Temporal higher-order contracts

Behavioral contracts are embraced by software engineers because they document module interfaces, detect interface violations, and help identify faulty modules (packages, classes, functions, etc). This paper extends prior higher-order contract systems to also express and enforce temporal properties, which are common in software systems with imperative state, but which are mostly left implicit or are at best informally specified. The paper presents both a programmatic contract API as well as a temporal contract language, and reports on experience and performance results from implementing these contracts in Racket. Our development formalizes module behavior as a trace of events such as function calls and returns. Our contract system provides both non-interference (where contracts cannot influence correct executions) and also a notion of completeness (where contracts can enforce any decidable, prefix-closed predicate on event traces).

[1]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[2]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[3]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[4]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[5]  Howard Barringer,et al.  Rule Systems for Run-time Monitoring: from Eagle to RuleR , 2010, J. Log. Comput..

[6]  Na Xu Static contract checking for Haskell , 2009, POPL '09.

[7]  Ralf Hinze,et al.  Typed Contracts for Functional Programming , 2006, FLOPS.

[8]  MeyerBertrand,et al.  Design by Contract , 1997 .

[9]  Samson Abramsky,et al.  A fully abstract game semantics for general references , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[10]  C.-H. Luke Ong,et al.  On Full Abstraction for PCF: I, II, and III , 2000, Inf. Comput..

[11]  James Laird A fully abstract game semantics of local exceptions , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[12]  Matthias Felleisen,et al.  A calculus for assignments in higher-order languages , 1987, POPL '87.

[13]  John C. Reynolds,et al.  The essence of ALGOL , 1997 .

[14]  Mark S. Miller,et al.  Robust composition: towards a unified approach to access control and concurrency control , 2006 .

[15]  Andrzej S. Murawski,et al.  Applying Game Semantics to Compositional Software Modeling and Verification , 2004, TACAS.

[16]  Matthias Felleisen,et al.  Fully Abstract Semantics for Observably Sequential Languages , 1994, Inf. Comput..

[17]  Matthias Felleisen,et al.  Semantics Engineering with PLT Redex , 2009 .

[18]  David S. Rosenblum A Practical Approach to Programming With Assertions , 1995, IEEE Trans. Software Eng..

[19]  Grigore Rosu,et al.  An Overview of the Runtime Verification Tool Java PathExplorer , 2004, Formal Methods Syst. Des..

[20]  Radha Jagadeesan,et al.  Full Abstraction for PCF , 1994, Inf. Comput..

[21]  Matthias Felleisen,et al.  An Investigation of Contracts as Projections , 2004 .

[22]  Robert Bruce Findler,et al.  Kill-safe synchronization abstractions , 2004, PLDI '04.

[23]  Ernesto Pimentel,et al.  Design by Contract in Smalltalk , 1996, J. Object Oriented Program..

[24]  Grigore Rosu,et al.  An overview of the MOP runtime verification framework , 2012, International Journal on Software Tools for Technology Transfer.

[25]  Matthias Felleisen,et al.  Correct blame for contracts: no more scapegoating , 2011, POPL '11.

[26]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[27]  Bertrand Meyer,et al.  Eiffel: The Language , 1991 .

[28]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[29]  Janusz A. Brzozowski,et al.  Derivatives of Regular Expressions , 1964, JACM.

[30]  Robert Bruce Findler,et al.  Contracts as Pairs of Projections , 2006, FLOPS.

[31]  Cristina V. Lopes,et al.  Aspect-oriented programming , 1999, ECOOP Workshops.

[32]  Samson Abramsky,et al.  Call-by-Value Games , 1997, CSL.

[33]  Ondrej Lhoták,et al.  Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[34]  簡聰富,et al.  物件導向軟體之架構(Object-Oriented Software Construction)探討 , 1989 .

[35]  Koushik Sen,et al.  Rule-Based Runtime Verification , 2004, VMCAI.

[36]  Luca de Alfaro,et al.  Interfaces: A Game-Theoretic Framework for Reasoning About Component-Based Systems , 2004, FOCLASA.

[37]  dizayn İç dekor Design by Contract , 2010 .

[38]  David A. McAllester,et al.  Sound and complete models of contracts , 2006, Journal of Functional Programming.

[39]  Benjamin C. Pierce,et al.  Contracts made manifest , 2012, J. Funct. Program..

[40]  Aaron Turon,et al.  Regular-expression derivatives re-examined , 2009, Journal of Functional Programming.

[41]  Alexander Aiken,et al.  Relational queries over program traces , 2005, OOPSLA '05.

[42]  John L. Bruno,et al.  jContractor: A Reflective Java Library to Support Design by Contract , 1999, Reflection.

[43]  Riccardo Pucella,et al.  Stateful Contracts for Affine Types , 2010, ESOP.

[44]  Fevzi Belli,et al.  Event-Based Input Validation Using Design-by-Contract Patterns , 2009, 2009 20th International Symposium on Software Reliability Engineering.