From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public From: Samuel Mize Subject: Re: The presuppositions of all the Ariane 5 analysts. Date: 1997/07/21 Message-ID: <33D3C7E4.764E@link.com>#1/1 X-Deja-AN: 258011036 References: <33C835A5.362A@flash.net> <33CC0548.4099@flash.net> <5qitoi$fdv$1@news.irisa.fr> <33CD6512.2404@flash.net> <01bc92e6$7a6f9e40$287b7b7a@tlo2> <33CEAF05.6389@flash.net> <33D2827B.41C67EA6@eiffel.com> <5qucs7$jie$3@flood.weeg.uiowa.edu> Organization: Hughes Training Inc. Reply-To: smize@link.com Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-21T00:00:00+00:00 List-Id: Robert Dewar wrote: > > Bertrand said > > <<>All this is rhetorics and cannot succeed to obscure the basic > >claim that systematic use of Design by Contract would probably > >have avoided the crash. > >> > > Well all sorts of things would have avoided the crash. One can also say > that systematic proof of correctness, or systematic code review, or > in fact almost any steps to be a bit more careful in this particular > area, would have avoided the crash. This seems to touch the central core of the disagreement. Mr. Meyer published a paper which said (paraphrasing wildly): 1) DBC would probably have prevented the crash. 2) Only Eiffel properly supports DBC. 3) Draw your own conclusions. I think it's fair to infer that the author considers this a normal, adequately managed non-DBC project. I don't know if he states this outright, but it would be nugatory indeed to suggest that a new method would help when the previous methods were not being properly applied. It's rather like claiming that a new version of GPS, used properly, would have prevented the Exxon Valdez crash. That's true, but normal navigation aids, used properly, would have prevented it too. Stating ONLY that the new item would have prevented the crash is a misleading half truth. So even if Meyer's paper is technically correct to suggest that rigorous DBC would "probably" have located the error, it is disingenuous to state ONLY that, without pointing out that common methods of analysis or test would ALSO have located the error. It also seems fair to say that, if DBC had been used as thoroughlessly as other methods were, it probably would NOT have detected the problem. Samuel Mize