From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: Joachim Durchholz Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/18 Message-ID: <33CF6D94.23E210DB@munich.netsurf.de>#1/1 X-Deja-AN: 257603393 References: <33CBBF4B.7BAF@pseserv3.fw.hac.com> <33CC64CE.44A3@flash.net> <5qklt1$4el$2@miranda.gmrc.gecm.com> X-Priority: 3 (Normal) Organization: ccn - computer consultant network GmbH Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-18T00:00:00+00:00 List-Id: Paul Johnson wrote: > Where this argument falls down, I'm afraid, is that the package did > not > receive its data from another software package, but from a hardware > sensor. At this point the whole idea breaks down. A pity. Not really. Just wrap the sensor in a class that has as its main feature a routine read_out that returns the sensor's value. The postcondition of read_oud should include a condition on the range of possible values. If the sensor is changed to give a larger range of possible values, you'll immediately see that the postcondition no longer holds, and correct the software wherever read_out is called. This doesn't make totally sure that the error would have been prevented, but it wouldn't have happened in this way (and that's the best we can hope for anyway). Besides, we haven't seen what glitches are likely to happen in Eiffel. As Don said, the Ariane-5 paper is more marketing than technical. > >By the way, does Eiffel have fixed-point types? If not, presumably > the > >entire code would have been obscured by manual scaling ... > > No, it does not have fixed point types. And I agree that they cannot > easily be added by library classes. That doesn't make much of a difference. The routines have to be implemented, wether in the compiler or as a library. And, yes, I'd definitely like to see them in Eiffel. The heritage of the compile-to-C strategy is showing here... Regards, Joachim -- Please don't send unsolicited ads.