From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00,FROM_WORDY, INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,fb1663c3ca80b502 X-Google-Attributes: gid103376,public X-Google-Thread: fac41,e01bd86884246855 X-Google-Attributes: gidfac41,public From: "Ken Garlington" Subject: Re: Interresting thread in comp.lang.eiffel Date: 2000/07/16 Message-ID: <3iqc5.597$zW2.27084@news.flash.net>#1/1 X-Deja-AN: 647116670 References: <8ipvnj$inc$1@wanadoo.fr> <8j67p8$afd$1@nnrp1.deja.com> <39573CAB.BB90DF92@gecm.com> <8j8ek0$24la$3@ID-9852.news.cis.dfn.de> <3957ED3E.E64E7390@lmco.com> <8k8orn$1tlh9$1@ID-9852.news.cis.dfn.de> <94S95.9936$7%3.667320@news.flash.net> <8kl13r$2qd1s$1@ID-9852.news.cis.dfn.de> <8kt1cn$38mus$2@ID-9852.news.cis.dfn.de> X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 X-Complaints-To: abuse@flash.net X-Trace: news.flash.net 963784959 216.215.65.111 (Sun, 16 Jul 2000 17:02:39 CDT) Organization: FlashNet Communications, http://www.flash.net X-MSMail-Priority: Normal NNTP-Posting-Date: Sun, 16 Jul 2000 17:02:39 CDT Newsgroups: comp.lang.ada,comp.lang.eiffel Date: 2000-07-16T00:00:00+00:00 List-Id: "Joachim Durchholz" wrote in message news:8kt1cn$38mus$2@ID-9852.news.cis.dfn.de... > Ken Garlington wrote: > > > > So what you're saying is: without specific knowledge in this domain, > > you're finding it difficult to understand how to write the proper > > contract? > > Yes. > > > Would it be fair to say that if you were a software engineer analyzing > > an existing module contract, and you were given this figure, you might > > also have difficulties? > > Yes. The paper assumes a lot of knowledge that I simply do not have. I'd > be unable to distill this into a specification, whether using assertions > or any other method. Exactly, and this is something that a lot of people have difficulty understanding in the Ariane 5 case. Not to over-generalize, but a lot of programmers work in fields where they can have direct understanding of the domain. For example, if you work on a game program or web site, you probably have some expertise in the domain - you have played video games or used web sites before. It's much more difficult for people working on a big project like Ariane 5. The problem is that we aren't dealing with a stand-alone system -- a single domain. We're dealing with a lot of interlocking domains (airframe, propulsion, flight control, avionics....) which require a number of engineering specialties (software, hardware, aerospace, mechanical...) to communicate with each other across a number of organizational and geographical boundaries. It's extremely easy for information to not be communicated effectively -- like a changed flight profile. It occurs to me that people might be interested in similar cases in the aerospace world where the failure to communicate has led to catastrophic accidents. Here's a few references: http://www.flash.net/~kennieg/titan/titan_1996.html http://www.flash.net/~kennieg/titan/titan_1999.html http://www.flash.net/~kennieg/x31/x31.htm