From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/25 Message-ID: <33383566.5C64@lmtas.lmco.com>#1/1 X-Deja-AN: 228289650 References: <332B5495.167EB0E7@eiffel.com> <332D113B.4A64@calfp.co.uk> <5gm8a6$2qu$2@news.irisa.fr> <3332BE49.8F9@lmtas.lmco.com> <33330FE5.3F54BC7E@eiffel.com> <3335BC24.13728473@eiffel.com> <3335BE7B.2C67412E@eiffel.com> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-25T00:00:00+00:00 List-Id: Bertrand Meyer wrote: > > which anyone can see is significantly different ("language and method", > and "probably yes", with caveats about the risk of inferences, and a > careful point-by-point discussion to examine the reasons for the > assumption). So, for those of us who have posted a detailed rebuttal on your "language and method" (both presumably being required, based on the word "and") being able to "probably" solve the Ariane 5 problem, what are you saying? You disagree, for the reasons cited in your paper? Or do you care to address the rebuttals? Like ships passing in the night :) > >>> (read it, and if you think they say "this wouldn't > >>> have happened if they'd used Eiffel", read it again ;-) > > I think the last two lines are good advice... Having done this, I have come to the following conclusions: The paper indicates that Eiffel, when used with Design by Contract, would "probably" have prevented the Ariane 5 disaster. a. As a result, it is incorrect to claim that Design by Contract alone would solve the problem. b. Furthermore, the reasoning that the combination of Design by Contract and Eiffel would have prevented the Ariane 5 disaster is unconvincing. It fails to address (and is some cases contradicted by) the final report, and is unconvincing to those with experience in this type of system. See my previous posts for more information. c. The paper also contains some material that is extraneous to the issue of the Ariane 5 accident. Although not by itself a fatal flaw, it's annoying. (I haven't really commented on this previously, but it is strange for example that the paper admits Ada assertions were adequate for the Ariane 5 issue, but goes on to explain how much more powerful Eiffel assertions can be. What's the point, other than selling Eiffel?) > > [In the quotations I have reinstituted the spelling of my name, > of Jean-Marc Jezequel's, and of Ariane.] > -- > Bertrand Meyer, President, ISE Inc., Santa Barbara (California) > 805-685-1006, fax 805-685-6869, - > ftp://ftp.eiffel.com > Visit our Web page: http://www.eiffel.com > (including instructions to download Eiffel 4 for Windows) -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com