SlideShare a Scribd company logo

SYSM6309_Therac-25_Software Fatal Failure.pptx

Download as PPTX, PDF
C
chandramouli kasina

SYSM6309_Therac-25_Software

Engineering
1 of 16
+ THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas
+ What is the Therac-25 The Therac-25 was a medical linear accelerator, used to treat cancer patients to remove tumors.
+Background Information  Early1970’s, AECL (Atomic Energy of Canada Limited)and a French Company (CGR) collaborate to build Medical Linear Accelerators (linacs).  They develop Therac-6, and Therac-20.  AECL and CGR end their working relationship in 1981.  In 1976, AECL develops the revolutionary "double pass" accelerator which leads to the development of Therac-25.  In March, 1983, AECL performs a safety analysis of Therac-25 which apparently excludes an analysis of software.
+ Background info …  July 29,1983, the Canadian Consulate General announces the introduction of the new "Therac 25" Machine manufactured by AECL Medical, a division of Atomic Energy of Canada Limited.  Medical linear accelerators (linacs) known generally as “Therac-25”.
+ How Therac-25 works: Generating an Electron Beam  Linear accelerator works just like the computer monitor  The electrons are accelerated by the gun in the back of the monitor and directed at the inside of the screen  A medical linear accelerator produces a beam of electrons about 1,000 times more powerful than the standard computer monitor  Medical linear accelerators accelerate electrons to create high- energy beams that can destroy tumors with minimal impact on surrounding healthy tissue  The Therac-25 is designed to fold beam back and forth in order to produce long acceleration to fit into smaller space
+ Getting the Beam into the Body  Shallow tissue is treated with accelerated electrons Scanning magnets placed in the way of the beam; the spread of the beam (and thus its power) could be controlled by a magnetic fields generated by these magnets  Deeper tissue is treated with X-ray photons The X-ray beam is flattened by a device in the machine to direct the appropriate intensity to the patient.  Beams kill (or retard the growth of) the cancerous tissues
+ Accident with Therac-25  At East Texas Cancer Center in Tyler, Texas, a patient complains of a bright flash of light, heard a frying, buzzing sound, and felt a thump and heat like an electric shock.  This indicates radiation overdose by Therac-25 machines after cancer treatment session  A few days after the unit was put back into operation, another patient complained that his face felt like it was on fire.  Another potential overdose of radiation beam by Therac-25.  Both patients died after 4months and 3 weeks respectively due to administered overdose of radiation
+ Accidents with Therac-25 … contd  At Yakima Valley, Washington in January 1987, another incident of overdose with Therac-25 occurred  Performed two film exposures  Patient developed severe striped burns after treatments, an indication of overdose  Patient died in April as a result
+Reasons for the cause of the accidents At Texas facility;  Operator selected x-rays by mistake, used cursor keys to change to electrons  Machine tripped with “Malfunction 54”  – Documentation explains this is “dose input 2” error  Operator saw “beam ready” proceeded; machine tripped again At Washington facility;  Operator used hand controls to rotate table to field-light position & check alignment  Operator set machine but forgot to remove film  Operator turned beam on, machine showed no dose and displayed fleeting message  Operator proceeded from pause; After another machine pause, operator reentered room
+ Accidents Race Condition Source: http://www.cs.jhu.edu
+ Root Cause Analysis of the Accidents  Software code was not independently reviewed.  AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed. – No proper risk assessment followed.  The system noticed that something was wrong and halted the X-ray beam, but merely displayed the word "MALFUNCTION" followed by a number from 1 to 64. The user manual did not explain or even address the error codes, so the operator pressed the P key to override the warning and proceed anyway.  AECL personnel, as well as machine operators, initially did not believe complaints. This was likely due to overconfidence  AECL had never tested the Therac-25 with the combination of software and hardware until it was assembled at the hospital.  The problem was a race condition produced by a flaw in the software programming.  Management inadequacies and lack of procedures for following through on all reported incident.  The engineer had reused software from older models. These models had hardware interlocks that masked their software defects
+ Requirements Issues  Error messages provided by Therac-25 monitor are not helpful to operators  Machine pauses treatment but does not indicate reason why  The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly.  Software is required to monitor several activities simultaneously in real time  Interaction with operator  Monitoring input and editing changes from an operator  Updating the screen to show the current status of machine  There were no independent checks that the software was operating correctly (verification)
+ Requirements Issues … contd  Traceability matrix: ways to get information about errors, i.e., software audit trails should be designed into the software from the beginning.  The software should be subjected to extensive testing and formal analysis at the module and software level.  System testing alone is not adequate; verification would be very valuable.  Involve users at all phases of product development
+ Corrective Action Plan Documentation should not be an afterthought. Software quality assurance practices and standards should be established. Designs should be kept simple and ensure user-friendly interfaces
+ Lessons  Complacency  Assumption that problem was understood without adequate evidence  Sole reliance on software for safety  Systems engineering practices need proper coordination
+ References  The Therac-25 Accidents (PDF), by Nancy G. Leveson (the 1995 update of the IEEE Computer article)  http://en.wikipedia.org/wiki/Therac-25  Jacky, Johathan. "Programmed for Disaster." The Sciences 29 (1989) : 22-27.  Leveson, Nancy G., and Clark S. Turner. "An Investigation of the Therac-25 Accidents." Computer July 1993 : 18-41.

Recommended

The following Systems Engineering case study to research and study.docx
The following Systems Engineering case study to research and study.docxThe following Systems Engineering case study to research and study.docx
The following Systems Engineering case study to research and study.docxarnoldmeredith47041
 
THERAC
THERACTHERAC
THERACsafni
 
Testing safety critical control systems
Testing safety critical control systemsTesting safety critical control systems
Testing safety critical control systemsyvjadi123
 
Development of software calculation for radiation leak according to ISO IEC 6...
Development of software calculation for radiation leak according to ISO IEC 6...Development of software calculation for radiation leak according to ISO IEC 6...
Development of software calculation for radiation leak according to ISO IEC 6...Nilson Lima
 
Ludlum Presentation
Ludlum PresentationLudlum Presentation
Ludlum PresentationMatthew Kaminski
 
Blackout Task Force Highlights SCADA System Woes
Blackout Task Force Highlights SCADA System WoesBlackout Task Force Highlights SCADA System Woes
Blackout Task Force Highlights SCADA System WoesARC Advisory Group
 
A new remote monitoring device to track magnetic resonance imaging machine co...
A new remote monitoring device to track magnetic resonance imaging machine co...A new remote monitoring device to track magnetic resonance imaging machine co...
A new remote monitoring device to track magnetic resonance imaging machine co...nooriasukmaningtyas
 
RCFA Success of Root Cause Failure Analysis
RCFA Success of Root Cause Failure AnalysisRCFA Success of Root Cause Failure Analysis
RCFA Success of Root Cause Failure AnalysisAbdulrahman Alkhowaiter
 

Recommended

The following Systems Engineering case study to research and study.docx
The following Systems Engineering case study to research and study.docxThe following Systems Engineering case study to research and study.docx
The following Systems Engineering case study to research and study.docxarnoldmeredith47041
 
THERAC
THERACTHERAC
THERACsafni
 
Testing safety critical control systems
Testing safety critical control systemsTesting safety critical control systems
Testing safety critical control systemsyvjadi123
 
Development of software calculation for radiation leak according to ISO IEC 6...
Development of software calculation for radiation leak according to ISO IEC 6...Development of software calculation for radiation leak according to ISO IEC 6...
Development of software calculation for radiation leak according to ISO IEC 6...Nilson Lima
 
Ludlum Presentation
Ludlum PresentationLudlum Presentation
Ludlum PresentationMatthew Kaminski
 
Blackout Task Force Highlights SCADA System Woes
Blackout Task Force Highlights SCADA System WoesBlackout Task Force Highlights SCADA System Woes
Blackout Task Force Highlights SCADA System WoesARC Advisory Group
 
A new remote monitoring device to track magnetic resonance imaging machine co...
A new remote monitoring device to track magnetic resonance imaging machine co...A new remote monitoring device to track magnetic resonance imaging machine co...
A new remote monitoring device to track magnetic resonance imaging machine co...nooriasukmaningtyas
 
RCFA Success of Root Cause Failure Analysis
RCFA Success of Root Cause Failure AnalysisRCFA Success of Root Cause Failure Analysis
RCFA Success of Root Cause Failure AnalysisAbdulrahman Alkhowaiter
 
Functional safety by FMEA/FTA
Functional safety by FMEA/FTAFunctional safety by FMEA/FTA
Functional safety by FMEA/FTAmehmor
 
State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014Charlotte Qin
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Healthulmedical
 
Sqa l01 1
Sqa l01 1Sqa l01 1
Sqa l01 1Seema Shah
 
Before and After Power Conditioner
Before and After Power ConditionerBefore and After Power Conditioner
Before and After Power ConditionerMichael Lackovich LSSGB
 
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest PresentationUniversity of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentationflukecontests
 
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...Power System Operation
 
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...Sheikh R Manihar Ahmed
 
Calibrating the Measuring Chain
Calibrating the Measuring ChainCalibrating the Measuring Chain
Calibrating the Measuring ChainTacuna Systems
 
008_23035research061214_49_55
008_23035research061214_49_55008_23035research061214_49_55
008_23035research061214_49_55mehdi nakhzari moghadam
 
Management of Power System Dynamic Security
Management of Power System Dynamic Security Management of Power System Dynamic Security
Management of Power System Dynamic Security Power System Operation
 
1970
19701970
1970SEYİR AKADEMİ
 
Annunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature ControlAnnunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature ControlIOSR Journals
 
Electrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICORElectrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICORTicorsoftware
 
Calibration & Testing of Electronic Meters
Calibration & Testing of Electronic MetersCalibration & Testing of Electronic Meters
Calibration & Testing of Electronic MetersSnehpal Singh
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition managementARC Advisory Group
 
Transformer
TransformerTransformer
Transformervicky1430
 
IRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs DeviceIRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs DeviceIRJET Journal
 
Safety System Modularity
Safety System ModularitySafety System Modularity
Safety System ModularityFasiul Alam
 
Nidec asi service infrared termography
Nidec asi service infrared termographyNidec asi service infrared termography
Nidec asi service infrared termographyNidec Corporation
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 

More Related Content

Similar to SYSM6309_Therac-25_Software Fatal Failure.pptx

Functional safety by FMEA/FTA
Functional safety by FMEA/FTAFunctional safety by FMEA/FTA
Functional safety by FMEA/FTAmehmor
 
State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014Charlotte Qin
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Healthulmedical
 
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest PresentationUniversity of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentationflukecontests
 
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...Power System Operation
 
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...Sheikh R Manihar Ahmed
 
Calibrating the Measuring Chain
Calibrating the Measuring ChainCalibrating the Measuring Chain
Calibrating the Measuring ChainTacuna Systems
 
Management of Power System Dynamic Security
Management of Power System Dynamic Security Management of Power System Dynamic Security
Management of Power System Dynamic Security Power System Operation
 
Annunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature ControlAnnunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature ControlIOSR Journals
 
Electrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICORElectrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICORTicorsoftware
 
Calibration & Testing of Electronic Meters
Calibration & Testing of Electronic MetersCalibration & Testing of Electronic Meters
Calibration & Testing of Electronic MetersSnehpal Singh
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition managementARC Advisory Group
 
IRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs DeviceIRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs DeviceIRJET Journal
 
Safety System Modularity
Safety System ModularitySafety System Modularity
Safety System ModularityFasiul Alam
 
Nidec asi service infrared termography
Nidec asi service infrared termographyNidec asi service infrared termography
Nidec asi service infrared termographyNidec Corporation
 

Similar to SYSM6309_Therac-25_Software Fatal Failure.pptx (20)

Functional safety by FMEA/FTA
Functional safety by FMEA/FTAFunctional safety by FMEA/FTA
Functional safety by FMEA/FTA
 
State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014State_Machine_Documentation_ CharlotteQin_Summer2014
State_Machine_Documentation_ CharlotteQin_Summer2014
 
eHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile HealtheHealth - Medical Systems Interoperability & Mobile Health
eHealth - Medical Systems Interoperability & Mobile Health
 
Sqa l01 1
Sqa l01 1Sqa l01 1
Sqa l01 1
 
Before and After Power Conditioner
Before and After Power ConditionerBefore and After Power Conditioner
Before and After Power Conditioner
 
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest PresentationUniversity of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
University of Kentucky Solar Car Team Fluke Connect Student Contest Presentation
 
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
REAL-TIME APPLICATIONS OF PHASOR MEASUREMENT UNITS (PMU) FOR VISUALIZATION, ...
 
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
FAULT DETECTION AND DIAGNOSIS OF INDUCTION MACHINE WITH ON-LINE PARAMETER PR...
 
Calibrating the Measuring Chain
Calibrating the Measuring ChainCalibrating the Measuring Chain
Calibrating the Measuring Chain
 
008_23035research061214_49_55
008_23035research061214_49_55008_23035research061214_49_55
008_23035research061214_49_55
 
Management of Power System Dynamic Security
Management of Power System Dynamic Security Management of Power System Dynamic Security
Management of Power System Dynamic Security
 
1970
19701970
1970
 
Annunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature ControlAnnunciator for Hazard Prevention & Temperature Control
Annunciator for Hazard Prevention & Temperature Control
 
Electrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICORElectrical Thermal Imaging Report TICOR
Electrical Thermal Imaging Report TICOR
 
Calibration & Testing of Electronic Meters
Calibration & Testing of Electronic MetersCalibration & Testing of Electronic Meters
Calibration & Testing of Electronic Meters
 
Power blackout a case for critical condition management
Power blackout a case for critical condition managementPower blackout a case for critical condition management
Power blackout a case for critical condition management
 
Transformer
TransformerTransformer
Transformer
 
IRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs DeviceIRJET- Location Identification for FACTs Device
IRJET- Location Identification for FACTs Device
 
Safety System Modularity
Safety System ModularitySafety System Modularity
Safety System Modularity
 
Nidec asi service infrared termography
Nidec asi service infrared termographyNidec asi service infrared termography
Nidec asi service infrared termography
 

Recently uploaded

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZTE
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLDeelipZope
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineeringmalavadedarshan25
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxDeepakSakkari2
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 

Recently uploaded (20)

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
ZXCTN 5804 / ZTE PTN / ZTE POTN / ZTE 5804 PTN / ZTE POTN 5804 ( 100/200 GE Z...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
Current Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCLCurrent Transformer Drawing and GTP for MSETCL
Current Transformer Drawing and GTP for MSETCL
 
Internship report on mechanical engineering
Internship report on mechanical engineeringInternship report on mechanical engineering
Internship report on mechanical engineering
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Biology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptxBiology for Computer Engineers Course Handout.pptx
Biology for Computer Engineers Course Handout.pptx
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 

SYSM6309_Therac-25_Software Fatal Failure.pptx

  • 1. + THE THERAC-25 - A SOFTWARE FATAL FAILURE Kpea, Aagbara Saturday SYSM 6309 Spring ’12 UT-Dallas
  • 2. + What is the Therac-25 The Therac-25 was a medical linear accelerator, used to treat cancer patients to remove tumors.
  • 3. +Background Information  Early1970’s, AECL (Atomic Energy of Canada Limited)and a French Company (CGR) collaborate to build Medical Linear Accelerators (linacs).  They develop Therac-6, and Therac-20.  AECL and CGR end their working relationship in 1981.  In 1976, AECL develops the revolutionary "double pass" accelerator which leads to the development of Therac-25.  In March, 1983, AECL performs a safety analysis of Therac-25 which apparently excludes an analysis of software.
  • 4. + Background info …  July 29,1983, the Canadian Consulate General announces the introduction of the new "Therac 25" Machine manufactured by AECL Medical, a division of Atomic Energy of Canada Limited.  Medical linear accelerators (linacs) known generally as “Therac-25”.
  • 5. + How Therac-25 works: Generating an Electron Beam  Linear accelerator works just like the computer monitor  The electrons are accelerated by the gun in the back of the monitor and directed at the inside of the screen  A medical linear accelerator produces a beam of electrons about 1,000 times more powerful than the standard computer monitor  Medical linear accelerators accelerate electrons to create high- energy beams that can destroy tumors with minimal impact on surrounding healthy tissue  The Therac-25 is designed to fold beam back and forth in order to produce long acceleration to fit into smaller space
  • 6. + Getting the Beam into the Body  Shallow tissue is treated with accelerated electrons Scanning magnets placed in the way of the beam; the spread of the beam (and thus its power) could be controlled by a magnetic fields generated by these magnets  Deeper tissue is treated with X-ray photons The X-ray beam is flattened by a device in the machine to direct the appropriate intensity to the patient.  Beams kill (or retard the growth of) the cancerous tissues
  • 7. + Accident with Therac-25  At East Texas Cancer Center in Tyler, Texas, a patient complains of a bright flash of light, heard a frying, buzzing sound, and felt a thump and heat like an electric shock.  This indicates radiation overdose by Therac-25 machines after cancer treatment session  A few days after the unit was put back into operation, another patient complained that his face felt like it was on fire.  Another potential overdose of radiation beam by Therac-25.  Both patients died after 4months and 3 weeks respectively due to administered overdose of radiation
  • 8. + Accidents with Therac-25 … contd  At Yakima Valley, Washington in January 1987, another incident of overdose with Therac-25 occurred  Performed two film exposures  Patient developed severe striped burns after treatments, an indication of overdose  Patient died in April as a result
  • 9. +Reasons for the cause of the accidents At Texas facility;  Operator selected x-rays by mistake, used cursor keys to change to electrons  Machine tripped with “Malfunction 54”  – Documentation explains this is “dose input 2” error  Operator saw “beam ready” proceeded; machine tripped again At Washington facility;  Operator used hand controls to rotate table to field-light position & check alignment  Operator set machine but forgot to remove film  Operator turned beam on, machine showed no dose and displayed fleeting message  Operator proceeded from pause; After another machine pause, operator reentered room
  • 10. + Accidents Race Condition Source: http://www.cs.jhu.edu
  • 11. + Root Cause Analysis of the Accidents  Software code was not independently reviewed.  AECL did not consider the design of the software during its assessment of how the machine might produce the desired results and what failure modes existed. – No proper risk assessment followed.  The system noticed that something was wrong and halted the X-ray beam, but merely displayed the word "MALFUNCTION" followed by a number from 1 to 64. The user manual did not explain or even address the error codes, so the operator pressed the P key to override the warning and proceed anyway.  AECL personnel, as well as machine operators, initially did not believe complaints. This was likely due to overconfidence  AECL had never tested the Therac-25 with the combination of software and hardware until it was assembled at the hospital.  The problem was a race condition produced by a flaw in the software programming.  Management inadequacies and lack of procedures for following through on all reported incident.  The engineer had reused software from older models. These models had hardware interlocks that masked their software defects
  • 12. + Requirements Issues  Error messages provided by Therac-25 monitor are not helpful to operators  Machine pauses treatment but does not indicate reason why  The equipment control task did not properly synchronize with the operator interface task, so that race conditions occurred if the operator changed the setup too quickly.  Software is required to monitor several activities simultaneously in real time  Interaction with operator  Monitoring input and editing changes from an operator  Updating the screen to show the current status of machine  There were no independent checks that the software was operating correctly (verification)
  • 13. + Requirements Issues … contd  Traceability matrix: ways to get information about errors, i.e., software audit trails should be designed into the software from the beginning.  The software should be subjected to extensive testing and formal analysis at the module and software level.  System testing alone is not adequate; verification would be very valuable.  Involve users at all phases of product development
  • 14. + Corrective Action Plan Documentation should not be an afterthought. Software quality assurance practices and standards should be established. Designs should be kept simple and ensure user-friendly interfaces
  • 15. + Lessons  Complacency  Assumption that problem was understood without adequate evidence  Sole reliance on software for safety  Systems engineering practices need proper coordination
  • 16. + References  The Therac-25 Accidents (PDF), by Nancy G. Leveson (the 1995 update of the IEEE Computer article)  http://en.wikipedia.org/wiki/Therac-25  Jacky, Johathan. "Programmed for Disaster." The Sciences 29 (1989) : 22-27.  Leveson, Nancy G., and Clark S. Turner. "An Investigation of the Therac-25 Accidents." Computer July 1993 : 18-41.