From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public From: Ken Garlington Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/04/07 Message-ID: <3349199E.49AA@lmtas.lmco.com>#1/1 X-Deja-AN: 231299338 References: <01bc3603$f9373d40$b280400a@gavinspc> <01bc4021$607eea80$b280400a@gavinspc> <5i3fmr$cgn@gcsin3.geccs.gecm.com> Organization: Lockheed Martin Tactical Aircraft Systems Newsgroups: comp.lang.eiffel,comp.lang.ada,comp.object,comp.programming.threads,comp.software-eng Date: 1997-04-07T00:00:00+00:00 List-Id: Robert Dewar wrote: > > Overall, runtime checking is a clear win, but it > does have a bit of a dark side, as the Ariane experience showed, and it > means that software folks have to be VERY sure that this dark side is > properly dealt with, particularly in the context of reuse, where all > assumptions, big and small, explicit and implicit, must be carefully > revisited. I do think that this is one good language-related lesson from Ariane: that exceptions are not a magic wand with respect to safety. In fact, as I've said in the past, I think there are several aspects of the use (and suppression) of exceptions that need to be more publicly discussed. I think there are more important lessons here, but this is certainly one that can be applied to software design methodology. > I know it is very tempting when a giant bug occurs with the software > written in language X, for all the (not X) advocates to crowd around > and see whether their language would have "prevented" the error. Ada > folks can't complain too much about this phenomenon, since it has > happened the other way round often enough ... And I have objected when Ada advocates have overstated the case for our language, for some of the same reasons I objected to claims made about DBC/Eiffel. (Patting myself on the back, which is not as satisfying as I'd hoped because of the sunburn :) > Still, often it turns out that the bug is not really language related > at all, as in the Ariane case. It may teach us something about software > process, and about reuse strategies, but in this particular case we > do not learn much about programming language design. -- LMTAS - The Fighter Enterprise - "Our Brand Means Quality" For job listings, other info: http://www.lmtas.com or http://www.lmco.com