3.15 Problem: Contracts

Design a reduction semantics (standard or regular) for a Lambda language with contracts. Here is the syntax:

(define-language Lambda
  (e ::=
     x (lambda (x) e) (e e)
     n (+ e e)
     (if0 e e e)
     (c · e x x)
     (blame x))
  (n ::= number)
  (c ::= num? even? odd? pos? (c -> c))
  (x ::= variable-not-otherwise-mentioned))

The contract primitives are interpreted as follows:

(num? x) checks whether x is a number, not a function
(pos? x) checks whether x is a positive number
(even? x) checks whether x is an even number
(odd? x) checks whether x is an even number

The contract form (c · e x_s x_c) checks contract c on e. If e breaks the contract, the semantics signals a (blame x_s) error; other contract violations signal a (blame x_c) error.

Consider these three examples where the same contracted function works well, is blamed, or blames its context depending on the argument:

(define a-module (term {(even? -> pos?) · (lambda (x) (+ x 1)) server client}))
(define p-good (term [,a-module 2]))
(define p-bad-server (term [,a-module -2]))
(define p-bad-client (term [,a-module 1]))

Work through the examples by hand to find out why the three programs work fine, blame the server, and blame the client for contract violations, respectively.

top ← prev up next →

1	Amb: A Redex Tutorial
2	Long Tutorial
3	Extended Exercises
4	The Redex Reference
5	Automated Testing Benchmark
	Bibliography
	Index

3.1	Problem: Objects
3.2	Solution: Objects
3.3	Problem: Types
3.4	Solution: Types
3.5	Problem: Missionaries and Cannibals
3.6	Solution: Missionaries and Cannibals
3.7	Problem: Towers of Hanoi
3.8	Solution: Towers of Hanoi
3.9	Problem: GC
3.10	Solution: GC
3.11	Problem: Finite State Machines
3.12	Solution: Finite State Machines
3.13	Problem: Threads
3.14	Solution: Threads
3.15	Problem: Contracts
3.16	Solution: Contracts
3.17	Problem: Binary Addition
3.18	Solution: Binary Addition