Abstract
Contracts have proved to be an effective mechanism that helps developers in identifying those modules of a program that violate the contracts of the functions and objects they use. In recent years, sessions have established as a key mechanism for realizing inter-module communications in concurrent programs. Just like values flow into or out of a function or object, messages are sent on, and received from, a session endpoint. Unlike conventional functions and objects, however, the kind, direction, and properties of messages exchanged in a session may vary over time, as the session progresses. This feature of sessions calls for contracts that evolve along with the session they describe. In this work, we extend to sessions the notion of chaperone contract (roughly, a contract that applies to a mutable object) and investigate the ramifications of contract monitoring in a higher-order language that features sessions. We give a characterization of correct module, one that honors the contracts of the sessions it uses, and prove a blame theorem. Guided by the calculus, we describe a lightweight implementation of monitored sessions as an OCaml module with which programmers can benefit from static session type checking and dynamic contract monitoring using an off-the-shelf version of OCaml.
Highlights
The design-by-contract approach to software development [Meyer 1992] promotes the usage of executable specifications called contracts to describe the mutual obligations that regulate the interaction between different modules
We extend to sessions the notion of chaperone contract and investigate the ramifications of contract monitoring in a higher-order language that features sessions
Its characterizing aspect is that the contract wrapping a session endpoint must be dynamically updated at runtime, as the session progresses
Summary
Though, the order in which these operations can be performed is disciplined by a protocol specification called session type. The type of exchanged messages may change over time For these reasons, sessions are more closely related to non-uniform objects [Gay et al 2010; Ravara and Vasconcelos 2000], whose interface changes according to their state. We define a core functional language called λCoS featuring runtime contract monitoring for higher-order sessions in the style of Findler and Felleisen [2002] and Strickland et al [2012]. We give an operational characterization of locally correct modules, namely modules that honor the contracts of the sessions they use. The implementation supports runtime contract monitoring in the presence of higher-order sessions and its key aspects are portable to other programming languages as well. Supplementary technical material and proofs of the results presented in Sections 3ś6 can be found in the companion technical report [Melgratti and Padovani 2017]
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call