• New York, Chicago telephone system crashs

  • - Crashs caused by C pointer problems

  • Baltimore Memorial Hospital X-ray machine

  • - 6 deaths, 250 injuries
    - Defect caused by C pointer problem

  • Smog sensor

  • - $1M+ fine by EPA

  • Internat’l Energy Commission

  • - “150 features of C language are unsafe for nuclear use”

Previous slide Contents Next slide

From the Script: SLIDE 37 - Reliability

Using C to develop a safety critical application is simply irresponsible! Safety problems with hospital equipment. smog sensors, and nuclear energy facilities have been traced to C features that are inherently unsafe. No amount of testing can really guarantee a sufficient level of safety.

Some of these systems problems (along with others) are documented and described in the Risks Digests. See

Systems with high reliability requirements, such as telecom systems, have also been let down by the deficiencies of C.

C++ has been presented as a reliable alternative to C. Actually, almost all of C's unsafe features are still available in C++.

The CTA substudy of the "Ada and C++: A Business Case Analysis" analyzed reliability data of Ada versus C++.

The study concluded that the number of errors identified (per thousand source lines of code) was significantly reduced with the Ada programming language.

This finding was true during both the integration phase as well as the formal qualification testing.

As is shown on other slides, this conclusion has been supported by other studies and projects.