C++ Should not be used for Medical Devices

["Dr. Robert Leif" <rleif@RLEIF.COM>]

From: Bob Leif, Ph.D.
Vice President Ada_Med

To: Macarthur Drake jr.
Biomedical Engineering
The Cleveland Clinic Foundation

& Readers of Comp.Lang.Ada (Ada programming language)

The best help you can get from Comp.Lang.Ada, where this appeared, is not
how to find the best C++ Debugger; but, the simple statement, Try Ada 95.
What you have demonstrated below is the unpredictability of C++. Take a
look at the warranty on your compiler. Would you use any other
manufacturing tool with that lack of a warranty? Ada compilers are both
validated by the US Government and subjected to very professional criticism
and questioning by this news group.  C and C++ should not be used for
significant medical device programs.  They are a very poor choice for the
education of students who will be employed developing medical devices.

The best general arguments concerning the relative safety of C and its
derivatives versus Ada have been made by others. Please see:

N. G. Leveson (1) states, =93Not only must a language be simple, but it must
encourage the production of simple and understandable programs. Although
careful experimental results are limited, some programming language
features have been found to be particularly prone to error --among them
pointers, control transfers of various kinds, defaults and implicit type
conversions, and global variables. Overloading variable names so that they
are not unique and do not have a single purpose is also dangerous. On the
other hand, the use of languages with static type checking and the use of
guarded commands (ensuring that all possible conditions are accounted for
in conditional statements and that each branch is fully specified as to the
conditions under which it is taken) seem to help eliminate potential
programming errors, Some of the most frequently used languages (such as C)
are also that, according to what is known about language design, are the
most error prone.=94 Riehle (2) makes a very strong case for Ada where safet=
y
is required.

(1) N. G. Leveson, =93Safeware, System Safety and Computers, Addison-Wesley,
ISBN 0-201-11972-2 pages 412-413 (1995).

(2) R. Riehle, =93Can Software Be Safe? --An Ada Viewpoint, Embedded Systems
Programming, Vol. 9 (13) pages 28-40 (Dec. 1996).


Below are a list of my groups' papers on Ada software for medical devices.

R. C. Leif, I. Rosello, D. Simler, G. P. Garcia, and S. B. Leif; "Ada
Software for Cytometry". Analytical and Quantitative Cytology and Histology
13 pp. 440-450 (1991).

S. B. Leif and R. C. Leif; "Producing Quality Software According to Medical
Regulations for Devices". Computer Based Medical Systems, Proceedings of
the Fifth Annual IEEE Symposium 265-272 (1992).

R. C. Leif, J. Sara, I. Burgess, M. Kelly, S. B. Leif, and T. Daly, "The
Development of Software in the Ada Language for a Mid-Range Hematology
Analyzer". Tri-Ada =9193 340-346 (1993).

Suzanne B. Leif, Stephanie H. Leif (Aha), and Robert C. Leif; "Setting Up a
Pre-production Quality Management Process in the Medical Device Industry".
in Software Quality Management II Vol. 1: Managing Quality Systems Ed. M.
Ross, C. A. Brebbia, G. Staples, J. Stapleton, Computational Mechanics
Publications, Southampton, Boston pp. 63-78 (1994).

R. C. Leif, S. B. Leif, S. H. Leif, and E. Bingue, "A Simple Solution to
The Medical Instrumentation Software Problem". Progress in Biomedical
Optics, Proceedings of Ultrasensitive Instrumentation for DNA Sequencing
and Biochemical Diagnostics". Ed. G. E. Cohn, J. M. Lerner, K. J. Liddane,
A. Scheeline, and S. A. Soper.  A. Katzir Biomedical Optics Series Editor
SPIE Proceedings Series, Vol. 2386, pp 236-249 (1995).

R. C. Leif, R. Rios, M. C. Becker, C. K. Becker, J. T. Self, and S. B.
Leif, "The Creation of a Laboratory Instrument Quality Monitoring System
with AdaSAGE". Advanced Techniques in Analytical Cytology, Optical
Diagnosis of Living Cells and Biofluids, Ed. T. Askura, D. L. Farkas, R. C.
Leif, A. V. Priezzhev, , and B. J. Tromberg.. A. Katzir Progress in
Biomedical Optics Series Editor SPIE Proceedings Series, Vol. 2678, 232-239
(1996).

You wrote:
------------------------------------------------------------------
Date:    Thu, 16 Jan 1997 22:22:29 -0500
From:    Macarthur Drake <drake@BME.RI.CCF.ORG>
Subject: Help you C++ Debuggers!

I am in the mist of completing a major piece of code in C++. However I
keep comming across a particularly difficult bug. Can you help?

        I am simply trying to declare a three D array:


float objects[9000][10][10];

        However, sometimes while compiling I get a strange compilation error
like one of the following:

1. segmentation violation


2.
ld:
Can't have archive/object only 0 bytes long: displayer3.o

3.

ld:
Fatal error in writing to final object file (<=82)
Fatal error in writing to final object file (<=82)
16.983u 5.929s 1:09.16 33.1% 0+0k 1736+538io 270pf+0w

        now I am convinced that my error is related to this array in some=
 way
because if I change the size of the array to say  900 by 10 by 10 then I
don't have any problems. Am I declaring this array properly? I have
plenty of RAM and i don't think that a 900K element array of floats is
too big. Can I dynamically allocate this array somehow?

         What is really strange is that sometimes the code compiles and runs
with no problem....and then I turn around and compile it with no changes
and I get an compilation error. Furthermore my problem is not that I am
trying to write to an element that does not exist (like if i were trying
to write to element objects[9001][10][10]) because an error like that
would be a run time error not an compilation error.....any help it truly
appreciated.........thanks alot,

--
Macarthur Drake jr.
Biomedical Engineering
The Cleveland Clinic Foundation
Phone (216) 445 3411, Fax (216) 444 9198
drake.79@postbox.acs.ohio-state.edu, drake@bme.ri.ccf.org
----------------------------------------------------------------------------
-------------------------


Robert C. Leif, Ph.D., PMIAC,=20
Vice President & Research Director
Ada_Med, A Division of Newport Instruments
Tel. & Fax (619) 582-0437
Please send e-mail to my new address, rleif@rleif.com
Thank you.=20