From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_00,INVALID_MSGID, PP_MIME_FAKE_ASCII_TEXT autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public From: Karel Th�nissen Subject: Re: Ariane-5: can you clarify? (Re: Please do not start a language war) Date: 1997/03/20 Message-ID: <3331205B.368A@hello.nl>#1/1 X-Deja-AN: 226945175 References: <332B5495.167EB0E7@eiffel.com> Organization: Hello Technologies Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada,comp.lang.java.tech Date: 1997-03-20T00:00:00+00:00 List-Id: Nick Leaton wrote: > > Karel Th�nissen wrote: > > > THERE COULD NOT POSSIBLY HAVE BEEN A ROLE FOR ASSERTIONS ON-FLIGHT > If I generalise what you say, running production code with assertions > will not make a difference. However, there are things you can do. If > there > was an exception handler built, then it can make choices. In the Ariane > case, > an exception from the SRI post launch can be ignored. If you were > writting > a system that involved file handling then it could, perhaps try > something > to make a file handle or space available. For example, prompt the user > to empty a trash can. True, I am sorry, let me clarify this a bit more. I fully agree that exception handling in production code is in general very valuable (and often the only reasonble way to go), and the examples you gave point out this fine. And indeed in the case of the SRI system, the exception could have been confined to the allignment software, as it was superfluous at that point. But what if it was not in superfluous subsystem? You cannot shut down the module that calculates the flight data. This bug could have creeped in there just as well, because testing for both subsystems was as strict. Or what about a file system that prompts for human interaction in a overnight batch run? Sometimes there are no possibilities for recovery. And IMHO this conversion problem is an example of just that. But very likely there are a lot of exceptions handlers in this SRI software which do their work as intended and that could not be left out. > From personal experience I have found this to be the case. Being able to > test your comments is very useful! > > Nick I fully agree, and every one should do this. But do you get this taught in software engineering class or do software engineering methods or languages enforce this? Do project managers require this? To further clarify my/our point. Right now tens of thousands of programmers wish that assumptions were more accurately documented in the code - on the spot - if only by means of informal comments. These programmers are making our software ready for the Y2000, they know the assumptions made, if only they could easily find those spots.