From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.3 required=5.0 tests=BAYES_00,INVALID_MSGID autolearn=no autolearn_force=no version=3.4.4 X-Google-Language: ENGLISH,ASCII-7-bit X-Google-Thread: 103376,a83c46b54bacb7f6 X-Google-Attributes: gid103376,public From: Hyman Rosen Subject: Re: JOB:Sr. SW Engineers Wanted-Fortune 500 Co Date: 2000/02/01 Message-ID: #1/1 X-Deja-AN: 580516218 Sender: hymie@calumny.jyacc.com References: <3894A823.92EC75D1@bondtechnologies.com> <874b7r$mj9$1@nnrp1.deja.com> <38967537_1@news.jps.net> <877hur$hk9$1@nntp8.atl.mindspring.net> X-Complaints-To: abuse@panix.com X-Trace: news.panix.com 949440659 14476 209.49.126.226 (1 Feb 2000 21:30:59 GMT) Organization: PANIX Public Access Internet and UNIX, NYC NNTP-Posting-Date: 1 Feb 2000 21:30:59 GMT Newsgroups: comp.lang.ada Date: 2000-02-01T21:30:59+00:00 List-Id: Richard D Riehle writes: > All this fuss about Arianne 5. We know that Ariane 5 failed in the larger sense because of bad management decisions. Where humans work, mistakes can happen. We're (now) discussing the propriety of enabling runtime checks in production code. Ariane 5 makes a good example for discussion. What happens when proofs of behavior turn out, for whatever reason, to be wrong? When you code, you are always proving things, or else you would never be able to make any progress - if a = 3 and then a = 3 and then a = 3 and then ... At some point, you must be satisfied that a condition for which you are checking holds. How much time and effort do you then devote to worrying about whether that condition *really* holds, and to writing code which will trigger if that condition does not hold?