From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: * X-Spam-Status: No, score=1.2 required=5.0 tests=BAYES_00,FROM_WORDY, INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,e01bd86884246855 X-Google-Attributes: gidfac41,public X-Google-Thread: 103376,fb1663c3ca80b502 X-Google-Attributes: gid103376,public From: "Ken Garlington" Subject: Re: Interresting thread in comp.lang.eiffel Date: 2000/07/14 Message-ID: #1/1 X-Deja-AN: 646318593 References: <8ipvnj$inc$1@wanadoo.fr> <8j67p8$afd$1@nnrp1.deja.com> <395886DA.CCE008D2@deepthought.com.au> <3958B07B.18A5BB8C@acm.com> <395A0ECA.940560D1@acm.com> <8jd4bb$na7$1@toralf.uib.no> <8jfabb$1d8$1@nnrp1.deja.com> <8jhq0m$30u5$1@toralf.uib.no> <8jt4j7$19hpk$1@ID-9852.news.cis.dfn.de> <3963CDDE.3E8FB644@earthlink.net> <8k5alv$1oogm$1@ID-9852.news.cis.dfn.de> <8kl25k$2q7k0$1@ID-9852.news.cis.dfn.de> X-Priority: 3 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 X-Complaints-To: abuse@flash.net X-Trace: news.flash.net 963582253 216.215.75.113 (Fri, 14 Jul 2000 08:44:13 CDT) Organization: FlashNet Communications, http://www.flash.net X-MSMail-Priority: Normal NNTP-Posting-Date: Fri, 14 Jul 2000 08:44:13 CDT Newsgroups: comp.lang.ada,comp.lang.eiffel Date: 2000-07-14T00:00:00+00:00 List-Id: "Joachim Durchholz" wrote in message news:8kl25k$2q7k0$1@ID-9852.news.cis.dfn.de... > Ken Garlington wrote: > > "Joachim Durchholz" wrote: > > > In other words: had DbC been applied not only to the software but > also > > > the the software-IRS interface, > > > > What do you mean by a software-IRS interface? > > The IRS is a piece of hardware from the point of view of the main > controlling software of the Ariane, right? > > > And why is this interface relevant to the Ariane 5 disaster? > > The system crashed because the IRS flooded that interface with > meaningless data, right? Going back to your original statement, which was: > In other words: had DbC been applied not only to the software but also > the the software-IRS interface, then the programmer doing the > integration would have seen the contract and would have had a chance to > see the inconsistency between IRS specification and flight trajectory > data. Assuming that the IRS-side contract would have been with respect to range, as in: -- the contract from the IRS side IRS_write_value (horizontal_bias: INTEGER) is require horizontal_bias <= 32767 do ... ensure written_value <= 32767 end and given what the OBC would expect, as in: OBC_read_value (void) return INTEGER is require do ... ensure read_value <= 32767 end This certainly wouldn't denote any inconsistency as far as I can tell, particularly since on a MIL-STD-1553 bus it's physically impossible to violate this contract! So, once again, you can't simply assert the magic of DbC in the context of Ariane 5. You have to (for a start) give a specific contract that would have made it clear that there was a problem. After all: "the official report is clear and detailed enough to enable software professionals, aerospace experts or not, to form their own judgment."