TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Classic View

Use Proportional Font
Show HTML Part by Default
Show All Mail Headers

Topic: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Simon Wright <[log in to unmask]>
Thu, 8 Nov 2001 11:06:27 +0000
text/plain (16 lines)
> Regarding the value of the check: it depends on not just on the
> likelyhood of the failure, but also on the consequence of the
> failure.  Some failures are always "worth it" to check for even if
> they are highly unlikely; for example, if a failure might be a
> factor in causing a nuke plant to melt down.

Most folk producing high-criticality software would be required to
*prove*, as part of using appropriate tools (eg SPARK Examiner), that
exceptions could not occur. Basically, the subset of Ada that you[1]
pretty much have to use to get independent certification for
high-criticality software doesn't include exceptions, or tasking, or
.. (name other interesting feature!).

[1] I mean, businesses producing SIL4 software for UK defence
contracts.

ATOM RSS1 RSS2