TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Forum View

Use Proportional Font
Show HTML Part by Default
Condense Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Sender:
"Team Ada: Ada Advocacy Issues (83 & 95)" <[log in to unmask]>
Subject:
From:
Simon Wright <[log in to unmask]>
Date:
Thu, 8 Nov 2001 11:06:27 +0000
In-Reply-To:
<[log in to unmask]> (message from Mark Lundquist on Wed, 7 Nov 2001 09:21:01 -0800)
X-To:
Reply-To:
Simon Wright <[log in to unmask]>
Parts/Attachments:
text/plain (16 lines)
> Regarding the value of the check: it depends on not just on the
> likelyhood of the failure, but also on the consequence of the
> failure.  Some failures are always "worth it" to check for even if
> they are highly unlikely; for example, if a failure might be a
> factor in causing a nuke plant to melt down.

Most folk producing high-criticality software would be required to
*prove*, as part of using appropriate tools (eg SPARK Examiner), that
exceptions could not occur. Basically, the subset of Ada that you[1]
pretty much have to use to get independent certification for
high-criticality software doesn't include exceptions, or tasking, or
.. (name other interesting feature!).

[1] I mean, businesses producing SIL4 software for UK defence
contracts.

ATOM RSS1 RSS2