What Therac-25 Software Did
The software that ran the Therac-25 was real-time software. What does that mean?
Real-time software is software that interacts with the world on the worlds schedule, not the software's. For instance, software to keep a radio tuner on the signal of a drifting station could take two approaches. It might simply update the signal every 0.1 seconds, searching for the strongest signal within some bandwidth. Another approach is to include a sensor that detects when the signal loses strength and only then search for a stronger signal nearby. This latter approach is real-time. If senses the world and responds to changes in the world when those changes occur.
This sort of software (even the simple system just described) is difficult to write and maintain. First, it involves the software in reading and responding to sensors about the state of "the world." With Therac-25, these sensors indicated things like the intensity of the beam, the position of various parts of the machine (e.g. the turntable) and commands entered at the console by the operator. Sensors, of course, can go bad, or give incorrect readings. When they do, the software needs to be able to detect these problems and respond accordingly, or at least fail in a graceful manner that doesnt endanger life.
In addition, when real-time software has to monitor more than one thing, changes in one area may occur while the software is responding to changes in another. This is like the situation of trying to divide your limited attention to all the things you need to monitor when you are driving a car. While you are watching a red light up ahead, a car may have slipped into your blind spot without you seeing it.
So, Therac software needed to track and respond to several things in real-time without dropping any important balls. What those things are is described in the next section
Design of Software
The main tasks for which the software is responsible include:
The Therac-25 software is designed as a real-time system and implemented in machine language (a low level and difficult to read language). The software segregated the tasks above into critical tasks (e.g. setup and operation of the beam) and non-critical tasks (e.g. monitoring the keyboard). A scheduler handled the allocation of computer time to all the processes except those handled on an interrupt basis (e.g. the computer clock and handling of computer-hardware-generated errors).
As explained above, the difficulty with this kind of software is the handling of things that might be occurring simultaneously. For example, the computer might be setting the magnets for a particular treatment already entered (which can take 8 seconds) while the operator has changed some of the parameters on the console screen. If this change is not detected an incorrect treatment can be given. More dangerous is the possibility that the change only affects the portion of the software that handles beam intensity, while the portion of the software that checks turntable position is left thinking that the old treatment parameters are still in effect.
Sensors on the Machine
The sensors in the machine reported on, among other things, the placement of the turntable and the strength and shape of the beam. In the diagram below, you can see the "transmission monitors" directly below the metal foils designed to produce X-rays. A different monitor was required for X-rays than for the electron beam, and so these monitors (they were ion chambers) were attached to the turntable underneath either the X-ray foil of the electron beam scanning magnets. Nomonitor was placed below "field light assembly" and so no measurement can be made of a beam in this position. But then, no beam is supposed to be turned on in this position, onMonitoring of the position of the turntable is done by sensors at the turntable (in the diagram above, in the place where the foils are shown).