From: Ken Garlington <GarlingtonKE@lmtas.lmco.com>
Subject: Re: Please do not start a language war (was Re: Papers on the Ariane-5 crash and Design by Contract
Date: 1997/03/25
Date: 1997-03-25T00:00:00+00:00 [thread overview]
Message-ID: <33383A6F.3A5A@lmtas.lmco.com> (raw)
In-Reply-To: 5gue93$2md$3@news.irisa.fr
Jean-Marc Jezequel wrote:
>
> In article <3332C049.2A0F@lmtas.lmco.com>, Ken Garlington <GarlingtonKE@lmtas.lmco.com> writes:
>
> >"It should be noted that for reasons of physical law, it is not
> >feasible to test the SRI as a "black box" in the flight environment,
> >unless one makes a completely realistic flight test, but it is possible
>
> OK, it seems that some people refuse to get the point of our paper
> (design by contract is need when you attempt to reuse "black-boxes").
> It is their pure right. I would be a pity if it would degenerate into a
> flame bait. So I won't continue to argue...
So far, the only arguments I've seen from either author are:
(a) It's not really black-box testing to test an IRS as described in the
paper.
(Why this even matters, I don't know, but I disagree with it in any
case. See
below.)
(b) It's not just Eiffel, it's Design by Contract plus Eiffel. (Which is
what
I said. Specifically, it's definitely NOT Design by Contract plus any
language.
Eiffel is required. So, I'm glad we all agree on this point. :)
Left unchallenged are the interesting arguments: Does the ability to
specify
an assertion mean that the assertion would have been specified, in the
case
of the Ariane 5? Does the specification of an assertion mean that it
will detect
errors (either by manual review, static analysis, or dynamic analysis)
of the type
detected on Ariane 5?
Too bad.
>
> >to do ground testing by injecting simulated accelerometric signals in
> >accordance with predicted flight parameters, while also using a
> >turntable to simulate launcher angular movements. Had such a test been performed
>
> That is, opening the black box...
THIS TEST DOES NOT REQUIRE OPENING THE BOX!
(1) Put the black box on the turntable.
(2) Hook the connectors to the EXTERIOR of the black box.
(3) Feed the signals through the connector!
Lord have mercy, why do people who have never tested an IRS INSIST on
explaining
it to those of us who have!
>
> >the supplier or as part of the acceptance test, the failure mechanism
> >would have been exposed."
>
> >As someone who, today, is performing testing of coupled IRS and flight
> >control systems in a ground-based environment, I am quite confident in
> >the conclusions of the paper on this point.
>
> I understand that you feel touchy on the subject since it is your job that is at
> stake. But you do not need to worry: our point was not that test is not necessary:
> it is! But it is not sufficient (I expect that you would agree on that).
(a) I'm a software engineer. My job is not at stake in any of this.
(b) If the test is necessary, and Design by Contract does not require
testing, and
Ariane 5 did not plan to do the test, then Design by Contract by itself
would not
have prevented the accident. QED. Remove "probably yes" from the paper,
or add a
statement that Design by Contract, PLUS V&V, system engineering
(specifying the
Ariane V flight profile to the IRS team), etc. would have prevented the
problem.
At this point, you have no other intellectually honest option.
This has nothing to do with whether DBC/E (Design by Contract/Eiffel)
would detect
errors that might be missed otherwise. If you want to discuss such an
abstraction,
feel free. Your paper is written in terms of a specific problem in a
specific
environment. You admit that test was (a) possible, (b) not done, and (c)
required.
If you add (d), that DBC/E does not require V&V with realistic data (and
there
is nothing in the paper that contradicts this), your argument is dead.
We don't
even have to discuss whether or not being able to specific the specific
assertion
required in this case would have been specified by the design team, FOR
THE ARIANE
5 CASE.
I don't expect a response to this, of course, but there it is
nonetheless.
> Also, testing is a part of V&V, which is itself a part of the
> larger goal of making a project succesful (whatever be the meaning of that).
Completely missed the point. Too bad.
>
> --
> Jean-Marc Jezequel Tel : +33 2 99847192
> IRISA/CNRS Fax : +33 2 99847171
> Campus de Beaulieu e-mail : jezequel@irisa.fr
> F-35042 RENNES (FRANCE) http://www.irisa.fr/pampa/PROF/jmj.html
--
LMTAS - The Fighter Enterprise - "Our Brand Means Quality"
For job listings, other info: http://www.lmtas.com or
http://www.lmco.com
next prev parent reply other threads:[~1997-03-25 0:00 UTC|newest]
Thread overview: 247+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-03-15 0:00 Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Jon S Anthony
1997-03-19 0:00 ` Papers on the Ariane-5 crash and Design by Contract Chris Brand
1997-03-23 0:00 ` the one and only real true kibo
[not found] ` <tz8ohcjv7cc.fsf@aimnet.com>
1997-03-16 0:00 ` Robert Dewar
1997-03-17 0:00 ` Please do not start a language war (was " Jean-Marc Jezequel
[not found] ` <tz8913l930b.fsf_-_@aimnet.com>
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war Roedy Green
1997-03-18 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Gavin Collings
1997-03-18 0:00 ` Please do not start a language war (was Re: Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-25 0:00 ` Ken Garlington [this message]
1997-03-26 0:00 ` Trust but verify " Robert S. White
1997-03-25 0:00 ` Bertrand Meyer
1997-03-26 0:00 ` Robb Nebbe
1997-03-27 0:00 ` Ken Garlington
1997-03-28 0:00 ` Karel Th�nissen
1997-03-28 0:00 ` Ken Garlington
1997-04-07 0:00 ` Jean-Marc Jezequel
1997-03-28 0:00 ` Jeffrey W. Stulin
1997-03-31 0:00 ` Ken Garlington
1997-03-29 0:00 ` the one and only real true kibo
[not found] ` <199703190839.JAA02652@stormbringer.irisa.fr>
1997-03-19 0:00 ` Please do not start a language war " Ken Garlington
1997-03-20 0:00 ` Robert S. White
1997-03-20 0:00 ` John L. Ahrens
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Robert S. White
1997-03-21 0:00 ` Wolfgang Gellerich
1997-03-20 0:00 ` Roger T.
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington
1997-03-18 0:00 ` Richard Irvine
1997-03-17 0:00 ` Bertrand Meyer
1997-03-18 0:00 ` John McCabe
1997-03-18 0:00 ` Ray McVay
1997-03-27 0:00 ` Robert Dewar
1997-03-29 0:00 ` the one and only real true kibo
1997-03-30 0:00 ` Nick Roberts
1997-04-06 0:00 ` Doctorb
1997-04-08 0:00 ` Ron Crocker
1997-04-11 0:00 ` Richard Riehle
1997-03-17 0:00 ` Alexander Anderson
1997-03-17 0:00 ` Nick Leaton
1997-03-17 0:00 ` Richard Kaiser
[not found] ` <tz8g1xtzx9y.fsf@aimnet.com>
1997-03-18 0:00 ` Anders Pytte
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-18 0:00 ` Anders Pytte
1997-03-18 0:00 ` Anders Pytte
1997-03-19 0:00 ` Programming language fanaticism! Louis Bastarache
1997-03-20 0:00 ` Anders Pytte
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Matt Kennel (Remove 'nospam' to reply)
1997-03-24 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Anders Pytte
1997-03-26 0:00 ` Robert Dewar
1997-03-27 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` the one and only real true kibo
1997-03-29 0:00 ` Nick S Bensema
1997-03-30 0:00 ` the one and only real true kibo
1997-03-26 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-29 0:00 ` Anders Pytte
1997-03-29 0:00 ` Steve Furlong
1997-03-21 0:00 ` Ken Garlington
1997-03-21 0:00 ` Bertrand Meyer
1997-03-21 0:00 ` William Clodius
1997-03-21 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` William Clodius
1997-03-23 0:00 ` the one and only real true kibo
1997-03-22 0:00 ` Fergus Henderson
1997-03-22 0:00 ` Bertrand Meyer
1997-03-23 0:00 ` the one and only real true kibo
1997-03-23 0:00 ` Anders Pytte
1997-03-24 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Alexander Anderson
1997-03-24 0:00 ` Alexander Anderson
1997-03-23 0:00 ` Papers on the Ariane-5 crash and Design by Contract Anders Pytte
[not found] ` <3335BC24.13728473@eiffel.com>
1997-03-23 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` Robert Dewar
1997-03-31 0:00 ` Ken Garlington
1997-04-01 0:00 ` Bertrand Meyer
1997-03-25 0:00 ` Ken Garlington
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` the one and only real true kibo
1997-03-24 0:00 ` John Hogg
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Robert Dewar
1997-03-26 0:00 ` Ken Garlington
[not found] ` <E7ox17.MKx@syd.csa.com.au>
1997-03-28 0:00 ` Ken Garlington
1997-03-18 0:00 ` Laurent Moussault
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-18 0:00 ` "Paul E. Bennett"
1997-03-19 0:00 ` Nick Leaton
1997-03-24 0:00 ` Joachim Durchholz
1997-03-25 0:00 ` Robert Dewar
1997-03-31 0:00 ` Joachim Durchholz
1997-04-02 0:00 ` Robert Dewar
1997-04-03 0:00 ` Martin Tom Brown
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Jonathan Egre'
1997-04-06 0:00 ` Robert Dewar
1997-04-06 0:00 ` Nick Roberts
1997-03-31 0:00 ` Jan Galkowski
1997-03-31 0:00 ` Alexander Anderson
1997-04-01 0:00 ` Alexander Anderson
1997-04-02 0:00 ` Ken Garlington
1997-03-20 0:00 ` John the Hamster
1997-03-18 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Nick Leaton
1997-03-19 0:00 ` Richard Kaiser
1997-03-19 0:00 ` Fergus Henderson
1997-03-19 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Richard Kaiser
1997-03-18 0:00 ` Jean-Marc Jezequel
1997-03-19 0:00 ` Ken Garlington
1997-03-17 0:00 ` Robert I. Eachus
1997-03-17 0:00 ` Martin Tom Brown
1997-03-17 0:00 ` Please do not start a language war (was " Jon S Anthony
1997-03-18 0:00 ` Kent Tong
1997-03-20 0:00 ` Ranan Fraer
1997-03-17 0:00 ` John McCabe
[not found] ` <tz8n2s1hrdc.fsf@aimnet.com>
1997-03-20 0:00 ` John McCabe
1997-03-20 0:00 ` John McCabe
1997-03-20 0:00 ` Jean-Marc Jezequel
1997-03-20 0:00 ` John McCabe
1997-03-21 0:00 ` Niall Cooling
1997-03-21 0:00 ` Gavin Collings
1997-03-27 0:00 ` Joachim Durchholz
1997-04-03 0:00 ` Robert I. Eachus
1997-04-04 0:00 ` Chris Beer
1997-04-04 0:00 ` Derek Clarke
1997-04-03 0:00 ` Gavin Collings
1997-04-03 0:00 ` Ken Garlington
1997-04-04 0:00 ` Derek Clarke
1997-04-04 0:00 ` Derek Clarke
1997-04-06 0:00 ` Robert Dewar
1997-04-07 0:00 ` Ken Garlington
1997-04-09 0:00 ` Gavin Collings
1997-04-04 0:00 ` Ken Garlington
1997-04-04 0:00 ` Robert Dewar
1997-04-03 0:00 ` Robin Rosenberg
1997-03-24 0:00 ` Ken Garlington
1997-03-26 0:00 ` Thomas Beale
1997-03-26 0:00 ` Ken Garlington
1997-03-21 0:00 ` "Paul E. Bennett"
1997-03-22 0:00 ` Nigel Tzeng
1997-03-23 0:00 ` John McCabe
1997-03-17 0:00 ` Paul Johnson
1997-03-17 0:00 ` Enrico Facchin - Sartori E.T.
1997-03-19 0:00 ` Anders Pytte
1997-03-18 0:00 ` Ken Garlington
1997-03-18 0:00 ` Tarjei Jensen
1997-03-18 0:00 ` Ken Garlington
1997-03-19 0:00 ` Eric M. Boyd
1997-03-19 0:00 ` Jeffrey W. Stulin
[not found] ` <3345cd60.2092398@news.sydney.apana.org.au>
1997-04-03 0:00 ` Ariane-5 crash , Eiffel and Ada Nick Leaton
1997-04-03 0:00 ` Jeffrey W. Stulin
1997-04-08 0:00 ` AdaWorks
1997-03-18 0:00 ` Papers on the Ariane-5 crash and Design by Contract Jon S Anthony
1997-03-18 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ron Forrester
1997-03-21 0:00 ` Ken Garlington
1997-03-22 0:00 ` Ron Forrester
1997-03-18 0:00 ` Jon S Anthony
1997-03-18 0:00 ` Robert I. Eachus
1997-03-18 0:00 ` Ulrich Windl
1997-03-18 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Jon S Anthony
1997-03-19 0:00 ` Ken Garlington
1997-03-20 0:00 ` Richard Kaiser
1997-03-24 0:00 ` Ken Garlington
1997-03-20 0:00 ` Martin Tom Brown
1997-03-21 0:00 ` Frank Manning
1997-03-21 0:00 ` Martin Tom Brown
1997-03-23 0:00 ` Frank Manning
1997-03-25 0:00 ` Ken Garlington
1997-03-19 0:00 ` Ken Garlington
1997-03-19 0:00 ` Karel Th�nissen
1997-03-19 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Karel Th�nissen
1997-03-19 0:00 ` Papers on the Ariane-5 crash and Design by Contract Nick Leaton
1997-03-19 0:00 ` Jon S Anthony
1997-03-20 0:00 ` Jean-Marc Jezequel
1997-03-24 0:00 ` Ken Garlington
1997-03-20 0:00 ` Paul Johnson
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Design by Contract in C++ (was Re: Papers on the Ariane-5 crash and Design by Contract) Anders Pytte
1997-03-20 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-20 0:00 ` Karel Th�nissen
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-20 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-20 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-21 0:00 ` Please do not start a language war (was " Jon S Anthony
[not found] ` <tz8sp1qiywm.fsf@aimnet.com>
1997-03-21 0:00 ` ae59
1997-03-21 0:00 ` Ulrich Windl
1997-03-21 0:00 ` Alexander Anderson
1997-03-23 0:00 ` "Paul E. Bennett"
1997-03-22 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Matt Kennel (Remove 'nospam' to reply)
1997-03-22 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Stuart Yeates
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-22 0:00 ` Anders Pytte
1997-03-23 0:00 ` Steve Furlong
1997-03-24 0:00 ` Anders Pytte
1997-03-24 0:00 ` Simulating Eiffel-style assertions (was: Papers on the Ariane-5 crash and Design by Contract) Wolfgang Reddig
1997-03-24 0:00 ` Anders Pytte
1997-03-25 0:00 ` Wolfgang Reddig
1997-03-25 0:00 ` Anders Pytte
1997-03-31 0:00 ` Joachim Durchholz
1997-03-26 0:00 ` Alan Brain
1997-03-26 0:00 ` Wolfgang Reddig
1997-03-29 0:00 ` How old time languages survive EJon
1997-03-22 0:00 ` Papers on the Ariane-5 crash and Design by Contract Bertrand Meyer
1997-03-23 0:00 ` Dale Stanbrough
[not found] ` <3335E18E.33590565@eiffel.com>
1997-03-23 0:00 ` FUD (Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-24 0:00 ` William Grosso
1997-03-24 0:00 ` Brad Appleton
1997-03-24 0:00 ` William Clodius
1997-03-24 0:00 ` Bertrand Meyer
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert Dewar
1997-03-24 0:00 ` Manners (was Re: Papers on the Ariane-5 crash and Design by Contract) Bertrand Meyer
1997-03-25 0:00 ` the one and only real true kibo
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Nick Leaton
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Ken Garlington
1997-03-27 0:00 ` Joachim Durchholz
1997-03-31 0:00 ` Ken Garlington
1997-04-06 0:00 ` Joachim Durchholz
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) William Clodius
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robb Nebbe
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-24 0:00 ` Papers on the Ariane-5 crash and Design by Contract Alexander Anderson
1997-03-24 0:00 ` Ken Garlington
1997-03-24 0:00 ` Jon S Anthony
1997-03-24 0:00 ` Ariane-5: can you clarify? (Re: Please do not start a language war) Ken Garlington
1997-03-25 0:00 ` David Starr
1997-03-25 0:00 ` Ken Garlington
1997-03-25 0:00 ` Ken Garlington
1997-03-25 0:00 ` Papers on the Ariane-5 crash and Design by Contract Robert I. Eachus
1997-03-26 0:00 ` Alexander Anderson
1997-03-26 0:00 ` Jon S Anthony
1997-03-26 0:00 ` Ken Garlington
1997-03-27 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-28 0:00 ` Jon S Anthony
1997-03-28 0:00 ` Trust but verify (was " Robert I. Eachus
1997-03-31 0:00 ` Ken Garlington
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox