From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: Samuel Mize Subject: Re: The presuppositions of all the Ariane 5 analysts. Date: 1997/07/23 Message-ID: <33D692B5.5389@link.com>#1/1 X-Deja-AN: 258426431 References: <33C835A5.362A@flash.net> <33CC0548.4099@flash.net> <5qitoi$fdv$1@news.irisa.fr> <33CD6512.2404@flash.net> <01bc92e6$7a6f9e40$287b7b7a@tlo2> <33CEAF05.6389@flash.net> <33D2827B.41C67EA6@eiffel.com> <5qucs7$jie$3@flood.weeg.uiowa.edu> <33D3C7E4.764E@link.com> <33D4647D.6D2A@erols.com> Organization: Hughes Training Inc. Reply-To: smize@link.com Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-23T00:00:00+00:00 List-Id: Luther Hampton wrote: > > Samuel Mize wrote: ... > > 1) DBC would probably have prevented the crash. > > 2) Only Eiffel properly supports DBC. > > 3) Draw your own conclusions. > > > > I think it's fair to infer that the author considers this a > > normal, adequately managed non-DBC project. I don't know if > > he states this outright, but it would be nugatory indeed to > > suggest that a new method would help when the previous methods > > were not being properly applied. It's rather like claiming > > that a new version of GPS, used properly, would have prevented > > the Exxon Valdez crash. That's true, but normal navigation > > aids, used properly, would have prevented it too. > > > > There is nothing in your paraphrase to support the contention that > "only" Design by Contract would have averted the problem. (1) states > that DBC would do the trick, but it does not say that *only* DBC would > have solved the problem. You're right, it isn't in my paraphrase. It isn't directly stated, but is heavily implied, when he says: The ESA's software people knew what they were doing and applied widely accepted industry practices. ... The contention often made in the software engineering literature that most software problems are primarily management problems is not borne out here. The problem is technical. This directly states that accepted industry practices were applied, and that the problem was technical. Tell me this doesn't imply that accepted practices caused/allowed the problem. Unfortunately, both statements are demonstrably false, based on the inquiry. Consider also these quotes: Several earlier columns in IEEE Computer have emphasized the importance of Design by Contract for constructing reliable software. A $500-million software error provides a sobering reminder that this principle is not just a pleasant academic ideal. To attempt to reuse software without Eiffel-like assertions is to invite failures of potentially disastrous consequences. For reuse to be effective, Design by Contract is a requirement. Without a precise specification attached to each reusable component -- precondition, postcondition, invariant -- no one can trust a supposedly reusable component. Mr. Meyer is clearly saying that DBC/Eiffel, and ONLY DBC/Eiffel, would prevent such a crash. Sam Mize