Peter Turnbull wrote:
The only documented case I recall immediately is the
famous Therac-25
case.
Gah! The Therac case is positively frightening, and in a very real
way could be called "death by keyboard interrupt service".
The Therac could deliver E-beam or X-ray therapy; to generate X-rays it
moved a metal target into the path of the beam and made appropriate changes
to
the beam current. The problems with the Therac were manifold, but the most
fundamental one was that it was a hunk of cooperative real-time processes
written by someone who didn't understand niceties like semaphores. As a
consequence, there were failure modes in the code, one of which being that
if keystrokes were entered while the treatment type (e-beam or x-ray) was
being selected the metal target and the focusing rings would be positioned
incorrectly with respect to the beam current -- generally, as I recall, the
system would end up positioning the target and rings for X-ray and setting
the beam current for e-beam -- which was a few orders of magnitude greater
than the maximum permitted for x-ray.
That created the problem -- but it wasn't the only one. When the machine
misconfigured itself and the operator hit "treat", the machine would run
for a fraction of a second and then shutdown when the dosimeters decided
that the patient had been exposed to too much radiation. However, the
dosimeter interlock was a soft one; when the machine tripped off a
message was displayed to the operator indicating that the treatment plan
had been interrupted. If the operator hit enter (which they almost always
did) the system ignored the dosimeters and proceeded to irradiate the hell
out of the patient.
Who then usually died a painful and unpleasant death.
--
Chris Kennedy
chris(a)mainecoon.com
http://www.mainecoon.com
PGP fingerprint: 4E99 10B6 7253 B048 6685 6CBC 55E1 20A3 108D AB97