From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public From: paul.johnson@gecm.com (Paul Johnson) Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/17 Message-ID: <5qklt1$4el$2@miranda.gmrc.gecm.com>#1/1 X-Deja-AN: 257387277 References: <33CBBF4B.7BAF@pseserv3.fw.hac.com> <33CC64CE.44A3@flash.net> Organization: GEC-Marconi Research Centre Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-07-17T00:00:00+00:00 List-Id: In article , dewar@merv.cs.nyu.edu says... > >Ken says >In fact the assertion *was* present in the Ada code, in the form of >a language specified check. The claim that somehow the programmer would >have noticed the assertion in Eiffel, while missing it in Ada, is entirely >bogus in my view. This is just a case of waffly language advocacy without >any substance at all. Whilst I don't agree with Meyer that Eiffel would probably have prevented the Ariane crash, he does have a point. The thing is that in Eiffel the assertions are not just a run-time error detection mechanism, they are also a documentation and specification mechanism. The Ada assertion was invisible because it was buried in the implementation of the routine that failed. An equivalent Eiffel routine (if it were correct) would have had the assertion in its interface, and so on up to the top level of the software package under discussion. So anyone reusing the package would have seen the assertion. The Inquiry specifically commented that the Ada assertion was buried so deeply that it was effectively invisible to any review. Where this argument falls down, I'm afraid, is that the package did not receive its data from another software package, but from a hardware sensor. At this point the whole idea breaks down. A pity. >By the way, does Eiffel have fixed-point types? If not, presumably the >entire code would have been obscured by manual scaling ... No, it does not have fixed point types. And I agree that they cannot easily be added by library classes. Paul. -- Paul Johnson | GEC-Marconi Ltd is not responsible for my opinions. | +44 1245 242244 +-----------+-----------------------------------------+ Work: | You are lost in a twisty maze of little Home: | standards, all different.