From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Thread: 103376,61e9062c1f23b9d5
X-Google-Attributes: gid103376,public,usenet
X-Google-Language: ENGLISH,ASCII-7-bit
Path: 
 g2news1.google.com!news2.google.com!border1.nntp.dca.giganews.com!border2.nntp.dca.giganews.com!nntp.giganews.com!newspeer1.nwr.nac.net!newspeer.monmouth.com!newsswitch.lcs.mit.edu!nntp.TheWorld.com!not-for-mail
From: Robert A Duff <bobduff@shell01.TheWorld.com>
Newsgroups: comp.lang.ada
Subject: Re: contracted exceptions
Date: Thu, 07 Jun 2007 19:44:29 -0400
Organization: The World Public Access UNIX, Brookline, MA
Message-ID: <wcctztj5nz6.fsf@shell01.TheWorld.com>
References: <1181165630.012508.55290@i38g2000prf.googlegroups.com>
 <19fxsxv1god43$.1pqq8vgfu2itn$.dlg@40tude.net>
 <ud507n1rt.fsf_-_@STRIPCAPStelus.net> <wccwsyfa5vf.fsf@shell01.TheWorld.com>
 <uwsyf5v27.fsf@STRIPCAPStelus.net>
NNTP-Posting-Host: shell01.theworld.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: pcls6.std.com 1181259874 15151 192.74.137.71 (7 Jun 2007 23:44:34
 GMT)
X-Complaints-To: abuse@TheWorld.com
NNTP-Posting-Date: Thu, 7 Jun 2007 23:44:34 +0000 (UTC)
User-Agent: Gnus/5.1008 (Gnus v5.10.8) Emacs/21.3 (irix)
Cancel-Lock: sha1:zdSvOtSI4yPIzVf2DaVhn6W6lZ4=
Xref: g2news1.google.com comp.lang.ada:16095
Date: 2007-06-07T19:44:29-04:00
List-Id: <comp.lang.ada>

Ray Blaak <rAYblaaK@STRIPCAPStelus.net> writes:

> So what do embedded systems tend to do?

Various different strategies are used.  Some systems use SPARK to prove
that exceptions will not happen at run time, and suppress all
compiler-generated run-time checks, and forbid programmers from
writing "raise".  Some require all potential exceptions to be
handled very locally.  Some log the error and keep going.  Etc.

> ...They cannot simply halt after all.

Right, usually not.  I once worked on a system that had a big red button
that would shut off all power, with no software (exceptions or anything
else) involved in the decision.  The operator was supposed to press it
when they smelled smoke, or whatever.  ;-)

> My guess is that they handle known (i.e. expected) errors has best they can,
> possibly with recovery, but unknown errors simply cause some sort of reset to
> a known state. This is still a central strategy, no?

Yes.  And these "errors" could be Ada exceptions, or they could be
something else.

- Bob