From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID,
	REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,3d3f20d31be1c33a
X-Google-Attributes: gid103376,public
From: Ken Garlington <kennieg@flash.net>
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/07/17
Message-ID: <33CEB710.6A14@flash.net>#1/1
X-Deja-AN: 257483916
References: <97071709562795@psavax.pwfl.com> <33CE8ECD.41DE@link.com>
Organization: Flashnet Communications, http://www.flash.net
Reply-To: kennieg@flash.net
Newsgroups: comp.lang.ada
Date: 1997-07-17T00:00:00+00:00
List-Id: <comp.lang.ada>


Samuel Mize wrote:
> 
> The Ariane crash proves that properly-managed DBC would be
> better than DBMG (Design By Management Guesswork).  It neither
> supports nor refutes the thesis that DBC is better than other
> responsible/traditional engineering methods.
> 
> I can't say that Meyer et al. intended to imply otherwise, but
> it is certainly a reasonable inference for the reader to draw,
> given the paper.  That inference angered some people.

By the way, if anyone wants to read the two papers for themselves:

Ariane V final report:

   http://www.esrin.esa.it/htdocs/tidc/Press/Press96/ariane5rep.html

Eiffel paper on Ariane V:

  
http://www.eiffel.com/doc/manuals/technology/contract/ariane/index.html

which contains the now-infamous quote:

   "Does this mean that the crash would automatically have been
   avoided had the mission used a language and method supporting
built-in
   assertions and Design by Contract? Although it is always risky to
draw
   such after-the-fact conclusions, the answer is probably yes:"

Note the term "language and method." As explained later in the paper,
only Eiffel meets the required criteria. Both are required, per Meyer.

> 
> Samuel Mize