From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a83c46b54bacb7f6 X-Google-Attributes: gid103376,public From: Hyman Rosen Subject: Re: JOB:Sr. SW Engineers Wanted-Fortune 500 Co Date: 2000/02/01 Message-ID: #1/1 X-Deja-AN: 580432023 Sender: hymie@calumny.jyacc.com References: <3894A823.92EC75D1@bondtechnologies.com> <874b7r$mj9$1@nnrp1.deja.com> <38967537_1@news.jps.net> X-Complaints-To: abuse@panix.com X-Trace: news.panix.com 949428193 11318 209.49.126.226 (1 Feb 2000 18:03:13 GMT) Organization: PANIX Public Access Internet and UNIX, NYC NNTP-Posting-Date: 1 Feb 2000 18:03:13 GMT Newsgroups: comp.lang.ada Date: 2000-02-01T18:03:13+00:00 List-Id: "Pat Rogers" writes: > Error checking at run-time is still vital, and Ada's checking (if left > in) can help. > > Although it is a common practice in (well-done!) safety-critical > development to prove that exceptions cannot occur, they still can. The > obvious cause is radiation-induced hardware errors. The more difficult > issue, because it is based upon human imperfection, is that of errors in > the specification. No amount of program proof will circumvent that > problem. In that case run-time checks can serve to invoke the fault > tolerance mechanisms, however extensive those may or may not be. > Clearly some applications can have no fall-back position (the classic > example is a launched missile) and in those cases there's no point in > checking. But in those cases in which faults can be tolerated the > checks are directly helpful. But it's exactly that mechanism that led to the Ariane 5 crash. I have argued before that *not* catching such errors at runtime might be a better approach, because it's possible that such an error would cause only slight local effects which would quickly damp out, whereas invoking error handling leads to massive global effects.