A Type and Effect System for Contract Monitoring
Cameron Swords
Abstract
Behavioral contracts have long been heralded as a transparent mechanism which can only affect the semantics of programs by detecting contract violations. This claim persists despite several results going back at least five years that point out to the “effectful” nature of contracts. Indeed, in a typical contract system, the predicates embedded in contracts are sliced and diced and scattered around the program to be enforced or not depending on various, apparently unrelated, control and data flow decisions. In addition, practical contract systems allow the contract writer to execute code and explore data structures that would not have otherwise been executed or explored. Previous attempts to address this problem have focused on devising restrictions on contracts to tame their effects. In this paper, we explore an alternative approach that accepts current implementations of practical contract systems “as is.” Technically, we design and implement a contract system in which contracts specify, not just what predicate to check, but also how to check it, along with a type system that tracks which checks have been performed and which have been deferred. The system unifies and subsumes various previous approaches and explains the semantics of realistic contract systems that employ various strategies for enforcing contracts.