Complete Monitors for Behavioral Contracts
A behavioral contract in a higher-order language may invoke methods of unknown objects. Although this expressive power allows programmers to formulate sophisticated contracts, it also poses a problem for language designers. Indeed, two distinct semantics have emerged for such method calls, dubbed lax and picky. While lax fails to protect components in certain scenarios, picky may blame an uninvolved party for a contract violation.
In this paper, we present complete monitoring as the fundamental correctness criterion for contract systems. It demands correct blame assignment as well as complete monitoring of all channels of communication between components. According to this criterion, lax and picky are indeed incorrect ways to monitor contracts. A third semantics, dubbed indy, emerges as the only correct variant.
Keywordshigher-order programming behavioral contracts contract checking
- 3.Dimoulas, C., Findler, R.B., Flanagan, C., Felleisen, M.: Correct blame for contracts: No more scapegoating. In: POPL, pp. 215 – 226 (2011)Google Scholar
- 4.Findler, R.B., Felleisen, M.: Contracts for higher-order functions. In: ICFP, pp. 48–59 (2002)Google Scholar
- 5.Flatt, M.: PLT: Reference: Racket. Tech. Rep. PLT-TR-2010-1, PLT Inc. (2010), http://racket-lang.org/tr1/
- 6.Greenberg, M., Pierce, B.C., Weirich, S.: Contracts made manifest. In: POPL, pp. 353–364 (2010)Google Scholar
- 7.Meyer, B.: Eiffel: The Language. Prentice Hall (1992)Google Scholar
- 8.Tobin-Hochstadt, S., Felleisen, M.: Interlanguage migration: from scripts to programs. In: DLS, pp. 964–974 (2006)Google Scholar
- 11.Zdancewic, S., Grossman, D., Morrisett, G.: Principals in programming languages: A syntactic proof technique. In: ICFP, pp. 197–207 (1999)Google Scholar