Java Reference
In-Depth Information
322
R
ANDOM
F
ACT
7.2: The Therac-25 Incidents
The Therac-25 is a computerized device to deliver radiation treatment to cancer
patients (see Typical Therac-25 Facility). Between June 1985 and January 1987,
several of these machines delivered serious overdoses to at least six patients,
killing some of them and seriously maiming the others.
The machines were controlled by a computer program. Bugs in the program were
directly responsible for the overdoses. According to Leveson and Turner [
4
], the
program was written by a single programmer, who had since left the
manufacturing company producing the device and could not be located. None of
the company employees interviewed could say anything about the educational
level or qualifications of the programmer.
The investigation by the federal Food and Drug Administration (FDA) found that
the program was poorly documented and that there was neither a specification
document nor a formal test plan. (This should make you think. Do you have a
formal test plan for your programs?)
The overdoses were caused by an amateurish design of the software that had to
control different devices concurrently, namely the keyboard, the display, the
printer, and of course the radiation device itself. Synchronization and data sharing
between the tasks were done in an ad hoc way, even though safe multitasking
techniques were known at the time. Had the programmer enjoyed a formal
education that involved these techniques, or taken the effort to study the literature,
a safer machine could have been built. Such a machine would have probably
involved a commercial multitasking system, which might have required a more
expensive computer.
The same flaws were present in the software controlling the predecessor model,
the Therac-20, but that machine had hardware interlocks that mechanically
prevented overdoses.
