* Assertions & Design by Contract
@ 1997-08-22 0:00 Robert C. Leif, Ph.D.
0 siblings, 0 replies; only message in thread
From: Robert C. Leif, Ph.D. @ 1997-08-22 0:00 UTC (permalink / raw)
To: Bertrand Meyer et al. I suspect that the last word on the Ariane 5
will be had by Prof. Nancy G. Levenson. I highly recommend her book,
"Safeware, System Safety and Computers (A Guide to Preventing Accidents and
Losses Caused by Technology," Addison-Wesley Publishing Co. 1995 ISBN
0-201-11972-2. The Ariane 5 is illuminating because it demonstrates that
the choice of programming language is not enough. It takes more than good
tools to succeed on a complex project. Of course this is obvious;
however, the converse, although just as obvious, seems to be lost on many
administrators. Complex or difficult projects require good tools,
materials, methods and people. A reasonable probability of success
requires that these four items be anded together. No one of these items
has sufficient magic to obviate the necessity of the other.
Returning to Prof. Levenson's book, her Appendices describe: catastrophes
in the following fields: medical devices, Aerospace, the chemical industry,
and nuclear power. All of these disasters required a concerted effort to
produce them. None was due to a simple software fault. They were like the
Ariane, systems errors.
However, the real question for Comp.Lang.Ada is not whether any single
methodology could significantly reduce the probability of failures; but
whether some of the functionality already present in Eiffel should be
included in Ada, and if so what would be the appropriate syntax? Writing
now as a biologist, languages undergo convergent evolution. They develop
similar functionalities, even if the syntax differs. Ada and Eiffel have
much in common and I suspect that many of the Ada community would accept
Eiffel as a second choice and that this preference would be reciprocated by
the Eiffel community. Most of us wish to avoid programming in the
derivatives of C including C++ and JAVA. Therefore, since it has been
reported that the Ada compiler vendors were introducing a capacity for
making assertions, it would be very useful for Bertrand Meyer and other
Eiffel experts on software safety to critique this work with the
understanding that most of us would prefer to stay with Ada and that
changes, improvements, or whatever should have minimal coupling to the rest
of the Ada language.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~1997-08-22 0:00 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1997-08-22 0:00 Assertions & Design by Contract Robert C. Leif, Ph.D.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox