Therac -25

Please download to get full document.

View again

of 9
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.


Document Related
Document Description
Therac -25. CS4001 Kristin Marsicano. Therac-25 Overv iew. What was the Therac -25? How did it relate to previous models? In what ways was it similar/different? Was the Therac-25 reliable?. Therac-25 Overview.
Document Share
Document Transcript
Therac-25CS4001 Kristin MarsicanoTherac-25 Overview
  • What was the Therac-25?
  • How did it relate to previous models? In what ways was it similar/different?
  • Was the Therac-25 reliable?
  • Therac-25 Overview
  • Linear accelerator used to create high-energy electron beams to treat shallow tumors and x-ray beams to reach deeper tumors
  • Differed from Therac-6 and Therac-20:
  • computer was coupled with the system such that the hardware could not function without the computer (e.g. turntable set up)
  • relied on the computer for safety checks; did not include the hardware safety features of previous models (which allowed for cost savings)
  • Similar to Therac-6 and Therac-20:
  • Shared a common code base
  • Used a computer to augment user
  • Was Therac-25 reliable?Was Therac-25 reliable?
  • Worked tens of thousands of times before overdosing anyone
  • Over course of 20 months (June 1985-July 1987) it administered massive overdoses to 6 patients, resulting in 3 deaths
  • Was notorious for displaying non-descript errors that had
  • no negative side-effects (e.g. up to 40 times a day)Do not confuse reliability with safety!Under what conditions did the lethal doses occur?Under what conditions did the lethal doses occur?
  • Fast-typing operators
  • Race condition between magnet positioning and screen edits
  • Software relies on positioning of cursor to determine if edits have been made
  • Change from X-Ray mode to Electron mode made before magnets finish moving; software doesn’t check cursor position until after magnets have stopped
  • Set button
  • Race condition between “gun ready” variable, gun positioning, and “Set” button
  • 0 means gun is ready and will fire; 1-255 means not ready; increments as gun is moving and rolls over as necessary (which means it might be 0 when the gun is not really ready!
  • What parties were involved?
  • Patients and their families
  • AECL (maker of the machine)
  • Developers
  • Hospital where machine was used (and the technicians)
  • AECL Mistakes
  • Assumed error was only in software
  • Did not design system to be fail-safe (fail-safe means no single point of failure will lead to catastrophe); instead the Therac-25 relied 100% on the software to ensure safety of the system
  • Lack of software and hardware devices to detect and communicate an overdoes
  • Presumed correctness of reused code; assumed there were no errors in the previous code base when indeed there were
  • Management allowed the software to be developed without adequate documentation (e.g. no user manual for error codes)
  • Did not communicate fully with its customers with regards to the accidents
  • We Need Your Support
    Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

    Thanks to everyone for your continued support.

    No, Thanks