From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00,FROM_WORDY, INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,63ceef1cf4561e32 X-Google-Attributes: gid103376,public From: "Ken Garlington" Subject: Re: Customer balks at Ada -- any hope? Date: 2000/07/19 Message-ID: #1/1 X-Deja-AN: 648165329 References: <8l01s4$gnr$1@nnrp1.deja.com> <8l2pqo$im7$1@nnrp1.deja.com> <5dtGPVPqfHh5@eisner.decus.org> <39755FB0.81586D45@baesystems.com> <8l40kb$7na$1@xs4.xs4all.nl> X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 X-Complaints-To: abuse@flash.net X-Trace: news.flash.net 964007919 216.215.81.132 (Wed, 19 Jul 2000 06:58:39 CDT) Organization: FlashNet Communications, http://www.flash.net X-MSMail-Priority: Normal NNTP-Posting-Date: Wed, 19 Jul 2000 06:58:39 CDT Newsgroups: comp.lang.ada Date: 2000-07-19T00:00:00+00:00 List-Id: "fdebruin" wrote in message news:8l40kb$7na$1@xs4.xs4all.nl... > Kieran Mckey writes: > > >compiler switches. You should design the system so that the code will > >meet performance requirements regardless of whether run-time checks are > >enabled or not. > > > Sometimes, you don't have that luxury. > > For example, on-board systems for spacecrafts usually have very limited > resources available and you're faced with restricitions w.r.t. the > selection of processor and memory size avaible. Don't forget another aspect of run-time checks that is particularly important to embedded systems: Run-time checks are completely worthless... unless you have a proper course of action to take when they occur. For example, consider the Ariane 5 case. Let's assume that run-time checking was completely enabled, and a Constraint_Error was therefore raised on the floating-point to integer conversion (instead of the machine interrupt). Unless there had been a local exception handler to take an appropriate action (and it's somewhat of an open question as to the right action, although saturating the output would have been the obvious choice), then the exception would have propagated to the gloabl exception handler -- and the exact same outcome would have occurred. Adding these local exception handlers, of course, will use up some resources (memory, programmer time, etc.) so they're certainly not "free".