> Regarding the value of the check: it depends on not just on the
> likelyhood of the failure, but also on the consequence of the
> failure.  Some failures are always "worth it" to check for even if
> they are highly unlikely; for example, if a failure might be a
> factor in causing a nuke plant to melt down.

Most folk producing high-criticality software would be required to
*prove*, as part of using appropriate tools (eg SPARK Examiner), that
exceptions could not occur. Basically, the subset of Ada that you[1]
pretty much have to use to get independent certification for
high-criticality software doesn't include exceptions, or tasking, or
.. (name other interesting feature!).

[1] I mean, businesses producing SIL4 software for UK defence