System and method for recovering from transient faults in an implantable medical device
First Claim
Patent Images
1. A method for operating an implantable medical device, comprising:
- controlling the operation of the device with a primary controller;
detecting faults with fault monitoring circuitry;
upon detection of a fault by the fault monitoring circuitry, signaling the primary controller to halt operation and to activate a fail-safe subsystem for delivering therapy;
after activation of the fail-safe subsystem, signaling the primary controller to validate its operation with a self-test and to deactivate the fail-safe subsystem if the primary controller is validated; and
,employing a system-reset monitor to detect system resets caused by non-recoverable and persistent faults and to maintain a reset count that is incremented when an internal reset generated by the fault monitoring circuitry occurs, wherein the reset count is intermittently decremented.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method is disclosed for system fault recovery by an implantable medical device which employs a global fault response. The system enables the device to consistently recover from transient faults while maintaining a history of the reason for the device fault. Upon detection of a fault, the primary controller of the device signals a reset controller which then issues a reset command. All sub-systems of the primary device controller are then reset together rather than resetting individual sub-systems independently to ensure deterministic behavior.
-
Citations
18 Claims
-
1. A method for operating an implantable medical device, comprising:
-
controlling the operation of the device with a primary controller; detecting faults with fault monitoring circuitry; upon detection of a fault by the fault monitoring circuitry, signaling the primary controller to halt operation and to activate a fail-safe subsystem for delivering therapy; after activation of the fail-safe subsystem, signaling the primary controller to validate its operation with a self-test and to deactivate the fail-safe subsystem if the primary controller is validated; and
,employing a system-reset monitor to detect system resets caused by non-recoverable and persistent faults and to maintain a reset count that is incremented when an internal reset generated by the fault monitoring circuitry occurs, wherein the reset count is intermittently decremented. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for operating an implantable medical device, comprising:
-
controlling the operation of the device with a primary controller; detecting faults with fault monitoring circuitry; upon detection of a fault by the fault monitoring circuitry, signaling the primary controller to halt operation and to activate a fail-safe subsystem for delivering therapy; after activation of the fail-safe subsystem, signaling the primary controller to validate its operation with a self-test and to deactivate the fail-safe subsystem if the primary controller is validated; and
,monitoring program behavior in the primary controller by detecting extended thread execution time and thread sequence anomalies, wherein a thread is defined as one of several paths of execution inside a single process or context. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
Specification