Complete Monitors for Behavioral Contracts

Dimoulas, Christos; Tobin-Hochstadt, Sam; Felleisen, Matthias

doi:10.1007/978-3-642-28869-2_11

Cited by 58 publications

(68 citation statements)

References 11 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The concepts most closely related to blame soundness are blame correctness Dimoulas et al [ , 2012 and blame safety Wadler andFindler [2009], Wadler [2015].…”

Section: Local Correctness Implies Blame Soundnessmentioning

confidence: 99%

“…Such design choices pose the question of whether a particular strategy is reasonable, i.e., if it assigns blames correctly. This problem has been addressed either by showing that principals that can be blamed have responsibility in a contract violation Dimoulas et al [ , 2012 or by providing a characterization of components that satisfy a given contract Blume and McAllester [2006], Findler and Blume [2006], . Given a semantics for contracts, contract satisfaction addresses the problem of showing that a contract system is sound and complete with respect to that semantics, i.e.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Chaperone contracts for higher-order sessions

Melgratti

Padovani

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Contracts have proved to be an effective mechanism that helps developers in identifying those modules of a program that violate the contracts of the functions and objects they use. In recent years, sessions have been established as a key mechanism for realizing inter-module communications in concurrent programs. Just like values flow into or out of a function or object, messages are sent on, and received from, a session endpoint. Unlike conventional functions and objects, however, the kind, direction, and properties of messages exchanged in a session may vary over time, as the session progresses. This feature of sessions calls for contracts that evolve along with the session they describe.In this work, we extend to sessions the notion of chaperone contract (roughly, a contract that applies to a mutable object) and investigate the ramifications of contract monitoring in a higher-order language that features sessions. We give a characterization of a correct module, one that honors the contracts of the sessions it uses, and prove a blame theorem. Guided by the calculus, we describe a lightweight implementation of monitored sessions as an OCaml module with which programmers can benefit from static session type checking and dynamic contract monitoring using an off-the-shelf version of OCaml.

show abstract

“…The concepts most closely related to blame soundness are blame correctness Dimoulas et al [ , 2012 and blame safety Wadler andFindler [2009], Wadler [2015].…”

Section: Local Correctness Implies Blame Soundnessmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Chaperone contracts for higher-order sessions

Melgratti

Padovani

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…Our contract system satisfies complete monitoring [9], an important correctness criterion for contract systems. Complete monitoring guarantees that a contract system correctly assigns blame to components that violate their contracts and, crucially, that the contract system can interpose on all uses of a value in a component that did not create that value.…”

Section: Complete Monitoringmentioning

confidence: 99%

Extensible access control with authorization contracts

Moore

Dimoulas

Findler³

et al. 2016

Proceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applicatio

Self Cite

View full text Add to dashboard Cite

Existing programming language access control frameworks do not meet the needs of all software components. We propose an expressive framework for implementing access control monitors for components. The basis of the framework is a novel concept: the authority environment. An authority environment associates rights with an execution context. The building blocks of access control monitors in our framework are authorization contracts: software contracts that manage authority environments. We demonstrate the expressiveness of our framework by implementing a diverse set of existing access control mechanisms and writing custom access control monitors for three realistic case studies.

show abstract

“…For the proof of soundness, we employ the usual progress and preservation technique [37]. For the soundness of types as contracts, we show that the contract system is a complete monitor [6], meaning components do not export their values without appropriate contract protection. Based on these two major steps, we finally show that typed components of mixed-type programs cannot be blamed for violations of type invariants.…”

Section: Type Soundness For Mixed Programsmentioning

confidence: 99%

Gradual typing for first-class classes

et al. 2012

Self Cite

View full text Add to dashboard Cite

Dynamic type-checking and object-oriented programming often go hand-in-hand; scripting languages such as Python, Ruby, and JavaScript all embrace object-oriented (OO) programming. When scripts written in such languages grow and evolve into large programs, the lack of a static type discipline reduces maintainability. A programmer may thus wish to migrate parts of such scripts to a sister language with a static type system. Unfortunately, existing type systems neither support the flexible OO composition mechanisms found in scripting languages nor accommodate sound interoperation with untyped code.In this paper, we present the design of a gradual typing system that supports sound interaction between staticallyand dynamically-typed units of class-based code. The type system uses row polymorphism for classes and thus supports mixin-based OO composition. To protect migration of mixins from typed to untyped components, the system employs a novel form of contracts that partially seal classes. The design comes with a theorem that guarantees the soundness of the type system even in the presence of untyped components.

show abstract

Complete Monitors for Behavioral Contracts

Cited by 58 publications

References 11 publications

Chaperone contracts for higher-order sessions

Chaperone contracts for higher-order sessions

Extensible access control with authorization contracts

Gradual typing for first-class classes

Contact Info

Product

Resources

About