- Medical Devices: The Therac-25, a fantastic technical overview in an appendix from Dr. Nancy Levinson‘s book Safeware.
- ComputingCases.org ethics class material on Therac 25.
- Therac-25 and the DEC PDP-11 on Wikipedia.
This is Matt Croydon and you are listening to The Tinycast.
I write software for a living. I write open source software for fun. Some of my favorite hobbies include, well, writing software.
When people write software they make mistakes. It happens. The word for these mistakes dates back to September 9th, 1947: a bug. That’s the day that a moth flew in to the Harvard Mark II computer and caused all kinds of problems. The term was popularized by the amazing Grace Hopper and it sticks with us today. These days it describes when we make a mistake writing software or when something doesn’t quite behave the way we designed it.
Sometimes bugs cause the wrong color to show up on your website.
Other times they kill people.
When I’m thinking about bugs, often particularly nasty bugs, my mind often wanders to Therac-25.
Therac-25 was a medical linear accelerator released in 1985. It’s the kind of machine used to treat cancer by shooting the right amount of radioactive particles at tumors. It was designed and built by Atomic Energy of Canada Limited, a Canadian Crown corporation — essentially a company owned by the Canadian government.
Therac-25 wasn’t the first of its kind. It was actually based pretty heavily on the Therac-6 and reused some code from Therac-20. These two machines in turn were based on the Neptune and Sagittaire machines from a French company called CGR.
The Therac-25 was controlled by a DEC PDP-11 minicomputer — and by minicomputer I mean about the size of a dishwasher. The operator controlled Therac-25 with a VT-100 console, a box the size of a microwave with a screen for displaying text and a keyboard for entry. A series of keystrokes were used to drive a text-based menu system.
So what went wrong, exactly?
Well, Therac-25 operated in two different modes. One was a direct beam of energy at a lower dose. The other was a much higher megavolt x-ray that went through several different things that rotated in to place to make sure that the dose was correct and safe.
But there was a problem.
Actually there were a lot of problems.
There were so many problems with Therac-25 that it is often used as a case study in college curriculums from computer science to ethics.
There were bugs in the control software that caused at least three deaths and at least six massive radiation overdoses between 1985 and 1987. The individual bugs themselves weren’t actually the biggest problem. The same bugs had existed in the 6 and 20 models, but those models had a hardware interlock that prevented the higher energy mode from running without the spreader in place.
There were also problems with the way the project was managed, from initial development to the years it took to figure out what was going wrong. One of the problems was that software from the older machines was re-used. Software re-use is actually a big thing these days — the thought is that if there’s a library of stuff that a bunch of people use it’ll be better tested and have fewer bugs than if everybody writes their own version of everything.
But in this case re-use was bad, because bugs in the code had been masked by the hardware interlock. Therac-25 didn’t have one. The software was also written in PDP-11 assembly language, which is pretty hardcore and low-level compared to the nicer and much safer languages that a lot of software is written in these days.
There were other problems too. The testing procedures didn’t adequately cover how the hardware and software performed together. The initial reactions by AECL to the first reports of malfunctions were basically “that’s impossible.” The error messages were cryptic and not explained well or even at all in manuals and training. These errors also happened a lot, which led operators do hit the P key to proceed a lot without really thinking about it. Sometimes that was okay, sometimes it led to a lethal overdose of radiation.
The story of Therac-25 and its victims is a tragic one, but it’s also an opportunity to learn and to do better, whether you’re a software engineer, a project manager, industrial designer, a writer, or the operator of a machine.
You’ve been listening to The Tinycast, I’m Matt Croydon.
Music for today’s show includes Blimp Readout, B Mood, and Biplane by Podington Bear. You can hear more of his music at podingtonbear.com, buy his stuff at soundofpicture.bandcamp.com, and license his music for commercial projects at soundofpicture.com.
You can find us on the web at tinycast.in, where you can find links to more about Therac-25. We’re on twitter @thetinycast, soundcloud.com/tinycast, on Stitcher radio, and hopefully wherever you are. If you have any feedback about the show or if there’s an app or a place we’re not showing up, please get in touch and we’ll fix that bug. There’s a contact form on our website or you can hit me up on twitter, @mc. Episodes are also available at the Public Radio Exchange, PRX.org.