[color="#1C2837"]Nuclear reactor control systems.

Power plants are somewhat unique. Uptime is not a primary requirement. Software doesn't work all that well if there's a power outage, due to tsunami perhaps, yet the facility must continue to operate deterministically, but does not need to remain operational. The biggest requirement is that each component fails-to-safe or fails-to-off. Another problem is somewhat unique, but real-time controls need to be in physical proximity to devices and those get irradiated. The activity is sufficient to damage chipsets. So all primary systems rely on hardware interlocks and reliable mechanisms, such as gravity. And it's all about redundancy rather than uptime itself. Everything can and will fail, that is the only guarantee that can be given.

Reliability is a cost factor (each hour of non-peak operation costs millions), safety is ensured at much more basic levels. They are in somewhat unique position compared to aircraft in that in case of any malfunction they simply shut down the entire plant. This happens relatively frequently and without much fanfare since it's a standard procedure, even if the causes are mundane.

Software controls are involved primarily with optimization of production and monitoring. But each device or individual component is essentially a black box with a very trivial interface (either electronic or manual) which defines the operating parameters. If any of these is out of bounds, the component is required to shut down.

Another big issue is life span. When a plant is delivered it is designed to last 50 years. For recent CANDU designs it may be as long as 70. As consequence, majority of plants in use today were designed based on techniques from the 60s and 70s and those core parts cannot be simply replaced.

There's a lot of academic experiments on how to do a better control system "in VB" and "in LabView" and "in OOP" and similar, but to actually bring something like this anywhere near production is a 20 year process. Not to mention that by the time it's ready the world will have changed several times over. It makes all these revolutionary advances in languages or software or design methodologies completely fleeting and irrelevant. Instead everything is designed around discrete self-contained components, where some software may or may not be involved in some way. But there really is no Master Control System. From design perspective decoupling is highly beneficial. Fork vs. thread comparison, one wants things to fail in isolation.

One could say that software used here is highly reliable, but individual parts fail fast and often and there is not much that is all that special about it. Reliability is ensured at a completely different level.