From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: *** X-Spam-Status: No, score=3.8 required=5.0 tests=BAYES_00,INVALID_MSGID, RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public From: "Gavin Collings" Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/04/09 Message-ID: <01bc44c7$98428c10$c580400a@gavinspc>#1/1 X-Deja-AN: 231758392 X-NNTP-Posting-Host: firewall2.sperry-sun.co.uk References: <01bc3603$f9373d40$b280400a@gavinspc> <01bc4021$607eea80$b280400a@gavinspc> <5i3fmr$cgn@gcsin3.geccs.gecm.com> <3349199E.49AA@lmtas.lmco.com> Newsgroups: comp.lang.eiffel,comp.lang.ada,comp.object,comp.programming.threads,comp.software-eng Date: 1997-04-09T00:00:00+00:00 List-Id: This is really a reply to all the messages that have been posted in response to my Java exception model post (most of which disagree with me). As many have pointed out this probably would not have averted the disaster. However my original claim was only that it would make it less likely (which I still believe - the degree being a matter for debate). Let me deal with the main objections one by one :- 1) I take the point that the programmers knew that the unhandled exception existed but still maintain that explicit warnings on every build may have helped raise its visibility as a potential problem. 2) I take the point that a Java compiler may not have reported the error since these particular types of exceptions may go unchecked in Java. I am only proposing something LIKE Java - not Java. 3) Someone said that the exception would be handled by a "top-level" handler so it would not be reported. I take this as splitting hairs to a fine degree - after all what is an unhandled exception: one that propagates to some default handler - within the language runtime or within the operating system - what's the difference. I don't believe that this should prevent the compiler issuing a warning. Finally, I am not fighting you when you say that the Ariane disaster was mainly caused by something else - untested assumptions, hardware shutdown on software failure... nor am I trying to enter into any language war (other than to make general points about features). I am merely focusing on one particular aspect which might help improve software quality generally (including the Ariane case). My view of the contemporary use of exception handling is that its something like relying on the FORTRAN first letter rule for type checking and I believe the more that a compiler can help you the better. Indeed the analogy may be strong - if you regard the exceptions that a routine may throw as part of its type then all I am really asking for more stricter type checking. Gavin. -- Gavin Collings gcollings@sperry-sun.com