From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=0.2 required=5.0 tests=BAYES_00,FROM_ADDR_WS,
	INVALID_MSGID,REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no
	version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: fac41,e01bd86884246855
X-Google-Attributes: gidfac41,public
X-Google-Thread: 103376,fb1663c3ca80b502
X-Google-Attributes: gid103376,public
From: "Joachim Durchholz" <joachim dot durchholz@halstenbach.com>
Subject: Re: Interresting thread in comp.lang.eiffel
Date: 2000/07/16
Message-ID: <8kt18p$36aor$1@ID-9852.news.cis.dfn.de>#1/1
X-Deja-AN: 647066090
References: <8ipvnj$inc$1@wanadoo.fr> <8j67p8$afd$1@nnrp1.deja.com>
 <slrn8leffq.ebq.gisle@spurv.ii.uib.no>
  <395886DA.CCE008D2@deepthought.com.au> <3958B07B.18A5BB8C@acm.com>
  <y1d65.620$7%3.33446@news.flash.net> <395A0ECA.940560D1@acm.com>
  <8jd4bb$na7$1@toralf.uib.no> <8jfabb$1d8$1@nnrp1.deja.com>
 <8jhq0m$30u5$1@toralf.uib.no> <8jt4j7$19hpk$1@ID-9852.news.cis.dfn.de>
 <3963CDDE.3E8FB644@earthlink.net> <8k5alv$1oogm$1@ID-9852.news.cis.dfn.de>
 <Rmt95.7825$7%3.595826@news.flash.net>
 <8kl25k$2q7k0$1@ID-9852.news.cis.dfn.de>
 <NOEb5.16337$7%3.1009209@news.flash.net>
X-Priority: 3
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
X-Trace: fu-berlin.de 963774554 3353371 195.190.10.210 (16 [9852])
X-MSMail-Priority: Normal
Reply-To: "Joachim Durchholz" <joachim.durchholz@halstenbach.com>
Newsgroups: comp.lang.ada,comp.lang.eiffel
Date: 2000-07-16T00:00:00+00:00
List-Id: <comp.lang.ada>

Ken Garlington <Ken.Garlington@computer.org>:
> Assuming that the IRS-side contract would have been with respect to
range,
> as in:
>
> -- the contract from the IRS side
> IRS_write_value (horizontal_bias: INTEGER) is
>       require
>          horizontal_bias <= 32767
>       do
>          ...
>
>       ensure
>          written_value <= 32767
>
>       end
>
> and given what the OBC would expect, as in:
>
> OBC_read_value (void) return INTEGER is
>   require
>   do
>      ...
>   ensure
>        read_value <= 32767
>   end
>
> This certainly wouldn't denote any inconsistency as far as I can tell,
> particularly since on a MIL-STD-1553 bus it's physically impossible to
> violate this contract!

You obviously didn't read (or didn't understand) what I wrote about
modelling the physical world.

It's dead simple: If physical parameters (like a horizontal bias) enter
into the specifications, they must be modelled. Assertion modelling need
not restrict itself to statements on values inside a program, so in the
end you'll get a contract like

  OBC_read_value: INTEGER is
  require
    physical_reality.rocket.horizontal_bias <= some_maximum_value
  ensure
    read_value <= 32767
  end

This is very different from what you write, and clearly spells out what
the parameters are.


This is my last post on this issue. I have just been crossed by Mr.
Meyer and don't wish to defend his thinking in public anymore.

Regards,
Joachim
--
This is not an official statement from my employer or from NICE.
Reply-to address changed to discourage unsolicited advertisements.