Contract soundness for object-oriented languages

Robert Bruce Findler; Matthias Felleisen

Contract soundness for object-oriented languages

Robert Bruce Findler^*, Matthias Felleisen

^*Corresponding author for this work

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

70 Scopus citations

Abstract

Checking pre- and post-conditions of procedures and methods at runtime helps improve software reliability. In the procedural world, pre- and post-conditions have a straightforward interpretation. If a procedure's pre-condition doesn't hold, the caller failed to establish the proper context. If a post-condition doesn't hold, the procedure failed to compute the expected result. In the object-oriented world, checking pre- and post-conditions for methods, often called contracts in this context, poses complex problems. Because methods may be overridden, it is not sufficient to check only pre- and post-conditions. In addition, the contract hierarchy must be checked to ensure that the contracts on overriden methods are properly related to the contracts on overriding methods. Otherwise, a class hierarchy may violate the substitution principle, that is, it may no longer be true that an instance of a class is substitutable for objects of the super-class. In this paper, we study the problem of contract enforcement in an object-oriented world from a foundational perspective. More specifically, we study contracts as refinements of types. Pushing the analogy further, we state and prove a contract soundness theorem that captures the essential properties of contract enforcement. We use the theorem to illustrate how most existing tools suffer from a fundamental flaw and how they can be improved.

Original language	English (US)
Title of host publication	Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA
Pages	1-15
Number of pages	15
Volume	36
State	Published - Dec 1 2001
Event	Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2001) - Tampa Bay, FL, United States Duration: Oct 14 2001 → Oct 18 2001

Other

Other	Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2001)
Country/Territory	United States
City	Tampa Bay, FL
Period	10/14/01 → 10/18/01

ASJC Scopus subject areas

Software

Cite this

@inproceedings{86ab8229484e47bea99f59d7061d056b,

title = "Contract soundness for object-oriented languages",

abstract = "Checking pre- and post-conditions of procedures and methods at runtime helps improve software reliability. In the procedural world, pre- and post-conditions have a straightforward interpretation. If a procedure's pre-condition doesn't hold, the caller failed to establish the proper context. If a post-condition doesn't hold, the procedure failed to compute the expected result. In the object-oriented world, checking pre- and post-conditions for methods, often called contracts in this context, poses complex problems. Because methods may be overridden, it is not sufficient to check only pre- and post-conditions. In addition, the contract hierarchy must be checked to ensure that the contracts on overriden methods are properly related to the contracts on overriding methods. Otherwise, a class hierarchy may violate the substitution principle, that is, it may no longer be true that an instance of a class is substitutable for objects of the super-class. In this paper, we study the problem of contract enforcement in an object-oriented world from a foundational perspective. More specifically, we study contracts as refinements of types. Pushing the analogy further, we state and prove a contract soundness theorem that captures the essential properties of contract enforcement. We use the theorem to illustrate how most existing tools suffer from a fundamental flaw and how they can be improved.",

author = "Findler, {Robert Bruce} and Matthias Felleisen",

year = "2001",

month = dec,

day = "1",

language = "English (US)",

volume = "36",

pages = "1--15",

booktitle = "Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA",

note = "Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2001) ; Conference date: 14-10-2001 Through 18-10-2001",

}

TY - GEN

T1 - Contract soundness for object-oriented languages

AU - Findler, Robert Bruce

AU - Felleisen, Matthias

PY - 2001/12/1

Y1 - 2001/12/1

N2 - Checking pre- and post-conditions of procedures and methods at runtime helps improve software reliability. In the procedural world, pre- and post-conditions have a straightforward interpretation. If a procedure's pre-condition doesn't hold, the caller failed to establish the proper context. If a post-condition doesn't hold, the procedure failed to compute the expected result. In the object-oriented world, checking pre- and post-conditions for methods, often called contracts in this context, poses complex problems. Because methods may be overridden, it is not sufficient to check only pre- and post-conditions. In addition, the contract hierarchy must be checked to ensure that the contracts on overriden methods are properly related to the contracts on overriding methods. Otherwise, a class hierarchy may violate the substitution principle, that is, it may no longer be true that an instance of a class is substitutable for objects of the super-class. In this paper, we study the problem of contract enforcement in an object-oriented world from a foundational perspective. More specifically, we study contracts as refinements of types. Pushing the analogy further, we state and prove a contract soundness theorem that captures the essential properties of contract enforcement. We use the theorem to illustrate how most existing tools suffer from a fundamental flaw and how they can be improved.

AB - Checking pre- and post-conditions of procedures and methods at runtime helps improve software reliability. In the procedural world, pre- and post-conditions have a straightforward interpretation. If a procedure's pre-condition doesn't hold, the caller failed to establish the proper context. If a post-condition doesn't hold, the procedure failed to compute the expected result. In the object-oriented world, checking pre- and post-conditions for methods, often called contracts in this context, poses complex problems. Because methods may be overridden, it is not sufficient to check only pre- and post-conditions. In addition, the contract hierarchy must be checked to ensure that the contracts on overriden methods are properly related to the contracts on overriding methods. Otherwise, a class hierarchy may violate the substitution principle, that is, it may no longer be true that an instance of a class is substitutable for objects of the super-class. In this paper, we study the problem of contract enforcement in an object-oriented world from a foundational perspective. More specifically, we study contracts as refinements of types. Pushing the analogy further, we state and prove a contract soundness theorem that captures the essential properties of contract enforcement. We use the theorem to illustrate how most existing tools suffer from a fundamental flaw and how they can be improved.

UR - http://www.scopus.com/inward/record.url?scp=0035552056&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0035552056&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:0035552056

VL - 36

SP - 1

EP - 15

BT - Proceedings of the Conference on Object-Oriented Programming Systems, Languages, and Applications, OOPSLA

T2 - Conference on Object-Oriented Programming, Systems, Languages and Applications (OOPSLA 2001)

Y2 - 14 October 2001 through 18 October 2001

ER -

Contract soundness for object-oriented languages

Abstract

Other

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this