[PRL] Therac-25

Matthias Felleisen matthias at ccs.neu.edu
Mon Dec 27 23:09:40 EST 2004 

Boy, if this is the first time you have heard about this, I officially 
apologize. ARGH!

On Dec 27, 2004, at 10:55 PM, Philippe Meunier wrote:

> I just came across the story of the Therac-25.  It's almost twenty
> years old but it's the first time I've heard of that thing.  As far as
> I can remember it's also the first story I've read where people have
> died as a direct result of software bugs.
>
> http://courses.cs.vt.edu/~cs3604/lib/Therac_25/TheracClass.html
>
> The "Class Notes" give a very brief overview.  There's a link to an
> article ("An Investigation of the Therac-25 Accidents") with much more
> details.  The article is quite long so here are some highlights:
>
>
> "The Kennestone physicist later estimated that she received one or two
> doses of radiation in the 15,000- to 20,000-rad (radiation absorbed
> dose) range. He does not believe her injury could have been caused by
> less than 8,000 rads. Typical single therapeutic doses are in the
> 200-rad range.
> [...]
> The letter goes on to support this opinion by listing two pages of
> technical reasons why an overdose by the Therac-25 was impossible
> [...]
> In a letter from the manufacturer dated 16-Sep-85, it is stated that
> "Analysis of the hazard rate resulting from these modifications
> indicates an improvement of at least five orders of magnitude"! With
> such an improvement in safety (10,000,000 percent) we did not believe
> that there could have been any accelerator malfunction.
> [...]
> Effective immediately, and until further notice, the key used for
> moving the cursor back through the prescription sequence (i.e., cursor
> "UP" inscribed with an upward pointing arrow) must not be used for
> editing or any other purpose.
>
> To avoid accidental use of this key, the key cap must be removed and
> the switch contacts fixed in the open position with electrical tape or
> other insulating material. For assistance with the latter you should
> contact your local AECL service representative.
> [...]
> Unfortunately, the AECL response also seems to point out an apparent
> lack of documentation on software specifications and a software test
> plan.
> [...]
> The software problem for the second Yakima accident is fairly well
> established and different from that implicated in the Tyler accidents.
> [...]
> based upon past history, I am not convinced that there are not other
> software glitches that could result in serious injury
> [...]
> Amazingly, the test data presented to show that the software changes
> to handle the edit problems in the Therac-25 are appropriate prove the
> exact opposite result.
>
> Philippe
>
>
> _______________________________________________
> PRL mailing list
> PRL at lists.ccs.neu.edu
> https://lists.ccs.neu.edu/bin/listinfo/prl

More information about the PRL mailing list