DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.

Slides:



Advertisements
Similar presentations
Lectures on File Management
Advertisements

“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure
A Gift of Fire, 2edChapter 4: Can We Trust the Computer?1 PowerPoint ® Slides to Accompany A Gift of Fire : Social, Legal, and Ethical Issues for Computers.
Chapter 3: Modularization
Social Implications of a Computerized Society Computer Errors Instructor: Oliver Schulte Simon Fraser University.
Background Increasing use of automated systems Hardware and software technology are improving rapidly User interface technology is lagging Critical bottleneck.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Therac-25 Lawsuit for Victims Against the AECL
Programming Logic and Design Fourth Edition, Introductory
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.
Slides prepared by Cyndi Chie and Sarah Frye. Fourth edition revisions by Sharon Gray. A Gift of Fire Fourth edition Sara Baase Chapter 8: Errors, Failures,
Reliability and Safety Lessons Learned. Ways to Prevent Problems Good computer systems Good computer systems Good training Good training Accountability.
Classification of Users. 4 What assumptions can be made about target users’ groups in terms of: –expected frequency of use of system –knowledge of task.
9/23/02 Program Flow Chart User Hits Key Setup Key Product Key Product Program Direct Robot Programming Area Perimeters Hopper Position Assembly Area Position.
A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase
Software Engineering for Safety : A Roadmap Presentation by: Manu D Vij CS 599 Software Engineering for Embedded Systems.
Errors, Failures and Risks CS4020 Overview Failures and Errors in Computer Systems Case Study: The Therac-25 Increasing Reliability and Safety Dependence,
Understanding the Mainline Logical Flow Through a Program (continued)
CSE 341 S. Tanimoto Social/Ethical Issues - 1 Social and Ethical Issues in Programming Language Design Can harm be done by designers of programming languages?
Prototype & Design Computer Inputs. How to Prototype & Design Computer Inputs Step 1: Review Input Requirements Step 2: Select the GUI Controls Step 3:
Software Failures Ron Gilmore, CMC Edmonton April 2006.
Lecture 7, part 2: Software Reliability
Dr Andy Brooks1 Lecture 4 Therac-25, computer controlled radiation therapy machine, that killed people. FOR0383 Software Quality Assurance.
Therac-25 Computer-controlled radiation therapy machine
Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE Requirements Engineering – Fall 2013.
Therac-25 : Summary Malfunction Complacency Race condition (turntable / energy mismatch) Data overflow (turntable not positioned) time‘85‘86‘88 ‘87 Micro-switch.
Software Safety Case Study Medical Devices : Therac 25 and beyond Matthew Dwyer.
Therac-25 Final Presentation
Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)
Course: Software Engineering © Alessandra RussoUnit 1 - Introduction, slide Number 1 Unit 1: Introduction Course: C525 Software Engineering Lecturer: Alessandra.
Chapter 8: Errors, Failures, and Risk
1 Can We Trust the Computer? What Can Go Wrong? Case Study: The Therac-25 Increasing Reliability and Safety Perspectives on Failures, Dependence, Risk,
Liability for Computer Errors Not covered in textbook.
Security and Reliability THERAC CASE STUDY TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES
Dimitrios Christias Robert Lyon Andreas Petrou Dimitrios Christias Robert Lyon Andreas Petrou.
©2001 Southern Illinois University, Edwardsville All rights reserved. Today Fun with Icons Thursday Presentation Lottery Q & A on Final Exam Course Evaluations.
© 2008 Wayne Wolf Overheads for Computers as Components 2nd ed. System design techniques Quality assurance. 1.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
Designing classes How to write classes in a way that they are easily understandable, maintainable and reusable 5.0.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 20 Slide 1 Critical systems development 3.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 9 Slide 1 Critical Systems Specification 1.
Therac-25 CS4001 Kristin Marsicano. Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?
Software Engineering. Acknowledgement Charles Moen Sharon White Bun Yue.
Data Verification and Validation
Interrupt driven I/O Computer Organization and Assembly Language: Module 12.
CSCI 3428: Software Engineering Tami Meredith Chapter 7 Writing the Programs.
Cisco IOS Command Line Interface Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
©2001 Southern Illinois University, Edwardsville All rights reserved. Today Finish Ethics Next Week Research Topics in HCI CS 321 Human-Computer Interaction.
Directed Reading 1 Girish Ramesh – Andres Martin-Lopez – Bamdad Dashtban –
What is a Computer An electronic, digital device that stores and processes information. A machine that accepts input, processes it according to specified.
Chapter 8: Errors, Failures, and Risk Zach Archer Daniel O’Hara Eric Strittmatter.
Sem 2v2 Chapter 3 Using the Router Understand the Basics of Router's Command Line Interface. Demonstrate How to Log into the Router. Demonstrate How to.
EE 585 : FAULT TOLERANT COMPUTING SYSTEMS B.RAM MOHAN
COMP60611 Directed Reading 1: Therac-25
Therac-25 Accidents What was Therac-25? Who developed it?
A Gift of Fire Third edition Sara Baase
PowerPoint® Slides to Accompany
Reliability and Safety
Therac-25.
System design techniques
Exception Handling Imran Rashid CTO at ManiWeber Technologies.
Week 13: Errors, Failures, and Risks
Social and Ethical Issues in Programming Language Design
Social and Ethical Issues in Programming Language Design
Social and Ethical Issues in Programming Language Design
Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.
A Gift of Fire Third edition Sara Baase
Presentation transcript:

DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous Therac-6 (single mode) and -20 (dual mode) machines. – Previous machines relied on hardware interlocks for safety. – Limited hardware checks were designed into -25 from onset. – It is essential for dual mode machines that the turntable is positioned correctly for either electron (conditioning magnetic field), X-ray (cone attenuator) or field light test modes. – 11 units were installed in USA and Canada – Between June 1985 and Jan 1987, Therac-25 computer-controlled radiation therapy machines massively overdose 6 people, directly leading to fatality is some cases. – Manufacturer was complacent in investigating the events and negligent in not working to robust procedures/processes. 3 October 2011

DJ Wattam, Han Junyi, C Mongin2 COMP60611 Directed Reading 1: Therac-25 Human Factors – Software written by one programmer 1 in assembly language, reusing some previous routines. – AECL QA manager was unaware of many software details and did not provide a professional framework for development and testing leading to robust design. – Limited testing of the whole system rather than individual functions. – Design relied on “correct” software to provide all safety features ignoring previous experience with hardware interlocks. – Software flows: Limited or no cross checks between shared variables, Over- complicated software (should have been avoided by system review), basic errors e.g. checking variables at wrong time, overflows. – Unrealistic risk assessments, complacency/negligence by AECL. – Closed/proprietary system, few if any details, protecting commercial position, no independent checking. – Complacency/negligence by AECL. – Audio/visual systems treatment/control room not working. – Poor user interface with lack of meaningful error descriptions 3 October 2011

DJ Wattam, Han Junyi, C Mongin3 COMP60611 Directed Reading 1: Therac-25 Concurrency Problem – Treat (Datent) and Keyboard Handler concurrent threads share Data Entry Completion Flag – Setting of this flag not robust, as relies only on cursor going to command line, not that it is still there. Allows exit from Datent before all input completed. – Prescription editing using the up arrow key to correct incorrect entry for mode gives inconsistent state in shared variable relating table position to mode (e.g. Select X-ray first and then correct to Electron). Default for X-ray is 25MeV i.e. maximum value. Presumably, this allows X-ray treatment without the attenuator. – Time delay in Magnet routine uses another shared variable to check if data edits detected by the keyboard handler; however, edit flag checked only first time through the routine. Allows inconsistency between variables displayed on console and machine settings. – On exit from the Magnet routine, input data is not rechecked if the data entry flag is set. Overflow Problem – Variable overflow condition allowed incorrect table setting and full power burst in field light position. References – October 2011

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.