From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/18 Message-ID: <332EDBBE.4066@lmtas.lmco.com>#1/1 X-Deja-AN: 226496036 References: <332B5495.167EB0E7@eiffel.com> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada,comp.lang.java.tech Date: 1997-03-18T00:00:00+00:00 List-Id: Jon S Anthony wrote: > > And this is not the sort of thing that simple pre and post > conditions is going to help you with. It's disingenuous to say > otherwise. In fact, while this paper is fairly good in its analysis, > it is extremely poor in its conclusion. Here's the relevant bit: > > "Does this mean that the crash would automatically have been avoided > had the mission used a language and method supporting built-in > assertions and Design by Contract? Although it is always risky to > draw such after-the-fact conclusions, the answer is probably yes:" The reasoning here is quite transparent: 1. The Ariane V problem is not a language problem (true enough). 2. Our design methodology would have solved the problem (absolutely no evidence to support this). 3. Eiffel is the best/only language that supports our methodology (could be). 4. Use Eiffel. > "Any team worth its salt would have checked systematically > that every call satisfies the precondition. That would have > immediately revealed that the Ariane 5 calling software did not meet > the expectation of the Ariane 4 routines that it called." Why not just say: "Any team worth its salt would have made absolutely no errors in judgement" and leave it at that? > -- > Jon Anthony > Organon Motives, Inc. > Belmont, MA 02178 > 617.484.3383 > jsa@organon.com -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com