About 40 years ago, a software was primarily responsible for the deaths of patients using the Therac-25, a radiotherapy machine developed to treat cancer. The equipment had two operating modes: electron beam, used to treat superficial tissues such as the skin; and high-energy X-ray beam, designed to target deeper tumors. Unlike previous versions, the Therac-25 was designed with controls via softwareand leaving aside various physical safety protections.
The problem in question was a programming flaw involving a race condition: when the operator entered commands too quickly, the logic of the software could skip verification steps and release radiation in a completely uncontrolled manner. As the machine took a few seconds to switch modes, this rapid operation created a dangerous fault, resulting in doses being projected up to 100 times stronger than recommended, leading to severe internal burns and, in several cases, death.
Between 1985 and 1987, six incidents were documented, three of them fatal. Some of these patients received massive amounts of radiation in a matter of seconds, and ended up dying days later. The case became famous for showing how invisible flaws in the software can have devastating consequences when critical systems do not have physical redundancies.
The Therac-25 disaster served as a milestone in the engineering history of software and in the area of medical devices, also leading to important changes in the requirements for testing, documentation and formal validation of programs used in safety-critical contexts.
The original article via Tom's Hardware here.
