> Regarding the value of the check: it depends on not just on the > likelyhood of the failure, but also on the consequence of the > failure. Some failures are always "worth it" to check for even if > they are highly unlikely; for example, if a failure might be a > factor in causing a nuke plant to melt down. Most folk producing high-criticality software would be required to *prove*, as part of using appropriate tools (eg SPARK Examiner), that exceptions could not occur. Basically, the subset of Ada that you pretty much have to use to get independent certification for high-criticality software doesn't include exceptions, or tasking, or .. (name other interesting feature!).  I mean, businesses producing SIL4 software for UK defence contracts.