From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,f66d11aeda114c52 X-Google-Attributes: gid103376,public X-Google-Thread: fac41,f66d11aeda114c52 X-Google-Attributes: gidfac41,public From: Samuel Mize Subject: Re: Critique of Ariane 5 paper (finally!) Date: 1997/08/13 Message-ID: <33F20BCE.AB3@link.com>#1/1 X-Deja-AN: 263989471 References: <33E503B3.3278@flash.net> <33E8FC54.41C67EA6@eiffel.com> <33E9B217.39DA@flash.net> <33EA5592.5855@flash.net> <33EB4935.167EB0E7@eiffel.com> <33EB754E.446B9B3D@eiffel.com> <33EBE46D.2149@flash.net> <33EF9487.41C67EA6@eiffel.com> Organization: Hughes Training Inc. Reply-To: smize@link.com Newsgroups: comp.lang.ada,comp.lang.eiffel Date: 1997-08-13T00:00:00+00:00 List-Id: Robert Dewar wrote: > > Bertrand says > > < have explained: why in our view > software technology crucially requires the systematic use of > Design by Contract; why Design by Contract is a > necessary condition to avoid more Ariane-like failures; > and what is missing in this respect in such approaches > as Java, Ada, C++, IDL.>> > > Your argument at *best* says that DBC might have been a *sufficient* > condition for avoiding the Ariane failure. Even there, it seems > over-facile and rather academic, and does not seem to understand > fully the exact nature of the Ariane problem. DBC proponents have said that using DBC IMPLIES review of requirements, review of design, and testing the component. In this case, the claim that DBC would "probably" have prevented the crash is nugatory but true. However, the claim that "widely accepted industry practices" would not have done so is false. Requirements review, design review, and in-situ test are standard for a mission-critical component. Not ONE of these was done for the Ariane 5 INS. To claim that this is "widely accepted industry practice" is disingenuous at best, and appears intentionally misleading to a lot of us. It is this false claim that destroys the argument that DBC is "a necessary condition to avoid more Ariane-like failures." It's rather like saying that a new method of navigation would "probably" have prevented the Exxon Valdez crash. True, but only because ANY navigation would have prevented it! > But to make the jump from sufficient to necessary is completely > without basis, and can only be regarded as advertising puffery. Which appeared in a column in IEEE Computer magazine, positioning it deceptively as a technical item instead of an ad. Samuel Mize