Presentation is loading. Please wait.

Presentation is loading. Please wait.

Therac-25 Final Presentation

Published byMarcus York Modified over 9 years ago

Similar presentations

Presentation on theme: "Therac-25 Final Presentation"— Presentation transcript:

1 Therac-25 Final Presentation
Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE Requirements Engineering – Fall 2013 Final Presentation Requirements Engineering - Brian

2 Recap: Software that Kills
Therac-25 Final Presentation Recap: Software that Kills Early to mid-1980s Revolutionary Double-Pass medical particle accelerator Moved to complete software control Injured 6 people, killing 3 of them Two different underlying bugs But it was more than just bugs Poor software engineering practices Killer Ray Guns from Canada Requirements Engineering - Brian

3 A Really Big PIG

4 What Does that Look Like?

5 Let’s Look at the PIG in Detail
Don’t Kill or Injure People Injures & Kills People Increment Overflow Bug Malfunction 54 Bug ++ + + Operator “Malfunction Fatigue” 40 Malfunctions/ Day Indecipherable Error Messages

6 Assembly Language Programming
Injures & Kills People ++ ++ Malfunction 54 Bug Increment Overflow Bug + + Bad Testability Programming Shortcuts + + Assembly Language Programming

7 Code Reuse ++ ++ + + ++ + Injures & Kills People Malfunction 54 Bug
Increment Overflow Bug + RT Synchronization Issues + Homemade RT-OS ++ Code Reuse Expensive Hardware, etc “Working Code” +

8 Moving to Complete Computer Control
Injures & Kills People ++ ++ Malfunction 54 Bug Increment Overflow Bug ++ !! Toxic Situation Code Reuse No Mechanical Interlocks ++ Move to Computer Control Mechanical Controls Fail + Mechanical Controls “Less Cool” +

9 Cross-Cutting Issues ++ ++ Injures & Kills People Malfunction 54 Bug
Increment Overflow Bug Faith in Software No Auditing Hardware Focused Organization

10 The Real Issue A combination of: Code Reuse
The removal of the mechanical interlocks An unreasonable faith in Software General bad software engineering practice

11 The Solution Domain Based in early 1980’s technology
Hindsight is one thing But 30 years of technological innovation is cheating Based on my experiences I was a junior engineer starting my career in process & manufacturing systems

12 Maslow's Hierarchy of Needs
Self Actualization Esteem Love/Belonging Safety Physiological

13 Supervisory Control & Optimization
Control System Design UI Supervisory Control & Optimization Setpoint Control Mechanical Integrity Human Safety In the 1980s – and now Uses a “Distributed Control System” Provides for strong segregation between the layers Early user of networking technology Typically combined Done with a “PLC”

14 PLC: Programmable Logic Controller
In 1980s used “Ladder Logic” graphical programming language Program spec-ed by an engineer – Programmed by an electrician Consider…

15 PLC: Ladder Logic Programmable by an Electrician Pump On
Switch Valve Position Open Pump Programmable by an Electrician

16 All this is Off the Shelf
The Rest of the System Multi-bus system and enclosure Intel 8086 with 8087 coprocessor 512 kilobytes of memory 20 megabyte disk drive: program, logs and audits Mark Williams “C” Compiler Intel iRMX-86 real-time operating system RS-232 and RS-485 serial connections Commercial terminal management software ANSI compatible terminal (e.g. VT-100) All this is Off the Shelf

17 Error Messages Even with something like a VT-100 Green Screen a “windowed” interface is possible Lots of terminal management software was available commercially to handle this PATIENT NAME : JOHN DOE TREATMENT MODE : FIX BEAM TYPE: X ENERGY (MeV): 25 ACTUAL PRESCRIBED UNIT RATE/MINUTE MONITO┌──────────────────────────────────────┐ TIME │ Error 54: │ │ This is a serious error and could │ GANTRY ROT│ compromise patient safety │ VERIFIED COLLIMATOR│ The system must be reset │ VERIFIED COLLIMATOR│ [Enter] │ VERIFIED COLLIMATOR└──────────────────────────────────────┘ VERIFIED WEDGE NUMBER VERIFIED ACCESSORY NUMBER VERIFIED DATE : 84-OCT-26 SYSTEM : BEAM READY OP.MODE: TREAT AUTO TIME : 12: TREAT : TREAT PAUSE X-RAY OPR ID : T25VO2-RO3 REASON : OPERATOR COMMAND: PATIENT NAME : JOHN DOE TREATMENT MODE : FIX BEAM TYPE: X ENERGY (MeV): 25 ACTUAL PRESCRIBED UNIT RATE/MINUTE MONITOR UNITS TIME (MIN) GANTRY ROTATION (DEG) VERIFIED COLLIMATOR ROTATION (DEG) VERIFIED COLLIMATOR X (CM) VERIFIED COLLIMATOR Y (CM) VERIFIED WEDGE NUMBER VERIFIED ACCESSORY NUMBER VERIFIED DATE : 84-OCT-26 SYSTEM : BEAM READY OP.MODE: TREAT AUTO TIME : 12: TREAT : TREAT PAUSE X-RAY OPR ID : T25VO2-RO3 REASON : OPERATOR COMMAND:

18 Final System Design Intel 8086/8087 Running iRMX-86 Programmed in “C”
UI Supervisory Control & Optimization Setpoint Control Mechanical Integrity Human Safety Intel 8086/8087 Running iRMX-86 Programmed in “C” UI Implemented Using Commercial Terminal Manager Software PLC Programmed in Ladder Logic

19 References “Medical Devices – The Therac-25”, Levenson, Nancy. “An Investigation of the Therac-25 Accidents”, Levenson, Nancy and Turner, Clark S., IEEE Computer, Vol. 26, No. 7, July 1993, pp “Fatal Dose - Radiation Deaths linked to AECL Computer Errors”, Rose, Barbara Wade, Saturday Night (magazine), June, “Safety-Critical Computing: Hazards, Practices, Standards, and Regulation”, Jacky, Jonathan, “Therac-25”, Wikipedia

Download ppt "Therac-25 Final Presentation"

Similar presentations

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.

“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure

The Therac-25: A Software Fatal Failure
The Operating System. What is an Operating System? The software which makes it possible for you to use your computer The software which starts up when.

The Operating System. What is an Operating System? The software which makes it possible for you to use your computer The software which starts up when.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.

An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
Can We Trust the Computer? Case Study: The Therac-25 Based on Article in IEEE-Computer, July 1993.

Can We Trust the Computer? Case Study: The Therac-25 Based on Article in IEEE-Computer, July 1993.
Therac-25 Lawsuit for Victims Against the AECL

Therac-25 Lawsuit for Victims Against the AECL
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.

+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.
Software Engineering Disasters

Software Engineering Disasters
Lecture 1: History of Operating System

Lecture 1: History of Operating System
16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.

16/13/2015 3:30 AM6/13/2015 3:30 AM6/13/2015 3:30 AMIntroduction to Software Development What is a computer? A computer system contains: Central Processing.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.

Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.
High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.

High Confidence Medical Device Software and Systems: A programming languages and tools perspective Mark P Jones Department of Computer Science & Electrical.
Introduction To C++ Programming 1.0 Basic C++ Program Structure 2.0 Program Control 3.0 Array And Structures 4.0 Function 5.0 Pointer 6.0 Secure Programming.

Introduction To C++ Programming 1.0 Basic C++ Program Structure 2.0 Program Control 3.0 Array And Structures 4.0 Function 5.0 Pointer 6.0 Secure Programming.
Chapter 1: Introduction To Computer | SCP1103 Programming Technique C | Jumail, FSKSM, UTM, 2005 | Last Updated: July 2005 Slide 1 Introduction To Computers.

Chapter 1: Introduction To Computer | SCP1103 Programming Technique C | Jumail, FSKSM, UTM, 2005 | Last Updated: July 2005 Slide 1 Introduction To Computers.
Lecture 7, part 2: Software Reliability

Lecture 7, part 2: Software Reliability
DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.

DJ Wattam, Han Junyi, C Mongin1 COMP60611 Directed Reading 1: Therac-25 Background – Therac-25 was a new design dual mode machine developed from previous.
Revision Lesson 1 3.3.2: DESIGNING COMPUTER-BASED INFORMATION SYSTEMS.

Revision Lesson : DESIGNING COMPUTER-BASED INFORMATION SYSTEMS.
Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE6361 - Requirements Engineering – Fall 2013.

Death by Software The Therac-25 Radio-Therapy Device Brian MacKay ESE Requirements Engineering – Fall 2013.

Similar presentations

Ads by Google