This project is a collaboration under the NSF-FDA Scholar-In-Residence (SIR) program. Software increasingly is used in safety-critical medical devices. Given the safety-critical nature of software controlling medical devices, regulatory agencies are endowed by the government with authority to allow only software meeting with high standards of quality to be put into use. For example, the US Food and Drug Administration (FDA) prohibits a medical device from being marketed unless it can be reasonably trusted as safe and effective. Moreover, if a device on the market is reported to fail and cause health consequences to patients, the FDA has the right to take corrective actions, such as post-market reviews of the device to find the root cause of the failure. As medical device technology evolves, so does the software upon which the technology often relies. Changes in device software, after it has been approved or cleared by the FDA, may compromise the safety of that device. Assessing the safety of such changes presents special challenges to regulators at the FDA. To address these challenges in the context of regulation at the FDA, the research develops differential analysis techniques using the technology of dynamic symbolic execution to assess the effects of software changes on device safety. The research explores new techniques for addressing unique requirements and challenges posed by differential analysis in the context of FDA regulation. These techniques also advance the fundamental state of the art in differential analysis. Among the broader impacts of the project includes integration of the research into education programs and enhancement of teaching and research infrastructure.
Software increasingly is used in safety-critical medical devices. Given the safety-critical nature of software controlling medical devices, regulatory agencies are endowed by the government with authority to allow only software meeting with high standards of quality to be put into use. For example, the US Food and Drug Administration (FDA) prohibits a medical device from being marketed unless it can be reasonably trusted as safe and effective. Moreover, if a device on the market is reported to fail and cause health consequences to patients, the FDA has the right to take corrective actions, such as post-market reviews of the device to find the root cause of the failure. As medical device technology evolves, so does the software upon which the technology often relies. Changes in device software, after it has been approved or cleared by the FDA, may compromise the safety of that device. Assessing the safety of such changes presents special challenges to regulators at the FDA. In particular, assessing the safety of software in a pre-market device presents its own challenge given the available tools and time constraints. Assessing the safety of software in a post-market device after changes have been made to the software is yet another challenge. Both types of safety assessment on changes are to assure that the changes themselves are safe and that predicate device safety has not been compromised. Given that software testing has been used as a major means to ensure high-quality medical device software, this project reviews existing software-testing techniques that expose failures in medical device software. In particular, the failures in existing medical device software are categorized and then the Systematic Literature Review method is used to compare existing research studies against the categorized failures. Based on the study results, improvements are suggested for helping future research of testing medical device software. Furthermore, this project investigates the improvement of symbolic execution, which has been shown to be an effective technique for differential analysis on changes in software including medical device software. In particular, the project tackles two common problems faced by symbolic execution: the environment dependence problem and the loop problem. The resulting improvement on symbolic execution for addressing these problems leads to higher effectiveness of conducting differential analysis on changes in medical device software.
