From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public From: niall@feabhas.co.uk (Niall Cooling) Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/21 Message-ID: #1/1 X-Deja-AN: 227256302 References: <332B5495.167EB0E7@eiffel.com> <332d95c9.1004852@news.demon.co.uk> <33307a43.1705970@news.demon.co.uk> <5gqsoe$bp1$2@news.irisa.fr> <333186ba.3456540@news.demon.co.uk> Organization: Feabhas Limited Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada,comp.lang.java.tech Date: 1997-03-21T00:00:00+00:00 List-Id: I'm not sure this thread is overlooking the obvious (or simple). The discussion on Eiffel and Design by Contract is very useful and informative. It is useful to show that reuse shouldn't be expected to just happen. It has to be planned and designed for (and programmed for). Nevertheless, as I see it (for what that's worth!), the basic problem was a simple engineering one. Anybody who is doing floating point to integer conversion *MUST* understand the basics of number representation and manipulation. In our book [1] we devoted a complete chapter just on this point. Ada did the right thing, it caught the exception (unlike languages such as C which would have happily continued). Unfortunately in Ada83 you are not required the handle all exceptions. This is where I like the Java model where, if using a member function that may raise an exception, you must either handle it or propagate it, you cannot just ignore it (I do not know enough about Eiffel to comment). The programmer should have planned for the exception, but based on their assumptions this exception would not happen (and it didn't in Ariane-4 so their assumption was correct). Nancy Levenson's book [2] covers this type of problem is great detail. Every "software engineer" should have read this book. My twopence worth. Niall Cooling [1] J.E. Cooling, N.S. Cooling & J. Cooling "Introduction to Ada" Chapman & Hall 1993 ISBN 0-412-44810-6 [2] Leveson, Nancy G. "Safeware: System Safety and Computers" Addison-Wesley 1995 ISBN 0-201-11972-2