From: "Randy Brukardt" <randy@rrsoftware.com>
Subject: Re: Tests in a software release
Date: Wed, 15 Nov 2017 16:17:32 -0600
Date: 2017-11-15T16:17:32-06:00 [thread overview]
Message-ID: <ouiedt$gd1$1@franka.jacob-sparre.dk> (raw)
In-Reply-To: ouhv6m$cig$1@dont-email.me
"G. B." <nonlegitur@nmhp.invalid> wrote in message
news:ouhv6m$cig$1@dont-email.me...
> Randy Brukardt <randy@rrsoftware.com> wrote:
>> "G.B." <bauhaus@notmyhomepage.invalid> wrote in message
>> news:oth5k4$eih$1@dont-email.me...
>> ...
>>>> Checks can be removed only when statically proven not to fail.
>>>
>>> Programmers may remove checks whenever they think
>>> they should. No fancy proof is required(*).
>>
>> Such programmers should be fired at the earliest opportunity.
>
> When I, the programer who knows he is obeying
> the clause of the contract that my company and
> the supplier's have both signed (sic), then the
> other party insisting that we should nevertheless
> run their checks does not abide.
I hope I never have to use a product that is purposely designed to be
garbage.
...
> The most important thing is, designing by contract
> is *not* programming defensively. By definition.
One *always* programs defensively. The compiler can eliminate the vast
majority of the cost automatically, and what it can't eliminate demonstrates
likely bugs. I'm aggresively pushing Janus/Ada in this direction (don't have
enough free time to make a lot of progress though), as it combines the
advantages of what CodePeer does with what an Ada compiler can do, without
the possible disconnect of having different tools (which necessarily have to
make assumptions about how the others work).
The easiest level of that is described in an RR blog post from last June:
http://www.rrsoftware.com/html/blog/quality.html.
I'm working on some additional even more aggresive quality checks; I'll
write a blog post on them when they're finished, hopefully sometime this
winter. Ultimately, I'd like to include all checks and contracts in the
quality checks, but that's going to require a lot of development time and
probably will appear over multiple years and compiler versions.
In any case, this is the exact opposite of the sort of approach that you are
championing. It defeats the purpose of Ada, and it doesn't help that the
client (in your scenario) is asking you to do that. It's still silly.
Randy.
next prev parent reply other threads:[~2017-11-15 22:17 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-25 19:30 Tests in a software release Victor Porton
2017-10-26 7:20 ` Dmitry A. Kazakov
2017-10-27 18:06 ` G. B.
2017-10-27 18:54 ` Dmitry A. Kazakov
2017-10-28 6:53 ` G.B.
2017-10-28 7:35 ` Dmitry A. Kazakov
2017-10-30 20:44 ` G. B.
2017-10-30 20:56 ` Dmitry A. Kazakov
2017-10-31 7:17 ` G.B.
2017-10-31 8:32 ` Dmitry A. Kazakov
2017-11-03 7:24 ` G.B.
2017-11-03 8:16 ` Dmitry A. Kazakov
2017-11-03 12:49 ` Shark8
2017-11-04 10:15 ` G.B.
2017-11-15 0:11 ` Randy Brukardt
2017-11-15 17:57 ` G. B.
2017-11-15 20:46 ` Dmitry A. Kazakov
2017-11-17 15:36 ` Shark8
2017-11-15 22:17 ` Randy Brukardt [this message]
2017-11-16 21:44 ` G.B.
2017-11-17 0:15 ` Randy Brukardt
2017-11-17 15:45 ` Shark8
2017-11-18 1:07 ` Randy Brukardt
2017-11-15 0:06 ` Randy Brukardt
2017-11-15 8:47 ` Dmitry A. Kazakov
2017-11-15 21:53 ` Randy Brukardt
2017-11-15 16:47 ` Jeffrey R. Carter
2017-11-15 16:59 ` J-P. Rosen
2017-11-15 20:45 ` Dmitry A. Kazakov
2017-11-15 21:58 ` Randy Brukardt
2017-11-16 5:50 ` J-P. Rosen
2017-11-16 23:53 ` Randy Brukardt
2017-11-15 0:01 ` Randy Brukardt
2017-11-16 17:02 ` Robert Eachus
2017-11-17 0:20 ` Randy Brukardt
2017-11-22 20:40 ` Robert Eachus
2017-11-14 23:55 ` Randy Brukardt
2017-10-26 8:09 ` Stefan.Lucks
2017-10-26 17:30 ` Simon Clubley
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox