SlideShare ist ein Scribd-Unternehmen logo

TreatJS: Higher-Order Contracts for JavaScripts

Matthias Keil
Matthias Keil

The document describes TreatJS, a language for specifying and enforcing higher-order contracts for JavaScript. It discusses base contracts, function contracts, intersection contracts, union contracts, and how blame is calculated for contract violations. TreatJS allows defining contracts using standard abstractions like dependent contracts while ensuring contracts cannot interfere with program execution through sandboxing.

Technologie
1 von 61
Downloaden Sie, um offline zu lesen
TreatJS Higher-Order Contracts for JavaScript Roman Matthias Keil, Peter Thiemann University of Freiburg, Germany July 8, 2015, The European Conference on Object-Oriented Programming, ECOOP 2015 Prague, Czech Republic
Introduction Contract Specifies the interface of a software component Obligations - Benefits TreatJS Language embedded contract system for JavaScript Enforced by run-time monitoring Inspired by existing contract systems Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 18
Features Standard abstractions for higher-order-contracts (base, function, and dependent contracts) [Findler,Felleisen’02] Intersection and union contracts Side-effect free contract execution Contract constructors generalize dependent contracts Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 3 / 18
Base Contract [Findler,Felleisen’02] Base Contracts are built from predicates Specified by a plain JavaScript function 1 function isNumber (arg) { 2 return (typeof arg) === ’number’; 3 }; 4 var Number = Contract.Base(isNumber); 5 assert(1, Number ); 6 assert(’a’, Number ); blame the subject Subject v gets blamed for Base Contract B iff: B(v) = true Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 18
Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 var plus = assert(plus, 6 Contract.Function([ Number , Number ], Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(’a’, ’a’); blame the context Context gets blamed for C → C iff: Argument x gets blamed for C (as subject) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(0, 1); blame the subject Subject f gets blamed for C → C iff: ¬ (Context gets blamed C) ∧ (f (x) gets blamed C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
TreatJS New! Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 18
Overloaded Operator Function plus works for strings, too Requies to model overloading and multiple inheritances 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(’a’, ’a’); blame the context Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 7 / 18
Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } 5 var plus = assert(plus, Contract.Intersection( 6 Contract.Function([ Number , Number ], Number ) 7 Contract.Function([ String , String ], String )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(true, true); blame the context Context gets blamed for C ∩ C iff: (Context gets blamed for C) ∧ (Context gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(0, 1); blame the subject Subject f gets blamed for C ∩ C iff: (f gets blamed for C) ∨ (f gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 var plusBroken = assert(plusBroken, Contract.Union( 6 Contract.Function([ Number , Number ], Number ) 7 Contract.Function([ Number , Number ], String )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(’a’, ’a’); blame the context Context gets blamed for C ∪ C iff: (Context gets blamed for C) ∨ (Context gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(1, 1); 6 plusBroken(0, 1); blame the subject Subject f gets blamed for C ∪ C iff: (f gets blamed for C) ∧ (f gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 1 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 2 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 3 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
Blame Calculation Contract assertion must connect each contract with the enclosing operations Callback implements a constraint and links each contracts to its next enclosing operation Reports a record containing two fields, context and subject Fields range over B4 = {⊥, f, t, } [Belnap’1977] Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 11 / 18
Callback Graph 1 (Number → Number) ∩ (String → String) 2 function addOneBroken (x) { 3 return (x + ’1’); 4 } 5 addOneBroken(’a’); 6 addOneBroken(1); blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,t) (f,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,f) (t,t) (f,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,f) (t,t) (t,t) (f,t) (t,t) (t,t) (t,t)(t,t) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,f) (⊥,⊥) (f,t) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,t) (t,f) (⊥,⊥) (f,t) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,f) (t,f) (t,f) (f,t) (t,f) (t, ) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
Non-Interference No syntactic restrictions on predicates Problem: Contract may interfere with program execution Solution: Predicate evaluation takes place in a sandbox 1 function isNumber (arg) { 2 type = (typeof arg); 3 return type === ’number’; 4 }; 5 var Number = Contract.Base(isNumber); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 13 / 18
Non-Interference No syntactic restrictions on predicates Problem: Contract may interfere with program execution Solution: Predicate evaluation takes place in a sandbox 1 function isNumber (arg) { 2 type = (typeof arg); access forbidden 3 return type === ’number’; 4 }; 5 var Number = Contract.Base(isNumber); 6 assert(1, Number ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 13 / 18
Sandbox All contracts guarantee noninterference Read-only access is safe 1 var Array = Contract.Base(function (arg) { 2 return (arg instanceof Array); access forbidden 3 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 14 / 18
Sandbox All contracts guarantee noninterference Read-only access is safe 1 var Array = Contract.Base(function (arg) { 2 return (arg instanceof OutsideArray); 3 }); 4 var Array = Contract.With({OutsideArray:Array}, Array ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 14 / 18
Contract Constructor Building block for dependent, parameterized, abstract, and recursive contracts Constructor gets evaluated in a sandbox, like a predicate Returns a contract No further sandboxing for predicates 1 var Type = Contract.Constructor(function (type) { 2 return Contract.Base(function (arg) { 3 return (typeof arg) === type; 4 }); 5 }); 6 var Number = Type (’number’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 15 / 18
Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); 8 var Plus = assert(plus, Plus ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); 8 var Plus = assert(plus, Plus ); 9 Plus( Number )(1, 2); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
Dependent Contract 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Type = Contract.Constructor(function(x, y) { 6 return Contract.Base(function (arg) { 7 return ((typeof x) === (typeof y)) 8 ((typeof x) === (typeof arg)); 9 }); 10 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 17 / 18
Dependent Contract 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Type = Contract.Constructor(function(x, y) { 6 return Contract.Base(function (arg) { 7 return ((typeof x) === (typeof y)) 8 ((typeof x) === (typeof arg)); 9 }); 10 }); 11 var plus = assert(plus, Contract.Dependent( Type )); 12 plus(1, 2); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 17 / 18
Conclusion TreatJS: Language embedded, dynamic, higher-order contract system for full JavaScript Support for intersection and union contracts Systematic blame calculation Composable sandboxing that guarantees non-interference Contract constructors with local scope Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 18 / 18
Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); 3 var faultyObj.length; blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); 3 var faultyObj.length = ’2’; blame the context Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
Function Contract Function Contract is build from one contract for the domain and one contract for the range of a function An Object Contract serves as the domain portion of a Function Contract with zero or more arguments AFunction defines an Object Contract from the array 1 Contract.AFunction([ Number , Number ], Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 6
Function Contract Function Contract is build from one contract for the domain and one contract for the range of a function An Object Contract serves as the domain portion of a Function Contract with zero or more arguments AFunction defines an Object Contract from the array 4 Contract.AFunction([ Number , Number ], Number )); 5 Contract.Function( 6 Contract.AObject([ Number , Number ]), Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 6
Recursive Contract Similar to Constructors Unrolls the constructor when asserted Contract is given as argument to the constructor 1 var LinkedList = Contract.Recursive( 2 Contract.Constructor(function( LinkedList ) { 3 return Contract.AObject({ 4 value: Number , 5 next: LinkedList }); 6 })); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 3 / 6
Scores Benchmark Full System Baseline Richards 0.391 0.519 11142 DeltaBlue 0.276 0.360 17462 Crypto 11888 12010 11879 RayTrace 1.09 1.45 23896 EarleyBoyer 5135 5292 5370 RegExp 1208 1181 1207 Splay 20.6 27.8 9555 SplayLatency 73.1 99.7 6289 NavierStokes 6234 7159 12612 pdf.js 9191 9257 9236 Mandreel 12555 12542 12580 MandreelLatency 18741 18883 19398 Gameboy Emulator 6.80 9.07 23801 Code loading 6245 6785 9324 Box2DWeb 3.57 4.67 12528 zlib 29108 28708 29185 TypeScript 187 248 11958 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 6
Scores Benchmark Full w/o C w/o D w/o M w/o P Richards 0.391 0.582 0.782 0.781 0.903 DeltaBlue 0.276 0.409 0.544 0.544 0.625 Crypto 11888 11912 11914 11986 11979 RayTrace 1.09 1.82 2.51 2.51 3.02 EarleyBoyer 5135 5126 5205 5233 5242 RegExp 1208 1205 1199 1212 1178 Splay 20.6 31.2 42.5 42.5 49.7 SplayLatency 73.1 109 151 151 177 NavierStokes 6234 7924 9176 8943 9456 pdf.js 9191 9548 9156 9222 9152 Mandreel 12555 12586 12549 12346 12431 MandreelLatency 18741 18741 18883 19027 18955 Gameboy Emulator 6.80 10.8 14.9 14.9 17.7 Code loading 6245 6937 7372 7335 7533 Box2DWeb 3.57 5.72 7.80 7.82 9.19 zlib 29108 29025 29047 28926 29063 TypeScript 187 290 400 396 463 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 6
Statistic Benchmark Contract A I P Richards 24 1599377224 935751200 DeltaBlue 54 2319477672 1340451212 Crypto 1 5 3 RayTrace 42 687240082 509234422 EarleyBoyer 3944 89022 68172 RegExp 0 0 0 Splay 10 11620663 7067593 SplayLatency 10 11620663 7067593 NavierStokes 51 48334 39109 pdf.js 3 15 9 Mandreel 7 57 28 MandreelLatency 7 57 28 Gameboy Emulator 3206 141669753 97487985 Code loading 5600 34800 18400 Box2DWeb 20075 172755100 112664947 zlib 0 0 0 TypeScript 4 12673644 8449090 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
Statistic Benchmark Sandbox M D Richards 4678756000 4 DeltaBlue 6702256060 5 Crypto 15 3 RayTrace 2546172110 4 EarleyBoyer 340860 6 RegExp 0 0 Splay 35337965 5 SplayLatency 35337965 5 NavierStokes 195545 5 pdf.js 45 4 Mandreel 140 4 MandreelLatency 140 4 Gameboy Emulator 487439925 5 Code loading 92000 4 Box2DWeb 563324735 5 zlib 0 0 TypeScript 42245450 2 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
Statistic Benchmark Callback Richards 3351504000 DeltaBlue 4744203248 Crypto 13 RayTrace 2190186074 EarleyBoyer 309120 RegExp 0 Splay 26231845 SplayLatency 26231845 NavierStokes 177197 pdf.js 39 Mandreel 128 MandreelLatency 128 Gameboy Emulator 399084085 Code loading 70400 Box2DWeb 469141435 zlib 0 TypeScript 33796350 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
Timings Benchmark Full Baseline Richards 1 day, 18 hours, 21 min, 20 sec 8 sec DeltaBlue 2 days, 10 hours, 36 min, 49 sec 4 sec Crypto 9 sec 8 sec RayTrace 23 hours, 12 min, 37 sec 4 sec EarleyBoyer 1 min, 9 sec 53 sec RegExp 9 sec 8 sec Splay 19 min, 19 sec 3 sec SplayLatency 19 min, 19 sec 3 sec NavierStokes 11 sec 4 sec pdf.js 6 sec 6 sec Mandreel 5 sec 5 sec MandreelLatency 5 sec 5 sec Gameboy Emulator 4 hours, 28 min, 28 sec 5 sec Code loading 12 sec 9 sec Box2DWeb 5 hours, 19 min, 49 sec 6 sec zlib 11 sec 11 sec TypeScript 22 min, 46 sec 24 sec Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 6
Timings Benchmark Predicate Baseline Richards 1 day, 6 hours, 59 min, 42 sec 8 sec DeltaBlue 1 day, 20 hours, 58 min, 17 sec 4 sec Crypto 8 sec 8 sec RayTrace 17 hours, 1 min, 25 sec 4 sec EarleyBoyer 1 min, 3 sec 53 sec RegExp 8 sec 8 sec Splay 13 min, 55 sec 3 sec SplayLatency 13 min, 55 sec 3 sec NavierStokes 9 sec 4 sec pdf.js 6 sec 6 sec Mandreel 5 sec 5 sec MandreelLatency 5 sec 5 sec Gameboy Emulator 3 hours, 13 min, 13 sec 5 sec Code loading 12 sec 9 sec Box2DWeb 3 hours, 52 min, 34 sec 6 sec zlib 12 sec 11 sec TypeScript 17 min, 8 sec 24 sec Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 6

Empfohlen

Chapter 05 computer arithmetic 2o-p
Chapter 05 computer arithmetic 2o-pChapter 05 computer arithmetic 2o-p
Chapter 05 computer arithmetic 2o-p
IIUI
 
Paillier Cryptosystem
Paillier CryptosystemPaillier Cryptosystem
Paillier Cryptosystem
Dejan Radic
 
Matlab integration
Matlab integrationMatlab integration
Matlab integration
pramodkumar1804
 
3 analysis.gtm
3 analysis.gtm3 analysis.gtm
3 analysis.gtm
Natarajan Angappan
 
Admission for b.tech
Admission for b.techAdmission for b.tech
Admission for b.tech
Edhole.com
 
Algorithm Assignment Help
Algorithm Assignment HelpAlgorithm Assignment Help
Algorithm Assignment Help
Programming Homework Help
 
Traversing on Algebraic Datatype
Traversing on Algebraic DatatypeTraversing on Algebraic Datatype
Traversing on Algebraic Datatype
Yun-Yan Chi
 
Lec9
Lec9Lec9
Lec9
Nikhil Chilwant
 

Empfohlen

Chapter 05 computer arithmetic 2o-p
Chapter 05 computer arithmetic 2o-pChapter 05 computer arithmetic 2o-p
Chapter 05 computer arithmetic 2o-p
IIUI
 
Paillier Cryptosystem
Paillier CryptosystemPaillier Cryptosystem
Paillier Cryptosystem
Dejan Radic
 
Matlab integration
Matlab integrationMatlab integration
Matlab integration
pramodkumar1804
 
3 analysis.gtm
3 analysis.gtm3 analysis.gtm
3 analysis.gtm
Natarajan Angappan
 
Admission for b.tech
Admission for b.techAdmission for b.tech
Admission for b.tech
Edhole.com
 
Algorithm Assignment Help
Algorithm Assignment HelpAlgorithm Assignment Help
Algorithm Assignment Help
Programming Homework Help
 
Traversing on Algebraic Datatype
Traversing on Algebraic DatatypeTraversing on Algebraic Datatype
Traversing on Algebraic Datatype
Yun-Yan Chi
 
Lec9
Lec9Lec9
Lec9
Nikhil Chilwant
 
Legionella case study (1)
Legionella case study (1)Legionella case study (1)
Legionella case study (1)
Daman Baidwan
 
Final Portfolio-Jacob Rust
Final Portfolio-Jacob RustFinal Portfolio-Jacob Rust
Final Portfolio-Jacob Rust
jar91
 
Lucas Kratochwil - Portfolio
Lucas Kratochwil - PortfolioLucas Kratochwil - Portfolio
Lucas Kratochwil - Portfolio
Lucas Kratochwil
 
McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5
Jack Armstrong
 
TreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScriptTreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScript
Matthias Keil
 
Yourprezias
YourpreziasYourprezias
Yourprezias
Caamýla Fraancisca
 
Charles Dickens
Charles DickensCharles Dickens
Charles Dickens
marcobaraccani95
 
“oxford”
“oxford”“oxford”
“oxford”
Jose Luis Ortiz Tellez
 
Introduction of MS Word
Introduction of MS WordIntroduction of MS Word
Introduction of MS Word
Pakeeza Noor
 
ковалев презентация
ковалев презентацияковалев презентация
ковалев презентация
Stepan07
 
Top 8 head concierge resume samples
Top 8 head concierge resume samplesTop 8 head concierge resume samples
Top 8 head concierge resume samples
parrijom
 
инновационная площадка
инновационная площадкаинновационная площадка
инновационная площадка
Наталья Рудь
 
Psychological process
Psychological processPsychological process
Psychological process
Sameer Agarwal
 
Mastering Market Realities in Global Meat Industry
Mastering Market Realities in Global Meat IndustryMastering Market Realities in Global Meat Industry
Mastering Market Realities in Global Meat Industry
Dr. Vijayender Nalla
 
Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5
Jorge Aguilera
 
Top 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samplesTop 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samples
kingsmonkey15
 
Waiver Op Ed Providence Journal
Waiver Op Ed Providence JournalWaiver Op Ed Providence Journal
Waiver Op Ed Providence Journal
Mary E. Wambach
 
Sustainability project
Sustainability projectSustainability project
Sustainability project
Ahmad Alkhathami
 
профилактика ксенофобии и расизма
профилактика ксенофобии и расизма профилактика ксенофобии и расизма
профилактика ксенофобии и расизма
vikaevp
 
Blame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and UnionBlame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and Union
Matthias Keil
 
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward
 
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
Edward D. Weinberger
 

Weitere ähnliche Inhalte

Andere mochten auch

Lucas Kratochwil - Portfolio
Lucas Kratochwil - PortfolioLucas Kratochwil - Portfolio
Lucas Kratochwil - Portfolio
Lucas Kratochwil
 
McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5
Jack Armstrong
 
Introduction of MS Word
Introduction of MS WordIntroduction of MS Word
Introduction of MS Word
Pakeeza Noor
 
Top 8 head concierge resume samples
Top 8 head concierge resume samplesTop 8 head concierge resume samples
Top 8 head concierge resume samples
parrijom
 
Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5
Jorge Aguilera
 
Top 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samplesTop 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samples
kingsmonkey15
 
Waiver Op Ed Providence Journal
Waiver Op Ed Providence JournalWaiver Op Ed Providence Journal
Waiver Op Ed Providence Journal
Mary E. Wambach
 

Andere mochten auch (19)

Legionella case study (1)
Legionella case study (1)Legionella case study (1)
Legionella case study (1)
 
Final Portfolio-Jacob Rust
Final Portfolio-Jacob RustFinal Portfolio-Jacob Rust
Final Portfolio-Jacob Rust
 
Lucas Kratochwil - Portfolio
Lucas Kratochwil - PortfolioLucas Kratochwil - Portfolio
Lucas Kratochwil - Portfolio
 
McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5McKnights Senior Living Oct 2015 Vol13,No5
McKnights Senior Living Oct 2015 Vol13,No5
 
TreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScriptTreatJS: Higher-Order Contracts for JavaScript
TreatJS: Higher-Order Contracts for JavaScript
 
Yourprezias
YourpreziasYourprezias
Yourprezias
 
Charles Dickens
Charles DickensCharles Dickens
Charles Dickens
 
“oxford”
“oxford”“oxford”
“oxford”
 
Introduction of MS Word
Introduction of MS WordIntroduction of MS Word
Introduction of MS Word
 
ковалев презентация
ковалев презентацияковалев презентация
ковалев презентация
 
Top 8 head concierge resume samples
Top 8 head concierge resume samplesTop 8 head concierge resume samples
Top 8 head concierge resume samples
 
инновационная площадка
инновационная площадкаинновационная площадка
инновационная площадка
 
Psychological process
Psychological processPsychological process
Psychological process
 
Mastering Market Realities in Global Meat Industry
Mastering Market Realities in Global Meat IndustryMastering Market Realities in Global Meat Industry
Mastering Market Realities in Global Meat Industry
 
Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5Partidos políticos y otros movimientos power5
Partidos políticos y otros movimientos power5
 
Top 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samplesTop 8 bilingual teacher resume samples
Top 8 bilingual teacher resume samples
 
Waiver Op Ed Providence Journal
Waiver Op Ed Providence JournalWaiver Op Ed Providence Journal
Waiver Op Ed Providence Journal
 
Sustainability project
Sustainability projectSustainability project
Sustainability project
 
профилактика ксенофобии и расизма
профилактика ксенофобии и расизма профилактика ксенофобии и расизма
профилактика ксенофобии и расизма
 

Ähnlich wie TreatJS: Higher-Order Contracts for JavaScripts

Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward
 
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
Dmitrii Ignatov
 
To write a program that implements the following C++ concepts 1. Dat.pdf
To write a program that implements the following C++ concepts 1. Dat.pdfTo write a program that implements the following C++ concepts 1. Dat.pdf
To write a program that implements the following C++ concepts 1. Dat.pdf
SANDEEPARIHANT
 
lecture 15
lecture 15lecture 15
lecture 15
sajinsc
 
Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14
IIUM
 
Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14
IIUM
 

Ähnlich wie TreatJS: Higher-Order Contracts for JavaScripts (18)

Blame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and UnionBlame Assignment for Higher-Order Contracts with Intersection and Union
Blame Assignment for Higher-Order Contracts with Intersection and Union
 
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
Flink Forward San Francisco 2018: Seth Wiesman - "Testing Stateful Streaming ...
 
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
First part of my NYU Tandon course "Numerical and Simulation Techniques in Fi...
 
additional.pptx
additional.pptxadditional.pptx
additional.pptx
 
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
Turning Krimp into a Triclustering Technique on Sets of Attribute-Condition P...
 
On Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScriptOn Contracts and Sandboxes for JavaScript
On Contracts and Sandboxes for JavaScript
 
A Signature Algorithm Based On Chaotic Maps And Factoring Problems
A Signature Algorithm Based On Chaotic Maps And Factoring ProblemsA Signature Algorithm Based On Chaotic Maps And Factoring Problems
A Signature Algorithm Based On Chaotic Maps And Factoring Problems
 
SANER 2019 Most Influential Paper Talk
SANER 2019 Most Influential Paper TalkSANER 2019 Most Influential Paper Talk
SANER 2019 Most Influential Paper Talk
 
12 - Scala. Empty and unit types
12 - Scala. Empty and unit types12 - Scala. Empty and unit types
12 - Scala. Empty and unit types
 
Security of Artificial Intelligence
Security of Artificial IntelligenceSecurity of Artificial Intelligence
Security of Artificial Intelligence
 
To write a program that implements the following C++ concepts 1. Dat.pdf
To write a program that implements the following C++ concepts 1. Dat.pdfTo write a program that implements the following C++ concepts 1. Dat.pdf
To write a program that implements the following C++ concepts 1. Dat.pdf
 
Design and Analysis of Algorithm Brute Force 1.ppt
Design and Analysis of Algorithm Brute Force 1.pptDesign and Analysis of Algorithm Brute Force 1.ppt
Design and Analysis of Algorithm Brute Force 1.ppt
 
Class7 calculus i
Class7 calculus iClass7 calculus i
Class7 calculus i
 
Actors for Behavioural Simulation
Actors for Behavioural SimulationActors for Behavioural Simulation
Actors for Behavioural Simulation
 
lecture 15
lecture 15lecture 15
lecture 15
 
Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14
 
Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14Csc1100 lecture03 ch03-pt1-s14
Csc1100 lecture03 ch03-pt1-s14
 
Big Oh.ppt
Big Oh.pptBig Oh.ppt
Big Oh.ppt
 

Mehr von Matthias Keil

Mehr von Matthias Keil (6)

Transparent Object Proxies for JavaScript
Transparent Object Proxies for JavaScriptTransparent Object Proxies for JavaScript
Transparent Object Proxies for JavaScript
 
On Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScriptOn Contracts, Sandboxes, and Proxies for JavaScript
On Contracts, Sandboxes, and Proxies for JavaScript
 
Symbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression InequalitiesSymbolic Solving of Extended Regular Expression Inequalities
Symbolic Solving of Extended Regular Expression Inequalities
 
Efficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript ProxiesEfficient Dynamic Access Analysis Using JavaScript Proxies
Efficient Dynamic Access Analysis Using JavaScript Proxies
 
Type-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScriptType-based Dependency Analysis for JavaScript
Type-based Dependency Analysis for JavaScript
 
Type-based Dependency Analysis
Type-based Dependency AnalysisType-based Dependency Analysis
Type-based Dependency Analysis
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 

TreatJS: Higher-Order Contracts for JavaScripts

  • 1. TreatJS Higher-Order Contracts for JavaScript Roman Matthias Keil, Peter Thiemann University of Freiburg, Germany July 8, 2015, The European Conference on Object-Oriented Programming, ECOOP 2015 Prague, Czech Republic
  • 2. Introduction Contract Specifies the interface of a software component Obligations - Benefits TreatJS Language embedded contract system for JavaScript Enforced by run-time monitoring Inspired by existing contract systems Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 18
  • 3. Features Standard abstractions for higher-order-contracts (base, function, and dependent contracts) [Findler,Felleisen’02] Intersection and union contracts Side-effect free contract execution Contract constructors generalize dependent contracts Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 3 / 18
  • 4. Base Contract [Findler,Felleisen’02] Base Contracts are built from predicates Specified by a plain JavaScript function 1 function isNumber (arg) { 2 return (typeof arg) === ’number’; 3 }; 4 var Number = Contract.Base(isNumber); 5 assert(1, Number ); 6 assert(’a’, Number ); blame the subject Subject v gets blamed for Base Contract B iff: B(v) = true Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 18
  • 5. Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
  • 6. Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 var plus = assert(plus, 6 Contract.Function([ Number , Number ], Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
  • 7. Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(’a’, ’a’); blame the context Context gets blamed for C → C iff: Argument x gets blamed for C (as subject) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
  • 8. Function Contract [Findler,Felleisen’02] 1 // Number × Number → Number 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(0, 1); blame the subject Subject f gets blamed for C → C iff: ¬ (Context gets blamed C) ∧ (f (x) gets blamed C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 18
  • 9. TreatJS New! Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 18
  • 10. Overloaded Operator Function plus works for strings, too Requies to model overloading and multiple inheritances 1 // Number × Number → Number 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(’a’, ’a’); blame the context Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 7 / 18
  • 11. Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
  • 12. Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } 5 var plus = assert(plus, Contract.Intersection( 6 Contract.Function([ Number , Number ], Number ) 7 Contract.Function([ String , String ], String )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
  • 13. Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plus (x, y) { 3 return (x + y); 4 } 5 plus(true, true); blame the context Context gets blamed for C ∩ C iff: (Context gets blamed for C) ∧ (Context gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
  • 14. Intersection Contract 1 // (Number × Number → Number) ∩ (String × String → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(0, 1); blame the subject Subject f gets blamed for C ∩ C iff: (f gets blamed for C) ∨ (f gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 8 / 18
  • 15. Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
  • 16. Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 var plusBroken = assert(plusBroken, Contract.Union( 6 Contract.Function([ Number , Number ], Number ) 7 Contract.Function([ Number , Number ], String )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
  • 17. Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(’a’, ’a’); blame the context Context gets blamed for C ∪ C iff: (Context gets blamed for C) ∨ (Context gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
  • 18. Union Contract 1 // (Number × Number → Number) ∪ (Number × Number → String) 2 function plusBroken (x, y) { 3 return (x0 y0) ? (x + y) : ’Error’; 4 } 5 plusBroken(1, 1); 6 plusBroken(0, 1); blame the subject Subject f gets blamed for C ∪ C iff: (f gets blamed for C) ∧ (f gets blamed for C ) Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 9 / 18
  • 19. Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 1 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
  • 20. Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 2 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
  • 21. Contract Assertion A failing contract must not signal a violation immediately Violation depends on combinations of failures in different sub-contracts 1 (Number → Number) ∩ (String → String) 2 function addOne (x) { 3 return (x + 1); 4 } 3 addOne(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 10 / 18
  • 22. Blame Calculation Contract assertion must connect each contract with the enclosing operations Callback implements a constraint and links each contracts to its next enclosing operation Reports a record containing two fields, context and subject Fields range over B4 = {⊥, f, t, } [Belnap’1977] Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 11 / 18
  • 23. Callback Graph 1 (Number → Number) ∩ (String → String) 2 function addOneBroken (x) { 3 return (x + ’1’); 4 } 5 addOneBroken(’a’); 6 addOneBroken(1); blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 24. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 25. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 26. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 27. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (⊥,⊥) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 28. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 29. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,t) (f,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 30. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,f) (t,t) (f,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 31. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,f) (t,f) (t,t) (t,t) (f,t) (t,t) (t,t) (t,t)(t,t) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(’a’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 32. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (⊥,⊥) (⊥,⊥) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 33. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,f) (⊥,⊥) (f,t) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 34. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,t) (t,f) (⊥,⊥) (f,t) (⊥,⊥) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 35. Callback Graph • ∩ → Number Number → String String ∩ → Number Number → String String (t,t) (t,f) (t,f) (t,f) (f,t) (t,f) (t, ) 1 (Number → Number) ∩ (String → String) 2 addOneBroken(1); blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 12 / 18
  • 36. Non-Interference No syntactic restrictions on predicates Problem: Contract may interfere with program execution Solution: Predicate evaluation takes place in a sandbox 1 function isNumber (arg) { 2 type = (typeof arg); 3 return type === ’number’; 4 }; 5 var Number = Contract.Base(isNumber); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 13 / 18
  • 37. Non-Interference No syntactic restrictions on predicates Problem: Contract may interfere with program execution Solution: Predicate evaluation takes place in a sandbox 1 function isNumber (arg) { 2 type = (typeof arg); access forbidden 3 return type === ’number’; 4 }; 5 var Number = Contract.Base(isNumber); 6 assert(1, Number ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 13 / 18
  • 38. Sandbox All contracts guarantee noninterference Read-only access is safe 1 var Array = Contract.Base(function (arg) { 2 return (arg instanceof Array); access forbidden 3 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 14 / 18
  • 39. Sandbox All contracts guarantee noninterference Read-only access is safe 1 var Array = Contract.Base(function (arg) { 2 return (arg instanceof OutsideArray); 3 }); 4 var Array = Contract.With({OutsideArray:Array}, Array ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 14 / 18
  • 40. Contract Constructor Building block for dependent, parameterized, abstract, and recursive contracts Constructor gets evaluated in a sandbox, like a predicate Returns a contract No further sandboxing for predicates 1 var Type = Contract.Constructor(function (type) { 2 return Contract.Base(function (arg) { 3 return (typeof arg) === type; 4 }); 5 }); 6 var Number = Type (’number’); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 15 / 18
  • 41. Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
  • 42. Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
  • 43. Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); 8 var Plus = assert(plus, Plus ); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
  • 44. Contract Abstraction 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Plus = Contract.Constructor(function ( Type ) { 6 return Contract.Function([ Type , Type ], Type ); 7 }); 8 var Plus = assert(plus, Plus ); 9 Plus( Number )(1, 2); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 16 / 18
  • 45. Dependent Contract 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Type = Contract.Constructor(function(x, y) { 6 return Contract.Base(function (arg) { 7 return ((typeof x) === (typeof y)) 8 ((typeof x) === (typeof arg)); 9 }); 10 }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 17 / 18
  • 46. Dependent Contract 1 // T × T → T 2 function plus (x, y) { 3 return (x + y); 4 } 5 var Type = Contract.Constructor(function(x, y) { 6 return Contract.Base(function (arg) { 7 return ((typeof x) === (typeof y)) 8 ((typeof x) === (typeof arg)); 9 }); 10 }); 11 var plus = assert(plus, Contract.Dependent( Type )); 12 plus(1, 2); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 17 / 18
  • 47. Conclusion TreatJS: Language embedded, dynamic, higher-order contract system for full JavaScript Support for intersection and union contracts Systematic blame calculation Composable sandboxing that guarantees non-interference Contract constructors with local scope Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 18 / 18
  • 48. Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
  • 49. Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
  • 50. Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); 3 var faultyObj.length; blame the subject Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
  • 51. Object Contract Defined by a mapping from property names to contracts Represented as a pair of a getter and a setter function Getter and Setter apply the property’s contract 1 var arraySpec = Contract.AObject({length: Number }); 2 var faultyObj = assert({length:’1’}, arraySpec); 3 var faultyObj.length = ’2’; blame the context Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 1 / 6
  • 52. Function Contract Function Contract is build from one contract for the domain and one contract for the range of a function An Object Contract serves as the domain portion of a Function Contract with zero or more arguments AFunction defines an Object Contract from the array 1 Contract.AFunction([ Number , Number ], Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 6
  • 53. Function Contract Function Contract is build from one contract for the domain and one contract for the range of a function An Object Contract serves as the domain portion of a Function Contract with zero or more arguments AFunction defines an Object Contract from the array 4 Contract.AFunction([ Number , Number ], Number )); 5 Contract.Function( 6 Contract.AObject([ Number , Number ]), Number )); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 2 / 6
  • 54. Recursive Contract Similar to Constructors Unrolls the constructor when asserted Contract is given as argument to the constructor 1 var LinkedList = Contract.Recursive( 2 Contract.Constructor(function( LinkedList ) { 3 return Contract.AObject({ 4 value: Number , 5 next: LinkedList }); 6 })); Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 3 / 6
  • 55. Scores Benchmark Full System Baseline Richards 0.391 0.519 11142 DeltaBlue 0.276 0.360 17462 Crypto 11888 12010 11879 RayTrace 1.09 1.45 23896 EarleyBoyer 5135 5292 5370 RegExp 1208 1181 1207 Splay 20.6 27.8 9555 SplayLatency 73.1 99.7 6289 NavierStokes 6234 7159 12612 pdf.js 9191 9257 9236 Mandreel 12555 12542 12580 MandreelLatency 18741 18883 19398 Gameboy Emulator 6.80 9.07 23801 Code loading 6245 6785 9324 Box2DWeb 3.57 4.67 12528 zlib 29108 28708 29185 TypeScript 187 248 11958 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 6
  • 56. Scores Benchmark Full w/o C w/o D w/o M w/o P Richards 0.391 0.582 0.782 0.781 0.903 DeltaBlue 0.276 0.409 0.544 0.544 0.625 Crypto 11888 11912 11914 11986 11979 RayTrace 1.09 1.82 2.51 2.51 3.02 EarleyBoyer 5135 5126 5205 5233 5242 RegExp 1208 1205 1199 1212 1178 Splay 20.6 31.2 42.5 42.5 49.7 SplayLatency 73.1 109 151 151 177 NavierStokes 6234 7924 9176 8943 9456 pdf.js 9191 9548 9156 9222 9152 Mandreel 12555 12586 12549 12346 12431 MandreelLatency 18741 18741 18883 19027 18955 Gameboy Emulator 6.80 10.8 14.9 14.9 17.7 Code loading 6245 6937 7372 7335 7533 Box2DWeb 3.57 5.72 7.80 7.82 9.19 zlib 29108 29025 29047 28926 29063 TypeScript 187 290 400 396 463 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 4 / 6
  • 57. Statistic Benchmark Contract A I P Richards 24 1599377224 935751200 DeltaBlue 54 2319477672 1340451212 Crypto 1 5 3 RayTrace 42 687240082 509234422 EarleyBoyer 3944 89022 68172 RegExp 0 0 0 Splay 10 11620663 7067593 SplayLatency 10 11620663 7067593 NavierStokes 51 48334 39109 pdf.js 3 15 9 Mandreel 7 57 28 MandreelLatency 7 57 28 Gameboy Emulator 3206 141669753 97487985 Code loading 5600 34800 18400 Box2DWeb 20075 172755100 112664947 zlib 0 0 0 TypeScript 4 12673644 8449090 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
  • 58. Statistic Benchmark Sandbox M D Richards 4678756000 4 DeltaBlue 6702256060 5 Crypto 15 3 RayTrace 2546172110 4 EarleyBoyer 340860 6 RegExp 0 0 Splay 35337965 5 SplayLatency 35337965 5 NavierStokes 195545 5 pdf.js 45 4 Mandreel 140 4 MandreelLatency 140 4 Gameboy Emulator 487439925 5 Code loading 92000 4 Box2DWeb 563324735 5 zlib 0 0 TypeScript 42245450 2 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
  • 59. Statistic Benchmark Callback Richards 3351504000 DeltaBlue 4744203248 Crypto 13 RayTrace 2190186074 EarleyBoyer 309120 RegExp 0 Splay 26231845 SplayLatency 26231845 NavierStokes 177197 pdf.js 39 Mandreel 128 MandreelLatency 128 Gameboy Emulator 399084085 Code loading 70400 Box2DWeb 469141435 zlib 0 TypeScript 33796350 Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 5 / 6
  • 60. Timings Benchmark Full Baseline Richards 1 day, 18 hours, 21 min, 20 sec 8 sec DeltaBlue 2 days, 10 hours, 36 min, 49 sec 4 sec Crypto 9 sec 8 sec RayTrace 23 hours, 12 min, 37 sec 4 sec EarleyBoyer 1 min, 9 sec 53 sec RegExp 9 sec 8 sec Splay 19 min, 19 sec 3 sec SplayLatency 19 min, 19 sec 3 sec NavierStokes 11 sec 4 sec pdf.js 6 sec 6 sec Mandreel 5 sec 5 sec MandreelLatency 5 sec 5 sec Gameboy Emulator 4 hours, 28 min, 28 sec 5 sec Code loading 12 sec 9 sec Box2DWeb 5 hours, 19 min, 49 sec 6 sec zlib 11 sec 11 sec TypeScript 22 min, 46 sec 24 sec Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 6
  • 61. Timings Benchmark Predicate Baseline Richards 1 day, 6 hours, 59 min, 42 sec 8 sec DeltaBlue 1 day, 20 hours, 58 min, 17 sec 4 sec Crypto 8 sec 8 sec RayTrace 17 hours, 1 min, 25 sec 4 sec EarleyBoyer 1 min, 3 sec 53 sec RegExp 8 sec 8 sec Splay 13 min, 55 sec 3 sec SplayLatency 13 min, 55 sec 3 sec NavierStokes 9 sec 4 sec pdf.js 6 sec 6 sec Mandreel 5 sec 5 sec MandreelLatency 5 sec 5 sec Gameboy Emulator 3 hours, 13 min, 13 sec 5 sec Code loading 12 sec 9 sec Box2DWeb 3 hours, 52 min, 34 sec 6 sec zlib 12 sec 11 sec TypeScript 17 min, 8 sec 24 sec Roman Matthias Keil, Peter Thiemann TreatJS July 8, 2015 6 / 6