Well, control systems have been written in *Assembly Language*; the development process, correctness by construction, and exhaustive testing are what are expected to produce correct results, not intrinsic features of the language. And if a given language feature, such as pointer arithmetic, is deemed too unsafe (or even just too unpredictable), it is simply not used.

That said, you're totally right: Ada is much safer than C for the types of errors you mention, and thus more widely, (but not exclusively) used for such applications.