From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public From: Nick Leaton Subject: Re: Ariane-5 crash , Eiffel and Ada Date: 1997/04/03 Message-ID: <33436D36.30E9@calfp.co.uk>#1/1 X-Deja-AN: 230353287 X-NNTP-Posting-Host: calfp.demon.co.uk References: <332B5495.167EB0E7@eiffel.com> <332D113B.4A64@calfp.co.uk> <5gjoel$jre$1@quasar.dimensional.com> <332EDBBE.4066@lmtas.lmco.com> <5gp49g$p7p$1@news.kersur.net> <3345cd60.2092398@news.sydney.apana.org.au> To: rajt@gco.apana.org.au Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada,comp.lang.java.tech Date: 1997-04-03T00:00:00+00:00 List-Id: rajt@gco.apana.org.au wrote: > > >> And this is not the sort of thing that simple pre and post > >> conditions is going to help you with. It's disingenuous to say > >> otherwise. In fact, while this paper is fairly good in its analysis, > >> it is extremely poor in its conclusion. Here's the relevant bit: > >> > >> "Does this mean that the crash would automatically have been avoided > >> had the mission used a language and method supporting built-in > >> assertions and Design by Contract? Although it is always risky to > >> draw such after-the-fact conclusions, the answer is probably yes:" > > I must regretfully agree that although the paper started off fairly > well, it rapidly degenerated into a ( fairly poor ) PR piece for > Eiffel. > > Considering that "design by contract" ( Meyer's term for the use of > pre and post conditions ) is > 1. an _option_ in Eiffel > 2. equally available ( true the semantics and the integration are > _different_ from those in Eiffel ) in Ada > it seems fatuous to claim that Eiffel would have been the silver > bullet. An option in all other languages. In practice working on a system developed in Eiffel, I write assertions, and so do others on the project because they work. Initially I was skeptical, but I have been convinced. Equally available is not correct. With different semantics they are not equally available. When assertions get checked, and how they interact with inheritance crucial, and you will have a hard job implementing this in C++, (I'm not sure about Ada as I have never used it but I suspect that this is also true here) Nick