Therac 25 - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Therac 25

Description:

Medical device capable of producing x-rays or electrons. Accidents occurred between 1985 ... Cryptic 'Malfunction 54' Cause of malfunction typing too quickly ... – PowerPoint PPT presentation

Number of Views:199
Avg rating:3.0/5.0
Slides: 16
Provided by: informat283
Category:
Tags: cryptic | therac

less

Transcript and Presenter's Notes

Title: Therac 25


1
Therac 25
  • (names removed)

2
Introduction
  • Considered some of the most serious computer
    related accidents to date
  • Medical device capable of producing x-rays or
    electrons
  • Accidents occurred between 1985 and 1987
  • Largely unreported

3
Background
  • Developed by AECL
  • Previous machines developed by AECL and CGR
  • Therac 6 - 6 MeV x-ray accelerator
  • Therac 20 - 20 MeV x-ray and electron
    accelerator
  • Based upon earlier CGR machines

4
  • Therac 25 developed by AECL alone after split
    from GCR
  • Designed to use software control only no
    hardware backup
  • Incorporated a radical new concept double pass

5
  • Software reused from Therac 6
  • Routines from Therac 20 used without knowledge of
    quality assurance manager
  • Safety analysis conducted in 1983 with major
    assumptions and apparently excluding the software

6
Problems
  • Original problem concerned tilt detector switch.
  • Problem solved by AECL with other improvements
    made
  • AECL claimed improvements made Therac 25 5 times
    safer

7
  • Software changes advised by Canadian government
  • Number of retries on treatment reduced from five
    to three
  • Independent hardware interlock requested

8
Error Messages
  • System often displayed incorrect error messages,
    so much so that operators began to ignore them
  • Messages often meaningless with no reference
    occurring in user manual

9
Ontario Cancer Foundation, 1985
  • Improper scanning impossible
  • Problems with tilt mechanism
  • No-dose reported not unusual
  • Patient received 13000-17000 rads
  • AECL unable to reproduce error
  • Voluntary recall for modifications

10
East Texas Cancer Centre, 1986
  • AECL claims machine now 10,000,000 safer
  • Patient receives 16500-25000 rads over 1cm3 area
  • Cryptic Malfunction 54
  • Cause of malfunction typing too quickly
  • AECL claims no previous problems

11
Recall
  • FDA forces recall for modifications
  • AECL installs
  • New software to correct errors at previous
    accidents
  • Hardware shutdown circuit
  • Hardware turntable monitor
  • Hardware interlock
  • However they leave a number of systems uncovered

12
  • These include
  • Electron-beam scanning
  • Electron-energy selection
  • Beam shutoff
  • Calibration / Beam steering
  • These were to be fixed in the next revision
    produced by AECL

13
Conclusion
  • Factors that contributed to the Therac 25
    accidents include
  • Overconfidence in the ability of the software
  • Lack of reporting procedures
  • Inadequate testing
  • Unrealistic risk assessments
  • Unsuitable software engineering practices

14
  • The problems that occur in this real-time system
    could occur in any system that has been
    improperly planned and tested.
  • Real-time systems can have an immediate effect on
    the user and thus it is important to adequately
    test ANY real-time application.

15
References
  • Leveson N, 1993, An Investigation of the Therac
    25 accidents, IEEE Computer 26 (7) 18-41
  • Dolce, Therac 25 Case Materials,
    http//www.computingcases.org/case_materials/thera
    c/therac_case_intro.html Online
  • Bowen J, 2000, The ethics of safety-critical
    systems, Communications of the ACM, 43 (4) 91-97
Write a Comment
User Comments (0)
About PowerShow.com