Asking for help with this Therac 25 bugged code. I don't understand the explanation



  • Therac 25 is a radiation therapy machine that lead to 3 deaths and 3 injuries in 1980s. That's the worst accidents in history which are caused by software bugs. In 1993, Leveson and Turner did a thorough investigation (click the link for full version) into Therac 25 and published a paper to conclude their investigation. I am going to give a presentation next week about these tragedies. However, I don't understand the paper's explanation on the bug. I enclose the related part of the paper as follows (ZOOM OUT to read), The following is some of my understanding of the code, Then I got stuck! The Magnet process is to setup all magnets and the entire process takes about 8secs. The BUG is that the PTime clears the magnet setting flag in its first execution, which is not reset later. The paper indicates, as a result, the PTime process will only check the input change for the first magnet setting because of the bug. But what I don't understand is the line in the red rectangle. The line examines if the input has changed at the end of every magnet setup. Even if Ptime fails to check it, this line will still check if the change happened, and then the bug would be ineffective. I am really baffled. Since this is a very influential paper, I presume I somehow misunderstood its explanation.



  • Here's my interpretation (caveat - I could be wrong): Key sentence from the article: The keyboard handler parses the mode and energy level specified by the operator and places an encoded result in another shared variable, the 2-byte mode/energy offset (MEOS) variable. This corresponds to the code: repeat fetch parameter output parameter point to next parameter until all parameters set This code occurs before the Magnet routine is called, and only then. The call in the Magnet routine to check whether mode/energy has changed won't detect any changes because no input will be read in until all the magnets have been set. Since the article indicates it takes approximately 8 seconds for all the magnets to be set, this means that new parameters could appear to be accepted depending on the user's speed (which is likely to be quite high given familiarity with the system).


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2