From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public From: Ken Garlington Subject: Re: The presuppositions of all the Ariane 5 analysts. Date: 1997/07/21 Message-ID: <33D3F5C9.E9C@flash.net>#1/1 X-Deja-AN: 258058924 References: <33C835A5.362A@flash.net> <33CC0548.4099@flash.net> <5qitoi$fdv$1@news.irisa.fr> <33CD6512.2404@flash.net> <01bc92e6$7a6f9e40$287b7b7a@tlo2> <33CEAF05.6389@flash.net> <33D2827B.41C67EA6@eiffel.com> <5qucs7$jie$3@flood.weeg.uiowa.edu> <33D3C7E4.764E@link.com> Organization: Flashnet Communications, http://www.flash.net Reply-To: kennieg@flash.net Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-21T00:00:00+00:00 List-Id: Samuel Mize wrote: > > Robert Dewar wrote: > > > > Bertrand said > > > > <<>All this is rhetorics and cannot succeed to obscure the basic > > >claim that systematic use of Design by Contract would probably > > >have avoided the crash. > > >> > > > > Well all sorts of things would have avoided the crash. One can also say > > that systematic proof of correctness, or systematic code review, or > > in fact almost any steps to be a bit more careful in this particular > > area, would have avoided the crash. > > This seems to touch the central core of the disagreement. Mr. > Meyer published a paper which said (paraphrasing wildly): > > 1) DBC would probably have prevented the crash. > 2) Only Eiffel properly supports DBC. > 3) Draw your own conclusions. > > I think it's fair to infer that the author considers this a > normal, adequately managed non-DBC project. I don't know if > he states this outright, I believe the words for which you are aearching are: "Everything indicates that the software process was carefully organized and planned. The ESA's software people knew what they were doing and applied widely accepted industry practices .... it is clear from its report that systematic documentation, validation and management procedures were in place.... The contention often made in the software engineering literature that most software problems are primarily management problems is not borne out here." I considered addressing this in section 5 of my critique, but it is so obviously at odds with the inquiry's report that it seemed overkill. Maybe it's worth a brief paragraph. > but it would be nugatory indeed to > suggest that a new method would help when the previous methods > were not being properly applied. It's rather like claiming > that a new version of GPS, used properly, would have prevented > the Exxon Valdez crash. That's true, but normal navigation > aids, used properly, would have prevented it too. > > Stating ONLY that the new item would have prevented the crash > is a misleading half truth. Outside the paper, both authors have made it clear that they assumed everyone understood that all of the other problems would have to be fixed as well. Jezequel, in one of the last posts during the discussion of this paper last year, said words to the effect "Was it really that important to have this long discussion, just to make this obvious point?" Unfortunately, the paper itself does not make this clear. > > So even if Meyer's paper is technically correct to suggest > that rigorous DBC would "probably" have located the error, > it is disingenuous to state ONLY that, without pointing out > that common methods of analysis or test would ALSO have > located the error. > > It also seems fair to say that, if DBC had been used as > thoroughlessly as other methods were, it probably would NOT > have detected the problem. > > Samuel Mize