From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: 107d55,a48e5b99425d742a X-Google-Attributes: gid107d55,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public From: Richard Riehle Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/04/11 Message-ID: #1/1 X-Deja-AN: 234254410 References: <332B5495.167EB0E7@eiffel.com> <332DA14C.41C67EA6@eiffel.com> <332ef323.948774@news.demon.co.uk> <332F6411.4261@arlington.net> <5iecvg$fra$1@trotsky.cig.mot.com> Organization: National University, San Diego Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada,comp.lang.java.tech Date: 1997-04-11T00:00:00+00:00 List-Id: Bertrand Meyer wrote: > > The real problem was that the assertion was not part of the software. Probably not true. 1) It is possible to incorrectly formulate an assertion. 2) Assertions based on incorrect assumptions are also incorrect. 3) The engineers on Ariane V made fundamentally incorrect assumptions. 4) Even if they had used some mechanism for including assertions in the software, those assertions would have been incorrect. Richard Riehle