From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,INVALID_MSGID, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,f66d11aeda114c52 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,f66d11aeda114c52 X-Google-Attributes: gid103376,public From: Ken Garlington Subject: Re: Critique of Ariane 5 paper (finally!) Date: 1997/08/23 Message-ID: <33FFA5CC.4E85@flash.net>#1/1 X-Deja-AN: 268270769 References: <872172435.980@dejanews.com> <33FC66AD.9A0799D4@calfp.co.uk> <5til7i$boi$1@flood.weeg.uiowa.edu> Organization: Flashnet Communications, http://www.flash.net Reply-To: Ken.Garlington@computer.org Newsgroups: comp.lang.ada,comp.lang.eiffel Date: 1997-08-23T00:00:00+00:00 List-Id: Robert S. White wrote: > > The Ariane 4 IRS software as-is reuse should not have made it > by such reviews. Please read Ken's rebuttal paper: > > http://www.progsoc.uts.edu.au/~geldridg/eiffel/ariane/ > > My reading of it does not indicate a general "critising DBC" > but rather it summerizes: > > "In the specific case of the Ariane IRS design fault, there > is not clear and compelling evidence that DBC/Eiffel > assertions were likely to have uncovered the fault prior to > operational use, either through their documentation, test, > or execution value. Furthermore, alternative means were > available to the Ariane team to isolate the particular > fault, even without the use of DBC/Eiffel. Therefore, > although there may be a compelling claim to use DBC/Eiffel > in real-time safety-critical systems, the Ariane case > (and the Eiffel paper describing this case) does not > support such a claim." In addition, it states in section 6: "It would not be appropriate to use the criticisms here to say in the general case that assertions have no value, anywhere ("casuistry"), but this criticism does not attempt to do this. It focuses on the specific claim in the Eiffel paper in the context of the Ariane IRS fault.... "Several Eiffel advocates will attest that they like the use of Eiffel for their domain. Eiffel may be very useful in some domains, however Ariane is a real-time embedded safety-critical system and has unique properties (as described above). Again, this is a specific, not a general, criticism of DBC/Eiffel." Perhaps my paper is so boring that no one made it to this section :)