From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/24 Message-ID: <3336CA90.4DD9@lmtas.lmco.com>#1/1 X-Deja-AN: 228005103 References: <332B5495.167EB0E7@eiffel.com> <332d95c9.1004852@news.demon.co.uk> <33307a43.1705970@news.demon.co.uk> <5gqsoe$bp1$2@news.irisa.fr> <333186ba.3456540@news.demon.co.uk> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-24T00:00:00+00:00 List-Id: John McCabe wrote: > > jezequel@irisa.fr (Jean-Marc Jezequel) wrote: > > >In article <33307a43.1705970@news.demon.co.uk>, john@assen.demon.co.uk (John McCabe) writes: > >>I am a bit unhappy with the way the paper has been written. As I > >>mentioned in another posting on this thread, the fundamental problem > >>was that the developers did not have Ariane 5 trajectory data to work > > > >Yes this is true. But, since the SRI was reused from Ariane4, the problem > >is not with developers, but with the *integration* team. > > I think there was a bit more to it than just getting one off the > shelf. I quote from the inquiry report: > > "The design of the Ariane 5 SRI is practically the same as that of an > SRI which is presently used on Ariane 4, particularly as regards the > software." > > Note Practically the same - not identical. > > >AFAIK, the integration team had the possibility to work with Ariane 5 trajectory data, > >and in the ideal case where Design by Contract would have been used on the SRI, > >they would have the opportunity the check it wrt the environment of Ariane5. > > Again, I quote: > > "There is no evidence that any trajectory data were used to analyse > the behaviour of the unprotected variables, and it is even more > important to note that it was jointly agreed not to include the Ariane > 5 trajectory data in the SRI requirements and specification." What I think he's saying is that if the integration team had done a proper test, and had used Eiffel, then the problem would have been detected. Left unstated is the observation from the final report that if a proper test had been done, the problem would have been detected even *without* the added assertions. Of course, this statement would make it more difficult to imply to the uninformed that "Ariane V would not have happened if it was programmed in Eiffel"... > > Best Regards > John McCabe -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com