Presentation is loading. Please wait.

Presentation is loading. Please wait.

Therac-25.

Published byTerence Wood Modified over 5 years ago

Similar presentations

Presentation on theme: "Therac-25."— Presentation transcript:

1 Therac-25

2 Issues Assuming the software cannot be wrong
Cryptic and unexplained error messages Documentation was an afterthought Inadequate testing Assuming reliability is safety No hardware safety locks Concurrency of tasks is not synchronised Too complicated and based on old code which relied on hardware safety locks Assumed that old software has been tested many times and will be safe, but the software was designed for different hardware

3 Software bugs Shared variables Dataent and MEOS (Mode Energy Offset).
Solution: introduce another shared variable controlled by the keyboard handler that indicates entry is not complete Setting magnets takes 8 seconds, the subroutine that changes parameters only works in the first second Solution: change parameters after magnets instead of after ptime Shared variables Class3 and F$mal (overflow bug) Solution: each time Set Up Test runs set Class3 to a non-zero value instead of incrementing If keyboard handler sets the Data entry complete flag before operator changes data in MEOS then Dataent won’t detect changes

4 Solutions Meaningful error messages that highlight dose rate
Software and hardware interlocks Machine resets and settings checked after error Potentiometer independent from software Safe interface instead of lazy interface Skipping entering data with carriage return Resume without checks after error with P Better to start again with clear design according to the hardware Can’t eliminate all errors but can handle them in a way that doesn’t jeopardise the patient

Download ppt "Therac-25."

Similar presentations

Chapter 3 Basic Input/Output

Chapter 3 Basic Input/Output
Operating Systems Part III: Process Management (Process Synchronization)

Operating Systems Part III: Process Management (Process Synchronization)
P5, M1, D1.

P5, M1, D1.
/// MELSEC Safety /// QS001CPU /// QS0J61BT12 /// QS0J65BTB2-12DT /// MELSEC Safety /// Mitsubishi Electric - MELSEC Safety - Training Documentation -

/// MELSEC Safety /// QS001CPU /// QS0J61BT12 /// QS0J65BTB2-12DT /// MELSEC Safety /// Mitsubishi Electric - MELSEC Safety - Training Documentation -
The Therac-25: A Software Fatal Failure

The Therac-25: A Software Fatal Failure
Silberschatz, Galvin and Gagne ©2007 Operating System Concepts with Java – 7 th Edition, Nov 15, 2006 Chapter 6 (a): Synchronization.

Silberschatz, Galvin and Gagne ©2007 Operating System Concepts with Java – 7 th Edition, Nov 15, 2006 Chapter 6 (a): Synchronization.
Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.

Background Concurrent access to shared data can lead to inconsistencies Maintaining data consistency among cooperating processes is critical What is wrong.
Process Synchronization. Module 6: Process Synchronization Background The Critical-Section Problem Peterson’s Solution Synchronization Hardware Semaphores.

Process Synchronization. Module 6: Process Synchronization Background The Critical-Section Problem Peterson’s Solution Synchronization Hardware Semaphores.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.

An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Therac-25 Lawsuit for Victims Against the AECL

Therac-25 Lawsuit for Victims Against the AECL
Concurrency.

Concurrency.
Concurrent & Distributed Systems Lecture 3: Processes interacting by sharing resources Asynchronous processes can interact by sharing a common resource.

Concurrent & Distributed Systems Lecture 3: Processes interacting by sharing resources Asynchronous processes can interact by sharing a common resource.
1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.

1 Last Class: Introduction Operating system = interface between user & architecture Importance of OS OS history: Change is only constant User-level Applications.
Timers and Interrupts Shivendu Bhushan Sonu Agarwal.

Timers and Interrupts Shivendu Bhushan Sonu Agarwal.
Software Failures Ron Gilmore, CMC Edmonton April 2006.

Software Failures Ron Gilmore, CMC Edmonton April 2006.
Lecture 7, part 2: Software Reliability

Lecture 7, part 2: Software Reliability
DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.

DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.
80386DX.

80386DX.
Software Safety Case Study Medical Devices : Therac 25 and beyond Matthew Dwyer.

Software Safety Case Study Medical Devices : Therac 25 and beyond Matthew Dwyer.
Chapter 10 The Stack. 10-2 Stack: An Abstract Data Type An important abstraction that you will encounter in many applications. We will describe two uses:

Chapter 10 The Stack Stack: An Abstract Data Type An important abstraction that you will encounter in many applications. We will describe two uses:

Similar presentations

Ads by Google