From: Ken Garlington <GarlingtonKE@lmtas.lmco.com>
Subject: Re: Papers on the Ariane-5 crash and Design by Contract
Date: 1997/03/24
Date: 1997-03-24T00:00:00+00:00 [thread overview]
Message-ID: <3336C84B.572@lmtas.lmco.com> (raw)
In-Reply-To: 5gqrkt$bp1$1@news.irisa.fr
Jean-Marc Jezequel wrote:
>
> Yes, that's true for pre- and post that actually correspond to range
> constraints. But remember that Eiffel pre- and post can be much more general
> than that, including any arbitrary function call.
> Also, how do you check/inherit your class invariants in Ada?
> (this is a real question, I really don't know whether it is possible)
Does any of this have anything to do with the Ariane 5 crash? Your own
paper
says that Ada assertions were adequate in this case.
> In general, this may be true. But in this particular Ariane 501 crash, I maintain
> that such "stuff" would have been enough, for a team fully embrassing design by contract,
> to specify this particular assumption.
*Specifically* for the Ariane 501 crash, I disagree (as do others). I
even went so
far as to quote sections of the Ariane 501 final report that dispute
your
belief, rather than just relying on my own experience in building
similar systems.
Do you wish to respond?
> I know that humans can fail, but I'm confident that, given enough ressources (and
> avoiding a 500M$ crash gives you some leeway) it could have been succesful.
> You may disagree on this point, and we can stop this discussion by agreeing to disagree.
Apparently, you do not wish to respond. It would be interesting to see
this
subject addressed in a referreed paper, rather than only in Mr. Meyer's
opinion
column and on a web page. Too bad there's not a way to post permanent
responses
to a web page... given the presence of Mr. Meyer's name, I'm sure it
will be
quoted as an "authoritative" source on how assertions would have
prevented this crash.
It's times like this that I really hate software engineering. To think
that such
gibberish could ever see the light of day in a respected software
engineering magazine!
>
> In the light of their very constructive posts and mails, I concede to Ken Garlington and
> Paul Dietz that re-testing of the SRI in the context of the Ariane5 trajectory would
> not have been as hard as I have thought initialy. But in any case, the solution they propose
> would have broken the idea of a black-box (integrating all the inertial hardware and software)
> reuse, since you have to enter the black box to "feed simulated accelerometer signals into the
> rest of the system".
This is a routine test for such systems. I have no idea what your issue
is here. I
assume your main problem is that it would have detected the error either
with or
without assertions, thus making it difficult to say that Design by
Contract (i.e.,
Eiffel) would have been a better choice.
> OK, I admit this is a bit of dialectics, but it still illustrates one of the
> main point of the paper: beware of black-box reuse (aka component reuse), when the specification
> is limited to routine signatures (a la CORBA).
I would go further: beware of black-box reuse REGARDLESS of the richness
of the
specification, particularly for critical systems.
>
> --
> Jean-Marc Jezequel Tel : +33 2 99847192
> IRISA/CNRS Fax : +33 2 99847171
> Campus de Beaulieu e-mail : jezequel@irisa.fr
> F-35042 RENNES (FRANCE) http://www.irisa.fr/pampa/PROF/jmj.html
--
LMTAS - The Fighter Enterprise - "Our Brand Means Quality"
For job listings, other info: http://www.lmtas.com or
http://www.lmco.com
next prev parent reply other threads:[~1997-03-24 0:00 UTC|newest]
Thread overview: 254+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-03-15 0:00 Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Jon S Anthony
[not found] ` <tz8ohcjv7cc.fsf@aimnet.com>
1997-03-16 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert Dewar
1997-03-17 0:00 ` Please do not start a language war (was " Jean-Marc Jezequel
1997-03-18 0:00 ` Richard Irvine
[not found] ` <tz8913l930b.fsf_-_@aimnet.com>
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war Roedy Green
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Gavin Collings
1997-03-18 0:00 ` Please do not start a language war (was Re: Papers on the Ariane-5 crash and Design by Contract Ken Garlington
[not found] ` <199703190839.JAA02652@stormbringer.irisa.fr>
1997-03-19 0:00 ` Ken Garlington
1997-03-20 0:00 ` Roger T.
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington
1997-03-21 0:00 ` Ken Garlington
1997-03-20 0:00 ` Robert S. White
1997-03-20 0:00 ` John L. Ahrens
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Wolfgang Gellerich
1997-03-21 0:00 ` Robert S. White
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-25 0:00 ` Ken Garlington
1997-03-26 0:00 ` Trust but verify " Robert S. White
1997-03-25 0:00 ` Bertrand Meyer
1997-03-26 0:00 ` Robb Nebbe
1997-03-27 0:00 ` Ken Garlington
1997-03-28 0:00 ` Jeffrey W. Stulin
1997-03-31 0:00 ` Ken Garlington
1997-03-28 0:00 ` Karel Th�nissen
1997-03-28 0:00 ` Ken Garlington
1997-04-07 0:00 ` Jean-Marc Jezequel
1997-03-29 0:00 ` the one and only real true kibo
1997-03-17 0:00 ` Robert I. Eachus
1997-03-17 0:00 ` Martin Tom Brown
1997-03-17 0:00 ` Please do not start a language war (was " Jon S Anthony
1997-03-18 0:00 ` Kent Tong
1997-03-20 0:00 ` Ranan Fraer
1997-03-17 0:00 ` Bertrand Meyer
1997-03-18 0:00 ` John McCabe
1997-03-18 0:00 ` Ray McVay
1997-03-27 0:00 ` Robert Dewar
1997-03-29 0:00 ` the one and only real true kibo
1997-03-30 0:00 ` Nick Roberts
1997-04-06 0:00 ` Doctorb
1997-04-08 0:00 ` Ron Crocker
1997-04-11 0:00 ` Richard Riehle
1997-03-17 0:00 ` Nick Leaton
1997-03-17 0:00 ` Richard Kaiser
[not found] ` <tz8g1xtzx9y.fsf@aimnet.com>
1997-03-18 0:00 ` Anders Pytte
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-18 0:00 ` Anders Pytte
1997-03-18 0:00 ` Anders Pytte
1997-03-19 0:00 ` Programming language fanaticism! Louis Bastarache
1997-03-20 0:00 ` Anders Pytte
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Matt Kennel (Remove 'nospam' to reply)
1997-03-24 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Anders Pytte
1997-03-26 0:00 ` Robert Dewar
1997-03-27 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` Nick S Bensema
1997-03-30 0:00 ` the one and only real true kibo
1997-03-26 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-29 0:00 ` Anders Pytte
1997-03-29 0:00 ` Steve Furlong
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Bertrand Meyer
1997-03-21 0:00 ` William Clodius
1997-03-21 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` the one and only real true kibo
1997-03-23 0:00 ` William Clodius
1997-03-22 0:00 ` Fergus Henderson
1997-03-22 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` the one and only real true kibo
1997-03-23 0:00 ` Anders Pytte
1997-03-24 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Alexander Anderson
1997-03-24 0:00 ` Alexander Anderson
1997-03-23 0:00 ` Papers on the Ariane-5 crash and Design by Contract Anders Pytte
[not found] ` <3335BC24.13728473@eiffel.com>
1997-03-23 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` Robert Dewar
1997-03-31 0:00 ` Ken Garlington
1997-04-01 0:00 ` Bertrand Meyer
1997-03-25 0:00 ` Ken Garlington
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` the one and only real true kibo
1997-03-24 0:00 ` John Hogg
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Robert Dewar
1997-03-26 0:00 ` Ken Garlington
[not found] ` <E7ox17.MKx@syd.csa.com.au>
1997-03-28 0:00 ` Ken Garlington
1997-03-18 0:00 ` Laurent Moussault
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-18 0:00 ` "Paul E. Bennett"
1997-03-19 0:00 ` Nick Leaton
1997-03-24 0:00 ` Joachim Durchholz
1997-03-25 0:00 ` Robert Dewar
1997-03-31 0:00 ` Joachim Durchholz
1997-04-02 0:00 ` Robert Dewar
1997-04-03 0:00 ` Martin Tom Brown
1997-04-04 0:00 ` Jonathan Egre'
1997-04-06 0:00 ` Robert Dewar
1997-04-06 0:00 ` Nick Roberts
1997-04-04 0:00 ` Derek Clarke
1997-03-31 0:00 ` Jan Galkowski
1997-03-31 0:00 ` Alexander Anderson
1997-04-01 0:00 ` Alexander Anderson
1997-04-02 0:00 ` Ken Garlington
1997-03-20 0:00 ` John the Hamster
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-19 0:00 ` Richard Kaiser
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-19 0:00 ` Fergus Henderson
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Ken Garlington
1997-03-17 0:00 ` Alexander Anderson
1997-03-17 0:00 ` Paul Johnson
1997-03-17 0:00 ` Enrico Facchin - Sartori E.T.
1997-03-19 0:00 ` Anders Pytte
1997-03-18 0:00 ` Ken Garlington
1997-03-17 0:00 ` John McCabe
[not found] ` <tz8n2s1hrdc.fsf@aimnet.com>
1997-03-20 0:00 ` John McCabe
1997-03-20 0:00 ` Jean-Marc Jezequel
1997-03-20 0:00 ` John McCabe
1997-03-21 0:00 ` Niall Cooling
1997-03-21 0:00 ` Gavin Collings
1997-03-27 0:00 ` Joachim Durchholz
1997-04-03 0:00 ` Gavin Collings
1997-04-03 0:00 ` Ken Garlington
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Derek Clarke
1997-04-06 0:00 ` Robert Dewar
1997-04-07 0:00 ` Ken Garlington
1997-04-09 0:00 ` Gavin Collings
1997-04-03 0:00 ` Robert I. Eachus
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Chris Beer
1997-04-04 0:00 ` Ken Garlington
1997-04-04 0:00 ` Robert Dewar
1997-04-03 0:00 ` Robin Rosenberg
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Thomas Beale
1997-03-26 0:00 ` Ken Garlington
1997-03-20 0:00 ` John McCabe
1997-03-21 0:00 ` "Paul E. Bennett"
1997-03-22 0:00 ` Nigel Tzeng
1997-03-23 0:00 ` John McCabe
1997-03-18 0:00 ` Ken Garlington
1997-03-19 0:00 ` Eric M. Boyd
1997-03-19 0:00 ` Jeffrey W. Stulin
[not found] ` <3345cd60.2092398@news.sydney.apana.org.au>
1997-04-03 0:00 ` Ariane-5 crash , Eiffel and Ada Jeffrey W. Stulin
1997-04-03 0:00 ` Nick Leaton
1997-04-08 0:00 ` AdaWorks
1997-03-18 0:00 ` Papers on the Ariane-5 crash and Design by Contract Jon S Anthony
1997-03-18 0:00 ` Tarjei Jensen
1997-03-18 0:00 ` Robert I. Eachus
1997-03-18 0:00 ` Jon S Anthony
1997-03-18 0:00 ` Ulrich Windl
1997-03-18 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ron Forrester
1997-03-21 0:00 ` Ken Garlington
1997-03-22 0:00 ` Ron Forrester
1997-03-18 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ken Garlington
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Frank Manning
1997-03-21 0:00 ` Martin Tom Brown
1997-03-23 0:00 ` Frank Manning
1997-03-25 0:00 ` Ken Garlington
1997-03-20 0:00 ` Richard Kaiser
1997-03-24 0:00 ` Ken Garlington
1997-03-19 0:00 ` Ken Garlington
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Nick Leaton
1997-03-19 0:00 ` Jon S Anthony
1997-03-20 0:00 ` Paul Johnson
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Design by Contract in C++ (was Re: Papers on the Ariane-5 crash and Design by Contract) Anders Pytte
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington [this message]
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Karel Th�nissen
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-20 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-20 0:00 ` Nick Leaton
1997-03-20 0:00 ` Karel Th�nissen
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-21 0:00 ` Please do not start a language war (was " Jon S Anthony
1997-03-21 0:00 ` Alexander Anderson
1997-03-23 0:00 ` "Paul E. Bennett"
1997-03-21 0:00 ` Ulrich Windl
[not found] ` <tz8sp1qiywm.fsf@aimnet.com>
1997-03-21 0:00 ` ae59
1997-03-22 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-22 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Stuart Yeates
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-23 0:00 ` Dale Stanbrough
[not found] ` <3335E18E.33590565@eiffel.com>
1997-03-23 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-24 0:00 ` William Grosso
1997-03-24 0:00 ` William Clodius
1997-03-24 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` Brad Appleton
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert Dewar
1997-03-24 0:00 ` Manners (was Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-25 0:00 ` the one and only real true kibo
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-22 0:00 ` Anders Pytte
1997-03-23 0:00 ` Steve Furlong
1997-03-24 0:00 ` Anders Pytte
1997-03-24 0:00 ` Simulating Eiffel-style assertions (was: Papers on the Ariane-5 crash and Design by Contract) Wolfgang Reddig
1997-03-24 0:00 ` Anders Pytte
1997-03-25 0:00 ` Wolfgang Reddig
1997-03-25 0:00 ` Anders Pytte
1997-03-31 0:00 ` Joachim Durchholz
1997-03-26 0:00 ` Alan Brain
1997-03-26 0:00 ` Wolfgang Reddig
1997-03-29 0:00 ` How old time languages survive EJon
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) William Clodius
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robb Nebbe
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-27 0:00 ` Joachim Durchholz
1997-03-31 0:00 ` Ken Garlington
1997-04-06 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Alexander Anderson
1997-03-24 0:00 ` Jon S Anthony
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-25 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-25 0:00 ` David Starr
1997-03-25 0:00 ` Ken Garlington
1997-03-25 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-26 0:00 ` Jon S Anthony
1997-03-26 0:00 ` Alexander Anderson
1997-03-26 0:00 ` Ken Garlington
1997-03-27 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-28 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-31 0:00 ` Ken Garlington
1997-03-19 0:00 ` Chris Brand
1997-03-23 0:00 ` the one and only real true kibo
-- strict thread matches above, loose matches on Subject: below --
1997-03-17 0:00 Marin David Condic, 561.796.8997, M/S 731-93
1997-03-20 0:00 Marin David Condic, 561.796.8997, M/S 731-93
1997-03-25 0:00 ` Nick Roberts
1997-03-24 0:00 Marin David Condic, 561.796.8997, M/S 731-93
1997-03-27 0:00 Marin David Condic, 561.796.8997, M/S 731-93
1997-04-03 0:00 Adrian B.Y. Hoe
1997-04-05 0:00 ` Nick Roberts
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox