Therac-25 Final Presentation

Slides:



Advertisements
Similar presentations
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
Advertisements

“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure
The Operating System. What is an Operating System? The software which makes it possible for you to use your computer The software which starts up when.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Can We Trust the Computer? Case Study: The Therac-25 Based on Article in IEEE-Computer, July 1993.
Therac-25 Lawsuit for Victims Against the AECL
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.
Software Engineering Disasters
Lecture 1: History of Operating System
16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.
High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.
Introduction To C++ Programming 1.0 Basic C++ Program Structure 2.0 Program Control 3.0 Array And Structures 4.0 Function 5.0 Pointer 6.0 Secure Programming.
Chapter 1: Introduction To Computer | SCP1103 Programming Technique C | Jumail, FSKSM, UTM, 2005 | Last Updated: July 2005 Slide 1 Introduction To Computers.
Lecture 7, part 2: Software Reliability
DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.
Revision Lesson : DESIGNING COMPUTER-BASED INFORMATION SYSTEMS.
Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE Requirements Engineering – Fall 2013.
Therac-25 : Summary Malfunction Complacency Race condition (turntable / energy mismatch) Data overflow (turntable not positioned) time‘85‘86‘88 ‘87 Micro-switch.
PLC introduction1 Discrete Event Control Concept Representation DEC controller design DEC controller implementation.
PLC: Programmable Logical Controller
Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)
ITGS Software Reliability. ITGS All IT systems are a combination of: –Hardware –Software –People –Data Problems with any of these parts, or a combination.
Course: Software Engineering © Alessandra RussoUnit 1 - Introduction, slide Number 1 Unit 1: Introduction Course: C525 Software Engineering Lecturer: Alessandra.
Device Drivers.
CSE 403 Lecture 14 Safety and Security Requirements.
XpsOES : A New Tool for Improving Safety at Workplace Yasar Kucukefe, Ph.D., National Power Energy.
Security and Reliability THERAC CASE STUDY TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES
 CS 5380 Software Engineering Chapter 8 Testing.
Cisco S2 C4 Router Components. Configure a Router You can configure a router from –from the console terminal (a computer connected to the router –through.
Dimitrios Christias Robert Lyon Andreas Petrou Dimitrios Christias Robert Lyon Andreas Petrou.
INTRODUCTION SOFTWARE HARDWARE DIFFERENCE BETWEEN THE S/W AND H/W.
© 2008 Wayne Wolf Overheads for Computers as Components 2nd ed. System design techniques Quality assurance. 1.
Robert Crawford, MBA West Middle School.  Explain how the binary system is used by computers.  Describe how software is written and translated  Summarize.
CE Operating Systems Lecture 3 Overview of OS functions and structure.
School of Computer Science & Information Technology G6DICP Introduction to Computer Programming Milena Radenkovic.
Therac-25 CS4001 Kristin Marsicano. Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?
IDE DCS development overview Ewa Stanecka, ID Week, CERN
Chapter 5 Input/Output 5.1 Principles of I/O hardware
A.Abhari CPS1251 Topic 1: Introduction to Computers Computer Hardware Computer components Connecting Computers Computer Software Operating System (OS)
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
A U.S. Department of Energy Office of Science Laboratory Operated by The University of Chicago Argonne National Laboratory Office of Science U.S. Department.
CSCI 3428: Software Engineering Tami Meredith Chapter 7 Writing the Programs.
CSE 403, Software Engineering Lecture 6
CSCE 201 Identification and Authentication Fall 2015.
CMSC 2021 Software Development. CMSC 2022 Software Development Life Cycle Five phases: –Analysis –Design –Implementation –Testing –Maintenance.
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
Directed Reading 1 Girish Ramesh – Andres Martin-Lopez – Bamdad Dashtban –
An operating system (OS) is a collection of system programs that together control the operation of a computer system.
1 Chapter 2: Operating-System Structures Services Interface provided to users & programmers –System calls (programmer access) –User level access to system.
SCADA Supervisory Control And Data Acquisition Pantech Solutions Here is the key to learn more.
Principles of Information Systems Eighth Edition
Manufacturing Productivity Solutions
SCADA for Remote Industrial Plant
Chapter 2: System Structures
How SCADA Systems Work?.
ATTRACT TWD Symposium, Barcelona, Spain, 1st July 2016
EE 585 : FAULT TOLERANT COMPUTING SYSTEMS B.RAM MOHAN
Introduction to Operating System (OS)
COMP60611 Directed Reading 1: Therac-25
Programmable Logic Controllers (PLCs) An Overview.
Therac-25 Accidents What was Therac-25? Who developed it?
Reliability and Safety
PLC / SCADA / HMI Controllers: Name : Muhammad Zunair Comsats University Date: 28-October-2018.
Therac-25.
System design techniques
CSE403 Software Engineering Autumn 2000 Requirements
Software Engineering Disasters
Presentation transcript:

Therac-25 Final Presentation Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE6361 - Requirements Engineering – Fall 2013 Final Presentation Requirements Engineering - Brian

Recap: Software that Kills Therac-25 Final Presentation Recap: Software that Kills Early to mid-1980s Revolutionary Double-Pass medical particle accelerator Moved to complete software control Injured 6 people, killing 3 of them Two different underlying bugs But it was more than just bugs Poor software engineering practices Killer Ray Guns from Canada Requirements Engineering - Brian

A Really Big PIG

What Does that Look Like?

Let’s Look at the PIG in Detail Don’t Kill or Injure People Injures & Kills People Increment Overflow Bug Malfunction 54 Bug ++ + + Operator “Malfunction Fatigue” 40 Malfunctions/ Day Indecipherable Error Messages

Assembly Language Programming Injures & Kills People ++ ++ Malfunction 54 Bug Increment Overflow Bug + + Bad Testability Programming Shortcuts + + Assembly Language Programming

Code Reuse ++ ++ + + ++ + Injures & Kills People Malfunction 54 Bug Increment Overflow Bug + RT Synchronization Issues + Homemade RT-OS ++ Code Reuse Expensive Hardware, etc “Working Code” +

Moving to Complete Computer Control Injures & Kills People ++ ++ Malfunction 54 Bug Increment Overflow Bug ++ !! Toxic Situation Code Reuse No Mechanical Interlocks ++ Move to Computer Control Mechanical Controls Fail + Mechanical Controls “Less Cool” +

Cross-Cutting Issues ++ ++ Injures & Kills People Malfunction 54 Bug Increment Overflow Bug Faith in Software No Auditing Hardware Focused Organization

The Real Issue A combination of: Code Reuse The removal of the mechanical interlocks An unreasonable faith in Software General bad software engineering practice

The Solution Domain Based in early 1980’s technology Hindsight is one thing But 30 years of technological innovation is cheating Based on my experiences I was a junior engineer starting my career in process & manufacturing systems

Maslow's Hierarchy of Needs Self Actualization Esteem Love/Belonging Safety Physiological

Supervisory Control & Optimization Control System Design UI Supervisory Control & Optimization Setpoint Control Mechanical Integrity Human Safety In the 1980s – and now Uses a “Distributed Control System” Provides for strong segregation between the layers Early user of networking technology Typically combined Done with a “PLC”

PLC: Programmable Logic Controller In 1980s used “Ladder Logic” graphical programming language Program spec-ed by an engineer – Programmed by an electrician Consider…

PLC: Ladder Logic Programmable by an Electrician Pump On Switch Valve Position Open Pump Programmable by an Electrician

All this is Off the Shelf The Rest of the System Multi-bus system and enclosure Intel 8086 with 8087 coprocessor 512 kilobytes of memory 20 megabyte disk drive: program, logs and audits Mark Williams “C” Compiler Intel iRMX-86 real-time operating system RS-232 and RS-485 serial connections Commercial terminal management software ANSI compatible terminal (e.g. VT-100) All this is Off the Shelf

Error Messages Even with something like a VT-100 Green Screen a “windowed” interface is possible Lots of terminal management software was available commercially to handle this PATIENT NAME : JOHN DOE TREATMENT MODE : FIX BEAM TYPE: X ENERGY (MeV): 25 ACTUAL PRESCRIBED UNIT RATE/MINUTE 0 200 MONITO┌──────────────────────────────────────┐ TIME │ Error 54: │ │ This is a serious error and could │ GANTRY ROT│ compromise patient safety │ VERIFIED COLLIMATOR│ The system must be reset │ VERIFIED COLLIMATOR│ [Enter] │ VERIFIED COLLIMATOR└──────────────────────────────────────┘ VERIFIED WEDGE NUMBER 1 1 VERIFIED ACCESSORY NUMBER 0 0 VERIFIED DATE : 84-OCT-26 SYSTEM : BEAM READY OP.MODE: TREAT AUTO TIME : 12:55. 8 TREAT : TREAT PAUSE X-RAY 173777 OPR ID : T25VO2-RO3 REASON : OPERATOR COMMAND: PATIENT NAME : JOHN DOE TREATMENT MODE : FIX BEAM TYPE: X ENERGY (MeV): 25 ACTUAL PRESCRIBED UNIT RATE/MINUTE 0 200 MONITOR UNITS 50 50 200 TIME (MIN) 0.27 1.00 GANTRY ROTATION (DEG) 0.0 0 VERIFIED COLLIMATOR ROTATION (DEG) 359.2 359 VERIFIED COLLIMATOR X (CM) 14.2 14.3 VERIFIED COLLIMATOR Y (CM) 27.2 27.3 VERIFIED WEDGE NUMBER 1 1 VERIFIED ACCESSORY NUMBER 0 0 VERIFIED DATE : 84-OCT-26 SYSTEM : BEAM READY OP.MODE: TREAT AUTO TIME : 12:55. 8 TREAT : TREAT PAUSE X-RAY 173777 OPR ID : T25VO2-RO3 REASON : OPERATOR COMMAND:

Final System Design Intel 8086/8087 Running iRMX-86 Programmed in “C” UI Supervisory Control & Optimization Setpoint Control Mechanical Integrity Human Safety Intel 8086/8087 Running iRMX-86 Programmed in “C” UI Implemented Using Commercial Terminal Manager Software PLC Programmed in Ladder Logic

References “Medical Devices – The Therac-25”, Levenson, Nancy. http://sunnyday.mit.edu/papers/therac.pdf “An Investigation of the Therac-25 Accidents”, Levenson, Nancy and Turner, Clark S., IEEE Computer, Vol. 26, No. 7, July 1993, pp. 18-41 http://courses.cs.vt.edu/~cs3604/lib/Therac_25/Therac_1.html “Fatal Dose - Radiation Deaths linked to AECL Computer Errors”, Rose, Barbara Wade, Saturday Night (magazine), June, 1994 http://www.ccnr.org/fatal_dose.html “Safety-Critical Computing: Hazards, Practices, Standards, and Regulation”, Jacky, Jonathan, http://staff.washington.edu/jon/pubs/safety-critical.html “Therac-25”, Wikipedia http://en.wikipedia.org/wiki/Therac-25

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.