contract monitoring as an effect
play

Contract Monitoring as an Effect Zachary Owens Indiana University - PowerPoint PPT Presentation

Mar 16, 2024 •334 likes •732 views

Contract Monitoring as an Effect Zachary Owens Indiana University Bloomington, IN Higher Order Programming with Effects September 9, 2012 What are contracts? Runtime constraints on values under evaluation Express finer-grained intent than

  1. Contract Monitoring as an Effect Zachary Owens Indiana University Bloomington, IN Higher Order Programming with Effects September 9, 2012

  2. What are contracts? Runtime constraints on values under evaluation Express finer-grained intent than most typing systems allow (arguably, contracts are more elegant in most circumstances) Framework for ensuring assumptions between module boundaries through ownership and obligation

  3. Contracts in Functional Programming Contracts on pure values Contracts on pure functions Higher-order function contracts specify a contract on an argument or arguments and the result of the function Dependent contracts are higher-order function contracts in which the contract of the result is dependent on the argument values (Findler and Felleisen 2002)

  4. Racket Contract Example ( module A rack et ( provide/contract ( f a c t o r i a l ( → natural-number/c natural-number/c) ) ) ( define f a c t o r i a l ( λ (n ) ( i f ( zero ? n ) 1 ( n ( f a c t o r i a l ( sub1 n ) ) ) ) ) ) ) ( module B rack et ( r equire ‘A) ( provide/contract ( f a c t 5 ( and/c natural-number/c (=/c 120) ) ) ) ( define f a c t 5 ( f a c t o r i a l 5) ) )

  5. Racket Contract Example > ( require ‘B) > f5 120 > ( require ‘A) > ( f a c t o r i a l − 1) f a c t o r i a l : c on t r a c t v i o l a t i o n , e x p e c t e d : natural − number/c , g i v e n : − 1 c on t r a c t from: A, blaming: top − level c o n t r a c t : ( → natural − number/c natural − number/c )

  6. Racket Contract Example ( module B rack et ( r equire ‘A) ( provide/contract # | changed to (=/c 0) | # ( f a c t 5 ( and/c natural-number/c (=/c 0) ) ) ) ( define f a c t 5 ( f a c t o r i a l 5) ) ) > ( require ‘B) s e l f − c on t r a c t v i o l a t i o n , e x p e c t e d : ( and/c natural − number/c (=/c 0) ) , given 120 , which isn t (=/c 0) c on t r a c t from: B, blaming: B c o n t r a c t : ( and/c natural − number/c (=/c 0) )

  7. Racket Contract Example ( module A rack et ( provide/contract ( f a c t o r i a l ( → natural-number/c natural-number/c) ) ) ( define f a c t o r i a l ( λ (n ) ( i f ( zero ? n ) − 1 # | changed to − 1 | # ( n ( f a c t o r i a l ( sub1 n ) ) ) ) ) ) ) > ( require ‘A) > ( f a c t o r i a l 5) f a c t o r i a l : s e l f − c on t r a c t v i o l a t i o n , e x p e c t e d : natural − number/c , g i v e n : − 120 c on t r a c t from: A, blaming: A c o n t r a c t : ( → natural − number/c natural − number/c )

  8. Coordinating Contracts The contract monitor is responsible for handling contract satisfaction The monitor is a runtime component Abstraction over ownership and obligation The monitor is responsible for flagging errors when contracts are violated Must keep track of who to blame for a violation (Findler and Felleisen 2002)

  9. Monitor notation Monitor is given an expression and a contract for the expression Keeps track of blame through 3 labels: positive label, negative label, and contract label (Dimoulas et al. 2011) ::= v | x | e e | e + e | e − e | e ∧ e | e e ∨ e | zero ? e | if e e e | ( e , e ) | fst e | snd e | mon l , l κ e | error l l v ::= 0 | 1 | − 1 | . . . | λ x . e | true | false κ ::= flat ( e ) | κ → κ τ ::= o | τ → τ | Contract τ ::= Num | Bool | ( τ, τ ) o

  10. Monitor Typing Rules Γ � e : o → Bool Γ � flat ( e ) : Contract o Γ � κ 1 : Contract τ 1 Γ � κ 2 : Contract τ 2 Γ � κ 1 → κ 2 : Contract ( τ 1 → τ 2 ) Γ � κ : Contract τ Γ � e : τ Γ � mon k , l ( κ, e ) : τ j Γ � error l : τ (Dimoulas et al. 2011)

  11. Desirable Properties of Contracts Meaning Reflection mon κ e ⇓ v = ⇒ e ⇓ v ⇒ mon κ e ⇓ v ∨ mon κ e ⇑ error l Meaning Preservation e ⇓ v = Faithfulness When contract monitoring is enabled, the predicates that compose the contract are guaranteed to be true. Idempotence ( mon κ e ⇓ v = ⇒ mon κ ( mon κ e ) ⇓ v ) ∨ ( mon κ e ⇑ error l = ⇒ mon κ ( mon κ e ) ⇑ error l ) (Degen, Thiemann, and Wehr 2009)

  12. Eager Monitoring Functions contracts are delayed Value contracts are eager Semi-eager monitoring can lead to disaster

  13. Mixing Eager and Delayed Contracts ( module c o n t r a c t rack et ( provide C) ( define pred/c ( λ ( p a i r ) ( < (( car p a i r ) ) (( cdr p a i r ) ) ) ) ) ( define pair/c ( cons/c ( → ( < /c 0) ) any/c ) ) ( define C ( and/c pred/c pair/c) ) ) ( module A rack et ( r equire ‘ c o n t r a c t ) ( provide/contract ( c e l l C) ) ( define c e l l ( cons ( λ () 1) ( λ () 2) ) ) )

  14. Mixing Eager and Delayed Contracts > ( require ‘A) > c e l l ‘(# < p r o c e d u r e . . . > . # < p r o c e d u r e . . . > )

  15. Mixing Eager and Delayed Contracts ( module c o n t r a c t rack et ( provide C) ( define pred/c ( λ ( p a i r ) ( < (( car p a i r ) ) (( cdr p a i r ) ) ) ) ) ( define pair/c ( cons/c ( → ( < /c 0) ) any/c ) ) ( define C ( and/c pred/c pair/c) ) ) ( module A rack et ( r equire ‘ c o n t r a c t ) ( provide/contract ( c e l l C) ) ( define c e l l ( cons ( λ () 1) ( λ () 2) ) ) ) ( module B rack et ( r equire ‘A ‘ c o n t r a c t ) # | re − export c e l l with c o n t r a c t C | # ( provide/contract ( c e l l 2 C) ) ( define c e l l 2 c e l l ) )

  16. Mixing Eager and Delayed Contracts > ( require ‘B) c e l l 2 : s e l f − c on t r a c t v i o l a t i o n , e x p e c t e d : ( < /c 0) , g i v e n : 1 c on t r a c t from: B, blaming: B c o n t r a c t : ( and/c ( cons/c ( → ( < /c 0) ) any/c ) pred/c )

  17. Mixing Eager and Delayed Contracts ( define pred/c ( λ ( p a i r ) ( < (( car p a i r ) ) (( cdr p a i r ) ) ) ) ) ( define pair/c ( cons/c ( → ( < /c 0) ) any/c ) ) ( define C ( and/c pred/c pair/c) ) ( define c e l l ( cons ( λ () 1) ( λ () 2) ) ) 1 mon pred/c cell 2 mon pair/c ( mon pred/c cell ) 3 mon pred/c ( mon pair/c ( mon pred/c cell )) ⇑ error

  18. Idempotent Property mon C e was applied once and allowed to pass the monitor without a violation mon C ( mon C e ) was shown to flag a contract violation Since mon C e and mon C ( mon C e ) yielded different results, the contract system is not idempotent

  19. Mixing Eager and Delayed Contracts ( module c o n t r a c t rack et ( provide C) ( define pred/c ( λ ( p a i r ) ( < (( car p a i r ) ) (( cdr p a i r ) ) ) ) ) ( define pair/c ( cons/c ( → ( < /c 0) ) any/c ) ) # | Notice the ord er of the c o n t r a c t s | # ( define C ( and/c pair/c pred/c) ) ) ( module A rack et ( r equire ‘ c o n t r a c t ) ( provide/contract ( c e l l C) ) ( define c e l l ( cons ( λ () 1) ( λ () 2) ) ) ) (Felleisen 2012)

  20. Mixing Eager and Delayed Contracts > ( require ‘A) c e l l : s e l f − c on t r a c t v i o l a t i o n , e x p ec t e d : ( < /c 0) , g i v e n : 1 c on t r a c t from: A, blaming: A c o n t r a c t : ( and/c ( cons/c ( → ( < /c 0) ) any/c ) pred/c )

  21. Monitoring as an Effect The monitoring of contracts is an effect. 1 The monitor has the ability to raise exceptions. (obvious) 2 The monitor changes the order of evaluation of the expression under a contract. Also, expressions that may not have been evaluated could be evaluated because of the intrusive nature of the contract monitor.

  22. Mixing Contracts The example in which the idempotence property has broken is an example of a contract calling code that is already under a contract Because monitoring a contract for an expression is an effect, the contract is now effectful. This violates our original notion of contracts: only pure value contracts or pure function contracts

  23. Appeal of Idempotence Racket’s immutable data structure contracts are lazy in order to preserve amortized asymptotic behavior of algorithms on these data structures Example: binary search tree invariants The contract monitor makes a few key optimizations that rely on the idempotence of the contracts on the data structure 1 Not check redundant contracts 2 Reduce the overhead of contract checking (Findler, Guo, and Rogers 2008)

  24. Appeal of Idempotence Idempotence holds if conjunction contracts are commutative, namely and/c κ 1 κ 2 = and/c κ 2 κ 1 Idempotence is necessary for contracts on general recursive schemes (such as foldr, the list catamorphism) (Hinze, Jeuring, and L¨ oh 2006)

  25. Monitoring as an Effect The effectful nature of the contract monitor is well-known to implementers (Felleisen 2012) The effects have never been formalized These effects are not obvious to programmers, since the monitor is abstracted Contracts on effectful functions are almost impossible to reason about, since the contract monitor’s effectfulness is not documented or formalized

  26. Solution to Contract Idempotence Must restrict contracts to not be able to write an expression such that adding an additional monitor expression doesn’t cause a different result (error or value). Solutions: Disallow the idempotence guarantee (Felleisen 2012) Don’t allow mon κ e ⇓ v ∨ mon κ e ⇑ error l via types. Thus, mon κ ( mon κ e ) would not be possible. (Degen, Thiemann, and Wehr 2009) Delay the execution of both function and predicate contracts (Degen, Thiemann, and Wehr 2009) Use contract monitoring as a logging mechanism rather than a satisfaction mechanism (Disney, Flanagan, and McCarthy 2011)

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Beam-Beam Interaction D. Schulte (CERN) Pinch Effect Beamstrahlung Imperfect

Beam-Beam Interaction D. Schulte (CERN) Pinch Effect Beamstrahlung Imperfect

Beam-Beam Interaction D. Schulte (CERN) Pinch Effect Beamstrahlung Imperfect Collisions Banana Effect Secondary Production Luminosity Monitoring Supported by ELAN, EU contract number RII3-CT-2003-506395 Beam Parameters at

727 views • 46 slides
Contract Disclosure and Monitoring A Presentation by Raphael B.T . Mgaya JURISolutions &amp;

Contract Disclosure and Monitoring A Presentation by Raphael B.T . Mgaya JURISolutions &amp;

Contract Disclosure and Monitoring A Presentation by Raphael B.T . Mgaya JURISolutions &amp; Associates Attorneys Email: mgaya@jurisolution.co.tz Tel: +255788523649 At the Workshop Organized by the Tanganyika Law Society March 2019

616 views • 24 slides
CONTRACT MONITORING Jennifer Berrios, Luke Madonna, Stephan Ramcharran, &amp; Mike Wood 1 1

CONTRACT MONITORING Jennifer Berrios, Luke Madonna, Stephan Ramcharran, &amp; Mike Wood 1 1

10/17/2019 CONTRACT MONITORING Jennifer Berrios, Luke Madonna, Stephan Ramcharran, &amp; Mike Wood 1 1 Why are we here? We are here because we have a duty and mission to carry out. Todays duty and mission: Learn about monitoring 2

506 views • 47 slides
Effect of implanted device-based impedance monitoring with telemedicine alerts on mortality and

Effect of implanted device-based impedance monitoring with telemedicine alerts on mortality and

Effect of implanted device-based impedance monitoring with telemedicine alerts on mortality and morbidity in heart failure (OptiLink HF) Michael Bhm, Helmut Drexler, Hanno Oswald, Karin Rybak, Ralph Bosch, Christian Butter, Gunnar Klein,

406 views • 27 slides
Citizens Role: Procurement &amp; Contract Monitoring Zafrul Islam Lead Procurement Specialist

Citizens Role: Procurement &amp; Contract Monitoring Zafrul Islam Lead Procurement Specialist

Citizens Role: Procurement &amp; Contract Monitoring Zafrul Islam Lead Procurement Specialist Governance- SIP SARPPC, Colombo, Feb20, 2017 Key Session Parts Context- why citizen engagement? Use of public fund and citizens perception

443 views • 15 slides
EUR EURO 5 O 5 EFFE EFFECT CT ST STUD UDY FOR Y FOR L-CA CATE TEGOR GORY Y VEHIC

EUR EURO 5 O 5 EFFE EFFECT CT ST STUD UDY FOR Y FOR L-CA CATE TEGOR GORY Y VEHIC

EUR EURO 5 O 5 EFFE EFFECT CT ST STUD UDY FOR Y FOR L-CA CATE TEGOR GORY Y VEHIC VEHICLE LES MCWG meeting 11 May 2016 in Brussels Specific Contract No. SI2.713570 Euro 5 Effect study for L - category vehicles PR PROJ OJEC

641 views • 17 slides
Statussen in snapshot voor premiejaar 2019 Used contract: Not used Used Request

Statussen in snapshot voor premiejaar 2019 Used contract: Not used Used Request

INFOSS Statussen snapshot (UC15) Leen Van Looveren 05/05/2020 1 Definities herhaling (UC02) Used contract: contract on which the NIHDI premium will be transferred if nothing would change before the payment day Valid contract: a contract

377 views • 16 slides
Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution

Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution

Contract Termination / Renewal Decisions Life of a contract Contract life Contract Execution period Reporting Time Implementation closure activities period Warranty Contract period Signature (supply) or defect liability period

289 views • 12 slides
Your Contract in Litigation You Negotiated and Executed a Contract and Now that Contract is in

Your Contract in Litigation You Negotiated and Executed a Contract and Now that Contract is in

From Boardroom to Courtroom: Your Contract in Litigation You Negotiated and Executed a Contract and Now that Contract is in Litigation, What Does that Mean for Your Company? Michelle D. Gambino | Greenberg Traurig, LLP | GambinoM@gtlaw.com

445 views • 25 slides
February 19, 2016 1. CDPHE Program, Contract &amp; Fiscal Staff Introductions 2. Roles and

February 19, 2016 1. CDPHE Program, Contract &amp; Fiscal Staff Introductions 2. Roles and

February 19, 2016 1. CDPHE Program, Contract &amp; Fiscal Staff Introductions 2. Roles and Responsibilities 3. Amendment to Contract 4. Budgeting and Invoicing 5. Compliance Monitoring 6. WIWO Operations Funding Overview 7. Reporting Emily

567 views • 20 slides
BAL NC monitoring report 2017 4 th joint ENTSOG/ACER workshop on Gas Balancing Arjan Kleine

BAL NC monitoring report 2017 4 th joint ENTSOG/ACER workshop on Gas Balancing Arjan Kleine

Brussels, 12 June 2018 BAL NC monitoring report 2017 4 th joint ENTSOG/ACER workshop on Gas Balancing Arjan Kleine Market Advisor BAL NC Monitoring report Implementation monitoring report Effect monitoring report 2 Delivering

338 views • 19 slides
1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

1 FLP Partial Intuition Implication for fair exchange Quote from paper: Need a trusted

TECS Week 2005 Contract Signing Two parties want to sign a contract Contract-Signing Protocols Multi-party signing is more complicated The contract is known to both parties The protocols we will look at are not for contract

402 views • 7 slides
Article 1-Preamble Contract effec+ve by July 1 st and in full

Article 1-Preamble Contract effec+ve by July 1 st and in full

Article 1-Preamble Contract effec+ve by July 1 st and in full force and effect un+l June 30, 2018. Article 2-Recognition Commi&gt;ee created to determine

888 views • 15 slides
Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every

Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every

Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every software element is intended to satisfy a certain goal, for the benefit of other software elements (and ultimately of human users). This goal is the

449 views • 19 slides
Contract Types and Contract Management Richard Foster VGSO Seminar 26 July 2007 Contract Types

Contract Types and Contract Management Richard Foster VGSO Seminar 26 July 2007 Contract Types

Contract Types and Contract Management Richard Foster VGSO Seminar 26 July 2007 Contract Types and Contract Management + Contract Types, Relationships and Enhancing Value + Contract Types A new view What does this mean for contract

753 views • 25 slides
A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY

A competitive advantage for your company through Third Party Monitoring ODIS THIRD PARTY (CONTRACT) MANAGEMENT (TPM) Index Introduction Complexity, governance and risk Past, Present and Future, where are you in the evolution?

295 views • 15 slides
CISC 3595 Operating System Spring, 2015 Chapter 3: Important Concepts (3/29/2015) 1 Memory

CISC 3595 Operating System Spring, 2015 Chapter 3: Important Concepts (3/29/2015) 1 Memory

CISC 3595 Operating System Spring, 2015 Chapter 3: Important Concepts (3/29/2015) 1 Memory from programmers perspective: you already know these: Code (functions) and data are loaded into memory when the program is being executed.

194 views • 7 slides
02291: System Integration Acceptance Tests Hubert Baumeister huba@dtu.dk DTU Compute Technical

02291: System Integration Acceptance Tests Hubert Baumeister huba@dtu.dk DTU Compute Technical

02291: System Integration Acceptance Tests Hubert Baumeister huba@dtu.dk DTU Compute Technical University of Denmark Spring 2019 Contents Acceptance Tests Introduction Fit and Fitnesse Why testing? Validation testing Tests that

448 views • 20 slides
1 7/20/2014 3D sensing: Kinect TM Kinect IR projection CMU Summer School 7.2014 Blake

1 7/20/2014 3D sensing: Kinect TM Kinect IR projection CMU Summer School 7.2014 Blake

7/20/2014 Virtual Fixtures in Robotic III. Intelligent Augmentation Surgery Hawkeye King, Sina Nia Kosari, Fredrik Ryden, Howard Chizeck Goals Sensor-based real-time guidance Shared human-machine control Improved safety CMU

259 views • 10 slides
Abstract How do you ensure your applications meet the expectations of your key customers? In this

Abstract How do you ensure your applications meet the expectations of your key customers? In this

ACCEPTANCE TESTING APPLICATION BEHAVIOR Abstract How do you ensure your applications meet the expectations of your key customers? In this session we will explore using the FIT tool and Behavior Driven Design tools to do exactly this. Unit

843 views • 29 slides
Brain inspired Deep Learning Architectures Alex Movila Conventional artificial neural networks

Brain inspired Deep Learning Architectures Alex Movila Conventional artificial neural networks

Brain inspired Deep Learning Architectures Alex Movila Conventional artificial neural networks Inspired by the biological brain Benchmarked on tasks solved by the biological brain ...but compute in a fundamentally different

741 views • 71 slides
Advancing Australian biosecurity and trade with phytosanitary irradiation Ben Reilly, Oct 2020

Advancing Australian biosecurity and trade with phytosanitary irradiation Ben Reilly, Oct 2020

Advancing Australian biosecurity and trade with phytosanitary irradiation Ben Reilly, Oct 2020 Who is Steritech? Private, family owned Australian company 50 years experience in delivering irradiation services Operations in three states

759 views • 38 slides
On BML: The oxen are slow, but the Earth is patient. A sponsor s perspective on BML

On BML: The oxen are slow, but the Earth is patient. A sponsor s perspective on BML

U.S .S. . ARMY On BML: The oxen are slow, but the Earth is patient. A sponsor s perspective on BML development and application Dr. Amy E. Henninger Technical Advisor, Center for Army Analysis Controlling UGVs in Boston U.S .S.

451 views • 11 slides
in the Cloud (TAFC 2013) Agenda 6 th June 2013 8:45 - 9:00 Welcome and Overview Jim Clarke,

in the Cloud (TAFC 2013) Agenda 6 th June 2013 8:45 - 9:00 Welcome and Overview Jim Clarke,

International Workshop on Trustworthiness, Accountability and Forensics in the Cloud (TAFC 2013) Agenda 6 th June 2013 8:45 - 9:00 Welcome and Overview Jim Clarke, Waterford Institute of Technology and Rebecca Wright, Rutgers University

192 views • 4 slides

More recommend