From: dewar@merv.cs.nyu.edu (Robert Dewar)
Subject: Re: Critique of Ariane 5 paper (finally!)
Date: 1997/08/20
Date: 1997-08-20T00:00:00+00:00 [thread overview]
Message-ID: <dewar.872088939@merv> (raw)
In-Reply-To: 33FA748A.35FE@flash.net
Bertrand Meyer wrote:
>
> Robert Dewar writes:
>
> > This is demonstrably false. There are lots of examples of highly reliable
> > software written by people who don't even know what a specification is,
> > let alone how to carefully associate them with software elements.
> >
> > If you want details on this, I can send you hundreds of thousands of
> > lines of COBOL code. This code is completely inpenetrable in places,
> > and I consider it pretty horrible, but it is from a completely reliable
> > system, where reliability is measured in the terms that matter, i.e.
> > it does what it is supposed to do in a highly reliable manner.
>
> This is eloquently said, but incorrect all the same.
>
> The definition of reliability which this implies is that a system
> is "highly reliable" if it has been working satisfactorily for,
> say, 30 {seconds | minutes | hours | days | weeks | months | years}
> -- pick one. This is one possible definition of reliability, which gets
> more and more interesting as it moves to the right of the list
> of choices; but it is by no means the only "terms that matter".
>
This is complete nonsense. I am talking about systems which are reliabale
by any conceivable measure.
Now of course if your measure of reliability includes that it must explicitly
use DBC, then you reduce your argument to a meaningless tautology.
Personally I find obviously bloated claims like this (my method is the
only one that can generate reliable code, and it is impossible to
generate reliable code any other way) to be highly counter-productive.
I have occasionally heard people make similar bogus absolute claims for
Ada -- and in my opinion nothing is more damaging, since it causes people
who know better to simply ignore not only the obviously incorrect claim,
but also more reasonable claims.
In this particular case, the very reasonable point that DBC may be a useful
tool in helping to achieve reliability in some circumstances is getting
submerged by the more absurd claim that it is the only way to achieve this
goal.
next prev parent reply other threads:[~1997-08-20 0:00 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
1997-08-03 0:00 Critique of Ariane 5 paper (finally!) Ken Garlington
[not found] ` <dewar.870870888@merv>
[not found] ` <33E8FC54.41C67EA6@eiffel.com>
1997-08-07 0:00 ` Ken Garlington
1997-08-07 0:00 ` Ken Garlington
[not found] ` <33EB4935.167EB0E7@eiffel.com>
1997-08-08 0:00 ` Bertrand Meyer
1997-08-08 0:00 ` Ken Garlington
1997-08-08 0:00 ` Ken Garlington
1997-08-11 0:00 ` Bertrand Meyer
1997-08-12 0:00 ` Robert Dewar
1997-08-13 0:00 ` Samuel Mize
1997-08-13 0:00 ` Ken Garlington
[not found] ` <33F22AD8.41C67EA6@eiffel.com>
1997-08-13 0:00 ` Bertrand Meyer
1997-08-13 0:00 ` Ken Garlington
[not found] ` <33F28DBF.794BDF32@eiffel.com>
1997-08-13 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Ken Garlington
1997-08-15 0:00 ` Jon S Anthony
1997-08-16 0:00 ` Ken Garlington
1997-08-14 0:00 ` Jon S Anthony
1997-08-14 0:00 ` geldridg
1997-08-14 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Jon S Anthony
1997-08-14 0:00 ` Matthew Heaney
1997-08-14 0:00 ` Robert S. White
1997-08-15 0:00 ` Ken Garlington
1997-08-16 0:00 ` Robert Dewar
1997-08-14 0:00 ` Samuel Mize
1997-08-15 0:00 ` Thomas Beale
1997-08-15 0:00 ` Samuel Mize
1997-08-15 0:00 ` Bertrand Meyer
1997-08-15 0:00 ` Jon S Anthony
1997-08-16 0:00 ` Ken Garlington
1997-08-13 0:00 ` Bertrand Meyer
1997-08-13 0:00 ` Ken Garlington
1997-08-16 0:00 ` Robert Dewar
1997-08-17 0:00 ` Bertrand Meyer
1997-08-19 0:00 ` Ken Garlington
1997-08-20 0:00 ` Robert Dewar
1997-08-21 0:00 ` Thomas Beale
1997-08-21 0:00 ` Robert Dewar
[not found] ` <33FD8685.AAAE3B4F@stratasys.com>
1997-08-22 0:00 ` Robert Dewar
[not found] ` <3401811D.1700E7BE@stratasys.com>
1997-08-25 0:00 ` Jon S Anthony
1997-08-29 0:00 ` Ken Garlington
1997-08-29 0:00 ` Jeff Kotula
1997-09-02 0:00 ` Ken Garlington
[not found] ` <33FE8732.4FBB@invest.amp.com.au>
1997-08-26 0:00 ` Nick Leaton
[not found] ` <33FFA324.4DB9@flash.net>
[not found] ` <34013F3E.27D4@invest.amp.com.au>
1997-08-29 0:00 ` Ken Garlington
1997-08-23 0:00 ` Ken Garlington
1997-08-20 0:00 ` Robert Dewar [this message]
[not found] ` <33FB3B29.41C67EA6@eiffel.com>
1997-08-20 0:00 ` Bertrand Meyer
[not found] ` <5tv9cs$85q@nntpa.cb.lucent.com>
[not found] ` <340341CA.2F1CF0FB@eiffel.com>
1997-08-27 0:00 ` Samuel Mize
1997-08-29 0:00 ` Ken Garlington
1997-08-21 0:00 ` W. Wesley Groleau x4923
1997-08-22 0:00 ` Bertrand Meyer
1997-08-22 0:00 ` W. Wesley Groleau x4923
1997-08-16 0:00 ` Robert Dewar
1997-08-11 0:00 ` Don Harrison
1997-08-09 0:00 ` Marinos J. Yannikos
1997-08-07 0:00 ` Juergen Schlegelmilch
-- strict thread matches above, loose matches on Subject: below --
1997-08-21 0:00 aek
[not found] ` <33FC66AD.9A0799D4@calfp.co.uk>
1997-08-22 0:00 ` Robert S. White
1997-08-22 0:00 ` Samuel Mize
1997-08-22 0:00 ` Samuel Mize
1997-08-23 0:00 ` Ken Garlington
[not found] ` <33FFA4B1.3543@flash.net>
1997-08-26 0:00 ` Nick Leaton
[not found] ` <3406BEF7.2FC3@flash.net>
[not found] ` <3406E0F7.6FF7ED99@calfp.co.uk>
1997-09-02 0:00 ` Ken Garlington
1997-08-22 0:00 Marin David Condic, 561.796.8997, M/S 731-96
1997-08-22 0:00 Critique of Ariane 5 paper (finally) AdaWorks
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox