Therac-25

Therac-25 was the name of a machine of Radiothérapie developed jointly by the Atomic Energy off Canada Limited (AECL, Canada) and CGR MeV (France). It was about an evolution of the models Therac-6 and Therac-20.

Between 1985 and 1987, Therac-25 was implied in at least six accidents during which patients accepted massive amounts of radiation, sometimes about several hundreds of grays. At least five patients died of the continuations of the irradiation.

The direct cause of the dysfunction was of order data-processing. The machine since is often quoted in the documents which treat integrity and validity of the software intended for significant applications where the life can be endangered.

Description of the machine

The first prototype was produced in 1976. The commercial release, controlled by a computer PDP-11 and at the origin of the accidents, was available since 1982. It functioned according to two modes of treatment:

Therapy based on a concentrated beam of electron S with an energy ranging between 5 and 25 MeV during short periods;
Therapy with the x-rays obtained starting from the flow of electrons (25 MeV) which was converted thanks to a device named the “target”

When he worked in the first mode, Therac-25 emitted an electron beam whose intensity was regulated by Aimant S. In the mode x-rays, three components were put in rotation to intercept the flow of electrons and to modify its intensity and its form. The target converted the electrons into rays-X, a filter generated a uniform intensity and finally a whole of ejector dice (the Collimateur) focused the rays. The intensity of the radiation was measured thanks to a Ionization chamber.

Accidents

The accidents occurred when the electron beam was activated without the target not being correctly installation. The software which controlled Therac-25 did not detect this faulty operation which generated a massive irradiation and potentially mortal for the patient. This one directly received the electron beam which, with its very strong energy, produced Brûlure S thermics and radioactive as well as a feeling close to intense a Electric shock. Several people who were exposed were going to die thereafter.

Incident of June 1985

June 3rd, 1985, in Marietta, Georgia, woman a 61 year old reached of a breast cancer began a treatment with Therac-25. The machine had been under operation for six months and had not posed problems. The operators directed the beam of 10 MeV towards the clavicle of the patient. This one felt an intense heat then.

Shortly after the treatment, the patient suffered from pains in the irradiated area. Those were charged to the treatment by radiotherapy. But the skin started to present the signs of a radioactive burn. The specialists estimated thereafter that it had received an amount ranging between 15.000 and 20.000 Rad S (whereas this type of treatment uses amounts of approximately 200 rads). It continued to suffer from its burns and its arm remained paralyzed.

The case was not announced to the manufacturer before March 1986.

Other incidents

The other incidents were similar with major attacks of the skin with necrose, of the damage on the level of the articulations as well as strong pains in the irradiated zone.

In Canada, another 40 year old patient, treated by radiotherapy with Therac 25 in July 1985 for a cancer of the cervix was also victim of an error of the machine. At its meeting of July 26th, after the operator activated Therac, that Ci stopped by indicating NO PROPORTIONS, TREATMENT PAUSES . The manipulator followed the procedure recommended and réessaya to put under operation the machine, with 4 recoveries with the same error message each time. With the 5th attempt, the machine stopped and a technician was called who did not find anything abnormal. The patient complained about burn in the hips as of on July 29th and was hospitalized the 30. She died on November 3rd of the same year. The autopsy revealed that death was due to its cancer, however the irradiation had reached in an important way the lower part of its body and a complete replacement of the collar of its femur would have been necessary if she had survived. A technician of the AECL estimated then that it had received between 13 and 17.000 rads.

Causes

The researchers began an investigation in order to determine the causes of these accidents. Several problems of management of the computing project were discovered:

the Atomic Energy off Canada Limited (AECL) did not have an independent organism for the evaluation of the Source code
the AECL had neglected certain stages related to the test of the software
the documentation of the system did not explain in an adequate way the codes indicating of the errors
the personnel of the AECL, at the beginning, account of the complaints had not taken or

did not believe in it

Other problems, involved in the design and the technique, were also revealed by the investigation:

the machine did not have a physical device to block the flow of electrons in mode “high energy” if the target were not in place. Safety, on this level, rested thus only on the software.
the engineers had re-used pieces of code coming from other models. These models had physical safety measures and were thus not as much vulnerable to the software errors.
the material did not propose any means with the software so that this one checks the state of the Capteur S and their good performance (Contrôle in open loop)
the task which managed the inspection of the material suffered from problems of competition with the task which managed the interface intended for the operator. A condition of competition ( race condition ) appeared if the operator changed the parameters too quickly. This problem was not detected during the tests since it took a certain time for the operators before they manage to use the interface in an easy way.
the software used a flag and incremented it. Capacity overshootings occurred and generated the desactivation of certain tests of safety.
the unit was programmed in Assembleur, a language running at the time but difficult to analyze and débogguer compared to the languages moreover high level.

References

Random links: