Therac-25 CS4001 Kristin Marsicano. Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?

Slides:



Advertisements
Similar presentations
A presentation by Werardt Systemss P Ltd An Online Machine Monitoring System.
Advertisements

Windows XP System Restore July 22 nd, 2006 CAEUG Meeting.
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure
Fabián E. Bustamante, Winter 2006 Recovery Oriented Computing Embracing Failure A. B. Brown and D. A. Patterson, Embracing failure: a case for recovery-
Social Implications of a Computerized Society Computer Errors Instructor: Oliver Schulte Simon Fraser University.
Background Increasing use of automated systems Hardware and software technology are improving rapidly User interface technology is lagging Critical bottleneck.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Can We Trust the Computer? Case Study: The Therac-25 Based on Article in IEEE-Computer, July 1993.
Therac-25 Lawsuit for Victims Against the AECL
DESCRIBING INPUT DEVICES
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.
Syllabus Case Histories WW III Almost Medical Killing Machine
Instructions and Reporting Requirements Module 9 Electronic Reporting For Facilities March 2014 North Carolina Central Cancer Registry State Center for.
Slides prepared by Cyndi Chie and Sarah Frye. Fourth edition revisions by Sharon Gray. A Gift of Fire Fourth edition Sara Baase Chapter 8: Errors, Failures,
A Gift of Fire Third edition Sara Baase
A Gift of Fire Third edition Sara Baase
Errors, Failures and Risks CS4020 Overview Failures and Errors in Computer Systems Case Study: The Therac-25 Increasing Reliability and Safety Dependence,
Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.
©Ian Sommerville 2004Software Engineering, 7th edition. Insulin Pump Slide 1 An automated insulin pump.
Systems Software Operating Systems.
The Operating System. Operating Systems (F) What you need to know about –operating system as a program; –directory/folder.
Software Failures Ron Gilmore, CMC Edmonton April 2006.
Lecture 7, part 2: Software Reliability
Dr Andy Brooks1 Lecture 4 Therac-25, computer controlled radiation therapy machine, that killed people. FOR0383 Software Quality Assurance.
DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.
Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE Requirements Engineering – Fall 2013.
Therac-25 : Summary Malfunction Complacency Race condition (turntable / energy mismatch) Data overflow (turntable not positioned) time‘85‘86‘88 ‘87 Micro-switch.
Software Safety Case Study Medical Devices : Therac 25 and beyond Matthew Dwyer.
Transaction Processing System
Therac-25 Final Presentation
Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)
ITGS Software Reliability. ITGS All IT systems are a combination of: –Hardware –Software –People –Data Problems with any of these parts, or a combination.
Course: Software Engineering © Alessandra RussoUnit 1 - Introduction, slide Number 1 Unit 1: Introduction Course: C525 Software Engineering Lecturer: Alessandra.
Chapter 8: Errors, Failures, and Risk
CS 235: User Interface Design August 25 Class Meeting Department of Computer Science San Jose State University Fall 2014 Instructor: Ron Mak
The Complete A+ Guide to PC Repair 5/e Update Chapter 5 Logical Trobleshooting.
Liability for Computer Errors Not covered in textbook.
Slides prepared by Cyndi Chie and Sarah Frye1 A Gift of Fire Third edition Sara Baase Chapter 8: Errors, Failures, and Risks.
Security and Reliability THERAC CASE STUDY TEXTBOOK: BRINKMAN’S ETHICS IN A COMPUTING CULTURE READING: CHAPTER 5, PAGES
RDN Enhancements Dear Customers, RDN is happy to announce our next release, scheduled to go into production on June 25, Below is a list.
Dimitrios Christias Robert Lyon Andreas Petrou Dimitrios Christias Robert Lyon Andreas Petrou.
©2001 Southern Illinois University, Edwardsville All rights reserved. Today Fun with Icons Thursday Presentation Lottery Q & A on Final Exam Course Evaluations.
Systems Software Operating Systems. What is software? Software is the term that we use for all the programs and data that we use with a computer system.
Systems Software Operating Systems. What is software? Software is the term that we use for all the programs and data that we use with a computer system.
P3 - prepare a computer for installation/upgrade By Ridjauhn Ryan.
ICT 111 – PART 2 APPLICATIONS SOFTWARE /11: APPLICATIONS SOFTWARE Remember: Computer hardware VS human body Computer operating systems VS human.
Verification & Validation. Batch processing In a batch processing system, documents such as sales orders are collected into batches of typically 50 documents.
CS, AUHenrik Bærbak Christensen1 Critical Systems Sommerville 7th Ed Chapter 3.
Renesas Technology America Inc. 1 SKP8CMINI Tutorial 2 Creating A New Project Using HEW.
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
CSCI 3428: Software Engineering Tami Meredith Chapter 7 Writing the Programs.
©2001 Southern Illinois University, Edwardsville All rights reserved. Today Finish Ethics Next Week Research Topics in HCI CS 321 Human-Computer Interaction.
Dr. Rob Hasker. Classic Quality Assurance  Ensure follow process Solid, reviewed requirements Reviewed design Reviewed, passing tests  Why doesn’t “we.
Directed Reading 1 Girish Ramesh – Andres Martin-Lopez – Bamdad Dashtban –
Randy Modowski Adam Reimel Max Varner COSC 380 May 23, 2011 Accountability.
Chapter 8: Errors, Failures, and Risk Zach Archer Daniel O’Hara Eric Strittmatter.
CHAPTER 9: PROFESSIONAL ETHICS AND RESPONSIBILITIES BY: MATT JENNINGS SHANE CRAKER KYLER RHOADES.
ATTRACT TWD Symposium, Barcelona, Spain, 1st July 2016
EE 585 : FAULT TOLERANT COMPUTING SYSTEMS B.RAM MOHAN
COMP60611 Directed Reading 1: Therac-25
Therac-25 Accidents What was Therac-25? Who developed it?
A Gift of Fire Third edition Sara Baase
Reliability and Safety
Therac-25.
Therac-25: A Lesson Learned
Week 13: Errors, Failures, and Risks
A Gift of Fire Third edition Sara Baase
Presentation transcript:

Therac-25 CS4001 Kristin Marsicano

Therac-25 Overview  What was the Therac-25?  How did it relate to previous models? In what ways was it similar/different?  Was the Therac-25 reliable?

Therac-25 Overview  Linear accelerator used to create high-energy electron beams to treat shallow tumors and x-ray beams to reach deeper tumors  Differed from Therac-6 and Therac-20:  computer was coupled with the system such that the hardware could not function without the computer (e.g. turntable set up)  relied on the computer for safety checks; did not include the hardware safety features of previous models (which allowed for cost savings)  Similar to Therac-6 and Therac-20:  Shared a common code base  Used a computer to augment user

Was Therac-25 reliable?

 Worked tens of thousands of times before overdosing anyone  Over course of 20 months (June 1985-July 1987) it administered massive overdoses to 6 patients, resulting in 3 deaths  Was notorious for displaying non-descript errors that had no negative side-effects (e.g. up to 40 times a day) Do not confuse reliability with safety!

Under what conditions did the lethal doses occur?

 Fast-typing operators  Race condition between magnet positioning and screen edits  Software relies on positioning of cursor to determine if edits have been made  Change from X-Ray mode to Electron mode made before magnets finish moving; software doesn’t check cursor position until after magnets have stopped  Set button  Race condition between “gun ready” variable, gun positioning, and “Set” button  0 means gun is ready and will fire; means not ready; increments as gun is moving and rolls over as necessary (which means it might be 0 when the gun is not really ready!

What parties were involved?  Patients and their families  AECL (maker of the machine)  Developers  Hospital where machine was used (and the technicians)

AECL Mistakes  Assumed error was only in software  Did not design system to be fail-safe (fail-safe means no single point of failure will lead to catastrophe); instead the Therac-25 relied 100% on the software to ensure safety of the system  Lack of software and hardware devices to detect and communicate an overdoes  Presumed correctness of reused code; assumed there were no errors in the previous code base when indeed there were  Management allowed the software to be developed without adequate documentation (e.g. no user manual for error codes)  Did not communicate fully with its customers with regards to the accidents

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.