From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public From: jsa@alexandria (Jon S Anthony) Subject: Re: Please do not start a language war (was Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/21 Message-ID: #1/1 X-Deja-AN: 227341967 Distribution: world References: <332B5495.167EB0E7@eiffel.com> Organization: PSI Public Usenet Link Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.lang.ada Date: 1997-03-21T00:00:00+00:00 List-Id: In article <5gth8r$2md$1@news.irisa.fr> jezequel@irisa.fr (Jean-Marc Jezequel) writes: > It is clear that we are in a disagreement here. I claim that domain > analysis is necessarily incomplete (i.e. can you prove that your > domain analysis is complete?). Meanwhile, it is possible to > explicitely get all the assumptions present in the code (i.e. > software is not, despite many appearences, black magic). BTW making > all the assumptions explicit about what does a piece of code is the > mere definition of Design by Contract. Sort of. But if you think that any more than a few percent of these assumptions can be called out via such rudimentary means as simple minded pre/post/inv on signatures, or that the Ariane case is one of them, you and Meyer are smoking some pretty potent dope. /Jon -- Jon Anthony Organon Motives, Inc. Belmont, MA 02178 617.484.3383 jsa@organon.com