From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,2c6139ce13be9980 X-Google-Attributes: gidfac41,public X-Google-Thread: f43e6,2c6139ce13be9980 X-Google-Attributes: gidf43e6,public X-Google-Thread: 1108a1,2c6139ce13be9980 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,3d3f20d31be1c33a X-Google-Attributes: gid103376,public From: jsa@alexandria.organon.com (Jon S Anthony) Subject: Re: Safety-critical development in Ada and Eiffel Date: 1997/08/21 Message-ID: #1/1 X-Deja-AN: 265795014 Distribution: world References: <33E09CD5.634F@flash.net> <33E9ADE9.4709@flash.net> <5siqrr$3of@jupiter.milkyway.org> <5smgts$p68$1@miranda.gmrc.gecm.com> <33EFCCE4.4CE0@flash.net> <5sskfd$nn5$2@miranda.gmrc.gecm.com> <33F25AA5.49ED@flash.net> <5t1fen$c7d$1@miranda.gmrc.gecm.com> <33F52989.38BB@flash.net> <33F83585.2FB006C3@munich.netsurf.de> <33FA76D7.21D9@flash.net> <33FAB35A.18AA15BB@calfp.co.uk> Organization: PSINet Newsgroups: comp.object,comp.software-eng,comp.lang.ada,comp.lang.eiffel Date: 1997-08-21T00:00:00+00:00 List-Id: In article <33FAB35A.18AA15BB@calfp.co.uk> Nick Leaton writes: > > To demonstrate the problem, attempt to encode the critical Ariane 5 > > assumption as a "top-level abstract class." It is not directly > > representable > > as code, even as a "top-level" abstraction. > > But neither are any of the specs you have for a fighter That's OK, Ken is not the one claiming that this can be done. Meyer and the E-Jihad are the ones making this fatuous claim. > aircraft. Just as you have to decompose your code, you have to > decompose you assertions or specifications. Just because you can't > write 'fly plane' and be done with it in Eiffel (or Ada) it doesn't > make DBC wrong. Spoken like a true reductionist. This is not a decomposition problem. I tried to point this out before when I spoke about how this problem is the direct analogue of the problem of "natural kinds" in knowlege representation. You can't come up with contextually independent necessary and sufficient conditions for a definition for these things. But that is basically what you are trying to claim _is_ possible. > > Said another way, could you write "War and Peace" as a "top-level" > > abstraction? > > Ok. > > A hit B and made up. Not even close, :-) /Jon -- Jon Anthony OMI, Belmont, MA 02178, 617.484.3383 "Nightmares - Ha! The way my life's been going lately, Who'd notice?" -- Londo Mollari