From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/04/03 Message-ID: <3343F33E.7F72@lmtas.lmco.com>#1/1 X-Deja-AN: 230432325 References: <01bc3603$f9373d40$b280400a@gavinspc> <01bc4021$607eea80$b280400a@gavinspc> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.lang.ada,comp.object,comp.programming.threads,comp.software-eng Date: 1997-04-03T00:00:00+00:00 List-Id: Gavin Collings wrote: > > -- > Joachim Durchholz wrote > The class > EXCEPTION with several subclasses does exist as part of the > > standard libraries. Exception handlers can decide what to do based on the > > > run-time class of the exception. This facility does not seem to be in > > wide-spread use, but it's all there. > > Good. The main point about the Java model, though, is that the compiler > checks that the programmer has at least thought about handling all > exceptions that may be generated in nested calls. This means that the > programmer HAS to think about dealing with error conditions. So, in the > Ariane case, if the precondition existed (as some say it did) the compiler > would have given warnings to the effect that it IF the error occurred, it > would NOT have been handled. Wouldn't this have made the disaster less > likely? No, for two reasons: 1. There was a top-level hander for exceptions. So, it was handled, just not in the proper manner. 2. The development team had already decided that the exception would not occur in practice, and so would have discounted the warning. Both of these are noted in the final report. If the software had been recompiled when reused for the Ariane 5, it might have helped (although there are other aspects of this incident that would probably have defeated this feature). However, there's no evidence in the final report that it was recompiled. The report implies that the total system was reused as a "black box." > > Gavin. -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com