Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf ·...
Transcript of Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf ·...
![Page 1: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/1.jpg)
Blame Assignment for Higher-Order Contracts
with Intersection and Union
Albert-Ludwigs-Universitat Freiburg
Matthias Keil Peter Thiemann
University of Freiburg
23 Mar 2015
![Page 2: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/2.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 3: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/3.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 4: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/4.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 5: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/5.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 6: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/6.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 7: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/7.jpg)
Flat Contracts
Examples
Pos = {x | x > 0}
Even = {x | x%2 = 0}
Assertion
M@C : assert contract C to term M
10@Pos −→ 10
10@Even −→ 10
(2− 4)@Pos contract violation (by subject −2)
(2 + 3)@Even contract violation (by subject 5)
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 2 / 34
![Page 8: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/8.jpg)
Higher-Order Contracts [Findler, Felleisen 2002]
Examples
Pos→ Pos Even→ Even Pos→ (Even→ Even)
Assertion (first-order function)
Let f = λx .x − 10
(f @(Pos→ Pos)) 100 −→ 90
(f @(Pos→ Pos)) 10 blame subject f
(f @(Pos→ Pos)) 0 blame context � 0
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 3 / 34
![Page 9: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/9.jpg)
Higher-Order Contracts [Findler, Felleisen 2002]
Examples
Pos→ Pos Even→ Even Pos→ (Even→ Even)
Assertion (first-order function)
Let f = λx .x − 10
(f @(Pos→ Pos)) 100 −→ 90
(f @(Pos→ Pos)) 10 blame subject f
(f @(Pos→ Pos)) 0 blame context � 0
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 3 / 34
![Page 10: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/10.jpg)
Higher-Order Contracts [Findler, Felleisen 2002]
Examples
Pos→ Pos Even→ Even Pos→ (Even→ Even)
Assertion (first-order function)
Let f = λx .x − 10
(f @(Pos→ Pos)) 100 −→ 90
(f @(Pos→ Pos)) 10 blame subject f
(f @(Pos→ Pos)) 0 blame context � 0
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 3 / 34
![Page 11: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/11.jpg)
Higher-Order Contracts [Findler, Felleisen 2002]
Examples
Pos→ Pos Even→ Even Pos→ (Even→ Even)
Assertion (first-order function)
Let f = λx .x − 10
(f @(Pos→ Pos)) 100 −→ 90
(f @(Pos→ Pos)) 10 blame subject f
(f @(Pos→ Pos)) 0 blame context � 0
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 3 / 34
![Page 12: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/12.jpg)
Higher-Order Contracts [Findler, Felleisen 2002]
Examples
Pos→ Pos Even→ Even Pos→ (Even→ Even)
Assertion (first-order function)
Let f = λx .x − 10
(f @(Pos→ Pos)) 100 −→ 90
(f @(Pos→ Pos)) 10 blame subject f
(f @(Pos→ Pos)) 0 blame context � 0
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 3 / 34
![Page 13: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/13.jpg)
Higher-Order Contracts II
Assertion
Let add = λx .λy .x + y and C = Pos→ (Even→ Even)
(add@C ) 0 blame context � 0
((add@C ) 1) 1 blame context (� 1) 1
((add@C ) 1) 0 blame subject add
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 4 / 34
![Page 14: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/14.jpg)
Higher-Order Contracts II
Assertion
Let add = λx .λy .x + y and C = Pos→ (Even→ Even)
(add@C ) 0 blame context � 0
((add@C ) 1) 1 blame context (� 1) 1
((add@C ) 1) 0 blame subject add
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 4 / 34
![Page 15: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/15.jpg)
Higher-Order Contracts II
Assertion
Let add = λx .λy .x + y and C = Pos→ (Even→ Even)
(add@C ) 0 blame context � 0
((add@C ) 1) 1 blame context (� 1) 1
((add@C ) 1) 0 blame subject add
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 4 / 34
![Page 16: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/16.jpg)
Higher-Order Contracts II
Assertion
Let add = λx .λy .x + y and C = Pos→ (Even→ Even)
(add@C ) 0 blame context � 0
((add@C ) 1) 1 blame context (� 1) 1
((add@C ) 1) 0 blame subject add
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 4 / 34
![Page 17: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/17.jpg)
Contracts vs. Types
Contracts ≈ dynamically checked types
flat contracts ≈ subset types
function contracts ≈ function types
Contract work driven by types . . .
pair contracts [Hinze, Loh]
sum contracts
polymorphic contracts [Ahmed, Findler, Guha,Krishnamurthi, Matthews, Wadler]
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 5 / 34
![Page 18: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/18.jpg)
Contracts vs. Types
Contracts ≈ dynamically checked types
flat contracts ≈ subset types
function contracts ≈ function types
Contract work driven by types . . .
pair contracts [Hinze, Loh]
sum contracts
polymorphic contracts [Ahmed, Findler, Guha,Krishnamurthi, Matthews, Wadler]
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 5 / 34
![Page 19: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/19.jpg)
This Work
What about intersection and union types?
Intersection types
modeling overloading
multiple inheritance
Union types
dual of intersection type
domain of overloaded function
XML typing and dynamic typing
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 6 / 34
![Page 20: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/20.jpg)
This Work
What about intersection and union types?
Intersection types
modeling overloading
multiple inheritance
Union types
dual of intersection type
domain of overloaded function
XML typing and dynamic typing
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 6 / 34
![Page 21: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/21.jpg)
This Work
What about intersection and union types?
Intersection types
modeling overloading
multiple inheritance
Union types
dual of intersection type
domain of overloaded function
XML typing and dynamic typing
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 6 / 34
![Page 22: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/22.jpg)
This Work
What about intersection and union types?
Intersection types
modeling overloading
multiple inheritance
Union types
dual of intersection type
domain of overloaded function
XML typing and dynamic typing
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 6 / 34
![Page 23: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/23.jpg)
Intersection Types
Intuition of intersection type
If a term has both type S and T , then it also possesses theintersection type S ∩ T .
A context for M : S ∩ T can choose to treat M as S or T .
Introduction and elimination for intersection [Pierce 1991]
Inter-IA ` V : S A ` V : T
A ` V : S ∩ T
Sub-Inter-L
S ∩ T <: SSub-Inter-R
S ∩ T <: T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 7 / 34
![Page 24: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/24.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 25: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/25.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 26: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/26.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 27: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/27.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 28: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/28.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 29: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/29.jpg)
Intersection for Overloading
An overloaded + operator
+ : Num × Num→ Num
+ : Str × Str → Str
hence + : (Num × Num→ Num) ∩ (Str × Str → Str)
If we had intersection contracts . . .
Let p = +@(Num × Num→ Num) ∩ (Str × Str → Str)
p(17, 4) −→ 21
p(”foo”, ”bar”) −→ ”foobar”
p(17, ”bar”) blame context � (17, ”bar”)
No subject blame because + fulfills the intersection contract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 8 / 34
![Page 30: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/30.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 31: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/31.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 32: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/32.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 33: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/33.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 34: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/34.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 35: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/35.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 36: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/36.jpg)
Blaming Intersection
Let C = (Pos→ Pos) ∩ (Even→ Even)Let f = λx .if x > 2 then x − 10 else x + 1
(f @C ) (−1) blame context
(f @C ) 0 blame subject
(f @C ) 1 −→ 2
(f @C ) 2 blame subject
(f @C ) 3 blame subject
(f @C ) 4 blame subject
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 9 / 34
![Page 37: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/37.jpg)
Blaming Rules for Intersection
Subject blame
L[M@(C ∩ D)] blames the subject iffL[M@C ] blames the subject or L[M@D] blames the subject.
Inter-IA ` V : S A ` V : T
A ` V : S ∩ T
Context blame
F [M@(C ∩ D)] blames the context iffF [M@C ] blames the context and F [M@D] blames the context.
F ::= E [�V ] | . . . an elimination context
Sub-Inter-LS ∩ T <: S
Sub-Inter-RS ∩ T <: T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 10 / 34
![Page 38: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/38.jpg)
Blaming Rules for Intersection
Subject blame
L[M@(C ∩ D)] blames the subject iffL[M@C ] blames the subject or L[M@D] blames the subject.
Inter-IA ` V : S A ` V : T
A ` V : S ∩ T
Context blame
F [M@(C ∩ D)] blames the context iffF [M@C ] blames the context and F [M@D] blames the context.
F ::= E [�V ] | . . . an elimination context
Sub-Inter-LS ∩ T <: S
Sub-Inter-RS ∩ T <: T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 10 / 34
![Page 39: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/39.jpg)
Union Types
Intuition of union type
If a term has type S or T , then it also possesses the uniontype S ∪ T .
A context for M : S ∪T must be able to deal with S and T .
Introduction and elimination for union [Pierce 1991]
Union-EA ` M : S ∪ T A, x : S ` N : R A, x : T ` N : R
A ` let x = M in N : R
Sub-Union-L
S <: S ∪ TSub-Union-R
T <: S ∪ T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 11 / 34
![Page 40: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/40.jpg)
Union Types
Intuition of union type
If a term has type S or T , then it also possesses the uniontype S ∪ T .
A context for M : S ∪T must be able to deal with S and T .
Introduction and elimination for union [Pierce 1991]
Union-EA ` M : S ∪ T A, x : S ` N : R A, x : T ` N : R
A ` let x = M in N : R
Sub-Union-L
S <: S ∪ TSub-Union-R
T <: S ∪ T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 11 / 34
![Page 41: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/41.jpg)
Union Types
Intuition of union type
If a term has type S or T , then it also possesses the uniontype S ∪ T .
A context for M : S ∪T must be able to deal with S and T .
Introduction and elimination for union [Pierce 1991]
Union-EA ` M : S ∪ T A, x : S ` N : R A, x : T ` N : R
A ` let x = M in N : R
Sub-Union-L
S <: S ∪ TSub-Union-R
T <: S ∪ T
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 11 / 34
![Page 42: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/42.jpg)
Blaming Rules for Union
Dualize rules for intersection . . .
Subject blame
E [M@(C ∪ D)] blames the subject iffE [M@C ] blames the subject and E [M@D] blames the subject.Viz. introduction rule.
Context blame
L[M@(C ∪ D)] blames the context iffL[M@C ] blames the context or L[M@D] blames the context.Viz. elimination rules.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 12 / 34
![Page 43: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/43.jpg)
Blaming Rules for Union
Dualize rules for intersection . . .
Subject blame
E [M@(C ∪ D)] blames the subject iffE [M@C ] blames the subject and E [M@D] blames the subject.Viz. introduction rule.
Context blame
L[M@(C ∪ D)] blames the context iffL[M@C ] blames the context or L[M@D] blames the context.Viz. elimination rules.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 12 / 34
![Page 44: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/44.jpg)
Blaming Rules for Union
Dualize rules for intersection . . .
Subject blame
E [M@(C ∪ D)] blames the subject iffE [M@C ] blames the subject and E [M@D] blames the subject.Viz. introduction rule.
Context blame
L[M@(C ∪ D)] blames the context iffL[M@C ] blames the context or L[M@D] blames the context.Viz. elimination rules.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 12 / 34
![Page 45: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/45.jpg)
Blaming Union
Let C = (Pos→ Pos) ∪ (Even→ Even)Let g = λx .x − 4 (fulfills C because it fulfills Even→ Even)⇒ no subject blame arises!
(g@C ) 0 blame context
(g@C ) 1 blame context
(g@C ) (−1) blame context
(g@C ) 2 −→ −2 because of Even→ Even
But there is a further twist . . .
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 13 / 34
![Page 46: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/46.jpg)
Blaming Union
Let C = (Pos→ Pos) ∪ (Even→ Even)Let g = λx .x − 4 (fulfills C because it fulfills Even→ Even)⇒ no subject blame arises!
(g@C ) 0 blame context
(g@C ) 1 blame context
(g@C ) (−1) blame context
(g@C ) 2 −→ −2 because of Even→ Even
But there is a further twist . . .
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 13 / 34
![Page 47: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/47.jpg)
Blaming Union
Let C = (Pos→ Pos) ∪ (Even→ Even)Let g = λx .x − 4 (fulfills C because it fulfills Even→ Even)⇒ no subject blame arises!
(g@C ) 0 blame context
(g@C ) 1 blame context
(g@C ) (−1) blame context
(g@C ) 2 −→ −2 because of Even→ Even
But there is a further twist . . .
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 13 / 34
![Page 48: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/48.jpg)
Blaming Union
Let C = (Pos→ Pos) ∪ (Even→ Even)Let g = λx .x − 4 (fulfills C because it fulfills Even→ Even)⇒ no subject blame arises!
(g@C ) 0 blame context
(g@C ) 1 blame context
(g@C ) (−1) blame context
(g@C ) 2 −→ −2 because of Even→ Even
But there is a further twist . . .
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 13 / 34
![Page 49: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/49.jpg)
Blaming Union
Let C = (Pos→ Pos) ∪ (Even→ Even)Let g = λx .x − 4 (fulfills C because it fulfills Even→ Even)⇒ no subject blame arises!
(g@C ) 0 blame context
(g@C ) 1 blame context
(g@C ) (−1) blame context
(g@C ) 2 −→ −2 because of Even→ Even
But there is a further twist . . .
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 13 / 34
![Page 50: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/50.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 51: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/51.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 52: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/52.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 53: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/53.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 54: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/54.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 55: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/55.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 56: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/56.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
Problem: no single test can detect the violation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 57: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/57.jpg)
Blaming Union II
Let C = (Pos→ Pos) ∪ (Even→ Even)Let h = λx .if x%3 = 0 then − x else x + 1
Observation: h does not fulfill C
h is not Even→ Even because h(2) = 3
h is not Pos→ Pos because h(3) = −3
Blaming
(h@C ) 2 −→ 3 because of Pos→ Pos
(h@C ) 3 blame context: Even violated
(h@C ) 0 blame context: Pos violated
(h@C ) 6 −→ −6 because of Even→ Even
⇒ Union must stick to one alternative
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 14 / 34
![Page 58: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/58.jpg)
A Denotational Model of Contracts
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 15 / 34
![Page 59: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/59.jpg)
Denotational Model of Contracts
Intuition
The semantics of a contract C comprises
1 a set of terms JCK+ that fulfill the contract and
2 a set of contexts JCK− that respect the contract.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 16 / 34
![Page 60: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/60.jpg)
Denotational Model
Flat contracts
1 J{x | P}K+ = {M | (λx .P) M 6−→∗ false}2 J{x | P}K− = {L | L is a context}
Example
JPosK+ = {M | M > 0 6−→∗ false}= {1, 2, 3, . . . } ∪{M | M diverges} ∪{M | (M > 0) gets stuck}
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 17 / 34
![Page 61: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/61.jpg)
Denotational Model
Flat contracts
1 J{x | P}K+ = {M | (λx .P) M 6−→∗ false}2 J{x | P}K− = {L | L is a context}
Example
JPosK+ = {M | M > 0 6−→∗ false}= {1, 2, 3, . . . } ∪{M | M diverges} ∪{M | (M > 0) gets stuck}
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 17 / 34
![Page 62: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/62.jpg)
Denotational Model
Function contracts
1 JC→DK+ = {M | ∀N ∈ JCK+.M N ∈ JDK+
∧ ∀N ∈ JDK−.N [M �] ∈ JCK−}2 JC→DK− = . . .
Standard function interpretation
NEW M acts on contexts by transforming a context thatrespects D into a context that respects C
Set of contexts that respect C→D
promise to only pass argument that fulfill Cpromise to put result in context respecting D
Defined by coinductive inference rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 18 / 34
![Page 63: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/63.jpg)
Denotational Model
Function contracts
1 JC→DK+ = {M | ∀N ∈ JCK+.M N ∈ JDK+
∧ ∀N ∈ JDK−.N [M �] ∈ JCK−}2 JC→DK− = . . .
Standard function interpretation
NEW M acts on contexts by transforming a context thatrespects D into a context that respects C
Set of contexts that respect C→D
promise to only pass argument that fulfill Cpromise to put result in context respecting D
Defined by coinductive inference rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 18 / 34
![Page 64: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/64.jpg)
Denotational Model
Function contracts
1 JC→DK+ = {M | ∀N ∈ JCK+.M N ∈ JDK+
∧ ∀N ∈ JDK−.N [M �] ∈ JCK−}2 JC→DK− = . . .
Standard function interpretation
NEW M acts on contexts by transforming a context thatrespects D into a context that respects C
Set of contexts that respect C→D
promise to only pass argument that fulfill Cpromise to put result in context respecting D
Defined by coinductive inference rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 18 / 34
![Page 65: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/65.jpg)
Denotational Model
Function contracts
1 JC→DK+ = {M | ∀N ∈ JCK+.M N ∈ JDK+
∧ ∀N ∈ JDK−.N [M �] ∈ JCK−}2 JC→DK− = . . .
Standard function interpretation
NEW M acts on contexts by transforming a context thatrespects D into a context that respects C
Set of contexts that respect C→D
promise to only pass argument that fulfill Cpromise to put result in context respecting D
Defined by coinductive inference rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 18 / 34
![Page 66: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/66.jpg)
Denotational Model
Function contracts
1 JC→DK+ = {M | ∀N ∈ JCK+.M N ∈ JDK+
∧ ∀N ∈ JDK−.N [M �] ∈ JCK−}2 JC→DK− = . . .
Standard function interpretation
NEW M acts on contexts by transforming a context thatrespects D into a context that respects C
Set of contexts that respect C→D
promise to only pass argument that fulfill Cpromise to put result in context respecting D
Defined by coinductive inference rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 18 / 34
![Page 67: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/67.jpg)
Contexts for Function Contracts
Selected rules for P = JC→DK−
P-ApplyN ∈ JCK+ E ∈ JDK−
E [�N] ∈ P
P-ReduceN ∈ P M−→ N
M ∈ P
P-IrredM 6−→ M /∈ {E [(λx .N)�],E [�N]}
M ∈ P
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 19 / 34
![Page 68: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/68.jpg)
Contexts for Function Contracts
Selected rules for P = JC→DK−
P-ApplyN ∈ JCK+ E ∈ JDK−
E [�N] ∈ P
P-ReduceN ∈ P M−→ N
M ∈ P
P-IrredM 6−→ M /∈ {E [(λx .N)�],E [�N]}
M ∈ P
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 19 / 34
![Page 69: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/69.jpg)
Contexts for Function Contracts
Selected rules for P = JC→DK−
P-ApplyN ∈ JCK+ E ∈ JDK−
E [�N] ∈ P
P-ReduceN ∈ P M−→ N
M ∈ P
P-IrredM 6−→ M /∈ {E [(λx .N)�],E [�N]}
M ∈ P
M−→ N is context reduction
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 19 / 34
![Page 70: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/70.jpg)
Contexts for Function Contracts
Selected rules for P = JC→DK−
P-ApplyN ∈ JCK+ E ∈ JDK−
E [�N] ∈ P
P-ReduceN ∈ P M−→ N
M ∈ P
P-IrredM 6−→ M /∈ {E [(λx .N)�],E [�N]}
M ∈ P
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 19 / 34
![Page 71: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/71.jpg)
Contexts for Function Contracts II
Beta redexes involving holes
P-Deletex /∈ free(M)
E [(λx .M)�] ∈ P
P-LinearM = F [x ] E [F ] ∈ P
E [(λx .M)�] ∈ P
P-Expand∀F ,V . λx .M = λx .F [x ]⇒ E [F{x 7→ V }] ∈ P
E [(λx .M)�] ∈ P
P-Delete and P-Linear are special cases of P-Expand
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 20 / 34
![Page 72: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/72.jpg)
Contexts for Function Contracts II
Beta redexes involving holes
P-Deletex /∈ free(M)
E [(λx .M)�] ∈ P
P-LinearM = F [x ] E [F ] ∈ P
E [(λx .M)�] ∈ P
P-Expand∀F ,V . λx .M = λx .F [x ]⇒ E [F{x 7→ V }] ∈ P
E [(λx .M)�] ∈ P
P-Delete and P-Linear are special cases of P-Expand
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 20 / 34
![Page 73: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/73.jpg)
Contexts for Function Contracts II
Beta redexes involving holes
P-Deletex /∈ free(M)
E [(λx .M)�] ∈ P
P-LinearM = F [x ] E [F ] ∈ P
E [(λx .M)�] ∈ P
P-Expand∀F ,V . λx .M = λx .F [x ]⇒ E [F{x 7→ V }] ∈ P
E [(λx .M)�] ∈ P
P-Delete and P-Linear are special cases of P-Expand
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 20 / 34
![Page 74: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/74.jpg)
Contexts for Function Contracts II
Beta redexes involving holes
P-Deletex /∈ free(M)
E [(λx .M)�] ∈ P
P-LinearM = F [x ] E [F ] ∈ P
E [(λx .M)�] ∈ P
P-Expand∀F ,V . λx .M = λx .F [x ]⇒ E [F{x 7→ V }] ∈ P
E [(λx .M)�] ∈ P
P-Delete and P-Linear are special cases of P-Expand
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 20 / 34
![Page 75: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/75.jpg)
Semantics of Intersection and Union Contracts
Intersection
1 JC ∩ DK+ = JCK+ ∩ JDK+
2 JC ∩ DK− = JCK− ∪ JDK− ∪ . . .(defined by closing under P-Expand etc)
Union
1 JC ∪ DK+ = JCK+ ∪ JDK+
2 JC ∪ DK− = JCK− ∩ JDK−
Cf. blaming rules and typing rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 21 / 34
![Page 76: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/76.jpg)
Semantics of Intersection and Union Contracts
Intersection
1 JC ∩ DK+ = JCK+ ∩ JDK+
2 JC ∩ DK− = JCK− ∪ JDK− ∪ . . .(defined by closing under P-Expand etc)
Union
1 JC ∪ DK+ = JCK+ ∪ JDK+
2 JC ∪ DK− = JCK− ∩ JDK−
Cf. blaming rules and typing rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 21 / 34
![Page 77: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/77.jpg)
Semantics of Intersection and Union Contracts
Intersection
1 JC ∩ DK+ = JCK+ ∩ JDK+
2 JC ∩ DK− = JCK− ∪ JDK− ∪ . . .(defined by closing under P-Expand etc)
Union
1 JC ∪ DK+ = JCK+ ∪ JDK+
2 JC ∪ DK− = JCK− ∩ JDK−
Cf. blaming rules and typing rules
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 21 / 34
![Page 78: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/78.jpg)
Provable from Denotational Model
Intersection for flat contracts
{x | P} ∩ {x | Q} = {x | P ∧ Q}
Union for flat contracts
{x | P} ∪ {x | Q} = {x | P ∨ Q}
proof: simple calculation
only subject blame
context blame does not arise
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 22 / 34
![Page 79: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/79.jpg)
Contract Monitoring
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 23 / 34
![Page 80: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/80.jpg)
Contract Monitoring
Challenges
Small-step operational semantics
nondeterministic specificationdeterministic implementation (with simulation result)
Gathering blame for intersection and union
Gathering blame across different uses of same union
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 24 / 34
![Page 81: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/81.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 82: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/82.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 83: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/83.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩
one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 84: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/84.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 85: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/85.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 86: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/86.jpg)
Operational Semantics
Reduction relation
%,M 7→ ς,N
M,N terms
%, ς lists of constraints in order of generation
one constraint for each contract operator →, ∪, ∩one constraint for each evaluated flat contract
cannot blame immediately: flat contract may be nested inintersection or union
instead: blame computed from list of constraints
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 25 / 34
![Page 87: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/87.jpg)
Evaluation Rules
Flat contracts
I-Flat
ς,E [V @b flat(M)] −→ ς,E [V @b eval(M V )]
I-Unit
ς,E [V @b eval(W )] −→ b J (W ) : ς,E [V ]
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 26 / 34
![Page 88: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/88.jpg)
Evaluation Rules
Flat contracts
I-Flat
ς,E [V @b flat(M)] −→ ς,E [V @b eval(M V )]
I-Unit
ς,E [V @b eval(W )] −→ b J (W ) : ς,E [V ]
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 26 / 34
![Page 89: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/89.jpg)
Constraint Satisfaction
Solution of a constraint set
µ ∈ (LbM× {subject, context})→ B
for each blame identifier b
assign subject blame and context blame
drawn from B = {t, f}ordered by t @ f
Ordering reflects gathering of information with eachexecution step
False has “more” information because it indicates a failingcontract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 27 / 34
![Page 90: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/90.jpg)
Constraint Satisfaction
Solution of a constraint set
µ ∈ (LbM× {subject, context})→ B
for each blame identifier b
assign subject blame and context blame
drawn from B = {t, f}ordered by t @ f
Ordering reflects gathering of information with eachexecution step
False has “more” information because it indicates a failingcontract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 27 / 34
![Page 91: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/91.jpg)
Constraint Satisfaction
Solution of a constraint set
µ ∈ (LbM× {subject, context})→ B
for each blame identifier b
assign subject blame and context blame
drawn from B = {t, f}ordered by t @ f
Ordering reflects gathering of information with eachexecution step
False has “more” information because it indicates a failingcontract
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 27 / 34
![Page 92: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/92.jpg)
Constraint Satisfaction II
Flat contracts
CT-Flatµ(b.subject) w τ(W ) µ(b.context) w t
µ |= b JW
Raise blame if b is a blame label from the source programand either µ(b.subject) w f or µ(b.context) w f
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 28 / 34
![Page 93: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/93.jpg)
Constraint Satisfaction II
Flat contracts
CT-Flatµ(b.subject) w τ(W ) µ(b.context) w t
µ |= b JW
Raise blame if b is a blame label from the source programand either µ(b.subject) w f or µ(b.context) w f
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 28 / 34
![Page 94: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/94.jpg)
Evaluation Rules
Function contracts
D-Funι1, ι2 6∈ ς
ς,E [(V @b (C→D)) W ]−→ b J (ι1→ ι2) : ς,E [(V (W @ι1 C )) @ι2 D]
Satisfaction for function constraints
CT-Functionµ(b.subject) w µ(ι1.context∧(ι1.subject⇒ι2.subject))
µ(b.context) w µ(ι1.subject∧ι2.context)
µ |= b J ι1→ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 29 / 34
![Page 95: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/95.jpg)
Evaluation Rules
Function contracts
D-Funι1, ι2 6∈ ς
ς,E [(V @b (C→D)) W ]−→ b J (ι1→ ι2) : ς,E [(V (W @ι1 C )) @ι2 D]
Satisfaction for function constraints
CT-Functionµ(b.subject) w µ(ι1.context∧(ι1.subject⇒ι2.subject))
µ(b.context) w µ(ι1.subject∧ι2.context)
µ |= b J ι1→ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 29 / 34
![Page 96: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/96.jpg)
Evaluation Rules
Function contracts
D-Funι1, ι2 6∈ ς
ς,E [(V @b (C→D)) W ]−→ b J (ι1→ ι2) : ς,E [(V (W @ι1 C )) @ι2 D]
Satisfaction for function constraints
CT-Functionµ(b.subject) w µ(ι1.context∧(ι1.subject⇒ι2.subject))
µ(b.context) w µ(ι1.subject∧ι2.context)
µ |= b J ι1→ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 29 / 34
![Page 97: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/97.jpg)
Evaluation Rules
Intersection contracts
D-Interι1, ι2 6∈ ς
ς,E [(V @b (Q ∩ R)) W ]−→ b J (ι1 ∩ ι2) : ς,E [〈(V @ι1 Q) W 8 (V @ι2 R) W 〉]
Reduction proceeds independently in pair components
Shares the constraint list
Intersection constraints
CT-Intersectionµ(b.subject) w µ(ι1.subject∧ι2.subject)µ(b.context) w µ(ι1.context∨ι2.context)
µ |= b J ι1 ∩ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 30 / 34
![Page 98: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/98.jpg)
Evaluation Rules
Intersection contracts
D-Interι1, ι2 6∈ ς
ς,E [(V @b (Q ∩ R)) W ]−→ b J (ι1 ∩ ι2) : ς,E [〈(V @ι1 Q) W 8 (V @ι2 R) W 〉]
Reduction proceeds independently in pair components
Shares the constraint list
Intersection constraints
CT-Intersectionµ(b.subject) w µ(ι1.subject∧ι2.subject)µ(b.context) w µ(ι1.context∨ι2.context)
µ |= b J ι1 ∩ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 30 / 34
![Page 99: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/99.jpg)
Evaluation Rules
Intersection contracts
D-Interι1, ι2 6∈ ς
ς,E [(V @b (Q ∩ R)) W ]−→ b J (ι1 ∩ ι2) : ς,E [〈(V @ι1 Q) W 8 (V @ι2 R) W 〉]
Reduction proceeds independently in pair components
Shares the constraint list
Intersection constraints
CT-Intersectionµ(b.subject) w µ(ι1.subject∧ι2.subject)µ(b.context) w µ(ι1.context∨ι2.context)
µ |= b J ι1 ∩ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 30 / 34
![Page 100: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/100.jpg)
Evaluation Rules
Intersection contracts
D-Interι1, ι2 6∈ ς
ς,E [(V @b (Q ∩ R)) W ]−→ b J (ι1 ∩ ι2) : ς,E [〈(V @ι1 Q) W 8 (V @ι2 R) W 〉]
Reduction proceeds independently in pair components
Shares the constraint list
Intersection constraints
CT-Intersectionµ(b.subject) w µ(ι1.subject∧ι2.subject)µ(b.context) w µ(ι1.context∨ι2.context)
µ |= b J ι1 ∩ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 30 / 34
![Page 101: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/101.jpg)
Evaluation Rules
Intersection contracts
D-Interι1, ι2 6∈ ς
ς,E [(V @b (Q ∩ R)) W ]−→ b J (ι1 ∩ ι2) : ς,E [〈(V @ι1 Q) W 8 (V @ι2 R) W 〉]
Reduction proceeds independently in pair components
Shares the constraint list
Intersection constraints
CT-Intersectionµ(b.subject) w µ(ι1.subject∧ι2.subject)µ(b.context) w µ(ι1.context∨ι2.context)
µ |= b J ι1 ∩ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 30 / 34
![Page 102: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/102.jpg)
Evaluation Rules
Union contracts
Unionι1, ι2 6∈ ς
ς,E [V @b (K[C ∪ D])]−→ b J (ι1 ∪ ι2) : ς,E [〈V @ι1 K[C ] 8 V @ι2 K[D]〉]
All uses of V refer to the same constraint on b
Inconsistent uses of the union are detected
Union constraints
CT-Unionµ(b.subject) w µ(ι1.subject∨ι2.subject)µ(b.context) w µ(ι1.context∧ι2.context)
µ |= b J ι1 ∪ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 31 / 34
![Page 103: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/103.jpg)
Evaluation Rules
Union contracts
Unionι1, ι2 6∈ ς
ς,E [V @b (K[C ∪ D])]−→ b J (ι1 ∪ ι2) : ς,E [〈V @ι1 K[C ] 8 V @ι2 K[D]〉]
All uses of V refer to the same constraint on b
Inconsistent uses of the union are detected
Union constraints
CT-Unionµ(b.subject) w µ(ι1.subject∨ι2.subject)µ(b.context) w µ(ι1.context∧ι2.context)
µ |= b J ι1 ∪ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 31 / 34
![Page 104: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/104.jpg)
Evaluation Rules
Union contracts
Unionι1, ι2 6∈ ς
ς,E [V @b (K[C ∪ D])]−→ b J (ι1 ∪ ι2) : ς,E [〈V @ι1 K[C ] 8 V @ι2 K[D]〉]
All uses of V refer to the same constraint on b
Inconsistent uses of the union are detected
Union constraints
CT-Unionµ(b.subject) w µ(ι1.subject∨ι2.subject)µ(b.context) w µ(ι1.context∧ι2.context)
µ |= b J ι1 ∪ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 31 / 34
![Page 105: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/105.jpg)
Evaluation Rules
Union contracts
Unionι1, ι2 6∈ ς
ς,E [V @b (K[C ∪ D])]−→ b J (ι1 ∪ ι2) : ς,E [〈V @ι1 K[C ] 8 V @ι2 K[D]〉]
All uses of V refer to the same constraint on b
Inconsistent uses of the union are detected
Union constraints
CT-Unionµ(b.subject) w µ(ι1.subject∨ι2.subject)µ(b.context) w µ(ι1.context∧ι2.context)
µ |= b J ι1 ∪ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 31 / 34
![Page 106: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/106.jpg)
Evaluation Rules
Union contracts
Unionι1, ι2 6∈ ς
ς,E [V @b (K[C ∪ D])]−→ b J (ι1 ∪ ι2) : ς,E [〈V @ι1 K[C ] 8 V @ι2 K[D]〉]
All uses of V refer to the same constraint on b
Inconsistent uses of the union are detected
Union constraints
CT-Unionµ(b.subject) w µ(ι1.subject∨ι2.subject)µ(b.context) w µ(ι1.context∧ι2.context)
µ |= b J ι1 ∪ ι2
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 31 / 34
![Page 107: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/107.jpg)
Results
Contract soundness
1 M @[ C ∈ JCK+.
2 L[� @[ C ] ∈ JCK−.
Subject blame soundness (abridged)
Suppose that M ∈ JCK+.If %,E [M @b C ] 7−→∗ ς,N, then JςK(b, subject) v t.
Context blame soundness (abridged)
Suppose that L ∈ JCK−.If %,L[M @b C ] 7−→∗ ς,N, then JςK(b, context) v t.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 32 / 34
![Page 108: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/108.jpg)
Results
Contract soundness
1 M @[ C ∈ JCK+.
2 L[� @[ C ] ∈ JCK−.
Subject blame soundness (abridged)
Suppose that M ∈ JCK+.If %,E [M @b C ] 7−→∗ ς,N, then JςK(b, subject) v t.
Context blame soundness (abridged)
Suppose that L ∈ JCK−.If %,L[M @b C ] 7−→∗ ς,N, then JςK(b, context) v t.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 32 / 34
![Page 109: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/109.jpg)
Results
Contract soundness
1 M @[ C ∈ JCK+.
2 L[� @[ C ] ∈ JCK−.
Subject blame soundness (abridged)
Suppose that M ∈ JCK+.If %,E [M @b C ] 7−→∗ ς,N, then JςK(b, subject) v t.
Context blame soundness (abridged)
Suppose that L ∈ JCK−.If %,L[M @b C ] 7−→∗ ς,N, then JςK(b, context) v t.
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 32 / 34
![Page 110: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/110.jpg)
Further Challenges Addressed
Deal with (A ∪ B) ∩ (C ∪ D)
Solutions don’t increase monotonically when new constraintsare added
Deterministic semantics and simulation
Implementation
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 33 / 34
![Page 111: Blame Assignment for Higher-Order Contracts with ...ajacs.inria.fr/files/2015-03-23-Thiemann.pdf · 3/23/2015 · Keil & Thiemann Blame Assignment for Higher-Order Contracts with](https://reader033.fdocuments.in/reader033/viewer/2022051923/6010a2dcdd20dd7b4c246acf/html5/thumbnails/111.jpg)
Conclusions
First investigation of intersection and union contracts
Novel semantics of contracts (subject, context)
Implemented in TreatJS, a new contract system forJavaScript, which is available on the webhttp://proglang.informatik.uni-freiburg.de/treatjs/
Keil & Thiemann Blame Assignment for Higher-Order Contracts with Intersection and Union23 Mar 2015 34 / 34