Therac-25: When Bad Software Kills

The image is from Wikipedia user Ivrienen, picture name: "Dahshur's Snefru curved pyramid".

This is the famous "Bent Pyramid" - a monument to the failure of the project 4,600 years ago. From the bottom, its sides extend upwards at a staggering 54 degree inclination, then suddenly becomes a milder 43 degree inclination about halfway through. It is believed that the design of the pyramid was modified during construction after the catastrophic collapse of the Maidum (another steep pyramid), about 60 kilometers south. Of course, it is hard to blame the ancient pyramid builders. They are actually inventing engineering, not learning it. One thing hasn't changed since then: When structural engineers make mistakes, people get hurt. We cannot be sure, but it seems unlikely that the collapse of the Maidum pyramid has caused no casualties. In contrast, "software engineer" seems to be a relatively easy career in engineering science. A bug may prevent users from accessing their account or entering information, but it certainly won't be life-threatening? No one gets hurt, right? Or that's what we think . The truth is that every year our systems—from electricity to transportation, from agriculture to emergency services—rely rely more and more on us all to create high-quality software to support them. And when we fail—like those ancient Egyptians—people actually get hurt. Surprisingly, as the tragic case of Therac-25 shows us, this is not even a problem in the 21st century. Software can kill people By the late 1970s, Atomic Energy Corporation of Canada (AECL) had gained a good reputation in building radiotherapy machines. These machines use directed electron beams to attack tumors in patients. There is no doubt that these rays are very strong and potentially lethal. AECL has previously achieved great success with its Therac-6 and Therac-20 models. These devices need to be manually controlled by a trained operator and use mechanical switches and hardwired circuits to ensure a high level of safety. Therac-25 will be their "dream machine".

This new machine is smaller and cheaper but more efficient than its predecessor, combining two different beam technologies—X-rays and high-energy electron beams. Different beams allow operators to target tumors at different depths without damaging nearby healthy tissue. Therac-25 is both ambitious and complex—and for the first time all of this hardware is controlled by the software layer. Unfortunately, despite the good intentions of AECL, their software design is terrible, containing a series of horrible design flaws. Later investigations carefully documented these flaws, which still seem chilling to read. In one example, during treatment of a machine, the machine keeps shutting down on its own, reporting a mysterious “H-tilt” and “no dose” error message each time . The confused operator tried six times before giving up treatment. It wasn't until later that the machine actually delivered the full dose each time - it was a catastrophic overdose. From its introduction in 1982 to its withdrawal in 1986, six patients ended up fatal injuries due to Therac-25 treatment. It's especially shocking when you consider that these poor people are already sick. Today, AECL is no longer a company, but a tragic textbook case for all of us about how poorly designed and untested software affects people’s lives. To this day, the Therac-25 tragedy still affects many of our ideas about system design and security testing.

Picture: kmf164

Even if you are a front-end designer and don't consider yourself a "serious engineer", Therac-25 has important lessons. While some of the flaws are caused by poorly coding processes, at least as much damage is caused by insufficient documentation, useless feedback, and incomprehensible error messages. These are areas where everyone – designers, coders, managers, user experience people and testers – should all be influential. Looking back at the ancient Egyptians, it is obvious that they learned from their early mistakes and continued to build some of the most breathtaking buildings ever. Software engineering is still a relatively young field – let’s hope we have built our curved pyramids. Originally published in the SitePoint Design Newsletter on January 29th. Subscribe here.

Frequently Asked Questions about Therac-25

What is the main cause of the Therac-25 accident?

The main cause of the Therac-25 accident is the combination of software errors and insufficient security mechanisms. The software is designed in such a way that it can cover hardware security mechanisms, resulting in the delivery of deadly radiation doses. The lack of independent security checks and relying on software for security features are important contributors.

How many people are affected by the Therac-25 accident?

Six known Therac-25 accidents resulted in patients receiving a large amount of radiation overdose. The accidents resulted in serious injuries and at least three people died. However, the number of affected people may be higher, as some cases may not be reported or identified.

What impact does the Therac-25 accident have on the Therac-25 manufacturer?

Manufacturer Canada Atomic Energy Limited (AECL) faces a huge rebound after the accident. They have been criticized for their slow response, lack of transparency and their failure to take corrective action immediately. These accidents resulted in the loss of trust in the company and had significant legal and economic impacts.

How does Therac-25 accident affect the medical and software industries?

Therac-25 accident has had a profound impact on both the medical and software industries. They highlight the potential dangers of heavily relying on software to perform safety-critical functions. As a result, they lead to stricter review and supervision of medical devices, with greater emphasis on software security and reliability.

What measures have been taken to prevent similar incidents in the future?

In response to the Therac-25 accident, several measures have been taken to improve the safety of medical equipment. These measures include stricter regulations, stricter software testing and verification, and the implementation of independent security systems. These accidents also result in greater emphasis on the training of operators of such equipment.

What are the design flaws of Therac-25?

Therac-25 has several design flaws, including relying on software to perform security functions, lack of independent security checks, and the ability of software to cover hardware security mechanisms. In addition, the user interface does not provide clear and timely feedback, which would have reminded the operator to be aware of the problem.

How was the Therac-25 accident exposed?

Therac-25 accident was exposed after several patients reported symptoms of overexposure after treatment. Investigations of these events show that patients received a large amount of radiation overdose due to the error of the Therac-25 machine.

What lessons have been learned from the Therac-25 accident?

Therac-25 accident highlights the importance of rigorous testing and verification of software, especially in safety-critical systems. They also emphasize the need for independent security checks and clear and timely feedback from the user interface. Furthermore, they demonstrate the potential danger of over-reliance on software to perform security functions.

How is the medical community's reaction to the Therac-25 accident?

The medical community is shocked and worried about the Therac-25 accident. These incidents have resulted in stricter scrutiny of medical devices and greater emphasis on safety. Many hospitals and clinics have reviewed their procedures and implemented additional safety measures to prevent similar incidents.

How does Therac-25 accident affect the formulation of software safety standards?

Therac-25 accidents played an important role in shaping software safety standards. They highlight the need for rigorous testing and verification of software, especially in safety-critical systems. As a result, they lead to stricter software security regulations and standards.

The above is the detailed content of Therac-25: When Bad Software Kills. For more information, please follow other related articles on the PHP Chinese website!