PPS messaging simplifies medical device design

The design, development, and market preparation of an electronic medical device may cost more time, effort, and cost than a consumer-grade device with the same technical complexity. In addition to general development and approval requirements, medical devices have strict functional safety and certification requirements. These requirements mean that medical devices have a well-defined and managed design, development, and approval environment, and require extensive and granular verification of functional safety.

This article refers to the address: http://

Of course, medical devices must be certified by the competent authority where the product is sold and used, such as the FDA 510(k) pre-market notice, the Medical Device Directive (MDD), and other international and national agencies.

This article describes the PPS messaging in the medical data aggregator and publisher (QNX Medical Demonstration). The QNX Medical Demonstration (MD) integrates a sphygmomanometer, spirometer, pulse oximeter, electrocardiogram and insulin pump in a portable demonstration application. These devices connect to the QNX Continua Interoperability Manager and communicate with the Qt HMI using QNX PPS messaging. PPS also provides messaging services for remote managers to ensure secure Internet communication with cloud-based databases and portable tablets. Since systems with PPS messaging can easily integrate different components, we can conclude that PPS messaging is ideal for systems like QNX MD applications.

Figure 1: QNX MD demo.

Figure 1: QNX MD demo.

Asynchronous messaging

Asynchronous messaging is well known and widely used and will not be described here. It is an option for many systems, but some of its features make it difficult to be an ideal solution for systems that require a large number of devices and software.

Figure 2: With asynchronous messaging, the process does not have to wait for a reply from the target receiving process.

Figure 2: With asynchronous messaging, the process does not have to wait for a reply from the target receiving process.

For the messaging model of complex medical devices, it's worth noting that asynchronous messaging is a low-end solution that pushes the burden of error handling, end-to-end semantics, and buffer management to the application level. Therefore, architects must develop one or more protocols when designing systems that use asynchronous messaging models to ensure that messaging is done correctly in all applications because they must ensure that these applications get enough under high load conditions. Memory allocation is used for message buffering.

In a simple system, accomplishing these tasks can be laborious, but for designing or upgrading complex systems, these tasks can be a daunting challenge. Further, the complex operations they bring to the application-level or application development process not only affect the design and development process, but also affect device approvals, which in turn affect device certification.

Send/receive/reply

Send/receive/reply (or sync) messaging is not as common as asynchronous messaging. Its importance is mainly reflected in the real-time environment - many processes must respond to their messages before they can continue to run. In addition, unlike asynchronous messaging, when using send/receive/reply messaging, the system framework is burdened with handling messaging errors and message buffering.

Each server communicates directly with its clients and must know how to respond to all client messages.

Synchronous messaging is closely linked to senders and receivers, so changing a software component may require changes to other software components, which not only delays or hinders system development, but also exacerbates system vulnerabilities.

Figure 3: With synchronous messaging, the process blocks until it receives a reply from the target receiving process.

Figure 3: With synchronous messaging, the process blocks until it receives a reply from the target receiving process.

In short, if you use send/receive/reply messaging, as the system expands and adds different components, the complexity of the system will rapidly increase and become vulnerable, so it is difficult to ensure performance and is extremely important for medical devices. The reliability is upgraded and expanded at the same time.

Is the binary still readable?

System scalability

With the PPS service, publishers and subscribers do not know each other; the only connection between them is an object with a certain meaning and purpose. This messaging model gives system designers great flexibility: if necessary, they can postpone decisions about module connection points and data flows until runtime. Because these decisions are neither hard-coded nor directly linked, developers can change decisions based on actual conditions or changes in requirements, and even dynamically change decisions while the system is running.

The loosely coupled PPS messaging mode also simplifies the integration of new software components. Since publishers and subscribers do not have to know each other, developers who add components only need to determine the release of these new components and the data content they need to be published by other PPS clients. Developers do not need to fine-tune the application interface; system complexity does not increase as components grow.

Figure 4: QNX MD video screenshot.

Figure 4: QNX MD video screenshot.

Medical demonstration

As part of the medical device development program developed by QNX Software Systems, the QNX MD data aggregation and distribution application was designed and created in a system running QNX Neutrino RTOS to run on the limited computing resources provided by portable medical devices. The application combines a range of typical devices with an HMI based on the Continua Manager, PPS and User Interface Framework Qt.

Qt and CESL

The Qt user interface and the Continua Manager Software Library (CESL) interoperability manager were chosen because both technologies are well known in the medical device industry. Qt provides a well-defined set of UI components in the C++ development environment and has a long history of successful implementation on FDA and other regulatory medical devices.

Figure 5: QNX MD Data Aggregation and Publishing Application with PPS Messaging Mode

Figure 5: QNX MD data aggregation and publishing application with PPS messaging mode. Note that PPS provides all messaging for the HMI and Interoperability Manager as well as the Remote Manager.

Qt provides all the components needed to create a clear, efficient user interface that meets stringent design requirements, including layout, tiering, and multimedia support. Similarly, the communication protocol in the Continua software library not only provides an easy way to communicate with disparate medical devices, but is also a standardized protocol that has been successfully deployed in medical devices. In short, Qt and Continua technology meet all needs and are known and trusted by the medical device industry.

Simplified architecture

An important benefit of the QNX MD demo application using the PPS service is that the loosely coupled messaging model enables a flexible architecture. If for any reason this change must be required, only a minimal amount of work is required to replace the Continua library with another library, or to replace the Qt of the HMI.

Changing the HMI technology does not require changing the interoperability manager or the remote manager, just as changing these managers does not require changing the HMI. In addition, the PPS messaging mode makes it easy to add new devices, and new devices can be connected to the system via USB, Bluetooth or even TCP using the standard Continua protocol. For example, simply connect an EEG to the Interoperability Manager using the Continua protocol, create appropriate PPS objects to communicate with the database, local HMIs, and remote HMIs on the tablet, and add related display and control functions to the HMI. The EEG can be added to the feasibility argument model.

In systems that use other messaging modes, components are intimately connected to each other and are also closely tied to the human machine interface. Every component needs to understand the other components that need to exchange data with it -- changing or adding content in such a system architecture is bound to be difficult, time consuming, and risky. Another advantage of the PPS messaging model is that it simplifies testing and functional security verification because adding new components does not require re-accessing messaging between all other components.

Finally, PPS messaging simplifies brand rebranding, localization, and user interface updates. Because the HMI communicates with the rest of the system through the PPS object, the user interface designer only needs to ensure that the PPS object subscribed to and published by the new or changed HIMI is the same as the PPS object of the previous HMI. They don't need to change any of the lines below the HMI. On the same basic system, you can create a variety of products by different interfaces, different features or different HMI designs in different regions (for example, support different writing systems or different color preferences and meanings). series.

Figure 6: High-level view of the QNX MD application connecting to an external database.

Figure 6: High-level view of the QNX MD application connecting to an external database.

Summary of this article

The QNX MD application demonstrates how PPS messaging can be applied to a loosely coupled medical device architecture. This design enables flexible and powerful communication between the HMI and the interoperability manager supporting the standard Continua protocol. This interoperability manager can also communicate with external component devices. Because components only publish and subscribe to PPS objects based on implementation requirements, they don't need to know each other, so they can scale or modify the system with little effort. In fact, the loosely coupled architecture of the PPS component makes it easier to change, upgrade, and scale tasks, reducing risk.

The PPS service can be designed to use binary objects or readable objects.

We chose to use readable objects and attributes for QNX PPS because of the greater development and debugging advantages over the cost of larger objects.

Readable objects allow debugging from the command line using simple file system tools, such as the cat command for subscriptions and the echo command for publishing.

for example:

Cat /pps/media/PlayCurrent

Cat /pps/media/.all?wait

or

Echo "attr::value""/pps/objectfilename

Similarly, debugging information (including PPS objects and properties) can be retrieved by a simple program that subscribes to an object and prints it out.

Persistent publish/subscribe

For real-time operating systems (such as QNX Neutrino RTOS that must meet stringent reliability and accessibility requirements), the send/receive/reply messaging model is very applicable, even mandatory. However, as with asynchronous messaging, sending/receiving/replying messaging is not the best choice for complex systems, especially when these systems must easily integrate different applications and functions. The send/receive/reply messaging is closely related to the sender and receiver.

Publish/subscribe has been in various forms for at least 20 years. In 1987, KPBirman and TAJoseph described a similar messaging model (virtual synchronization) as "a fault-tolerant asynchronous bulletin board mechanism."

Twenty years ago, Nortel Networks applied a similar model to perform fault monitoring on a telephone exchange (such as the DMS-100) and used the technology of the network monitoring and reporting system. As long as you search quickly on the web, you can find many application examples for publish/subscribe. Further search, and hundreds of articles related to certain aspects of publish/subscribe or other observer model calculation models can be found on the American Computer Society (ACM) portal.

We will focus on ensuring that a continuous publish/subscribe model or PPS can help develop and deploy embedded applications that support not only a variety of devices and software components but also communicate with complex human interfaces when restarting. .

We use Qt-based HMI for QNX MD, but the advantages of PPS messaging mode can also be applied to HMIs built by other technologies. In fact, PPS has been applied to other systems, including QNX CAR application platform and Smart Energy reference. Apps, both of which have an HMI based on Adobe Flash.

Object-based system

PPS is an object-based service provided to publishers and subscribers in a loosely coupled messaging architecture. Depending on the needs of the implementation service, any PPS service client can be either a separate publisher or subscriber, or both a publisher and a subscriber.

Publishing is done asynchronously. The PPS object is integrated in the path name space of the PPS file system. Publishers can modify objects and their properties and write them to the file system. When any publisher changes an object, the PPS service notifies all clients that subscribe to the object. A PPS client can subscribe to multiple objects, and a PPS object can have multiple publishers and multiple subscribers. Thus, a publisher who can access data applied to different object attributes can use the same object to communicate information with all subscribers of the object.

The PPS client must know which PPS objects are of interest. If it is a publisher, they need to know when to post what message; if it is a subscriber, they need to know the type of object being subscribed and the object properties of interest. However, the PPS client does not have to manage the error, just buffer it within the scope of the open(), read(), and write() POSIX API calls, confirming that it understands what is read and whether it wants the read to be blocked or non-blocking. . The PPS service is responsible for handling other content. The client only needs to know that the message has been read and can analyze the read content. Also, since PPS subscribers use the read() call to retrieve objects, they don't need to manage the buffers of those objects.

Push or extract?

By default, the QNX PPS service runs as a push-based publishing system; that is, the publisher pushes the data to the object, and the subscriber reads the data based on notifications or at leisure.

However, some data (such as the packet count on the interface) changes too quickly, so it cannot be effectively published by using the default push-published PPS.

To this end, QNX PPS also offers an option to allow subscribers to turn PPS into an extractive publishing system. When a subscriber opens an object with this option and issues a read() call, all publishers of that object receive a notification to write the current data in the object. Subscriber reads are blocked until the object's data is updated and new data is returned.

With this extraction mechanism, PPS subscribers can retrieve data from publishers at the speed they need, enabling true on-demand publishing.

Language independence

PPS services can be designed to use standard POSIX file systems and can be used with all programming languages ​​or application environments, including C, C++, Java, Javascript, ksh scripting languages, and more.

Components written in one language can communicate with components written in other languages. No special knowledge of other components is required.

Persistence

The PPS service can maintain data on reboot. It not only maintains objects in memory at runtime, but also saves objects to persistent storage at runtime or as needed during shutdown. It can recover objects at system startup or on first access (lazy loading). Of course, the underlying persistent storage relies on reliable file systems and storage media such as hard disks, NAND or NOR flash or other custom file systems.

In addition to ensuring data persistence during reboots, the PPS messaging mode also simplifies system startup. For example, in a system that uses another messaging mode, if the client starts up immediately after the server, the client must request the latest data from the server in case some time occurs between the server and the client startup. Variety. This request is made when the client loses contact with the server (for whatever reason), all clients in the system make such a request, and the server must respond.

With PPS, system services restore objects at startup and maintain them as they change. All clients (whenever they are started or reconnected) simply need to read these objects to get the latest data.

2.0mm Pin Header

2.0Mm Pin Header,2Mm Pitch Pcb Connector,Double Row 90Degree Pcb Connector,Male Header Pcb Connector

Dongguan City Yuanyue Electronics Co.Ltd , https://www.yuanyueconnector.com