1 / 9

Therac -25

Therac -25. CS4001 Kristin Marsicano. Therac-25 Overv iew. What was the Therac -25? How did it relate to previous models? In what ways was it similar/different? Was the Therac-25 reliable?. Therac-25 Overview.

teigra
Télécharger la présentation

Therac -25

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Therac-25 CS4001 Kristin Marsicano

  2. Therac-25 Overview • What was the Therac-25? • How did it relate to previous models? In what ways was it similar/different? • Was the Therac-25 reliable?

  3. Therac-25 Overview • Linear accelerator used to create high-energy electron beams to treat shallow tumors and x-ray beams to reach deeper tumors • Differed from Therac-6 and Therac-20: • computer was coupled with the system such that the hardware could not function without the computer (e.g. turntable set up) • relied on the computer for safety checks; did not include the hardware safety features of previous models (which allowed for cost savings) • Similar to Therac-6 and Therac-20: • Shared a common code base • Used a computer to augment user

  4. Was Therac-25 reliable?

  5. Was Therac-25 reliable? • Worked tens of thousands of times before overdosing anyone • Over course of 20 months (June 1985-July 1987) it administered massive overdoses to 6 patients, resulting in 3 deaths • Was notorious for displaying non-descript errors that had no negative side-effects (e.g. up to 40 times a day) Do not confuse reliability with safety!

  6. Under what conditions did the lethal doses occur?

  7. Under what conditions did the lethal doses occur? • Fast-typing operators • Race condition between magnet positioning and screen edits • Software relies on positioning of cursor to determine if edits have been made • Change from X-Ray mode to Electron mode made before magnets finish moving; software doesn’t check cursor position until after magnets have stopped • Set button • Race condition between “gun ready” variable, gun positioning, and “Set” button • 0 means gun is ready and will fire; 1-255 means not ready; increments as gun is moving and rolls over as necessary (which means it might be 0 when the gun is not really ready!

  8. What parties were involved? • Patients and their families • AECL (maker of the machine) • Developers • Hospital where machine was used (and the technicians)

  9. AECL Mistakes • Assumed error was only in software • Did not design system to be fail-safe (fail-safe means no single point of failure will lead to catastrophe); instead the Therac-25 relied 100% on the software to ensure safety of the system • Lack of software and hardware devices to detect and communicate an overdoes • Presumed correctness of reused code; assumed there were no errors in the previous code base when indeed there were • Management allowed the software to be developed without adequate documentation (e.g. no user manual for error codes) • Did not communicate fully with its customers with regards to the accidents

More Related