From: "Ken Garlington" <Ken.Garlington@computer.org>
Subject: Re: Interresting thread in comp.lang.eiffel
Date: 2000/07/14
Date: 2000-07-14T00:00:00+00:00 [thread overview]
Message-ID: <vLub5.16107$7%3.987416@news.flash.net> (raw)
In-Reply-To: BRab5.418$6E.94216@ptah.visi.com
"David K Allen" <dkallen@visi.com> wrote in message
news:BRab5.418$6E.94216@ptah.visi.com...
> "Ken Garlington" wrote
> > It keeps getting ignored (I suspect because the question can't be
> answered),
> > but I'll post this example again. The DbC specification for a module is
> > given below. I feel fairly confident that this is considered a good
> quality
> > example by at least one acknowledged Eiffel/DbC expert.
>
> ;)
>
> >
> > convert (horizontal_bias: INTEGER): INTEGER is
> > require
> > horizontal_bias <= Maximum_bias
> >
> > If, as you say, this would cause the project team to go get information
> they
> > did not already have, then explain what information it would require and
> > why.
> >
> > (My analysis of this DbC specification is in the link noted above).
>
> First, I don't think the authors intended that this one function would
have
> prevented the entire disaster.
> If they meant that, then I must join you in your critique.
> I think they were trying to give an illustration that would convey the
> approach of DBC in the context of the disaster. But I can see you were not
> impressed <grin>.
>
> Second, as you point out in your critique, the error occurred prior to
where
> this function would have been used (conversion from FP to Integer). But
if
> you accept my previous remark, then that is not the point of their
example.
> I admit they chose poorly if they were intending to persuade you, who have
> such a command of the details.
> But for conversation sake, and to illustrate the usefullness of DBC,
let's
> assume that the flaw occured within 'convert' above. Otherwise, I can't
> help you see how DBC helps me think and work.
As I note in the paper, you can reasonably generate examples where DbC
helps. However, the examples provided to date are not, IMHO, germaine to the
specifics of the Ariane 5 case. Here's an even more interesting aspect:
Given that the author of the proposed contract appears to be showing an
example specific to the Ariane 5 case, and given that he _knew_ a priori
where the error resided, and given that (he claims) the information provided
in the inquiry was sufficient for him to understand the nature of the
problem, he STILL BLEW IT. He failed to write a contract that addressed the
problem. This should give anyone pause as to the ease of establishing such
contracts.
More to the point, I have yet to see anyone write an Eiffel contract that
_does_ address the Ariane 5 example -- particularly in a portable and
readable manner. Again, this is even after we (apparently) fully understand
the conditions we're trying to denote. I'm not claiming that it's
impossible, but I suspect that it will be more complicated than a one-liner
(as the person who posted the "tangent" contract hopefully also discovered
:).
> Yes, I know - the reason for this jointly agreed decision was cited as
> maintaining CPU performance. My only claim is that if DBC were part of the
> coding culture, it would have been less likely that that decision would
have
> been "jointly" agreed to.
However, you have to consider that at least some of the "joint" decisions
(in particular, the extermely critical one regarding the SRI specification)
were quite likely made by personnel that would have been unaware of the
software team's decision to use DbC, much less used those contracts in their
decision making process.
> If I were working on high-risk stuff with a team
> of others trained in DBC, I can't see that we would reach a consensus to
> ignore the warning of a precondition. It just would not be done without
> management overriding us.
Again, the part of the statement that reads "a team of others trained in
DbC" is critical to the argument. If you are dealing with a software system
on a standard hardware platform, where the domain of interest is mostly
software-specific, this is reasonably likely. However, the SRI environment
(and, more to the point, the rocket environment containing it) is not likely
to meet this criteria.
next prev parent reply other threads:[~2000-07-14 0:00 UTC|newest]
Thread overview: 102+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <8ipvnj$inc$1@wanadoo.fr>
[not found] ` <8j67p8$afd$1@nnrp1.deja.com>
[not found] ` <39573CAB.BB90DF92@gecm.com>
[not found] ` <8j8ek0$24la$3@ID-9852.news.cis.dfn.de>
[not found] ` <3957ED3E.E64E7390@lmco.com>
[not found] ` <8k8orn$1tlh9$1@ID-9852.news.cis.dfn.de>
[not found] ` <94S95.9936$7%3.667320@news.flash.net>
2000-07-13 0:00 ` Interresting thread in comp.lang.eiffel Joachim Durchholz
2000-07-14 0:00 ` Ken Garlington
2000-07-16 0:00 ` Joachim Durchholz
2000-07-16 0:00 ` Ken Garlington
[not found] ` <slrn8leffq.ebq.gisle@spurv.ii.uib.no>
[not found] ` <395886DA.CCE008D2@deepthought.com.au>
[not found] ` <3958B07B.18A5BB8C@acm.com>
[not found] ` <y1d65.620$7%3.33446@news.flash.net>
[not found] ` <395A0ECA.940560D1@acm.com>
[not found] ` <8jd4bb$na7$1@toralf.uib.no>
[not found] ` <8jfabb$1d8$1@nnrp1.deja.com>
[not found] ` <8jhq0m$30u5$1@toralf.uib.no>
[not found] ` <8jt4j7$19hpk$1@ID-9852.news.cis.dfn.de>
[not found] ` <3963CDDE.3E8FB644@earthlink.net>
[not found] ` <8k5alv$1oogm$1@ID-9852.news.cis.dfn.de>
[not found] ` <Rmt95.7825$7%3.595826@news.flash.net>
2000-07-13 0:00 ` Joachim Durchholz
2000-07-13 0:00 ` Marin D. Condic
2000-07-14 0:00 ` Ken Garlington
2000-07-16 0:00 ` Joachim Durchholz
2000-07-16 0:00 ` Ken Garlington
2000-07-19 0:00 ` Joachim Durchholz
2000-07-19 0:00 ` Ken Garlington
2000-07-14 0:00 ` Ken Garlington
2000-07-14 0:00 ` Marin D. Condic
2000-07-14 0:00 ` Ken Garlington
[not found] ` <3963DEBF.79C40BF1@eiffel.com>
[not found] ` <2LS85.6100$7%3.493920@news.flash.net>
[not found] ` <8k5aru$1odtq$1@ID-9852.news.cis.dfn.de>
[not found] ` <Rnt95.7826$7%3.596208@news.flash.net>
[not found] ` <8k8pk2$20cab$1@ID-9852.news.cis.dfn.de>
[not found] ` <_dS95.9945$7%3.666180@news.flash.net>
2000-07-12 0:00 ` David K Allen
2000-07-12 0:00 ` Bob Allen
2000-07-12 0:00 ` Ken Garlington
2000-07-13 0:00 ` Bob Allen
2000-07-14 0:00 ` Ken Garlington
2000-07-14 0:00 ` Marin D. Condic
2000-07-14 0:00 ` carr_tom
2000-07-18 0:00 ` Veli-Pekka Nousiainen
2000-07-12 0:00 ` David Gillon
2000-07-13 0:00 ` David Gillon
2000-07-13 0:00 ` David K Allen
2000-07-13 0:00 ` Bob Allen
2000-07-13 0:00 ` Joachim Durchholz
2000-07-18 0:00 ` Veli-Pekka Nousiainen
2000-07-19 0:00 ` Joachim Durchholz
2000-07-14 0:00 ` Ken Garlington
2000-07-13 0:00 ` Joachim Durchholz
2000-07-18 0:00 ` Veli-Pekka Nousiainen
2000-07-19 0:00 ` David Gillon
2000-07-12 0:00 ` Ken Garlington
2000-07-12 0:00 ` David K Allen
2000-07-13 0:00 ` Howard W. LUDWIG
2000-07-13 0:00 ` Joachim Durchholz
2000-07-14 0:00 ` Ken Garlington
2000-07-14 0:00 ` Ken Garlington [this message]
2000-07-18 0:00 ` Veli-Pekka Nousiainen
2000-07-19 0:00 ` Ken Garlington
2000-07-19 0:00 ` Bob Allen
2000-07-12 0:00 ` David K Allen
[not found] ` <Rnt95.78 <L6vb5.16117$7%3.988701@news.flash.net>
2000-07-14 0:00 ` Nick Williams
[not found] ` <396502D2.BD8A42E7@earthlink.net>
[not found] ` <RSsa5.11075$7%3.784507@news.flash.net>
[not found] ` <6aHa5.113$6E.23141@ptah.visi.com>
[not found] ` <396B4A68.458FA3BC@maths.unine.ch>
[not found] ` <u6hp4i16$GA.283@cpmsnbbsa07>
2000-07-11 0:00 ` Ken Garlington
2000-07-12 0:00 ` Bob Allen
2000-07-12 0:00 ` Ken Garlington
2000-07-12 0:00 ` David Starner
2000-07-12 0:00 ` Peter Amey
2000-07-12 0:00 ` Peter Amey
2000-07-13 0:00 ` Joachim Durchholz
2000-07-11 0:00 ` cropt
[not found] ` <39654639.B3760EF2@eiffel.com>
[not found] ` <i4k95.7512$7%3.571616@news.flash.net>
[not found] ` <oqog45g1j0.fsf@premise.demon.co.uk>
[not found] ` <85Fa5.11419$7%3.818927@news.flash.net>
2000-07-11 0:00 ` Aspects (Re: Interesting thread in comp.lang.eiffel) tom
2000-07-12 0:00 ` Steve Merrick
2000-07-12 0:00 ` Frank Mitchell
2000-07-14 0:00 ` Jubilation
2000-07-14 0:00 ` Frank Mitchell
2000-07-15 0:00 ` Jubilation
2000-07-12 0:00 ` Veli-Pekka Nousiainen
2000-07-12 0:00 ` tom
2000-07-12 0:00 ` Design by Contract (was " David Kristola
2000-07-12 0:00 ` Howard W. LUDWIG
2000-07-12 0:00 ` Greg
2000-07-12 0:00 ` Eirik Mangseth
2000-07-13 0:00 ` Joachim Durchholz
2000-07-14 0:00 ` David Kristola
2000-07-14 0:00 ` Matthew J Heaney
2000-07-16 0:00 ` Joachim Durchholz
2000-07-17 0:00 ` David Kristola
2000-07-19 0:00 ` Joachim Durchholz
2000-07-25 0:00 ` Richard Riehle
2000-07-12 0:00 ` Greg
2000-07-12 0:00 ` Matthew J Heaney
2000-07-13 0:00 ` Eirik Mangseth
2000-07-18 0:00 ` Interesting thread in comp.lang.eiffel Veli-Pekka Nousiainen
2000-07-19 0:00 ` Ken Garlington
[not found] ` <i4k95.7512$7%3.571616@n <397D8CC3.BB0C9001@ix.netcom.com>
2000-07-29 0:00 ` Writing better software was: Design by Contract (was Re: Interesting thread in comp.lang.eiffel) Kent Paul Dolan
2000-07-29 0:00 ` Ken Garlington
2000-07-31 0:00 ` Stefan Skoglund
2000-08-01 0:00 ` Ken Garlington
2000-08-01 0:00 ` Kent Paul Dolan
2000-08-01 0:00 ` Ken Garlington
2000-07-31 0:00 ` Simon Brady
2000-07-30 0:00 ` John Magness
2000-08-01 0:00 ` Simon Brady
2000-08-01 0:00 ` Ken Garlington
2000-08-01 0:00 ` Simon Brady
2000-08-04 0:00 ` Robert I. Eachus
2000-08-04 0:00 ` Simon Brady
[not found] ` <SVH65.1596$7%3.129344@news.flash.net>
[not found] ` <8jt4i0$18ec7$1@ID-9852.news.cis.dfn.de>
[not found] ` <nSt85.5388$7%3.424540@news.flash.net>
[not found] ` <8k5a31$1p61t$1@ID-9852.news.cis.dfn.de>
[not found] ` <qlt95.7824$7%3.596314@news.flash.net>
[not found] ` <8k8p8m$1upjk$1@ID-9852.news.cis.dfn.de>
[not found] ` <0cS95.9944$7%3.667682@news.flash.net>
2000-07-13 0:00 ` Interresting thread in comp.lang.eiffel Joachim Durchholz
2000-07-14 0:00 ` Ken Garlington
[not found] ` <3966D7B0.5D6475E4@earthlink.net>
[not found] ` <A5J95.9237$7%3.638838@news.flash.net>
2000-07-12 0:00 ` Robert I. Eachus
2000-07-13 0:00 ` Ken Garlington
2000-07-23 0:00 ` Robert I. Eachus
2000-07-23 0:00 ` Ken Garlington
2000-07-24 0:00 ` swhalen
2000-07-24 0:00 ` David Gillon
2000-07-24 0:00 ` Ken Garlington
2000-07-24 0:00 ` David Gillon
[not found] ` <39688CA2.31B2A7EF@acm.com>
2000-07-13 0:00 ` Joachim Durchholz
2000-07-13 0:00 ` Marin D. Condic
[not found] ` <8j7i54$j7d5@news.kvaerner.com>
[not found] ` <395887EB.8D612FC7@deepthought.com.au>
[not found] ` <395A190E.FD4D8978@easystreet.com>
[not found] ` <6Yt65.3417$MS3.72586@news1.online.no>
[not found] ` <395A7E7E.FE57E036@easystreet.com>
[not found] ` <8jermi$5cb2@news.kvaerner.com>
[not found] ` <395BCE66.2BE8EE0A@eiffel.com>
[not found] ` <wccaeg3gj61.fsf@world.std.com>
[not found] ` <395D113D.1F654A68@eiffel.com>
[not found] ` <dus75.5086$MS3.105182@news1.online.no>
[not found] ` <395E5D16.C4D109F1@eiffel.com>
2000-07-18 0:00 ` Interesting " Veli-Pekka Nousiainen
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox