Temporal higher-order contracts

Disney, Tim; Flanagan, Cormac; McCarthy, Jay

doi:10.1145/2034574.2034800

Cited by 18 publications

(27 citation statements)

References 43 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The interplay between higher-order contracts and behavioral/temporal aspects of modules, such as restricting the order in which functions can be invoked, has been previously addressed by Disney et al [2011] and Scholliers et al [2015]. In both approaches, the enforcement of temporal constraints is done dynamically and the contract language allows for the specification of both allowed and disallowed traces.…”

Section: Related Workmentioning

confidence: 99%

“…On the contrary, in λCoS, the usage of endpoints is regulated by a combination of static and dynamic constraints: static constraints are enforced by session types, which guarantee that processes use session endpoints according to their protocol; dynamic constraints, which concern the content of exchanged messages and may affect the selection and availability of choices and branches (Section 6.3), are checked at runtime by monitors. None of the previous works on behavioral/temporal contracts Scholliers et al [2015], Disney et al [2011] provides a characterisation of module correctness or a formal statement about the correctness of blame assignment akin to our blame soundness result (Section 5). Swords et al [2015] proposed λ CC , a language tailored to the implementation of alternative approaches to monitoring, and discussed a possible implementation of the temporal contracts of Disney et al [2011] on top of λ CC .…”

Section: Related Workmentioning

confidence: 99%

“…None of the previous works on behavioral/temporal contracts Scholliers et al [2015], Disney et al [2011] provides a characterisation of module correctness or a formal statement about the correctness of blame assignment akin to our blame soundness result (Section 5). Swords et al [2015] proposed λ CC , a language tailored to the implementation of alternative approaches to monitoring, and discussed a possible implementation of the temporal contracts of Disney et al [2011] on top of λ CC . An interesting question for future work is whether the primitives of λ CC allows for a convenient implementation of λCoS to avoid monitor migration in delegations.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Chaperone contracts for higher-order sessions

Melgratti

Padovani

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Contracts have proved to be an effective mechanism that helps developers in identifying those modules of a program that violate the contracts of the functions and objects they use. In recent years, sessions have been established as a key mechanism for realizing inter-module communications in concurrent programs. Just like values flow into or out of a function or object, messages are sent on, and received from, a session endpoint. Unlike conventional functions and objects, however, the kind, direction, and properties of messages exchanged in a session may vary over time, as the session progresses. This feature of sessions calls for contracts that evolve along with the session they describe.In this work, we extend to sessions the notion of chaperone contract (roughly, a contract that applies to a mutable object) and investigate the ramifications of contract monitoring in a higher-order language that features sessions. We give a characterization of a correct module, one that honors the contracts of the sessions it uses, and prove a blame theorem. Guided by the calculus, we describe a lightweight implementation of monitored sessions as an OCaml module with which programmers can benefit from static session type checking and dynamic contract monitoring using an off-the-shelf version of OCaml.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Chaperone contracts for higher-order sessions

Melgratti

Padovani

2017

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…In this section we show computational contracts where the programmer describes a partial specification of the path of applications a certain function should or should not follow. In our implementation this path is expressed by a finite state machine 6 . As shown in Figure 8, this finite state machine describes which functions can be applied successively.…”

Section: Usage Protocolsmentioning

confidence: 99%

“…Finally, Higher Order Temporal (HOT) Contracts [6] extend prior higher-order contract systems to also express and enforce temporal properties between modules. In their formalisation, module behaviour is modelled as a trace of events such as function calls and returns, which does not include internal module calls.…”

Section: Grey Box Verification Techniquesmentioning

confidence: 99%

Computational contracts

Scholliers

Tanter

Meuter

2015

Science of Computer Programming

View full text Add to dashboard Cite

Pre/post contracts for higher-order functions, as proposed by Findler and Felleisen and provided in Racket, allow run-time verification and blame assignment of higher-order functions. However these contracts treat contracted functions as black boxes, allowing verification of only input and output. It turns out that many interesting concerns about the behaviour of a function require going beyond that black-box approach, in order to control the actual computation that follows from a function. Examples are prohibiting or verifying that certain functions are called, checking access permissions, time or memory constraints, interaction protocols, etc. To address this need for grey-box verification, while preserving support for higher-order programming and blame assignment, we introduce the notion of computational contracts. A computational contract is a contract over the execution of a contracted entity.We show various applications of computational contracts, and explain how to assign blame in case of a violation. Computational contracts have been integrated with the existing contract system of Racket. Computational contracts is the first contract model with blame assignment in a higher-order setting that provides a systematic way to perform grey box verification.

show abstract

Runtime Verification Based on Register Automata

Grigore

Distefano

Petersen

et al. 2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

We propose TOPL automata as a new method for runtime verification of systems with unbounded resource generation. Paradigmatic such systems are object-oriented programs which can dynamically generate an unbounded number of fresh object identities during their execution. Our formalism is based on register automata, a particularly successful approach in automata over infinite alphabets which administers a finite-state machine with boundedly many inputstoring registers. We show that TOPL automata are equally expressive to register automata and yet suitable to express properties of programs. Compared to other runtime verification methods, our technique can handle a class of properties beyond the reach of current tools. We show in particular that properties which require value updates are not expressible with current techniques yet are naturally captured by TOPL machines. On the practical side, we present a tool for runtime verification of Java programs via TOPL properties, where the trade-off between the coverage and the overhead of the monitoring system is tunable by means of a number of parameters. We validate our technique by checking properties involving multiple objects and chaining of values on large open source projects.

show abstract

Temporal higher-order contracts

Cited by 18 publications

References 43 publications

Chaperone contracts for higher-order sessions

Chaperone contracts for higher-order sessions

Computational contracts

Runtime Verification Based on Register Automata

Contact Info

Product

Resources

About