From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public From: Ken Garlington Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/08/16 Message-ID: <33F5D274.30C4@flash.net>#1/1 X-Deja-AN: 264550781 References: <33E9ADE9.4709@flash.net> <33F133D7.71AC@erols.com> <33F25933.7F83@flash.net> <33F27B5C.6A3C@erols.com> <33F44261.7BD3@flash.net> <33F527C8.32B3@erols.com> Reply-To: Ken.Garlington@computer.org Organization: Flashnet Communications, http://www.flash.net Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-08-16T00:00:00+00:00 List-Id: Ted Velkoff wrote: > > Ken Garlington wrote: > > > > Ted Velkoff wrote: > > > > > > Ken Garlington responded to an earlier post of mine: > > > > > > > > This is certainly reasonable. However, once the execution capabilities > > > > are removed, it seems fair to ask what Eiffel provides that comments > > > > (available in most langauges) don't provide. If there is not a > > > > significant > > > > difference, then Eiffel would not be any better (in this context) than > > > > any other language, so long as the DBC principles were followed. > > > > > > > > > > In my experience, there is a significant difference. I will not presume > > > to make a scientific claim; rather I will offer a personal, anecdotal > > > example. > > >[ Example followed here...] > > > > I think you're anwering the wrong mail :) > > I'll try again. > > > > Please re-read the first paragraph. The discussion is about the value of > > Eiffel assertions if they are _always_ turned off, vs. comments. > > To begin with, by "_always_ turned off", I assume what is meant is > "turned off during execution of a delivered system", not "turned off > during execution of a delivered system and during its entire development > phase". Not how the original argument was phrased. However if you want to argue the merits of turning them on during development and then off for released code, see section 3.2.2 of http://www.flash.net/~kennieg/ariane.html for my rebuttal. > If an Eiffel executable is built with assertion monitoring turned off, > it is indeed no different than, say, an Ada executable built using > pragma Suppress (Range_Check, for example). This would be appropriate > during the final stages of testing a product, for Factory/Site > Acceptance Test, and delivery to a customer. > > For the bulk of development, from design through code, unit and > integration testing, one would certainly want to monitor assertions (in > Eiffel) or Range_Checks, for instance (in Ada). Clearly these sorts of > compile- and run-time checks are far more powerful than mere comments > and aid in earlier detection and correction of errors. I say that using > Eiffel is superior to using another language with commented assertions > because Eiffel makes it so easy and cost-effective to write AND test > Boolean-valued assertions during the bulk of the development life-cycle. > > -- Ted Velkoff