Therac-25.

Slides:



Advertisements
Similar presentations
Chapter 3 Basic Input/Output
Advertisements

Operating Systems Part III: Process Management (Process Synchronization)
P5, M1, D1.
/// MELSEC Safety /// QS001CPU /// QS0J61BT12 /// QS0J65BTB2-12DT /// MELSEC Safety /// Mitsubishi Electric - MELSEC Safety - Training Documentation -
The Therac-25: A Software Fatal Failure
Silberschatz, Galvin and Gagne ©2007 Operating System Concepts with Java – 7 th Edition, Nov 15, 2006 Chapter 6 (a): Synchronization.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Process Synchronization. Module 6: Process Synchronization Background The Critical-Section Problem Peterson’s Solution Synchronization Hardware Semaphores.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Therac-25 Lawsuit for Victims Against the AECL
Concurrency.
Concurrent & Distributed Systems Lecture 3: Processes interacting by sharing resources Asynchronous processes can interact by sharing a common resource.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
Timers and Interrupts Shivendu Bhushan Sonu Agarwal.
Software Failures Ron Gilmore, CMC Edmonton April 2006.
Lecture 7, part 2: Software Reliability
DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.
80386DX.
Software Safety Case Study Medical Devices : Therac 25 and beyond Matthew Dwyer.
Chapter 10 The Stack Stack: An Abstract Data Type An important abstraction that you will encounter in many applications. We will describe two uses:
Nachos Phase 1 Code -Hints and Comments
Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)
1 Computing Software. Programming Style Programs that are not documented internally, while they may do what is requested, can be difficult to understand.
Types for Programs and Proofs Lecture 1. What are types? int, float, char, …, arrays types of procedures, functions, references, records, objects,...
MCU: Interrupts and Timers Ganesh Pitchiah. What’s an MCU ?
Security and Reliability THERAC CASE STUDY TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES
Dimitrios Christias Robert Lyon Andreas Petrou Dimitrios Christias Robert Lyon Andreas Petrou.
© 2008 Wayne Wolf Overheads for Computers as Components 2nd ed. System design techniques Quality assurance. 1.
Testing. 2 Overview Testing and debugging are important activities in software development. Techniques and tools are introduced. Material borrowed here.
Optimistic Design 1. Guarded Methods Do something based on the fact that one or more objects have particular states  Make a set of purchases assuming.
Timers and Interrupts Anurag Dwivedi. Let Us Revise.
Blackfin Array Handling Part 1 Making an array of Zeros void MakeZeroASM(int foo[ ], int N);
Therac-25 CS4001 Kristin Marsicano. Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?
CY2003 Computer Systems Lecture 04 Interprocess Communication.
Chapter 3 Basic Input/Output. Chapter Outline Basic I/O capabilities of computers I/O device interfaces Memory-mapped I/O registers Program-controlled.
Virtual 8086 Mode  The supports execution of one or more 8086, 8088, 80186, or programs in an protected-mode environment.  An 8086.
Concurrency, Processes, and System calls Benefits and issues of concurrency The basic concept of process System calls.
Processes and Virtual Memory
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
Error Handling Tonga Institute of Higher Education.
AVCE ICT – Unit 7 - Programming Session 12 - Debugging.
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
Interrupts and Exception Handling. Execution We are quite aware of the Fetch, Execute process of the control unit of the CPU –Fetch and instruction as.
Directed Reading 1 Girish Ramesh – Andres Martin-Lopez – Bamdad Dashtban –
SAG INFOTECH PVT. LTD SOFT SOLUTION FOR THOSE WHO CAN”T AFFORD TO MAKE ERROR USER LOGIN HELP.
WORKING OF SCHEDULER IN OS
16 Exception Handling.
Kernel Design & Implementation
Protection in Virtual Mode
Architectures of Digital Information Systems Part 1: Interrupts and DMA dr.ir. A.C. Verschueren Eindhoven University of Technology Section of Digital.
Control State Definition
MICROPROCESSOR BASED SYSTEM DESIGN
Types for Programs and Proofs
Protection and OS Structure
G.Anuradha Reference: William Stallings
Anton Burtsev February, 2017
EE 585 : FAULT TOLERANT COMPUTING SYSTEMS B.RAM MOHAN
COMP60611 Directed Reading 1: Therac-25
Chapter 5: Process Synchronization
Chapter 10 The Stack.
Lecture 12: Peterson’s Solution and Hardware Support
Reliability and Safety
CSCI1600: Embedded and Real Time Software
Concurrency Bugs Questions answered in this lecture:
System design techniques
Chapter 6: Process Synchronization
Lecture 12: Peterson’s Solution and Hardware Support
Chapter 6: Synchronization Tools
Verilog Synthesis & FSMs
Surjo Dutta and David Friedman
Presentation transcript:

Therac-25

Issues Assuming the software cannot be wrong Cryptic and unexplained error messages Documentation was an afterthought Inadequate testing Assuming reliability is safety No hardware safety locks Concurrency of tasks is not synchronised Too complicated and based on old code which relied on hardware safety locks Assumed that old software has been tested many times and will be safe, but the software was designed for different hardware

Software bugs Shared variables Dataent and MEOS (Mode Energy Offset). Solution: introduce another shared variable controlled by the keyboard handler that indicates entry is not complete Setting magnets takes 8 seconds, the subroutine that changes parameters only works in the first second Solution: change parameters after magnets instead of after ptime Shared variables Class3 and F$mal (overflow bug) Solution: each time Set Up Test runs set Class3 to a non-zero value instead of incrementing If keyboard handler sets the Data entry complete flag before operator changes data in MEOS then Dataent won’t detect changes

Solutions Meaningful error messages that highlight dose rate Software and hardware interlocks Machine resets and settings checked after error Potentiometer independent from software Safe interface instead of lazy interface Skipping entering data with carriage return Resume without checks after error with P Better to start again with clear design according to the hardware Can’t eliminate all errors but can handle them in a way that doesn’t jeopardise the patient

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.