Skip to content

REVIEW.md

Latest commit

 

History

History
331 lines (247 loc) · 13.6 KB

REVIEW.md

File metadata and controls

331 lines (247 loc) · 13.6 KB

Omega (physio_sim) — Deep Code Review Report

Date: 2026-02-25 Scope: Full-stack analysis — numerical accuracy, security, test coverage, performance Codebase: ~1,879 LOC Python across 26 modules, 19 tests passing

Executive Summary

Area Score Verdict
Numerical / Scientific Accuracy 6.5/10 Needs improvement
Security 8.3/10 Secure
Test Coverage 3.5/10 Critical gaps
Performance 7.0/10 Good for research scale
Code Quality / API Design 8.5/10 Excellent
Overall 6.8/10 Good foundation, significant gaps

Top-5 Critical Findings:

  1. Negative state clipping hides solver failuresmodel.py:178, solver.py:64 silently clip without logging
  2. Forward Euler PD linkpd/link.py:17-19 introduces ~1-5% error, grows with slow ke0
  3. Test coverage ~17% — Core PK/PD calculations (Kp, Emax, effect-site, DDI, MCMC) have 0% unit tests
  4. Mass balance tolerance is absolute, not relativevalidation/__init__.py:11 uses fixed 1e-3 mg
  5. Sensitivity analysis is serialcore/sensitivity.py:45-71 runs 11 simulations without parallelization

1. Numerical / Scientific Accuracy

1.1 ODE Solver Configuration

File: physio_sim/pbpk/solver.py:49-59

Aspect Current Assessment
Solver BDF (Backward Differentiation) Appropriate for stiff PBPK systems
rtol (default) 1e-6 Too loose — permits ~1 ppm error per compartment
atol (default) 1e-9 atol/rtol ratio violates SUNDIALS guidance
rtol (deterministic) 1e-8 Better, still not research-grade
Adaptive stepping Yes (BDF built-in) Good
Dose events Not handled Single-dose only — document limitation

Recommendation: Default to rtol=1e-9, atol=1e-11 for production use. Current defaults suitable only for exploratory analysis.

1.2 Forward Euler in Effect-Site PD

File: physio_sim/pd/link.py:9-20

# Current: Forward Euler (O(dt) global error)
ce[i] = ce[i-1] + dt * ke0 * (Cp[i-1] - ce[i-1])

Error Analysis:

  • For ke0 = 0.6 h⁻¹, dt = 0.1 h: relative error ~1.2%
  • For ke0 = 0.1 h⁻¹ (slow effect-site): errors accumulate significantly
  • For ke0 = 10 h⁻¹, dt = 0.1 h: potential instability (ke0 * dt = 1.0)

Fix: Replace with Crank-Nicolson implicit method:

ce[i] = (ce[i-1] + 0.5*dt*ke0*(Cp[i-1]+Cp[i])) / (1 + 0.5*dt*ke0)

Or better: include effect-site as 14th ODE state to inherit solver accuracy.

1.3 Negative State Clipping (CRITICAL)

Three clipping locations:

File Line Code Risk
pbpk/model.py 178 y_safe = np.maximum(y, 0.0) Masks solver failures in RHS
pbpk/solver.py 64 amounts = np.maximum(sol.y.T, 0.0) Silently corrects output
pd/emax.py 18 np.maximum(conc, 0.0) Prevents negative in Hill function

Problem: Clipping in rhs() prevents solver from seeing true state → solver "thinks" everything is fine → mass balance violation is hidden.

Recommendation:

  1. Remove clipping from rhs() — let solver see negative states
  2. Keep output clipping but log magnitude and frequency
  3. Warn if any clipping exceeds 1e-6 mg

1.4 Mass Balance Verification

File: physio_sim/validation/__init__.py:10-25

Issue: Absolute tolerance (1e-3 mg) regardless of dose:

  • 100 mg dose → 0.001% tolerance (fine)
  • 0.1 mg dose → 1% tolerance (too loose)
  • 10,000 mg dose → 0.00001% tolerance (overly strict)

Fix: Use relative tolerance: tolerance = dose_mg * 1e-3

1.5 Partition Coefficients

File: physio_sim/pbpk/heuristics.py:10-42

Current heuristic Kp = max(0.2, (1 + 0.3*logp + 0.05*(pKa-7)) * tissue_factor) has no biological basis. Coefficients (0.3, 0.05, 1.6, 1.2...) are undocumented.

Edge cases not handled:

  • Very lipophilic drugs (logp > 5): Kp may exceed physical bounds
  • Ionized drugs: pKa adjustment is linear when real ionization is nonlinear
  • No Poulin-Theil or Rodgers-Rowland option available

1.6 Clearance Model

File: physio_sim/pbpk/model.py:155-157

Well-stirred formula is correctly implemented:

CLh = Qh * fu * CLint_eff / max(1e-9, Qh + fu * CLint_eff)

DDI model uses competitive inhibition only: CLint_eff = CLint / (1 + Iu/Ki)

  • Adequate for screening
  • Does not support mechanism-based (time-dependent) inhibition
  • Iu is constant — real inhibitor concentration changes over time

1.7 MCMC Calibration

File: physio_sim/calibration.py:64-139

Sound implementation:

  • Log-normal proposals (appropriate for positive parameters)
  • Correct Metropolis-Hastings acceptance criterion
  • Burn-in implemented

Missing:

  • No convergence diagnostics (Rhat, ESS)
  • Fixed proposal SD (0.15) — not adaptive
  • No user-specified prior widths
  • Acceptance rate only returned, not validated

1.8 Floating Point

Risk Location Status
Division by zero in CLh model.py:157 Protected by max(1e-9, ...)
Division by zero in DDI model.py:103 NOT protected if ki=0
Zero tissue volume model.py:191-194 Protected by Pydantic gt=0
Catastrophic cancellation Tissue exchange terms Low risk with BDF double precision

2. Security Analysis

2.1 Scorecard

Category Score Status
YAML Deserialization 10/10 safe_load everywhere
Input Validation 9/10 Pydantic v2 with range constraints
Code Injection 10/10 No eval/exec/pickle/subprocess
File I/O 9/10 Pathlib throughout, no traversal risk
Error Disclosure 8/10 User-friendly messages, no stack traces
Dependencies 6/10 Versions not pinned (>=, not ~=)

2.2 Findings

No critical vulnerabilities.

# Issue Severity File Recommendation
S1 Dependency versions too loose (>=) Medium pyproject.toml Use compatible release (~=1.26.0)
S2 .gitignore missing secret patterns Low .gitignore Add .env, *.key, *.pem
S3 YAML loading duplicated 3x Low config.py, candidate_evaluator.py, benchmarks.py Consolidate to single utility
S4 No audit logging for CLI inputs Low cli.py Log dose, route, paths

2.3 Code Quality

  • Naming conventions: Consistent snake_case throughout
  • Return types: All frozen dataclasses — excellent immutability
  • Type annotations: mypy strict mode, ~95% coverage
  • API design: Predictable verb-noun naming, consistent parameters

3. Test Coverage Gap Analysis

3.1 Coverage Summary

Module LOC Unit Tests Coverage Risk
pbpk/model.py 233 0 direct ~15% CRITICAL
pbpk/heuristics.py 42 0 0% CRITICAL
pd/emax.py 20 0 0% CRITICAL
pd/link.py 20 0 0% CRITICAL
calibration.py 139 1 CLI test ~10% CRITICAL
risk/flags.py 25 0 0% CRITICAL
pipeline/candidate_evaluator.py 127 0 0% HIGH
pbpk/solver.py 83 0 direct ~20% HIGH
config.py 138 3 direct ~30% Medium
uncertainty.py 153 3 direct ~30% Medium
validation/__init__.py 72 2 direct ~40% Medium
core/sensitivity.py 73 0 direct ~10% Medium
utils/metrics.py 20 0 0% Medium
cli.py 444 3 smoke ~5% Medium
Total 1,879 19 ~17% CRITICAL

3.2 Key Missing Tests

Tier 1 — Would catch serious bugs:

  • test_heuristic_kp_all_tissues — Kp errors propagate through all simulations
  • test_effective_clint_with_ddi — DDI interactions silently incorrect
  • test_rhs_compartment_conservation — Mass balance violations undetected
  • test_emax_effect_boundary_conditions — PD at zero/extreme concentrations
  • test_effect_site_equilibration — Delay mechanism correctness
  • test_mcmc_acceptance_rate — Calibration convergence unknown
  • test_risk_flag_thresholds — Safety checks unreliable

Tier 2 — Error handling & edge cases:

  • test_simulate_invalid_route — No error for unsupported routes
  • test_zero_dose — Boundary behavior undefined
  • test_mass_balance_with_metabolism — Hepatic pathway untested
  • test_ddi_zero_kiPotential division by zero at model.py:103

3.3 Potential Bug Found

Division by zero in DDI calculationphysio_sim/pbpk/model.py:103:

return compound.clint_L_per_h / (1.0 + compound.ddi.iu_mg_per_L / compound.ddi.ki_mg_per_L)

Config allows ki_mg_per_L: float | None = Field(default=None, gt=0), which prevents ki=0 when specified. But if ki is somehow 0.0 at runtime (e.g., from manual construction), division by zero occurs.

4. Performance Analysis

4.1 Bottleneck Breakdown

Component % of Total Time Status
ODE Integration (BDF) 75-85% Appropriate — dominant cost
Sensitivity Analysis 5-10% (serial) Parallelizable
Effect-Site PD 2-5% Pure Python loop
Output I/O <1% No bottleneck
Config loading <1% No bottleneck

4.2 Performance Issues

# File:Line Issue Impact Fix
P1 core/sensitivity.py:45-71 11 serial simulations (embarrassingly parallel) 5.5s → 1.4s with 8 cores Add multiprocessing.Pool
P2 cli.py:54-76 Serial population loop 100 sims = 50s serial Add multiprocessing.Pool
P3 pd/link.py:17-19 Pure Python loop (241 iterations) ~1.2 ms/sim Vectorize or use implicit method
P4 cli.py:73 Memory accumulation in population sim 3 MB@100 → 300 MB@10K Stream to HDF5 for large populations
P5 pbpk/model.py:178 np.maximum on every RHS call <0.5% Conditional clipping
P6 pbpk/solver.py:49-50 Default tolerances may be overly tight for speed 10-20% Profile with coarser tolerances

4.3 Scalability

Scenario Time Memory Verdict
Single 24h sim ~500 ms ~32 KB Excellent
Population N=100 ~50 s ~3 MB Acceptable
Population N=1,000 ~500 s (8 min) ~30 MB Marginal (needs parallelism)
Population N=10,000 ~5,000 s (83 min) ~300 MB Needs parallelism + streaming
Sensitivity (5 params) ~5.5 s ~200 KB Needs parallelism

4.4 Good Design Choices

  • ModelCache pre-computation (model.py:66-95): Pre-builds index arrays → avoids 6 dict lookups per RHS call
  • BDF solver: Correct choice for stiff PBPK systems
  • Multiprocessing in uncertainty.py: Already implemented for MC propagation
  • Frozen dataclasses: Negligible overhead, excellent safety

5. Prioritized Recommendations

CRITICAL (Fix Now)

# Issue File Effort
C1 Add logging to negative state clipping; remove from RHS model.py:178, solver.py:64 30 min
C2 Replace Forward Euler with Crank-Nicolson in effect-site PD pd/link.py:17-19 1 hr
C3 Change mass balance to relative tolerance validation/__init__.py:11 15 min

HIGH (This Sprint)

# Issue File Effort
H1 Add unit tests for heuristic_kp (all tissues) tests/ (new file) 2 hrs
H2 Add unit tests for Emax, effect-site, DDI tests/ (new files) 3 hrs
H3 Add MCMC convergence diagnostics (Rhat, ESS) calibration.py 2 hrs
H4 Pin dependency versions in pyproject.toml pyproject.toml 15 min
H5 Parallelize sensitivity analysis core/sensitivity.py 30 min
H6 Tighten default ODE tolerances or document limitation solver.py:49-50 15 min

MEDIUM (Next Sprint)

# Issue File Effort
M1 Add ODE RHS unit tests (conservation, tissue exchange) tests/ (new file) 4 hrs
M2 Add error handling tests (invalid routes, missing files) tests/ (new file) 3 hrs
M3 Parallelize population simulation cli.py:54-76 40 min
M4 Consolidate YAML loading into single utility utils/io.py 30 min
M5 Remove unused hematocrit field or implement RBC model config.py:20 15 min
M6 Add regression tests with known-good reference values tests/ (new file) 2 hrs
M7 Implement Poulin-Theil partition method option pbpk/heuristics.py 4 hrs

LOW (Backlog)

# Issue File Effort
L1 Add audit logging for CLI inputs cli.py 30 min
L2 Add .env/.key patterns to .gitignore .gitignore 5 min
L3 Add deprecation version target config.py:111-116 5 min
L4 Stream population results to HDF5 for N>5000 cli.py:73 1 hr
L5 Add adaptive MCMC proposals calibration.py:74-75 2 hrs
L6 Document DDI competitive-inhibition-only limitation docs/ 15 min

6. Architecture Strengths

Despite the gaps, the codebase has excellent foundations:

  • Immutable data flow — Frozen dataclasses throughout (ModelParams, SimulationResult, etc.)
  • Pydantic v2 validation — All inputs strictly typed and range-checked
  • Clean separation — PBPK, PD, calibration, validation, pipeline are independent modules
  • Reproducibility — Seed-based determinism, solver tolerance control
  • Benchmark framework — Automated acceptance-threshold validation
  • No security vulnerabilities — safe_load, no eval/exec, pathlib I/O
  • mypy strict mode — Full type coverage with strict checking
  • Well-chosen solver — BDF for stiff systems is the correct choice

Generated by automated deep review analysis.