therac-25

Therac-25 was a radiation therapy machine produced by Atomic Energy of Canada Limited. It was involved with at least six known accidents between 1985 and 1987, in which patients were given massive overdoses. These accidents highlighted the dangers of software control of safety-critical systems (see computer bug).

Problem description

The machine had two treatment modes:

Direct electron-beam therapy
Soft X-ray therapy

When operating in direct electron-beam therapy mode, a low-powered electron beam was emitted directly from the machine. When operating in soft X-ray mode, a beam flattener (in the turntable of the machine) was to be rotated into the path of the beam and caused to emit (safe amount of) X-rays through the use of a much higher electron-beam current (about 100 times of beam power in electron-beam therapy mode). The accidents occurred when the high-energy electron-beam was activated without the beam flattener having been rotated into place. The very high energy electron-beam directly struck the patients causing the feeling of an intense electric shock and the occurrence of thermal and radiation burns. In some cases, the injured patients died later from radiation poisoning.

Root causes

Researchers who investigated the accidents found several contributing causes. These included the following institutional causes:

The software code was not independently reviewed.
The software design was not documented with enough detail to support reliability modelling.
The system documentation did not adequately explain error codes.
AECL personnel were at first dismissive of complaints.

The researchers also found several engineering issues:

The design did not have any hardware interlocks to prevent the electron-beam from operating in its high-energy mode without the metal X-ray target in place.
Software from older models had been reused without properly considering the hardware differences.
The software assumed that sensors always worked correctly, since there was no way to verify them. (see open loop)
The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly.
Arithmetic overflows could cause the software to bypass safety checks.

These incidents have become a standard case study in the history of computing and medicine.

External links

The Therac-25 Accidents, by Nancy Leveson (the updated version of the IEEE Computer article mentioned below)
An Investigation of the Therac-25 Accidents (IEEE Computer)
Short summary of the Therac-25 Accidents

<< Previous

Word Browser

Next >>

martin short
cristofano malvezzi
spotted sandpiper
kobe tai
fairfax avenue
military technology during world war i
pgh
techniques of knowledge
northpoint communications
university of mary washington
mesothelium

roy harper
motorola 68ec040
joey scarbury
melanie wilkes
redwall
mickie most
clytemnestra sutpen
babbitt
common sense revolution
world snooker championship
arnold o. beckman

bionomics
voice vote
genius: the best of warren zevon
john baldwin
michael hayes
suquamish
anhydride
ethyl eichelberger
first nations of canada
interscope records
albert campion

ricefish
the great antonio
ro negro
catherine schwartz
kitty genovese
free university of berlin
skitgubbe
common sandpiper
zarigani
stonecutters island
eurhythmics

Therac-25

Problem description

Root causes

See also

External links