> Regarding the value of the check: it depends on not just on the > likelyhood of the failure, but also on the consequence of the > failure. Some failures are always "worth it" to check for even if > they are highly unlikely; for example, if a failure might be a > factor in causing a nuke plant to melt down. Most folk producing high-criticality software would be required to *prove*, as part of using appropriate tools (eg SPARK Examiner), that exceptions could not occur. Basically, the subset of Ada that you[1] pretty much have to use to get independent certification for high-criticality software doesn't include exceptions, or tasking, or .. (name other interesting feature!). [1] I mean, businesses producing SIL4 software for UK defence contracts.