The therac 25 was manufactured by atomic energy of canada limited aecl. In 1982 a machine called therac 25 created by the atomic energy of canada limited aecl appeared in the medical field for cancer treatments, using radiation and xrays. A very advanced machine at the time, the therac 25 made extensive use of computer control to enable the machine to be operated more efficiently and to implement safety checks. Major design flaws in the software development of therac25. The therac25 accidents were fairly unique in having software coding errors involved most computerrelated accidents have not involved coding errors but rather errors in the software requirements such as omissions and mishandled environmental conditions and system states. They relied primarily on hardware for safety controls, whereas the therac 25 relied primarily on software. Oldfashioned hardware finally came to the rescue of the software driven therac 25. Briefly, the therac 25 was a medical radiation therapy machine that was supposed to deliver controlled doses of radiation to cancer patients. Basically, this was a radiationbywire system in which software was used to replace some hardware safety mechanisms. Therac25 case study therac 25 is a radiation therapy machine that was used for treating patients with cancer. An important difference between the therac20 software and the therac25 software is the overall role. It was involved in at least six accidents between 1985 and 1987, in which patients were given massive overdoses of radiation. The therac 25 was much more of a management and engineering failure than a technical problem, though.
A commission attributed the primary cause to general poor software design and development practices rather than singleout specific coding errors. The therac25 was a computercontrolled radiation therapy machine produced by atomic. The field is a licensed discipline in texas in the united states texas board of professional engineers, since 20, engineers australia course accreditation since 2001. In contrast, the pdp 11 front end computer was fully integrated into the therac 25. The therac25 machine was a stateoftheart linear accelerator developed by the company atomic energy canada limited aecl and a french company cgr to provide radiation treatment to cancer patients. Therac 25 and industrial design engineering of sociotechnical systems jan 02, 2017 therac 25 was a radiation therapy machine produced by atomic energy of canada limited aecl and cgr of france after the therac 6 and therac 20 units. Major design flaws in the software development of therac25 randy graebner february 7, 1999 code reuse has long been an accepted practice in software engineering. This video is part of an online course, software testing. Flaws studies of the therac 25 incidents showed that many factors contributed to the injuries. Video created by university of colorado system for the course software design threats and mitigations. Its an interesting question, since youre asking specifically for examples of software engineering failure, which is different than simple software bugs or software failures. Unfortunately, though aecls intentions were good, their software design was tragically bad, incorporating a series of horrendous design flaws.
The therac25 was a computercontrolled radiation therapy machine produced by atomic energy of canada limited in 1982 after the therac6 and therac20 units. It was the third radiation therapy machine by the company, preceded by the therac 6 and therac 20. Learn vocabulary, terms, and more with flashcards, games, and other study tools. Between june 1985 and january 1987, the therac 25 medical electron accelerator was involved in six massive radiation overdoses.
Software engineering is a challenging career because of the inherent problems of software as well as the rate of change in computing technologies, and the ever broadening range of applications. The sidebars provide details about the machines design and controlling software, important in understanding the accidents. What are the worst cases of software engineering failure. Using software instead would in theory reduce complexity, and reduce manufacturing costs. For more information on permissions to use this material please see.
Aecl produced the first hardwired prototype of the therac25 in 1976, and the completely computerized commercial version was available in late 1982. The therac25 incident involved what has been called one of the worst computer bugs in history lynch 2017, though it was largely a matter of overall design. Six accidents resulting in death and serious injury worst in 35year history previous theracs used hardware safety mechanisms. Software engineering professionalism is a movement to make software engineering a profession, with aspects such as degree and certification programs, professional associations, professional ethics, and government licensing. Some hardware interlocks on the therac 20 were replaced with software controls on the therac 25. The therac 25 was a medical radiation machine used to diagnose and treat cancer. The therac25 was built by the atomic energy of canada limited and a french company called cgr. In the therac 20 the pdp 11 minicomputer was an optional addon. The therac25 case study ao software engineering mostly. Overconfidence in the ability of software to ensure the safety of the therac.
One programmer, over several years, revised the therac6 software into the therac25 software aecl has not released any information about the programmer or his credentials. The therac25 was both ambitious and sophisticated and for the first time all this hardware was controlled by a software layer. The therac25 was the most computerized and sophisticated radiation therapy machine of its time. While the immediate cause of the deaths was a race condition in the software, it was only capable of causing harm because the hardware safety mechanism had been removed as a costsaving measure, without proper verification that the software was capable of doing the same job. According to a letter from aecl to the fda, the program structure and certain. While this is a serious failure, im not sure its fair to say that this is a great example of an ethical dilemma. Although these stories are more extreme than most software bugs engineers will encounter during their careers, they are worth studying for the. When i was a student of computer science, more than 17 years ago.
David judd and his team at yakima waited until after the aecl engineering team had installed the full set of safety armour on their therac 25 early that fall. A detailed investigation of the factors involved in the software related overdoses and attempts by users, manufacturers, and government agencies to deal with the accidents is presented. Therac 25 is the standard bachelors level ethics and software engineering case studies in florida at least. Therac25 software development and design in march 1983, aecl performed a safety analysis on the therac25. Therac 25 operators cannot be blamed because they followed standard procedures, and the information displayed. The previous product to the therac 25 was the therac. This machine was an improvement of the therac 20 and cost approximately 1 million dollars. The therac 25 accidents are associated with the nonuse or misuse of numerous system engineering practices, especially system verification and validation, risk management, and assessment and control. Fatal dose radiation deaths linked to aecl computer. Software engineering university of texas at austin. Hardware inter locks to prevent accidental overdoses remained in place. When problems started occurring, it was assumed that hardware had caused them, and the investigation looked only at the hardware.
The major innovations of therac25 were the double pass accelerator allowing a more powerful accelerator to be fitted into a small space, at less cost and. The first mode consisted of an electron beam of 200 rads that was aimed at the patient directly. Between june 1985 and january 1987, the therac25 medical electron accelerator was involved in six massive radiation overdoses. It was an important lesson not only for fda, but for all industrial safetycritical systems. Therac 25 ethics case study by ken enstrom on prezi previous models had hardware interlocks to prevent such faults, but the therac had removed them, depending instead on software checks for safety. Preceding models used separate circuits to monitor radiation intensity, and hardware interlocks to ensure that spreading magnets were correctly positioned. Therac25 software development and design we know that the software for the therae was devet aecl claims proprietary rights to its software design. Since the therac25 events, the fda has changed their attitude to many of the issues involving safetycritical systems and moved to improve the reporting system and to augment their procedures and guidelines to include software. As a result, several people died and others were seriously injured.
Consider the therac 25 failure, in which several deaths occurred because of a software engineering failure. Because of concurrent programming errors, it sometimes gave its patients radiation doses that were hundreds of times greater than normal, resulting in death or serious injury. The first safety analysis on the therac25 did not include software although nearly full responsibility for safety rested on it. For the worst case, i would still go with a famous bug the therac 25. The therac 25 was a computerised medical technology radiation therapy machine produced by atomic energy of canada limited aecl in 1982. Therac 25 background medical linear accelerator developed by atomic energy of canada, ltd. Oec an investigation of the therac25 accidents abstract. The therac25s software was developed from the therac20s software, which was developed from the therac6s software.
The authors also present some lessons learned in terms of system engineering, software engineering, and government regulation of safetycritical. An investigation of the therac25 accidents computer. The quality assurance manager was apparently unaware that some therac 20 routines were also used in the therac 25. For decades, programmers have been finding ways to cut corners by incorporating old code into the system they are currently creating. The software evolved from the therac6 software, which was started in 1972. Therac25 and industrial design engineering of socio. This is an educational video produced under supervision of dr. When problems started occurring, it was assumed that hardware had caused them, and. A history of the introduction and shut down of therac25. The therac 25 was built by the atomic energy of canada limited and a french company called cgr. Fatal dose radiation deaths linked to aecl computer errors. First, like the therac 6 and the therac 20, the therac 25 is controlled by a pdp 11. An investigation of the therac25 accidents stanford university. Mohammed elramly faculty of computers and information cairo university specifies with software engineering i course.
A related tendency among engineers is to ignore software. The therac 6 and therac 20 were clinically tested machines with an excellent safety record. Therac25 relied on software controls to switch between modes, rather than physical hardware. Between 1985 and 1987, it was involved in at least six patients deaths due to incorrect radiation doses because of computer software related failure. When it came time to design the therac25, aecl decided to go with computer control only. This is an abstract of a 1993 article from ieee computer about the therac 25 computerized radiation therapy machine and its software flaws, which caused massive overdoses to patients. An important difference between the therac20 software and the therac25 software is the overall role that each plays in the machine. These two companies had collaborated since the early 1970s in building linear accelerators for medical applications. The therac 25 is a dualmode machine that can generate an electron beam, to cure cancer in patients.
1004 377 1554 49 1416 464 1403 58 1348 775 455 1082 846 1180 537 31 1483 1348 381 1318 396 251 1436 720 796 1522 1420 610 55 327 220 631 428 1287 225 637 649 41 408 634