Page 192 - ARM 64 Bit Assembly Language
P. 192

Abstract data types 179

                     Therac-20 units in partnership with CGR of France. It was capable of treating tumors close
                     to the skin surface using electron beam therapy, but could also be configured for Megavolt
                     X-ray therapy to treat deeper tumors. The X-ray therapy required the use of a tungsten radi-
                     ation shield to limit the area of the body that was exposed to the potentially lethal radiation
                     produced by the device.

                     The Therac-25 used a double pass accelerator, which provided more power, in a smaller
                     space, at less cost, compared to its predecessors. The second major innovation was that
                     computer control was a central part of the design, rather than an add-on component as in
                     its predecessors. Most of the hardware safety interlocks that were integral to the designs of
                     the Therac-6 and Therac-20, were seen as unnecessary, because to software would perform
                     those functions. Computer control was intended to allow operators to set up the machine more
                     quickly, allowing them to spend more time communicating with patients and to treat more
                     patients per day. It was also seen as a way to reduce production costs by relying on software,
                     rather than hardware, safety interlocks.

                     There were design issues with both the software and the hardware. Although this machine
                     was built with the goal of saving lives, between 1985 and 1986, three deaths and other injuries
                     were attributed to the hardware and software design of this machine. Death due to radiation
                     exposure is usually slow and painful, and the problem was not identified until the damage had
                     been done.



                     6.3.1 History of the Therac-25

                     AECL was required to obtain US Food and Drug Administration (FDA) approval before
                     releasing the Therac-25 to the US market. They obtained approval quickly by declaring
                     “pre-market equivalence,” effectively claiming that the new machine was not significantly
                     different from its predecessors. This practice was common in 1984, but was overly optimistic,
                     considering that most of the safety features had been changed from hardware to software im-
                     plementations. With FDA approval, AECL made the Therac-25 commercially available and
                     performed a Fault Tree Analysis to evaluate the safety of the device.

                     Fault Tree Analysis, as its name implies, requires building a tree to describe every possi-
                     ble fault, and assign probabilities to those faults. After building the tree, the probabilities
                     of hazards, such as overdose, can be calculated. Unfortunately, the engineers assumed that
                     the software (much of which was re-used from the previous Therac models) would oper-
                     ate correctly. This turned out not to be the case, because the hardware interlocks present
                     in the previous models had hidden some of the software faults. The analysts did consider
                     some possible computer faults, such as an error being caused by cosmic rays, but assigned
   187   188   189   190   191   192   193   194   195   196   197