Next: 2.4 Benefits
Up: 2 Position
Previous: 2.2 Proof Tasks and
The investigation [Lio96] of the recent Ariane 5 disaster revealed that it was caused by the reuse of an unmodified Ariane 4 software component which led to an uncaught exception crashing the software and hence the spacecraft. In [JM97], however, Jézéquel and Meyer argue that the ultimate reason for the crash was the components failure to state its assumptions, i.e., the absence of a contract. They conclude
``There is a more simple lesson to be learned from this unfortunate event: Reuse without a contract is a sheer folly. From CORBA to C++ to VisualBasic to ActiveX to Java, the hype is on software components. The Ariane 5 blunder shows clearly that naïve hopes are doomed to produce results far worse than a traditional, reuse-less software process. To attempt to reuse software without Eiffel-like assertions is to invite failures of potentially disastrous consequences.''We share this conclusion as motivation for our work.