Re: C++ Should not be used for Medical Devices

["Dr. Robert Leif" <rleif@RLEIF.COM>]

From: Bob Leif
To: Jim Chelini et al.

You wrote:
----------------------------------------------------------------------------
-----
Date:    Thu, 23 Jan 1997 15:51:01 GMT
From:    Jim Chelini <jchelini@EAST.THOMSOFT.COM>
Subject: Re: C++ Should not be used for Medical Devices

When it comes to safety critical software, I would certainly agree with the
use
of Ada. However, I would avoid a number of features including tasking and
dynamic
allocation. In the cases where a life is at risk whether it is a medical
device, aircraft, or a rail system, stick to deterministic constructs.
Once the program has completed elaboration, it should not perform dynamic
operations.  Also, make sure the run-time is developed, documented, and
TESTED to the same degree as the application.  If you don't, you have left
a very large hole in the system.

This limits some of the more interesting features of the language, but the
goal
is to develop a safe system.
----------------------------------------------------------------------------
---------------------
There are 3 levels of medical devices. My experience is with FDA Class 2
devices.  I have worked with clinical laboratory instrumentation.
Pacemakers are Class 3. The only dynamic feature of Ada I insist upon is
conformant arrays.  The data from my systems can be very large. The size of
the arrays must be set at run time. However, as opposed, to your past
experience, my systems can crash without significant harm!  My major hazard
is producing incorrect data. Our previous systems worked under Alsys Ada
for DOS. Our next target is Windows 95.

I also wish to modify your last statement. My goal is to develop a safer
system.  Since the competing technologies like C++ are really lousy, I do
NOT wish to put constraints on the use of Ada. I believe that you agree
that, if you are going to do real-time (tasking) and dynamic allocation, it
is safer to use Ada '95 then C++, C. SmallTalk, etc.  Please remember in
the real world, safer is where we start.

I just visited the exhibits of a Laboratory Automation Meeting here in San
Diego. Virtually all of the software was in C and C++. How about next year,
the local SigAda with the help of the Ada vendors pay and man a booth
together.

I decided to post this to Comp.Lang.Ada because there are three good
reasons for encouraging the use of Ada for medical devices.

1. It is technically correct.
2. The Ada vendors should start selling to this market.
3. None of us want to take the chance that improperly programmed medical
devices will be used on themselves or their loved ones?

Now, you and Aonix can help medical devices by providing a warning on your
compilers including the one for Windows 95 when the code is forced to do
run-time dispatching. This feature is just too hard to test. Unfortunately,
most medical device programmers are not as talented as many members of this
news group. The second is to provide "Windows 97" and other operating
systems with an inexpensive real-time core written in Ada.  The third is to
make 4 bit Nibbles (Nybbles) a supported data type.  Ada arrays (strings)
of Nibbles are a very good model for the nucleic acid polymers, DNA and RNA.

Yours,
Bob Leif



Robert C. Leif, Ph.D., PMIAC,
Vice President & Research Director
Ada_Med, A Division of Newport Instruments
Tel. & Fax (619) 582-0437
Please send e-mail to my new address, rleif@rleif.com
Thank you.