skip to main content
research-article

Option contracts

Published:29 October 2013Publication History
Skip Abstract Section

Abstract

Many languages support behavioral software contracts so that programmers can describe a component's obligations and promises via logical assertions in its interface. The contract system monitors program execution, checks whether the assertions hold, and, if not, blames the guilty component. Pinning down the violator gets the debugging process started in the right direction. Quality contracts impose a serious run-time cost, however, and programmers therefore compromise in many ways. Some turn off contracts for deployment, but then contracts and code quickly get out of sync during maintenance. Others test contracts randomly or probabilistically. In all cases, programmers have to cope with lack of blame information when the program eventually fails.

In response, we propose option contracts as an addition to the contract tool box. Our key insight is that in ordinary contract systems, server components impose their contract on client components, giving them no choice whether to trust the server's promises or check them. With option contracts, server components may choose to tag a contract as an option and clients may choose to exercise the option or accept it, in which case they also shoulder some responsibility. We show that option contracts permit programmers to specify flexible checking policies, that their cost is reasonable, and that they satisfy a complete monitoring theorem.

References

  1. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system. In CASSIS, pages 49--69, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Beugnard, J.-M. Jézéquel, N. Plouzeau, and D. Watkins. Making components contract aware. IEEE Computer, 32(7): 38--45, July 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. D. L. Detlefs, K. R. M. Leino, G. Nelson, and J. B. Saxe. Extended static checking. Technical Report 158, Compaq SRC Research Report, 1998.Google ScholarGoogle Scholar
  4. C. Dimoulas. Foundations for Behavioral Higher-Order Contracts. PhD thesis, Northeastern University, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. C. Dimoulas and M. Felleisen. On contract satisfaction in a higher-order world. ACM Transactions on Programming Languages and Systems, 33(5):16:1--16:29, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. C. Dimoulas, R. B. Findler, C. Flanagan, and M. Felleisen. Correct blame for contracts: No more scapegoating. In POPL, pages 215--226, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. C. Dimoulas, S. Tobin-Hochstadt, and M. Felleisen. Complete monitors for behavioral contracts. In ESOP, pages 211--230, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Standard ECMA-367 Eiffel: Analysis, Design and Programming Language. Ecma International, 2006.Google ScholarGoogle Scholar
  9. F. Ergün, S. Kannan, S. R. Kumar, R. Rubinfeld, and M. Viswanathan. Spot-checkers. Journal of Computer and System Sciences, 60(3):717--751, 200. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. M. Fähndrich, M. Barnett, and F. Logozzo. Embedded contract languages. In SAC, pages 2103--2110, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. M. Felleisen, R. B. Findler, and M. Flatt. Semantics Engineering with PLT Redex. MIT Press, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. R. B. Findler and M. Felleisen. Contracts for higher-order functions. In ICFP, pages 48--59, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In PLDI, pages 234--245, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Flatt and PLT. Reference: Racket. Reference Manual PLT-TR2010-reference-v5.3.3, PLT Design Inc., February 2013. URL http://racket-lang.org/techreports/.Google ScholarGoogle Scholar
  15. A. George. Three Pitfalls in Java Performance Evaluation. PhD thesis, Ghent University, 2008.Google ScholarGoogle Scholar
  16. M. Greenberg, B. C. Pierce, and S. Weirich. Contracts made manifest. In POPL, pages 353--364, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. J. Gronski and C. Flanagan. Unifying hybrid types and contracts. In TFP, pages 54--69, 2007.Google ScholarGoogle Scholar
  18. R. Hinze, J. Jeuring, and A. Löh. Typed contracts for functional programming. In FLOPS, pages 208--235, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. C. A. R. Hoare. Hints on programming language design. Technical report, Stanford University, 1973. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Ada 2012 Language Reference Manual. International Organization for Standardization, 2012.Google ScholarGoogle Scholar
  21. K. Knowles, A. Tomb, J. Gronski, S. N. Freund, and C. Flanagan. Sage: Unified hybrid checking for first-class types, general refinement types, and dynamic, 2006. URL http://sage.soe.ucsc.edu/.Google ScholarGoogle Scholar
  22. G. T. Leavens, A. L. Baker, and C. Ruby. JML: A notation for detailed design. In Behavioral Specifications of Businesses and Systems, pages 175--188. 1999.Google ScholarGoogle ScholarCross RefCross Ref
  23. B. Meyer. Design by contract. In Advances in Object-Oriented Software Engineering, pages 1--50. Prentice Hall, 1991.Google ScholarGoogle Scholar
  24. B. Meyer. Applying design by contract. IEEE Computer, 25 (10):40--51, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. B. Meyer. Eiffel: The Language. Prentice Hall, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. G. D. Plotkin. LCF considered as a programming language. Theoretical Computer Science, 5(3):223--255, 1977.Google ScholarGoogle ScholarCross RefCross Ref
  27. T. S. Strickland and M. Felleisen. Nested and dynamic contract boundaries. In IFL, pages 141--158, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. T. S. Strickland, S. Tobin-Hochstadt, R. B. Findler, and M. Flatt. Chaperones and impersonators. In OOPSLA, pages 943--962, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. S. Tobin-Hochstadt and M. Felleisen. Interlanguage migration: from scripts to programs. In DLS, pages 964--974, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Tobin-Hochstadt and M. Felleisen. The design and implementation of Typed Scheme. In POPL, pages 395--407, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. S. Tobin-Hochstadt and M. Felleisen. Logical types for un- typed languages. In ICFP, pages 117--128, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. S. Tobin-Hochstadt and D. V. Horn. Higher-order symbolic execution via contracts. In OOPSLA, pages 537--554, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. D. Xu, S. Peyton Jones, and K. Claessen. Static contract checking for Haskell. In POPL, pages 41--52, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Option contracts

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!