THERAC 25

1
THERAC 25

• EE 585 FAULT TOLERANT COMPUTING SYSTEMS
• B.RAM MOHAN

2
Background

• The most serious computer related accidents to
  date.
• Therac 25 was a medical linear accelerator , a
  linac developed by Atomic Energy Of Canada
  Ltd(AECL).
• Therac 25 was a radio therapy machine used to
  destroy tumors using high energy beams.
• 11 Therac 25s were installed
• - 5 in US , 6 in Canada.

3
Background(Contd..)

• Therac 25 was derived from its previous version
  Therac 6 and Therac 20.
• Differences from Therac 20
• - Uses double pass technique which is absent
  in previous versions
• - Software is responsible for safety
• - Hardware safety interlocks removed
• - Less space and economic

4
Modes Of Operation
5
Set Up Of The Machine
6
General Layout
7
Therac-25 Turntable
Field Light Mirror
Counterweight
Beam Flattener (X-ray Mode)
Turntable
Scan Magnet (Electron Mode)
8
Accidents

• 3 June 1985 patient at Marietta GA
  received overdose
• 26 July 1985 Hamilton ONT patient
  severely burned , died November 1985
• December 1985 patient in Yakima Wa
  receives overdose
• 21 March 1986 - Tyler TX accident
• 11 April 1986 2nd Tyler TX accident
• 17 January 1987 - Second Yakima WA Accident

9
Responses

• 3 JUNE 1985 MARIETTA GA
• not recognised as overdose until after
  tyler incident
• 26 JULY 1985 HAMILTON ONT
• operator overdose no dose indications
• not suspected of overdose until patient
  returned
• suspected microswitch malfunction-fixed
• DECEMBER 1985 YAKIMA WA
• not ascribed to overdose until second
  incident
• 21 MARCH 1986 TYLER TX
• malfunction 54 operator override
  electrical surge
• 11 APRIL1986 TYLER TX
• thought to be editing error up arrow
  key disabled
• 17 JANUARY 1987 YAKIMA WA
• all systems shutdown complete
  investigation and rework

10
Why?

• The turntable was in the wrong position.
• Patients were receiving x-rays without
  beam-scattering.
• No hardware safety interlocks
• Non descriptive error messages
• User override able error modes
• Software designed by only one person

11
Cost of the Bug

• To users (patients)
• Four deaths, two other serious injuries.
• To developers (AECL)
• One lawsuit
• Settled out of court
• Time/money to investigate and fix the bugs
• To product owners (11 hospitals)
• System downtime

12
Corrective Action Plan

• Numerous hardware and software changes
• All interruptions related to dosimetry not
• continuable
• independent hardware software shutdowns
• potentiometer on turntable
• hardware interlocks
• dead man switch motion enable
• Fix documentation, messages, user manuals

13
Lessons Learned

• For complex interrupt-driven software ,timing is
  of critical importance
• Not to remove standard hardware interlocks when
  adding computer control
• Revalidate reused software
• Not to overrely on software

14
References

• An investigation of the Therac-25 Accidents
• Nancy Leveson
• Clark S.Turner
• www.bowdoin.edu/allen/courses/cs260/readings/ther
  ac.pdf -