From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public From: eachus@spectre.mitre.org (Robert I. Eachus) Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/25 Message-ID: #1/1 X-Deja-AN: 228364096 References: <332B5495.167EB0E7@eiffel.com> Organization: The Mitre Corp., Bedford, MA. Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-25T00:00:00+00:00 List-Id: In article <33330FE5.3F54BC7E@eiffel.com> Bertrand Meyer writes: > You are picking on a sentence that explicitly says it is NOT the > programming language's fault. > It was important to note as an aside, as we did, that Ada's exception > mechanism IS subject to criticism (many people have criticized it > thoroughly, including Tony Hoare in his Turing Award lecture), but that > this was NOT the point here since Ada's exception mechanism, in spite > of its deficiencies, COULD have been used to avoid the error. It WAS used. It was used in a way that could and should have resulted in the misuse being detected. But as discussed at length here, the disconnect was in the process by which the software was reused. There was no failure of analysis, since this statement was found to comply with all known requirements. The failure was a management failure which guaranteed that the code was neither evaluated with respect to, or tested against, the Ariane 5 requirements. (Even though these were known to differ significantly from those for Ariane 4.) To say that your paper is not trying to disparage Ada here is certainly highly creative. If Eiffel had been used, the same failure would have occured, at the same time, and for the same reasons. If the software had ever been compared to the Ariane 5 requirements, the failure would have been averted, whether Ada was used or Eiffel. Flame Retardant: I have nothing against Eiffel, and I am not trying to start a language war. The issue here is and should be the requirements for safe reuse of code. Those issues are the same, no matter whether the software is written in Eiffel or Ada. -- Robert I. Eachus with Standard_Disclaimer; use Standard_Disclaimer; function Message (Text: in Clever_Ideas) return Better_Ideas is...