 ed.). Georgia Institute of Technology, Atlanta, GA, Chapter 2, 27--62.Google Scholar
L. S. Mattos, G. Dagnino, G. Becattini, M. Dellepiane, and D. G. Caldwell. 2011. A virtual scalpel system for computer-assisted laser microsurgery. In Proceedings of the IEEE/RSJ International Conference on Intelligent Robots and Systems. IEEE, 1359--1365.Google Scholar
R. Muradore, D. Bresolin, L. Geretti, P. Fiorini, and T. Villa. 2011. Robotic surgery: Formal verification of plans. IEEE Robot. Autom. Mag. 18, 3 (2011), 24--32.Google ScholarCross Ref
Markolf H. Niemz. 2007. Laser-tissue Interactions. Fundamentals and Applications. Springer, Berlin.Google Scholar
Pierluigi Nuzzo, Alberto L. Sangiovanni-Vincentelli, Davide Bresolin, Luca Geretti, and Tiziano Villa. 2015. A platform-based design methodology with contracts and related tools for the design of cyber-physical systems. Proc. IEEE 103, 11 (2015), 2104--2132.Google ScholarCross Ref
S. Ratschan and Z. She. 2007. Safety verification of hybrid systems by constraint propagation based abstraction refinement. ACM Trans. Embed. Comput. Syst. 6, 1, Article 8 (2007), 23 pages. Google ScholarDigital Library
A. Sangiovanni-Vincentelli. 2007. Quo vadis, SLD? Reasoning about the trends and challenges of system level design. Proc. IEEE 95, 3 (2007), 467--506.Google ScholarCross Ref
R. H. Taylor. 2006. A perspective on medical robotics. Proc. IEEE 94, 9 (Sept. 2006), 1652--1664.Google ScholarCross Ref
R. H. Taylor, H. A. Paul, P. Kazanzides, B. D. Mittelstadt, W. Hanson, J. Zuhars, B. Williamson, B. Musits, E. Glassman, and W. L. Bargar. 1991. Taming the bull: Safety in a precise surgical robot. In Proceedings of the 5th International Conference on Advanced Robotics (ICAR’91), Vol. 1. IEEE, 865--870.Google Scholar

Index Terms

Formal Verification of Medical CPS: A Laser Incision Case Study
1. Computer systems organization
  1. Architectures
    1. Other architectures
      1. Heterogeneous (hybrid) systems
  2. Embedded and cyber-physical systems
    1. Robotics
2. Computing methodologies
  1. Modeling and simulation
    1. Model development and analysis
      1. Model verification and validation

Recommendations

Formal Specification and Verification of Autonomous Robotic Systems: A Survey

Autonomous robotic systems are complex, hybrid, and often safety critical; this makes their formal specification and verification uniquely challenging. Though commonly used, testing and simulation alone are insufficient to ensure the correctness of, or ...
Read More
Formal verification of robotic surgery tasks by reachability analysis

In this paper we discuss the application of formal methods for the verification of properties of control systems designed for autonomous robotic systems. We illustrate our proposal in the context of surgery by considering the automatic execution of a ...
Read More
Formal verification of obstacle avoidance and navigation of ground robots

This article answers fundamental safety questions for ground robot navigation: under which circumstances does which control decision make a ground robot safely avoid obstacles__ __ Unsurprisingly, the answer depends on the exact formulation of the ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Cyber-Physical Systems Volume 2, Issue 4
Special Issue on Medical CPS Papers
October 2018
313 pages
ISSN:2378-962X
EISSN:2378-9638
DOI:10.1145/3236466
Editor:
Tei-Wei Kuo
National Taiwan University, and Academia Sinica, Taiwan
Issue’s Table of Contents
Copyright © 2018 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 5 July 2018
- Accepted: 1 September 2017
- Revised: 1 April 2017
- Received: 1 August 2016
Published in tcps Volume 2, Issue 4

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Formal verification
hybrid systems
surgical robotics
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 3
  Total Citations
  View Citations
- 210
  Total Downloads
- Downloads (Last 12 months)14
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Formal Verification of Medical CPS: A Laser Incision Case Study

ACM Transactions on Cyber-Physical Systems

Abstract

References

Cited By

Index Terms

Recommendations

Formal Specification and Verification of Autonomous Robotic Systems: A Survey

Formal verification of robotic surgery tasks by reachability analysis

Formal verification of obstacle avoidance and navigation of ground robots