UACFinder: Mining Syntactic Carriers of Unspecified Assumptions in Medical Cyber-Physical System Design Models

During the system development process, domain experts and developers often make assumptions about specifications and implementations. However, most of the assumptions being taken for granted by domain experts and developers are too tedious to be documented by them. When these unspecified assumptions are violated in an environment in which the system operates, failures can occur. According to the U.S. Food and Drug Administration (FDA) medical device recall database, medical device recalls caused by software failures are at an all-time high. One major cause of these recalls is violations of unspecified assumptions made in medical systems. Therefore, it is crucial to have tools to automatically identify such unspecified assumptions at an early stage of the systems development process to avoid fatal failures. In this article, we present a tool called Unspecified Assumption Carrier Finder (UACFinder) that uses data mining techniques to automatically identify potential syntactic carriers of unspecified assumptions in system design models. The main idea of this tool is based on the observation we obtained from our earlier analysis of software failures in medical device recalls caused by unspecified assumptions. We observed that unspecified assumptions often exist in medical systems through syntactic carriers, such as constant variables, frequently read/updated variables, and frequently executed action sequences. Therefore, we develop the UACFinder to automatically find these potential unspecified assumption syntactic carriers rather than unspecified assumptions themselves. Once the UACFinder identifies the potential unspecified assumption syntactic carriers, domain experts and developers can validate whether these syntactic carriers indeed carry unspecified assumptions. We use a simplified cardiac arrest treatment scenario as a case study to evaluate the UACFinder in mining potential syntactic carriers of unspecified assumptions. In addition, we invite a medical doctor to validate unspecified assumptions carried by the mined syntactic carriers. The case study demonstrates that the UACFinder is effective in helping to identify potential unspecified assumptions from system design models.