From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,c59f452174bd555
X-Google-Attributes: gidfac41,public
X-Google-Thread: 103376,c59f452174bd555
X-Google-Attributes: gid103376,public
From: "W. Wesley Groleau x4923" <wwgrol@pseserv3.fw.hac.com>
Subject: Re: Use of DBC as "executable SRS": scaling problems
Date: 1997/07/31
Message-ID: <33E1089C.6A72@pseserv3.fw.hac.com>#1/1
X-Deja-AN: 261028023
Sender: usenet@most.fw.hac.com (News Administration)
References: <870209420.19031@dejanews.com>
X-Nntp-Posting-Host: sparc02
Organization: Hughes Defense Communications
Newsgroups: comp.lang.ada,comp.lang.eiffel
Date: 1997-07-31T00:00:00+00:00
List-Id: <comp.lang.ada>


card@syr.lmco.com wrote:
> I do not think that using DBC as an "executable SRS" (SRS == Software
> (1) In a large and complex system, the number of preconditions and 
>     post-conditions in a complex class hierarchy could get extremely large. 

Although they didn't demand that it be "in the code", the inquiry board
did note
  " that the systems specification of the SRI does not indicate
    operational restrictions that emerge from the chosen
    implementation. Such a declaration of limitation, which should
    be mandatory for every mission-critical device, would have
    served to identify any non-compliance with the trajectory
    of Ariane 5. "
which to me means

1. given the requirements (ariane 4)
2. design and implement the solution (the code that failed)
3. document any restrictions which, though not requirements, are
   consequences of the chosen design.

While the results of step three are nearly guaranteed to be 
incomplete, for reasons already beat to death in this discussion,
Bertrand Meyer came close to saying (correctly) that the effort
of doing this _might_ have prevented the failure.  Where he goes 
too far is on two points (now I'm repeating old news):

1. He says "probably would have" instead of "might have"
2. If you're not doing this in Eiffel syntax, you're not
   really doing it.

Now the last sentence will undoubtedly draw "he never said that"
flames, so let me admit that (2) is an oversimplification of
his claims that only Eiffel _really_ has "design by contract"

----------------------------------------------------------------------
    Wes Groleau, Hughes Defense Communications, Fort Wayne, IN USA
Senior Software Engineer - AFATDS                  Tool-smith Wanna-be

Don't send advertisements to this domain unless asked!  All disk space
on fw.hac.com hosts belongs to either Hughes Defense Communications or 
the United States government.  Using email to store YOUR advertising 
on them is trespassing!
----------------------------------------------------------------------