therac 25 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
THERAC 25 PowerPoint Presentation
Download Presentation
THERAC 25

Loading in 2 Seconds...

play fullscreen
1 / 14

THERAC 25

4 Vues Download Presentation
Télécharger la présentation

THERAC 25

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. THERAC 25 EE 585 : FAULT TOLERANT COMPUTING SYSTEMS B.RAM MOHAN EE 585 : CASE STUDY

  2. Background The most serious computer related accidents to date. Therac 25 was a medical linear accelerator , a linac developed by Atomic Energy Of Canada Ltd(AECL). Therac 25 was a radio therapy machine used to destroy tumors using high energy beams. 11 Therac 25s were installed - 5 in US , 6 in Canada. EE 585 : CASE STUDY

  3. Background(Contd..) Therac 25 was derived from its previous version Therac 6 and Therac 20. Differences from Therac 20 - Uses double pass technique which is absent in previous versions - Software is responsible for safety - Hardware safety interlocks removed - Less space and economic EE 585 : CASE STUDY

  4. Modes Of Operation EE 585 : CASE STUDY

  5. Set Up Of The Machine EE 585 : CASE STUDY

  6. General Layout EE 585 : CASE STUDY

  7. Therac-25 Turntable Field Light Mirror Counterweight Beam Flattener (X-ray Mode) Turntable Scan Magnet (Electron Mode) EE 585 : CASE STUDY

  8. Accidents 3 June 1985 – patient at Marietta GA received overdose 26 July 1985 – Hamilton ONT patient severely burned , died November 1985 December 1985 – patient in Yakima Wa receives overdose 21 March 1986 - Tyler TX accident 11 April 1986 – 2nd Tyler TX accident 17 January 1987 - Second Yakima WA Accident EE 585 : CASE STUDY

  9. Responses 3 JUNE 1985 MARIETTA GA not recognised as overdose until after tyler incident 26 JULY 1985 HAMILTON ONT operator overdose no dose indications not suspected of overdose until patient returned suspected microswitch malfunction-fixed DECEMBER 1985 YAKIMA WA not ascribed to overdose until second incident 21 MARCH 1986 TYLER TX malfunction 54 – operator override – “electrical surge” 11 APRIL1986 TYLER TX thought to be editing error – up arrow key disabled 17 JANUARY 1987 YAKIMA WA all systems shutdown – complete investigation and rework EE 585 : CASE STUDY

  10. Why? The turntable was in the wrong position. Patients were receiving x-rays without beam-scattering. No hardware safety interlocks Non descriptive error messages User override able error modes Software designed by only one person EE 585 : CASE STUDY

  11. Cost of the Bug To users (patients): Four deaths, two other serious injuries. To developers (AECL): One lawsuit Settled out of court Time/money to investigate and fix the bugs To product owners (11 hospitals): System downtime EE 585 : CASE STUDY

  12. Corrective Action Plan Numerous hardware and software changes All interruptions related to dosimetry not continuable independent hardware & software shutdowns potentiometer on turntable hardware interlocks “dead man switch” motion enable Fix documentation, messages, & user manuals EE 585 : CASE STUDY

  13. Lessons Learned For complex interrupt-driven software ,timing is of critical importance Not to remove standard hardware interlocks when adding computer control Revalidate reused software Not to overrely on software EE 585 : CASE STUDY

  14. References An investigation of the Therac-25 Accidents Nancy Leveson Clark S.Turner www.bowdoin.edu/~allen/courses/cs260/readings/therac.pdf - EE 585 : CASE STUDY