Presentation is loading. Please wait.

Presentation is loading. Please wait.

Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article) http://sunnyday.mit.edu/papers/therac.pdf.

Published byFrancis Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article) http://sunnyday.mit.edu/papers/therac.pdf."— Presentation transcript:

1 Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article)

2 Therac 25

3 Therac 25

4 Therac 25 – Engineering issues
The failure only occurred when a particular nonstandard sequence of keystrokes was entered on the VT-100 terminal which controlled the PDP-11 computer: an "X" to (erroneously) select 25,000 EV mode followed by "cursor up", "E" to (correctly) select 200 EV mode, then "Enter". This sequence of keystrokes was improbable, and so the problem did not occur very often and went unnoticed for a long time. The design did not have any hardware interlocks to prevent the electron-beam from operating in its high-energy mode without the target in place. The engineer had reused software from older models. These models had hardware interlocks that masked their software defects. Those hardware safeties had no way of reporting that they had been triggered, so there was no indication of the existence of faulty software commands. 3

5 Therac 25 – Engineering issues
4. The hardware provided no way for the software to verify that sensors were working correctly (i.e. an open-loop controller). The table-position system was the first implicated in Therac-25's failures; the manufacturer revised it with redundant switches to cross-check their operation. 5. The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly. This was evidently missed during testing, since it took some practice before operators were able to work quickly enough for the problem to occur. Experience led to trouble (not the other way). 6. The software set a flag variable by incrementing it. Occasionally an arithmetic overflow occurred, causing the software to bypass safety checks. 3

6 Therac 25 – Institutional issues
AECL did not have the software code independently reviewed. AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed. These form parts of the general techniques known as reliability modeling and risk management. The system noticed that something was wrong and halted the X-ray beam, but merely displayed the word "MALFUNCTION" followed by a number from 1 to 64. The user manual did not explain or even address the error codes, so the operator pressed the P key to override the warning and proceed anyway. AECL personnel initially did not believe complaints. 4

Download ppt "Therac 25 Nancy Leveson: Medical Devices: The Therac-25 (updated version of IEEE Computer article) http://sunnyday.mit.edu/papers/therac.pdf."

Similar presentations

ES050 – Introductory Engineering Design and Innovation Studio Prof. Ken McIsaac One last word…

ES050 – Introductory Engineering Design and Innovation Studio Prof. Ken McIsaac One last word…
Engineering Diploma Level 2 Unit 7 Application of Maintenance Techniques in Engineering In this unit you will get involved with both maintenance procedures.

Engineering Diploma Level 2 Unit 7 Application of Maintenance Techniques in Engineering In this unit you will get involved with both maintenance procedures.
CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.

CSCI 5230: Project Management Software Reuse Disasters: Therac-25 and Ariane 5 Flight 501 David Sumpter 12/4/2001.
“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.

“An Investigation of the Therac-25 Accidents” by Nancy G. Leveson and Clark S. Turner Catherine Schell CSC 508 October 13, 2004.
The Therac-25: A Software Fatal Failure

The Therac-25: A Software Fatal Failure
EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage: www.mwftr.com/CNE.html.

EECE499 Computers and Nuclear Energy Electrical and Computer Eng Howard University Dr. Charles Kim Fall 2013 Webpage:
In this presentation you will:

In this presentation you will:
Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.

Motherboard, BIOS and POST The external data bus connects devices on the motherboard together. Everything is also connected to the address bus. These busses.
An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.

An Investigation of the Therac-25 Accidents Nancy G. Leveson Clark S. Turner IEEE, 1993 Presented by Jack Kustanowitz April 26, 2005 University of Maryland.
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.

+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas.
© 2004 Cisco Systems, Inc. All rights reserved. Operating and Configuring Cisco IOS Devices Starting a Switch INTRO v2.0—8-1.

© 2004 Cisco Systems, Inc. All rights reserved. Operating and Configuring Cisco IOS Devices Starting a Switch INTRO v2.0—8-1.
Week 5 - Wednesday.  What did we talk about last time?  Attacks on hash functions.

Week 5 - Wednesday.  What did we talk about last time?  Attacks on hash functions.
Reliability and Safety Lessons Learned. Ways to Prevent Problems Good computer systems Good computer systems Good training Good training Accountability.

Reliability and Safety Lessons Learned. Ways to Prevent Problems Good computer systems Good computer systems Good training Good training Accountability.
Motivation Why study Software Engineering ?. What is Engineering ? 2 Engineering (Webster) – The application of scientific and mathematical principles.

Motivation Why study Software Engineering ?. What is Engineering ? 2 Engineering (Webster) – The application of scientific and mathematical principles.
Programming Languages: Design, Specification, and Implementation G22.2210-001 Rob Strom September 7, 2006.

Programming Languages: Design, Specification, and Implementation G Rob Strom September 7, 2006.
A Gift of Fire Third edition Sara Baase

A Gift of Fire Third edition Sara Baase
SWE Introduction to Software Engineering

SWE Introduction to Software Engineering
Page 1 Building Reliable Component-based Systems Chapter 14 - Testing Reusable Software Components in Safety- Critical Real-Time Systems Chapter 14 Testing.

Page 1 Building Reliable Component-based Systems Chapter 14 - Testing Reusable Software Components in Safety- Critical Real-Time Systems Chapter 14 Testing.
Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.

Jacky: “Safety-Critical Computing …” ► Therac-25 illustrated that comp controlled equipment could be less safe. ► Why use computers at all, if satisfactory.
CCNA 2 v3.1 Module 2.

CCNA 2 v3.1 Module 2.

Similar presentations

Ads by Google