A sound (and complete) model of contracts

Even in statically typed languages it is useful to have certain invariants checked dynamically. Findler and Felleisen gave an algorithm for dynamically checking expressive higher-order types called contracts. If we postulate soundness (in the sense that whenever a term is accused of violating its contract it really does fail to satisfy it), then their algorithm implies a semantics for contracts. Unfortunately, the implicit nature of the resulting model makes it rather unwieldy.In this paper we demonstrate that a direct approach yields essentially the same semantics without having to refer to contract-checking in its definition. The so-defined model largely coincides with intuition, but it does expose some peculiarities in its interpretation of predicate contracts where a notion of safety (which we define in the paper) "leaks" into the semantics of Findler and Felleisen's original unrestricted predicate contracts.This counter-intuitive aspect of the semantics can be avoided by changing the language, replacing unrestricted predicate contracts with a restricted version. The corresponding loss in expressive power can be recovered by also providing a way of explicitly expressing safety as a contract-either in ad-hoc fashion or, e.g., by including general recursive contracts.

[1]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[2]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[3]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[4]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[5]  Marko C. J. D. van Eekelen,et al.  CLEAN: A language for functional graph writing , 1987, FPCA.

[6]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[7]  Robin Milner,et al.  Definition of standard ML , 1990 .

[8]  Xavier Leroy,et al.  The ZINC experiment : an economical implementation of the ML language , 1990 .

[9]  Robert Hieb,et al.  The Revised Report on the Syntactic Theories of Sequential Control and State , 1992, Theor. Comput. Sci..

[10]  Robert Cartwright,et al.  A practical soft type system for scheme , 1997, TOPL.

[11]  Neil D. Jones,et al.  An introduction to partial evaluation , 1996, CSUR.

[12]  Luca Cardelli,et al.  The Computer Science and Engineering Handbook , 1997 .

[13]  Luca Cardelli,et al.  Comparing Object Encodings , 1997, TACS.

[14]  Jr. Allen B. Tucker,et al.  The Computer Science and Engineering Handbook , 1997 .

[15]  Modular Object-Oriented Programming with Units and Mixins , 1998, ICFP.

[16]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[17]  Robert Bruce Findler,et al.  Modular object-oriented programming with units and mixins , 1998, ICFP '98.

[18]  Matthias Felleisen,et al.  The DrScheme project: an overview , 1998, SIGP.

[19]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[20]  Andrew W. Appel,et al.  An indexed model of recursive types for foundational proof-carrying code , 2001, TOPL.

[21]  Matthias Felleisen,et al.  Contracts for higher-order functions , 2002, ICFP '02.

[22]  Matthias Felleisen,et al.  DrScheme: a programming environment for Scheme , 2002, J. Funct. Program..

[23]  Matthias Felleisen,et al.  An Investigation of Contracts as Projections , 2004 .

[24]  Robert Cartwright,et al.  Soft typing , 2004, SIGP.

[25]  Benjamin C. Pierce,et al.  Advanced Topics In Types And Programming Languages , 2004 .

[26]  A sound (and complete) model of contracts , 2004 .

[27]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.