From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: fac41,a48e5b99425d742a X-Google-Attributes: gidfac41,public X-Google-Thread: 1108a1,5da92b52f6784b63 X-Google-Attributes: gid1108a1,public X-Google-Thread: f43e6,a48e5b99425d742a X-Google-Attributes: gidf43e6,public X-Google-Thread: ffc1e,a48e5b99425d742a X-Google-Attributes: gidffc1e,public X-Google-Thread: 103376,a48e5b99425d742a X-Google-Attributes: gid103376,public From: milkweed@plainfield.bypass.com (Anders Pytte) Subject: Re: Papers on the Ariane-5 crash and Design by Contract Date: 1997/03/24 Message-ID: #1/1 X-Deja-AN: 228100440 References: Organization: Milkweed Software Newsgroups: comp.lang.eiffel,comp.object,comp.software-eng,comp.programming.threads,comp.lang.ada Date: 1997-03-24T00:00:00+00:00 List-Id: In article , joachim.durchholz@munich.netsurf.de wrote: > > My point was that assertions and design by contract are good, but are not > > enforced by Eiffel any more than any other modern programming language. > > The presence of "built-in" assertions does not mean they will be used; a > > person who would use assertions fastidiously in Eiffel is probably already > > using them in C++ or Ada. > > Sorry that I have to disagree. > I bought all of programming-by-contract. I'd very much like to use it in my > projects (unfortunately, the projects at work aren't in Eiffel). But all I > can do is add comments in programming-by-contract style. > I can't switch precondition checking on for a single class, I have to switch > it on for everything that's written by myself; however, this would incur > such a run-time penalty that I usually don't do it. > Worse, I can't switch on precondition checking for the classes that were > delivered as part of the compiler, so whenever the program crashes, I keep > wondering wether the error is in my code or in the libraries. And of course > some crashes don't even tell me which routine failed, and in what way - I > recently had to single-step through every line of initialization code in my > system to find the broken precondition. > > Programming-by-contract is much like parameter type checking. You can do > without it if you work very carefully. But in practice, all sorts of stupid > mistakes occur, and they occur in the libraries, too. > I guess i made a dangerous generalization there. I've been instinctively appliying programming-by-contract tecniques for the 15 years i've been programming professionally - imperfectly, ofcourse. I've gathered and developed tools and techniques slowly along the way, and am still learning. Ocourse, it is much easier to prove that a thing is possible than to prove that it is impossible, since in the former case one needs only a single example. Anders. -- Anders Pytte Milkweed Software RR 1, Box 227 Voice: (802) 472-5142 Cabot VT 05647 Internet: milkweed@plainfield.bypass.com