Research Project: Static Analysis of Medical Device Software
Investigators and compliance regulators at CDRH occasionally need to review medical device software to assess its integrity. Typically, they have to do this with little or no prior knowledge of the software. Historically, the only way to perform such a review has been to manually search the code for potential sources of error – a process that is both tedious and error-prone. Static analysis can improve this process by providing a means for automated error detection. By using formal methods-based techniques to explore execution paths of the software, static analysis provides complete, or almost complete, coverage of the code, and helps detect potentially fatal errors that may not easily be detected through conventional testing methods. Using automated static analysis tools can help reduce the effort involved in analysis and provide a more accurate assessment of the software.
This project is aimed at investigating various static analysis techniques, e.g., symbolic execution, abstract interpretation, and reverse engineering, and applying these to analyze software in medical devices. Results from this study will provide CDRH with a capability to assess software quality, both during pre-market and post-market reviews. At the same time, the research will help improve the state-of-the-art in static analysis technology by improving precision and efficiency of static analysis tools, specifically applied to medical device software.