The Artima Developer Community
Articles | News | Weblogs | Books | Forums
Artima Forums | Articles | Weblogs | Java Answers | News
Sponsored Link

News & Ideas Forum (Closed for new topic posts)
Design by Contract: The Lessons of Ariane

2 replies on 1 page. Most recent reply: Apr 18, 2002 11:25 PM by Matt Gerrans

Welcome Guest
  Sign In

Go back to the topic listing  Back to Topic List Click to reply to this topic  Reply to this Topic Click to search messages in this forum  Search Forum Click for a threaded view of the topic  Threaded View   
Previous Topic   Next Topic
Flat View: This topic has 2 replies on 1 page
Bill Venners

Posts: 2284
Nickname: bv
Registered: Jan, 2002

Design by Contract: The Lessons of Ariane Posted: Apr 18, 2002 12:04 PM
Reply to this message Reply
Advertisement
Earlier columns in IEEE Computer have emphasized the importance of Design by Contract for constructing reliable software. A $500-million software error provides a sobering reminder that this principle is not just a pleasant academic ideal," says this article by Jean-Marc Jezequel and Bertrand Meyer:

http://www.eiffel.com/doc/manuals/technology/contract/ariane/page.html


Thomas SMETS

Posts: 307
Nickname: tsmets
Registered: Apr, 2002

Re: Design by Contract: The Lessons of Ariane Posted: Apr 18, 2002 3:03 PM
Reply to this message Reply
This is a really cool post Bill.
Now, does that mean to you that we should all jump to jdk 1.4, to use input / ouput validations (assertions) ?

What other conclusions could be drawn for the little poor java programmer we are :-)

Rgds,

Thomas,

Matt Gerrans

Posts: 1153
Nickname: matt
Registered: Feb, 2002

Re: Design by Contract: The Lessons of Ariane Posted: Apr 18, 2002 11:25 PM
Reply to this message Reply
I'm not entirely clear why the conclusion is that design-by-contract would have caught this problem. Testing all the pre- and post- conditions is tantamount to having assertions and according to the report there wasn't enough time to for that: "Not all the conversions were protected because a maximum workload target of 80% had been set for the SRI computer." It sounds like they made a conscious decision not to require a contract for the three out of seven variables mentioned, so why would using a design-by-contract language solve the problem?

Flat View: This topic has 2 replies on 1 page
Topic: Google Web APIs Previous Topic   Next Topic Topic: Microsoft Simple Control Protocol (SCP)
Sponsored Links


Google
  Web Artima.com   

Copyright © 1996-2019 Artima, Inc. All Rights Reserved. - Privacy Policy - Terms of Use