From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/21 Message-ID: <3332BE49.8F9@lmtas.lmco.com>#1/1 X-Deja-AN: 227290840 References: <332B5495.167EB0E7@eiffel.com> <332D113B.4A64@calfp.co.uk> <5gm8a6$2qu$2@news.irisa.fr> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-21T00:00:00+00:00 List-Id: Jean-Marc Jezequel wrote: > > Unless our English is so bad that it betrays our thinking, we > *never* implied such a thing. Just a point in a case: Eiffel simply did not exist when they > worked on Ariane4. Let me quote the relevant section of the paper: > > < Although one may criticize the Ada exception mechanism... Interestingly enough, such a statement is not made about Eiffel assertions, although one could criticize those as well (or any feature of any language, for that matter.) Later in the paper: "From the principle of Design by Contract expounded by earlier columns, we know that any software element that has such a fundamental constraint should state it explicitly, as part of a mechanism present in the programming language, as in the Eiffel construct..." Interestingly, all of the coding examples are in Eiffel, although apparently any language could have been used. Or could it? From later in the paper: "To attempt to reuse software without Eiffel-like assertions..." ^^^^^^ Note that these are not characterized as "design by contract-like" assertions, but Eiffel-like assertions. The paper goes on to make it clear that not just any language will do: "It is regrettable that this lesson has not been heeded by such recent designs as Java (which added insult to injury by removing the modest assert instruction of C!), IDL (the Interface Definition Language of CORBA, which is intended to foster large-scale reuse across networks, but fails to provide any semantic specification mechanism), Ada 95 and ActiveX." >From this we learn that Java and Ada 95 are not properly designed for Design by Contract. What does a language need to support Design by Contract? We are told... "For reuse to be effective, Design by Contract is a requirement. Without a precise specification attached to each reusable component -- precondition, postcondition, invariant -- no one can trust a supposedly reusable component." I wonder which languages have built-in precondition, postcondition, and invariant statements... It's bad enough that you post statements that are explicitly contradicted by the Ariane V final report (e.g. that the IRS could not be tested in a black-box environment). When you post statements that are contradicted by your *own* paper... > > -- > Jean-Marc Jezequel Tel : +33 2 99847192 > IRISA/CNRS Fax : +33 2 99847171 > Campus de Beaulieu e-mail : jezequel@irisa.fr > F-35042 RENNES (FRANCE) http://www.irisa.fr/pampa/PROF/jmj.html -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com