From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: *
X-Spam-Status: No, score=1.3 required=5.0 tests=BAYES_00,INVALID_MSGID,
	MSGID_RANDY autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,820de86ed0dafb8a
X-Google-Attributes: gid103376,public
From: Robert Dewar <robert_dewar@my-deja.com>
Subject: Re: Help Me Please :)
Date: 2000/03/28
Message-ID: <8brgcd$5kp$1@nnrp1.deja.com>#1/1
X-Deja-AN: 603627385
References: <tgg0u8cb6a.fsf@mercury.rus.uni-stuttgart.de>
 <lJSv4.1648$im1.34999@news.pacbell.net>
 <89rlvr$gn9$1@nntp3.atl.mindspring.net> <wccog8dqvk6.fsf@world.std.com>
 <38D8A607.F61F0FFF@mail.com> <wccya74m18e.fsf@world.std.com>
 <8bqcu2$s0p$1@nnrp1.deja.com>
X-Http-Proxy: 1.0 x24.deja.com:80 (Squid/1.1.22) for client 205.232.38.14
Organization: Deja.com - Before you buy.
X-Article-Creation-Date: Tue Mar 28 23:48:35 2000 GMT
X-MyDeja-Info: XMYDJUIDrobert_dewar
Newsgroups: comp.lang.ada
X-Http-User-Agent: Mozilla/4.61 [en] (OS/2; I)
Date: 2000-03-28T00:00:00+00:00
List-Id: <comp.lang.ada>

In article <8bqcu2$s0p$1@nnrp1.deja.com>,
  reason67@my-deja.com wrote:
> In article <wccya74m18e.fsf@world.std.com>,
> Robert A Duff <bobduff@world.std.com> wrote:
>
> > (On the other hand, Ada *pretends* that it's OK to raise and
handle
> > Constraint_Error, but if you read RM-11.6, you'll find
that's not
> quite
> > true -- and I doubt if any Ada programmer other than Tucker
Taft
> > actually *understands* 11.6. So in practise, 11.6 says, "Do
not handle
> > predefined exceptions.")
>
> "Ladies and Gentlemen, Thank you for flying on the Boeing 777
Flight
> 633. Unfortunately, due to a minor bug in the flight control
software
> raising a predefined exception and Ada RM section 11.6, the
flight
> control software has crashed. We are now heading towards the
ground at
> 700 miles per hour. Estimated time of arrival 10 seconds. Have
a nice
> day."


Well there was no smiley there, so let's assume the (rather
hard to believe) point is being made seriously.

In that case it is way way off base. Any safety critical
software is validated and verified at the object level. You
never depend on the correctness of the compiler, or the
correctness of understanding of the high level language
semantics.

Furthermore, in most safety critical software, one would never
have such a handler? Why not because it might typically be the
case that the handler code is deactivated, and deactivated code
is not permitted in many SC protocols.

Finally, 11.6 is about optimization, it is almost always the
case that you want *no* optimization for SC code. Why? Because
you want the best possible correspondence between source code
and object code.

So in short, the scenario above is triply unlikely!


Sent via Deja.com http://www.deja.com/
Before you buy.