From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public From: Al Christians Subject: Re: The stupidity of all the Ariane 5 analysts. Date: 1997/07/31 Message-ID: <33E06929.59F6@easystreet.com>#1/1 X-Deja-AN: 260906827 References: <33C835A5.362A@flash.net> <33CC0548.4099@flash.net> <5qitoi$fdv$1@news.irisa.fr> <33CD6512.2404@flash.net> <01bc92e6$7a6f9e40$287b7b7a@tlo2> <33CEAF05.6389@flash.net> <33D2827B.41C67EA6@eiffel.com> <33D3F1B7.6560@flash.net> Organization: Trillium Resources Corporation Reply-To: achrist@easystreet.com Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-31T00:00:00+00:00 List-Id: It occurs to me that DBC is less than 100% applicable in this case. As I read it, contracts constrain the terms of interaction between clients and servers, and as I recall, the server should expose to the client all the methods it uses to evaluate preconditions, so that the client can verify its compliance before requesting the service. In the case of the Ariane, however, the client was hardware, some kind of dumb sensor that took physical measurements and sent them into the machine, with no real interest in what came out later, and not enough neurons to figure out if it was in compliance with any set of preconditions or not. So why should the server bother to check preconditions in this case -- after all, the client doesn't give a rusty, so why should the server? Who's he gonna call? If that's a contract, then my roof is a contract between my house and the sky. The guys who built the roof didn't know what wind speed it was supposed to withstand, they just built it the way they always build them, and that's good enough. And if the roof is spec'd to handle winds up to 80 mph, I'm figuring that if one comes along at 85 mph, the roof isn't going to shut itself down on account of a contract violation, it's going to try its best to hold together anyway, which is what I'd want. OTOH, the software on the Ariane did shut itself down while the thing was in flight, didn't it? It would be nice if there could be a clear spec that includes everything that might happen in the real world, but when the real world does something that the spec didn't anticipate, do we want the software to just curl up and die? Al