From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,b4b0ae0dc411e449,start X-Google-Attributes: gid103376,public From: "Robert C. Leif, Ph.D." Subject: Assertions & Design by Contract Date: 1997/08/22 Message-ID: <3.0.32.19970822173552.006fadf0@mail.4dcomm.com>#1/1 X-Deja-AN: 268063297 Sender: Ada programming language X-Sender: rleif@mail.4dcomm.com Comments: To: Bertrand.Meyer@eiffel.com Newsgroups: comp.lang.ada Date: 1997-08-22T00:00:00+00:00 List-Id: To: Bertrand Meyer et al. I suspect that the last word on the Ariane 5 will be had by Prof. Nancy G. Levenson. I highly recommend her book, "Safeware, System Safety and Computers (A Guide to Preventing Accidents and Losses Caused by Technology," Addison-Wesley Publishing Co. 1995 ISBN 0-201-11972-2. The Ariane 5 is illuminating because it demonstrates that the choice of programming language is not enough. It takes more than good tools to succeed on a complex project. Of course this is obvious; however, the converse, although just as obvious, seems to be lost on many administrators. Complex or difficult projects require good tools, materials, methods and people. A reasonable probability of success requires that these four items be anded together. No one of these items has sufficient magic to obviate the necessity of the other. Returning to Prof. Levenson's book, her Appendices describe: catastrophes in the following fields: medical devices, Aerospace, the chemical industry, and nuclear power. All of these disasters required a concerted effort to produce them. None was due to a simple software fault. They were like the Ariane, systems errors. However, the real question for Comp.Lang.Ada is not whether any single methodology could significantly reduce the probability of failures; but whether some of the functionality already present in Eiffel should be included in Ada, and if so what would be the appropriate syntax? Writing now as a biologist, languages undergo convergent evolution. They develop similar functionalities, even if the syntax differs. Ada and Eiffel have much in common and I suspect that many of the Ada community would accept Eiffel as a second choice and that this preference would be reciprocated by the Eiffel community. Most of us wish to avoid programming in the derivatives of C including C++ and JAVA. Therefore, since it has been reported that the Ada compiler vendors were introducing a capacity for making assertions, it would be very useful for Bertrand Meyer and other Eiffel experts on software safety to critique this work with the understanding that most of us would prefer to stay with Ada and that changes, improvements, or whatever should have minimal coupling to the rest of the Ada language.