From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID
	autolearn=no autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,3d3f20d31be1c33a
X-Google-Attributes: gid103376,public
From: "Marin David Condic, 561.796.8997, M/S 731-96" <condicma@PWFL.COM>
Subject: Re: Safety-critical development in Ada and Eiffel
Date: 1997/07/18
Message-ID: <97071809063560@psavax.pwfl.com>#1/1
X-Deja-AN: 257547810
Sender: Ada programming language <INFO-ADA@LISTSERV.NODAK.EDU>
Comments: Gated by NETNEWS@AUVM.AMERICAN.EDU
X-Vms-To: SMTP%"INFO-ADA@VM1.NODAK.EDU"
Newsgroups: comp.lang.ada
X-Vms-Cc: CONDIC
Date: 1997-07-18T00:00:00+00:00
List-Id: <comp.lang.ada>


Paul Johnson <paul.johnson@GECM.COM> writes:
>
>The thing is that in Eiffel the assertions are not just a run-time error
>detection mechanism, they are also a documentation and specification
>mechanism.  The Ada assertion was invisible because it was buried in the
>implementation of the routine that failed.  An equivalent Eiffel routine
>(if it were correct) would have had the assertion in its interface, and
>so on up to the top level of the software package under discussion.  So
>anyone reusing the package would have seen the assertion.  The Inquiry
>specifically commented that the Ada assertion was buried so deeply that
>it was effectively invisible to any review.
>
    Please correct me if I'm wrong. My understanding was that the code
    in question had explicitly turned off range checking on some of
    the parameters in question in the interest of performance. Without
    the range checking (and subsequent raising of Constraint_Error),
    what was left was a fixed point overflow interrupt - which was
    accommodated by turning off the channel and transferring control to
    the other side. Hence there was no "Ada assertion" as such because
    whatever safety features the language has had been disabled. Sort
    of like driving with your seat belt unfastened.

    (This is why I conclude that Eiffel wouldn't have saved the day
    because the developers would have turned off assertions here as
    well. Is the last of my memory fading? Am I entering the
    springtime of my senility? Or am I remembering correctly?)

    MDC

Marin David Condic, Senior Computer Engineer     ATT:        561.796.8997
Pratt & Whitney GESP, M/S 731-96, P.O.B. 109600  Fax:        561.796.4669
West Palm Beach, FL, 33410-9600                  Internet:   CONDICMA@PWFL.COM
===============================================================================
    "A government that is big enough to give you all you want is big
    enough to take it all away."
        --  Barry Goldwater
===============================================================================