Static Code Analyzer: the Additional Insurance of the Medical Software

alexastva

Alex Astva

Posted on March 21, 2018

Static Code Analyzer: the Additional Insurance of the Medical Software

Software bugs can lead not only to material losses, but also can damage human's health. For example, actors on the stage of a theatre can get injured if suddenly one of the scenery begins to go down on the stage at the wrong time. However, the connection between the errors in code and the health damage of medical software is more obvious. Let's talk about this topic.

This article focuses on the teams of developers who create the programs for a medical equipment. I hope they will not stay indifferent and will check their code. Let's recall two famous cases where errors in programs, related to medicine, became the reason for bad news.

image

Firstly, it is a series of tragic events caused by the errors in the Therac-25 device of radiation therapy. This device has caused at least six overdoses of radiation within the period from June 1985 to January 1987, some patients received doses of tens of thousands of rad. At least two people died directly from the radiation overdoses. Software bugs of the device were the reason of the tragedies and the main problem was the incorrect security strategy.

image

Secondly, the software bugs can also cause harm indirectly. For example, the bugs in the software for MRI-scanners raise the questions about the 40 000 researches. For several decades, neuroscientists and cognitive psychologists has used statistical programs AFNI, SPM and FSL to analyze fMRI data. As it turned out, because of the incorrect algorithms, these programs might return up to 70% of false positive results instead of the projected 5%.

As you can see, the code errors can lead not only to troubles, such as a crash or a loss of data, but also to much more serious consequences, which influence the life and the health of many people throughout many years.

Moreover, the developer is responsible not only for his own code, but for the code of the used libraries. This situation is completely real, when the artifacts appear when creating an image/video due to an error from a third-party library and this will lead to confusion when diagnosing.

This is not an abstract theoretical problem. I myself faced a situation, in which when porting programs to 64-bit system an error causing incorrect handling of MRI data began to reveal itself. Fortunately, the error showed itself very clearly: a large fragment of the image was absent. However, the error might not be that noticeable and consist in the incorrect displaying of some details and it'll be much harder to detect it.

image

More information about this error is available in the article "PVS-Studio project - 10 years of failures and successes". It is this and some other 64-bit errors that inspired the creation of the Viva64 tool, which then turned into a PVS-Studio static code analyzer.

It is impossible to predict where the errors can be and what errors can lead to trouble. The error can be complex and not necessarily spoil life, lurking in the algorithm of data processing and displaying. I can imagine a situation where because of an error in the comparison function, data of the wrong patient will be selected for processing, or the program, describing the condition of the patient, will not notice some differences in the data structure.

I invite all readers to start using the PVS-Studio static code analyzer. Yes, the analyzer, like any other tool, does not guarantee the absence of errors in your programs. However, it becomes an additional line of defense on the field of the battle against the bugs. It can help detect a lot of errors at the early stages of development and may help to save someone's health.

Read more - https://hownot2code.com/2018/03/21/pvs-studio-the-additional-insurance-of-the-medical-software/

💖 💪 🙅 🚩
alexastva
Alex Astva

Posted on March 21, 2018

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related