From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: "Marin David Condic, 561.796.8997, M/S 731-96" Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/07/17 Message-ID: <97071709562795@psavax.pwfl.com>#1/1 X-Deja-AN: 257438926 Sender: Ada programming language Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU X-Vms-To: SMTP%"INFO-ADA@VM1.NODAK.EDU" Newsgroups: comp.lang.ada X-Vms-Cc: CONDIC Date: 1997-07-17T00:00:00+00:00 List-Id: Jean-Marc Jezequel writes: >At the risk of repeating myself, and reopening a thread beaten to death, >the all point of design by contract (DBC) is to >make this kind of assumptions explicit. Ariane 5 is just a nice striking >example >of working with assumptions that are true at a point in time (Ariane 4) and no >longer >later on (Ariane 5). I think we agreed on this previously. > >To sum up your point, you think that DBC, i.e. expressing hidden assumptions >with >Eiffel-like assertions would not have been practicable in this case. >Others think it would have... > At the risk of butting in and helping to start the beaten-to-death thread once again... The Ariane software specifically and very deliberately *removed* the checks because of time constraints. Ada would have normally conducted the checks because of range constrainst. (Wouldn't help unless the programmer put in an exception handler) Eiffel could have performed the checks. (Assumes the programmer would have put in the assertions) One could even argue that C would have done the job in the hands of a "competent" C programmer who would have bothered to check the input parameters or create an ISR to handle the overflow. In this case, the language is *not* an issue and never was. It was an issue of the engineering decisions to deliberately remove the safety device combined with the management decision to reuse the software in a new environment without any additional testing. An associate of mine once said in the heat of a language war: "Languages don't kill people... Programmers do!" Yes, language features may support safety - but ultimately it's the programmer's job (manager's job?) to get it right. MDC Marin David Condic, Senior Computer Engineer ATT: 561.796.8997 Pratt & Whitney GESP, M/S 731-96, P.O.B. 109600 Fax: 561.796.4669 West Palm Beach, FL, 33410-9600 Internet: CONDICMA@PWFL.COM =============================================================================== "A government that is big enough to give you all you want is big enough to take it all away." -- Barry Goldwater ===============================================================================