When it comes to safety, it's not what you do, but how you do it. The IEC 61508 standard outlines how safety-critical projects should be managed and how to locate, and create, safety-critical code.
From a programming languages standpoint, I think it interesting that the standards try to define parts of the languages as unacceptable, versus trying to get the compilers to enforce the safety standards:
The standard bans any features of programming languages that are incompletely specified or unspecified. For languages such as C or C++ (which do have unspecified or incompletely specified features) developers must use an acceptable subset of the language such as MISRA C or NRC SafeC. Furthermore, safe programming practices, such as avoiding pointers and global variables, must be included in the coding standard.
Further references can be found at C/C++ Recommendations for IEC 61508 and the MISRA C Guidelines.
(And just how do you avoid pointers in C/C++)
Posted to Software-Eng by Chris Rathman on 5/3/04; 3:35:49 PM