From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public From: milkweed@plainfield.bypass.com (Anders Pytte) Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/23 Message-ID: #1/1 X-Deja-AN: 227784428 References: <332B5495.167EB0E7@eiffel.com> <332D113B.4A64@calfp.co.uk> <5gm8a6$2qu$2@news.irisa.fr> <3332BE49.8F9@lmtas.lmco.com> <33330FE5.3F54BC7E@eiffel.com> Organization: Milkweed Software Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-23T00:00:00+00:00 List-Id: In article <33330FE5.3F54BC7E@eiffel.com>, Bertrand Meyer wrote: > [Ken Garlington] > > > Note that these are not characterized as "design by contract-like" > > assertions, but Eiffel-like assertions. The paper goes on to make it > > clear that not just any language will do. > [Bertrand Meyer] > Because not just any language will do. Of commonly available languages, > Eiffel is the only one to have built-in support for assertions in the > spirit of Design by Contract. This is a plain fact, not subject > to disputations or to accusations of starting "language wars". > (What is subject to discussion is of course everything else: > whether it is useful to have assertions as part of the language, > whether Eiffel's assertion mechanism is properly designed etc.) Is it is useful to have assertions as part of the language? Yes, ofcourse; but that was not Ken's concern. The concern he raised regarding the implications of the paper were: would having assertions as part of the language have prevented the crash? The answer to that has been convincingly demonstrated to be false. An engineer with a strong understanding of design by contract will use that form (method/pattern/whatever) in their language of choice, even if they need to improvise a little. Apparently the exclusion of the critical assertion from the Arriane-5 code was a decision based on resource limitation, not an oversight resulting from lack of an explicit require feature (Ada has assertion), nor from lack of knowledge of good programming practices (i.e. design by contract). An engineer with a weak understanding of design by contract will not use that form effectively in any language, including Eiffel. I suppose that inclusion of require as part of the language is a useful pedogogical tool: users of the language may be more likely to explore the use of design by contract then users of another language. But again, this would not apply to the case at hand. > [Ken Garlington] > > > I wonder which languages have built-in precondition, postcondition, and > > invariant statements... [Bertrand Meyer] > Eiffel, for one. People have tried adding these constructs to various > other languages too, although none of these efforts has gained > widespread > acceptance. And of course in Eiffel they are not an add-on but part of > the > language's basic design (the inheritance mechanism, in particular) and > methodology. It doesn't mean the concepts are worthless for people > using other languages. If they were, no one besides Eiffel users would > be paying attention to Design by Contract. True, but not really relevant to Ken's point. Again, I am not criticising Eiffel. I am objecting to the implication of the Meyers/Jezequel paper, made explicit in Meyers' further remarks in this thread, that the use of a language with "built-in support for assertions in the spirit of Design by Contract" would have prevented the Arianne-5 crash. Anders. b-t-w, I feel badly about the "one and only true kibo" hate mail. -- Anders Pytte Milkweed Software RR 1, Box 227 Voice: (802) 472-5142 Cabot VT 05647 Internet: milkweed@plainfield.bypass.com