Return to Video

01-37 Therac 25

  • 0:00 - 0:02
    So now we're going to look at kind of an extreme example
  • 0:02 - 0:05
    of timing-dependent input being difficult to deal with.
  • 0:05 - 0:10
    In the 1980s, there was a machine called a Therac-25.
  • 0:10 - 0:13
    And what the Therac-25 was was a radiation therapy machine,
  • 0:13 - 0:17
    and it was used to deliver a highly concentrated beam of radiation
  • 0:17 - 0:23
    to a part of a human body where that beam could be used to destroy cancerous tissue
  • 0:23 - 0:25
    without harming tissue that's nearby.
  • 0:25 - 0:29
    And as you can see, this is not, obviously, an inherently safe technology.
  • 0:29 - 0:34
    It's going to depend on skilled operators and also highly safe software
  • 0:34 - 0:39
    in order to safely dose patients at the cancer site without harming the patients.
  • 0:39 - 0:43
    So what happened with the Therac-25 was a tragic series of mistakes
  • 0:43 - 0:47
    where 6 people were subjected to massive radiation overdoses
  • 0:47 - 0:49
    and several of these people died.
  • 0:49 - 0:51
    I'll make sure to include a link about these occurrences
  • 0:51 - 0:53
    in the supplementary material for this course.
  • 0:53 - 0:56
    If you actually take a look at it, you'll find that it's really quite terrifying reading.
  • 0:56 - 0:59
    It's really a very scary series of accidents.
  • 0:59 - 1:02
    The Therac-25 had a number of serious issues with its software,
  • 1:02 - 1:04
    and we're just going to talk about 1 of them here.
  • 1:04 - 1:08
    The Therac-25 was a largely software-controlled device,
  • 1:08 - 1:11
    and it had, at the time, a fairly sophisticated controller.
  • 1:11 - 1:15
    It turned out that the people developing the software put a number of bugs into it.
  • 1:15 - 1:19
    The particular bug that I'm talking about here was a software bug called a race condition.
  • 1:19 - 1:23
    And what a race condition is is a scenario where different threads of execution
  • 1:23 - 1:25
    fail to be properly synchronized,
  • 1:25 - 1:28
    with the result being that the software containing the race conditions
  • 1:28 - 1:30
    can actually make mistakes.
  • 1:30 - 1:33
    This particular race condition in the Therac-25 software
  • 1:33 - 1:37
    involved the keyboard input to the radiation therapy machine,
  • 1:37 - 1:39
    which is what the person operating the machine used
  • 1:39 - 1:42
    to tell the machine how to treat the patient.
  • 1:42 - 1:46
    And what happened was if the operator of the machine typed slowly,
  • 1:46 - 1:48
    the bug was very unlikely to be triggered.
  • 1:48 - 1:51
    And of course while the machine was being tested,
  • 1:51 - 1:53
    the people testing the machine weren't very good at using it.
  • 1:53 - 1:56
    They hadn't used it a lot, and so they didn't type very fast.
  • 1:56 - 1:58
    But unfortunately, as operators in hospitals
  • 1:58 - 2:01
    became more and more familiar with this machine,
  • 2:01 - 2:04
    as they treated hundreds and hundreds of patients,
  • 2:04 - 2:07
    what happened was these people got very good at operating the machine,
  • 2:07 - 2:11
    they typed faster and faster, and eventually they started triggering this bug.
  • 2:11 - 2:13
    And the effect of this bug, unfortunately,
  • 2:13 - 2:16
    was to deliver massive radiation overdoses to patients.
  • 2:16 - 2:18
    And, as I said, this led to several fatalities.
  • 2:18 - 2:22
    And so the kind of quandary that this scenario raises for us as software testers
  • 2:22 - 2:27
    is do we have to care about the time at which inputs arrive at our software under test,
  • 2:27 - 2:29
    or can we not worry about that?
  • 2:29 - 2:31
    And so obviously, for the Therac-25
  • 2:31 - 2:34
    and obviously, also for something like a Linux kernel,
  • 2:34 - 2:37
    the time at which inputs arrive is relevant.
  • 2:37 - 2:40
    On the other hand, unless we've been extremely sloppy,
  • 2:40 - 2:42
    the square root function that we've been talking about
  • 2:42 -
    won't care about the time at which its inputs arrive.
Cím:
01-37 Therac 25
Leírás:

01-37 Therac 25

more » « less
Team:
Udacity
Projekt:
CS258: Software Testing
Duration:
02:47
Udacity Robot edited Angol subtitles for cs258 unit1 26 l Therac 25
Amara Bot hozzáadott egy fordítást

English subtitles

Incomplete

Felülvizsgálatok Compare revisions