From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public From: ian.begg@gecm.com (Ian Begg) Subject: Re: The stupidity of all the Ariane 5 analysts. Date: 1997/07/21 Message-ID: <33d38a16.195337670@news.geccs.gecm.com>#1/1 X-Deja-AN: 257946976 References: <33C835A5.362A@flash.net> <33CC0548.4099@flash.net> <5qitoi$fdv$1@news.irisa.fr> <33CD6512.2404@flash.net> <01bc92e6$7a6f9e40$287b7b7a@tlo2> <33CEAF05.6389@flash.net> <33D2827B.41C67EA6@eiffel.com> Organization: GEC-Marconi Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-21T00:00:00+00:00 List-Id: On Sun, 20 Jul 1997 14:26:19 -0700, Bertrand Meyer wrote: >To repeat once again the basic point made in the >paper by Jean-Marc Jezequel and myself: it is dangerous >and unjustifiable, especially in a mission-critical setting, >to reuse a software element without a specification. My personal opinion, I would add ".... or, probably more importantly, without fully testing that software element in the environment it is being re-used into, i.e. under the conditions it is expected to be used in." My understanding is that the expected flight profile was not flown as part of the integration or acceptance testing, and that had this been done the problem would (probably) have been found. This is what I mean by testing in the environment it is being re-used into. > - "This is only a pitch for Eiffel". The paper by > Jezequel and myself says explicitly that the > Ariane disaster was not due to a language problem. > In spite of this clear and obvious statement ... Even clear and obvious statements have to be assessed to decide on the intent of the author/speaker, for instance is he saying this because he means it or because he's trying to pull the wool over our eyes. [I have not read your report so have no idea how to answer in this case, everyone must make their own decision. The author must ensure they don't leave themselves open to the wrong interpretation.] > ... some of > the Ada enthusiasts in these newsgroups have > mistakenly taken the mention of Ariane as a personal > affront on their language. The pitch, if any, is for > the method of Design by Contract. How many languages support Design by Contract as part of the language as in the case of Eiffel? I don't have experience of a broad range of languages so I can't answer this. However, if the answer is only Eiffel, (plus perhaps some other non relevant langauges) then it is not difficult to see how people might interpret your motives as "OK we can't be so obvious as to say Eiffel is the answer, but if we say Design by Contract is the answer, people will need to find a language to support it, hence Eiffel." You are the only person who knows your real motives, but the discussions going on suggest some people are interpreting your motives in this way. > One can also object that other techniques would also >have achieved the same goal, such as heavy-artillery >a posteriori quality assurance, but they seem far more difficult >and costly than integrating Design by Contract, a simple >and easy-to-apply idea, into the design, implementation, >documentation, reuse and validation process. How easy is this to apply in non Eiffel implementations? I guess it needs extra work by the engineers, in an area most are probably not familiar with and will hence need training, and success is dependent on setting up good procedures to enforce its use etc. Compare the cost of that with doing integration and acceptance testing under anticipated use conditions which should be done anyway and I come to the conclusion use of Design by Contract was not the best way of preventing this accident. This is all of course my own personal opinion, and none of it should be read as an 'attack' on anyone elses opinions, only a difference of opinion. Sorry if this is repeating stuff from the original thread(s) which I have not been tracking closely. Ian Begg