TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy


Options: Use Classic View

Use Monospaced Font
Show HTML Part by Default
Condense Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender: "Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
From: Simon Wright <[log in to unmask]>
Date: Thu, 8 Nov 2001 11:06:27 +0000
In-Reply-To: <[log in to unmask]> (message from Mark Lundquist on Wed, 7 Nov 2001 09:21:01 -0800)
Reply-To: Simon Wright <[log in to unmask]>
Parts/Attachments: text/plain (16 lines)
> Regarding the value of the check: it depends on not just on the
> likelyhood of the failure, but also on the consequence of the
> failure.  Some failures are always "worth it" to check for even if
> they are highly unlikely; for example, if a failure might be a
> factor in causing a nuke plant to melt down.

Most folk producing high-criticality software would be required to
*prove*, as part of using appropriate tools (eg SPARK Examiner), that
exceptions could not occur. Basically, the subset of Ada that you[1]
pretty much have to use to get independent certification for
high-criticality software doesn't include exceptions, or tasking, or
.. (name other interesting feature!).

[1] I mean, businesses producing SIL4 software for UK defence