NASA/JPL's Gerard Holzmann offers Ten
Rules for Developing Safety Critical Code. wikipedia 
The short paper is worth reading. It makes clear the attention to detail required of any programmer writing code that has to work reliably.
rules
simple control flow constructs
loops with fixed upper-bounds
no memory allocation after initialization
no function longer than a printed page
minimum of two assertions per function
data declared in smallest possible scope
check validity of parameters and return values
use of the preprocessor must be limited
pointers should be restricted
code must compile without any warnings
.
The most striking difference from casual programming is the avoidance of recursive data structures or control flows. However, when these are allowed one cannot state with authority that a finite computer will not run out of time or memory.
Contrast these rules with my own patterns for Information Integrity wherein a user could run the program out of memory, detect the subsequent Meaningless Behavior, and then reduce their demand on the system by closing windows.