Whether you remember the name or not, you have heard of the Therac-25, a radiation therapy machine responsible for giving massive radiation doses resulting in serious injury or death between 1985 and 1987. Classic case for software engineering.
The details are quite interesting but I wanted to point out that it doesn’t take complex or rare software failures to be dangerous.
Case in point: I received a replacement insulin pump today that had the following header:
The problem?
Interesting. You go down from “zero” to the maximum setting.
FYI, the device in question measures insulin in 0.05 increments, so 10.0 units is quite a bit. Particularly if that isn’t what you intended to do.
Medtronic has offered a free replacement for any pump with this “roll around feature.”
I have been using Medtronic devices for years and have always found them to be extremely responsive to users so don’t take this as a negative comment on them or their products.
It is, however, a good illustration that what may be a feature to one user may well not be a feature for another. Which makes me wonder, how do you design counters? Do they wrap at maximum/minimum values?
Design issues only come up when you recognize them as design issues. Otherwise they are traps for the unwary.