GreenbergMichael scite author profile

GreenbergMichael

3Publications

44Citation Statements Received

105Citation Statements Given

How they've been cited

How they cite others

105

Affiliations

University of Pennsylvania

Publications

Order By: Most citations

Verifying aspect advice modularly

KrishnamurthiShriram¹,

FislerKathi²,

GreenbergMichael³

2004

SIGSOFT Softw. Eng. Notes

View full text Add to dashboard Cite

Aspect-oriented programming has become an increasingly important means of expressing cross-cutting program abstractions. Despite this, aspects lack support for computeraided verification. We present a technique for verifying aspect-oriented programs (expressed as state machines). Our technique assumes that the set of pointcut designators is known statically, but that the actual advice can vary. This calls for a modular technique that does not require repeated analysis of the entire system every time a developer changes advice. We present such an analysis, addressing several subtleties that arise. We also present an important optimization for handling multiple pointcut designators. We have implemented a prototype verifier and applied it to some simple but interesting cases.

show abstract

Space-Efficient Manifest Contracts

GreenbergMichael¹

2015

SIGPLAN Not.

View full text Add to dashboard Cite

The standard algorithm for higher-order contract checking can lead to unbounded space consumption and can destroy tail recursion, altering a program's asymptotic space complexity. While space efficiency for gradual types-contracts mediating untyped and typed code-is well studied, sound space efficiency for manifest contractscontracts that check stronger properties than simple types, e.g., "is a natural" instead of "is an integer"-remains an open problem.We show how to achieve sound space efficiency for manifest contracts with strong predicate contracts. The essential trick is breaking the contract checking down into coercions: structured, blame-annotated lists of checks. By carefully preventing duplicate coercions from appearing, we can restore space efficiency while keeping the same observable behavior.Along the way, we define a framework for space efficiency, traversing the design space with three different space-efficient manifest calculi. We examine the diverse correctness criteria for contract semantics; we conclude with a coercion-based language whose contracts enjoy (galactically) bounded, sound space consumption-they are observationally equivalent to the standard, space-inefficient semantics.This is an extended version of Greenberg [2015], with a great deal of material that does not appear in the conference paper: an exploration of the design space with two other space-efficient calculi and complete proofs.

show abstract

Contracts made manifest

2010

View full text Add to dashboard Cite

Since Findler and Felleisen introduced higher-order contracts , many variants have been proposed. Broadly, these fall into two groups: some follow Findler and Felleisen in using latent contracts, purely dynamic checks that are transparent to the type system; others use manifest contracts, where refinement types record the most recent check that has been applied to each value. These two approaches are commonly assumed to be equivalent---different ways of implementing the same idea, one retaining a simple type system, and the other providing more static information. Our goal is to formalize and clarify this folklore understanding. Our work extends that of Gronski and Flanagan, who defined a latent calculus λ C and a manifest calculus λ H , gave a translation φ from λ C to λ H , and proved that, if a λ C term reduces to a constant, then so does its φ-image. We enrich their account with a translation Ψ from λ H to λ C and prove an analogous theorem. We then generalize the whole framework to dependent contracts , whose predicates can mention free variables. This extension is both pragmatically crucial, supporting a much more interesting range of contracts, and theoretically challenging. We define dependent versions of λ H and two dialects ("lax" and "picky") of λ C , establish type soundness---a substantial result in itself, for λ H ---and extend φ and Ψ accordingly. Surprisingly, the intuition that the latent and manifest systems are equivalent now breaks down: the extended translations preserve behavior in one direction but, in the other, sometimes yield terms that blame more.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.