constraining delimited control with contracts
play

Constraining Delimited Control with Contracts Asumu Takikawa T. - PowerPoint PPT Presentation

Oct 04, 2023 •255 likes •957 views

Constraining Delimited Control with Contracts Asumu Takikawa T. Stephen Strickland* Sam Tobin-Hochstadt Northeastern University University of Maryland, College Park* 1 Experienced programmers divide up all significant programs into separate

  1. Constraining Delimited Control with Contracts Asumu Takikawa T. Stephen Strickland* Sam Tobin-Hochstadt Northeastern University University of Maryland, College Park* 1

  2. Experienced programmers divide up all significant programs into separate components 2

  3. web server (-> request? response?) request? servlet 3

  4. Import/export is a communication channel between components web server (-> request? response?) request? Executable specifications can protect these channels servlet 4

  5. Powerful control operators are available in virtually every significant language Lua Coroutines Python Generators JavaScript Generators Racket Continuations Ruby Fibers SML Continuations Scala Continuations 5

  6. web server servlet 6

  7. web server servlet 7

  8. web server Control establishes a new communication channel No mechanism exists to protect these channels servlet 8

  9. Problem: Most languages cannot offer expressive interfaces for components that use control operators 9

  10. Our contribution - Contracts to protect control-based communication channels in Racket - Gradual typing for delimited control in Typed Racket 10

  11. Our contribution wcm ccm call/comp abort prompt ∅ Types Contracts Gradual typing 11

  12. Our contribution wcm ccm call/comp abort prompt ∅ Types Contracts Gradual typing 12

  13. Our contribution wcm ccm call/comp abort talk prompt ∅ Types Contracts Gradual typing 13

  14. Contracts in a nutshell 14

  15. Contracts - agreements between two components Basic form: (contract "::1" ipv6? P N) P provides a value "::1" with contract ipv6? to N Value violates contract ⇒ P is blamed (contract "127.0.0.1" ipv6? P N) "Contract violation. Blaming: P" 15

  16. Generalizes to higher-order cases [Findler & Felleisen ICFP 2002] f = (contract ( λ (addr) (ipv4-to-ipv6 addr)) ( → ipv4? ipv6?) P N) Contract on f's domain violated ⇒ N is blamed (f "2a00:1450:400a:804::1012") "Contract violation. Blaming: N" 16

  17. f = (contract ( λ (addr) (ipv4-to-ipv6 addr)) ( → ipv4? ipv6?) P N) λ "2a00:1450:400a:804::1012" 17

  18. g = (contract f ( → ipv4? ipv6?) N P) λ "2a00:1450:400a:804::1012" 18

  19. Control operators 19

  20. Continuations ~ high-level stack API Elements of delimited control [Dybvig et. al JFP 2007] (1) make a delimiter (1) create a tag (2) delimit a continuation (2) mark stack segment with tag ~ (3) capture a continuation (3) store segment in a variable (4) abort a continuation (4) delete part of stack (5) install a continuation (5) append segments onto stack Continuation marks [Clements et al. ESOP 2001] (6) store data in continuation (6) store data in stack 20

  21. Continuations ~ high-level stack API Elements of delimited control [Dybvig et. al JFP 2007] (1) make a delimiter (1) create a tag (2) delimit a continuation (2) mark stack segment with tag ~ (3) capture a continuation (3) store segment in a variable (4) abort a continuation (4) delete part of stack (5) install a continuation (5) append segments onto stack Continuation marks [Clements et al. ESOP 2001] (6) store data in continuation (6) store data in stack 21

  22. % ☆ h delimit % abort delete 22

  23. % ☆ h delimit % ... abort delete 23

  24. % ☆ h delimit % ... abort delete ... 24

  25. % ☆ h delimit % ... abort delete ... ... 25

  26. % ☆ h delimit % ... abort delete ... ... abort ☆ 5 ☆ is a prompt tag that allows communication between stack frames 26

  27. delimit (h 5) % abort delete 27

  28. Interaction of Control & Contracts 28

  29. Design principles A correct contract system should: • offer opportunities to mediate the exchange of values along channels between components • blame a component for contract violations only if it affects the flow of values [Dimoulas Dissertation 2012] [Dimouas et al. ESOP 2012] 29

  30. component A prime? protected channel component B Contracts checked on boundary crossings 30

  31. component A % ☆ h prime? unprotected channel abort ☆ 4 component B abort bypasses usual protection by jumping Same mechanism does not work 31

  32. Key idea Principle 1: • offer opportunities to mediate the exchange of values along channels between components Operations that skip the contract boundary need extra contract mechanism 32

  33. Key idea Principle 1: • offer opportunities to mediate the exchange of values along channels between components Operations that skip the contract boundary need extra contract mechanism Question: how to plug the hole? 33

  34. ★ = (contract ☆ (prompt-tag/c prime?) B A) component A % ★ h ★ ☆ abort ☆ 4 component B 34

  35. ★ = (contract ☆ (prompt-tag/c prime?) B A) component A % ★ h ★ ☆ abort ☆ 4 component B 35

  36. ★ = (contract ☆ (prompt-tag/c prime?) B A) component A % ★ h ★ Blame B ☆ abort ☆ 4 component B prompt has positive party as B 36

  37. The missing mechanism ★ = (contract ☆ (prompt-tag/c prime?) B A) component A % ★ h ★ Blame B The contract on the tag triggers a contract check ☆ abort ☆ 4 component B prompt has positive party as B 37

  38. ★ = (contract ☆ (prompt-tag/c prime?) A B) component A % ☆ h ☆ ★ abort ★ 4 component B 38

  39. ★ = (contract ☆ (prompt-tag/c prime?) A B) component A % ☆ h ☆ ★ abort ★ 4 component B 39

  40. ★ = (contract ☆ (prompt-tag/c prime?) A B) component A % ☆ h ☆ Blame B ★ abort ★ 4 component B abort swaps positive, negative parties 40

  41. Correct blame ★ = (contract ☆ (prompt-tag/c prime?) A B) Principle 2: component A % ☆ h • blame a component for contract violations only if ☆ it affects the flow of values Blame B ★ The abort provides the value but it's the client of a contract. Thus it swaps blame parties abort ★ 4 component B abort swaps positive, negative parties 41

  42. h = ( λ (f) (f 4)) f = ( λ (x) (prime-after x)) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) A B) component A % ☆ h ☆ ★ abort ★ f component B 42

  43. h = ( λ (f) (f 4)) f = ( λ (x) (prime-after x)) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) A B) component A % ☆ h ☆ ★ abort ★ f component B 43

  44. h = ( λ (f) (f 4)) f = ( λ (x) (prime-after x)) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) A B) component A % ☆ h ☆ Blame A ★ abort ★ f component B Delayed contract means blame raised at prompt 44

  45. f B A ctc ctc = (-> prime? prime?) 45

  46. f B A ctc ctc = (-> prime? prime?) 56

  47. f B A ctc ctc = (-> prime? prime?) 67

  48. f B A ctc ctc = (-> prime? prime?) 78

  49. Blame A B A ctc ctc = (-> prime? prime?) 89

  50. h = ( λ (f) (f 7)) f = ( λ (x) 4) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) C A,B) component A % ★ h ★ C ★ C abort ★ f component B Contract triggered from both sides 100

  51. h = ( λ (f) (f 7)) f = ( λ (x) 4) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) C A,B) component A % ★ h ★ C ★ C abort ★ f component B Contract triggered from both sides 101

  52. h = ( λ (f) (f 7)) f = ( λ (x) 4) ★ = (contract ☆ (prompt-tag/c (-> prime? prime?)) C A,B) component A % ★ h ★ C Blame B ★ C abort ★ f component B Contract triggered from both sides 102

  53. f B C A ctc ctc ctc = (-> prime? prime?) 103

  54. f B C A ctc ctc ctc = (-> prime? prime?) 114

  55. f B C A ctc ctc ctc = (-> prime? prime?) 125

  56. f B C A ctc ctc ctc = (-> prime? prime?) 136

  57. f B C A ctc ctc ctc = (-> prime? prime?) 147

  58. f B C A ctc ctc ctc = (-> prime? prime?) 158

  59. Blame B B C A ctc ctc ctc = (-> prime? prime?) 169

  60. Summary A correct contract system should: • offer opportunities to mediate the exchange of values along channels between components • blame a component for contract violations only if it affects the flow of values 1. Trigger contracts via tags to mediate communication 2. Swap blame labels as appropriate for correct blame 180

  61. Conclusion 181

  62. Our contribution wcm ccm call/comp abort talk prompt ∅ Types Contracts Gradual typing 182

  63. Our contribution wcm ccm call/comp abort prompt ∅ Types Contracts Gradual typing 183

  64. Gradual typing requires contracts [Tobin-Hochstadt & Felleisen DLS 2006] [Siek & Taha, Scheme 2006] typed Gradual typing = contract check Type system + Dynamic checking untyped τ → contract 184

  65. ☆ : (Prompt Integer Float) typed % ☆ h ☆ ★ abort ★ "a" untyped ★ = (contract ☆ (prompt-tag/c int?) typed untyped) 185

  66. ☆ : (Prompt Integer Float) typed % ☆ h ☆ Blame untyped ★ abort ★ "a" untyped ★ = (contract ☆ (prompt-tag/c int?) typed untyped) 186

  67. Further coverage - call/cc fits into this model - operators like shift/reset via macros - could adapt to operators like coroutines 187

Recommend

Compositional Semantics for Composable Continuations From Abortive to Delimited Control Paul

Compositional Semantics for Composable Continuations From Abortive to Delimited Control Paul

Compositional Semantics for Composable Continuations From Abortive to Delimited Control Paul Downen Zena M. Ariola University of Oregon ICFP14 September 1, 2014 The big picture Effects that manipulate control flow, compositionally

431 views • 31 slides
Delimited Control with Multiple Prompts in Theory and Practice Paul Downen Zena M. Ariola

Delimited Control with Multiple Prompts in Theory and Practice Paul Downen Zena M. Ariola

Delimited Control with Multiple Prompts in Theory and Practice Paul Downen Zena M. Ariola University of Oregon HOPE14 August 31, 2014 1/27 Crash course on control 2/27 Separating a redex from its evaluation context 1 + 2 + ( 3 4 )

793 views • 50 slides
Constructive Proofs of Completeness, Extra-intuitionistic Principles, and Delimited Control

Constructive Proofs of Completeness, Extra-intuitionistic Principles, and Delimited Control

Constructive Proofs of Completeness, Extra-intuitionistic Principles, and Delimited Control Operators Danko Ilik based on work with Hugo Herbelin Lyon, January 6, 2011 Completeness Proofs as Programs Research theme Definition (Completeness)

736 views • 32 slides
Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you

Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you

Delimited Continuations The Bees Knees Quasiconf 2012 Andy Wingo A poll How many of you use call/cc and continuation objects in large programs? Do we really use it to implement coroutines and backtracking and threads and whatever?

659 views • 28 slides
3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal

3. Contracts 3.1 Meaning of Contract Law Terms 3.2 Formation of Contracts 3.3 Legal Incapacity to Enter Contracts 3.4 Third-Party Beneficiary Contracts 3.5 Assignment and Delegation of Contract Rights and Duties 3.6 Statute of Frauds

1.16k views • 97 slides
Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de

Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de

Constraining Dark Matter Properties From A Gamma-Ray Detection S ergio Palomares-Rui z Centro de Fsica Terica de Partculas Instituto Superior Tcnico, Lisbon TeV Particle Astrophysics 2010 Paris, July 21, 2010 Constraining DM properties

415 views • 24 slides
CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO

CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO

CONSTRAINING NEUTRINOS WITH BBN (WITH A LITTLE HELP FROM THE CMB) GGI NEUTRINO WORKSHOP & SMIRNOV FEST Gary Steigman Departments of Physics and Astronomy Center for Cosmology and Astro-Particle Physics Ohio State

623 views • 33 slides
Centers for Disease Control and Prevention (CDC) Overview Carlos Smiley CDC Contracts Branch

Centers for Disease Control and Prevention (CDC) Overview Carlos Smiley CDC Contracts Branch

Centers for Disease Control and Prevention (CDC) Overview Carlos Smiley CDC Contracts Branch Manager, Office of Acquisition Services Guide to Grants Funding Seminar Tuscaloosa, AL June 19, 2015 Office of the Director Procurement and Grants

555 views • 18 slides
Incomplete Contracts and Control Oliver Hart Nobel Prize Lecture December 8, 2016 How my work

Incomplete Contracts and Control Oliver Hart Nobel Prize Lecture December 8, 2016 How my work

Incomplete Contracts and Control Oliver Hart Nobel Prize Lecture December 8, 2016 How my work in this area started In early summer 1983, Sanford Grossman and I became interested in the following question: Why would one firm ever buy

654 views • 26 slides
Constraining anomalous HVV interac2ons at proton and lepton

Constraining anomalous HVV interac2ons at proton and lepton

Constraining anomalous HVV interac2ons at proton and lepton colliders Yaofu Zhou Johns Hopkins University The 2014 Phenomenology Symposium May 5,

600 views • 28 slides
Post Review EDD Export Specifications - Analytical Results (A1) Comma Delimited Text File Field

Post Review EDD Export Specifications - Analytical Results (A1) Comma Delimited Text File Field

Post Review EDD Export Specifications - Analytical Results (A1) Comma Delimited Text File Field Field Order Field Name* Field Description Type Length 1 RecordID Record number. Number Single 2 ClientSampleID Client field sample

352 views • 3 slides
COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts

COMPLETE INVENTORY CONTROL SOLUTIONS WHY INVENTORY SOLUTIONS? Secure long-term contracts Add Value to your Proposition Promote Partnership Grow business in existing accounts Better service your accounts Get your foot in the

706 views • 58 slides
Relation with Other Contractual ADR Construction Work Contracts Procurement of Materials

Relation with Other Contractual ADR Construction Work Contracts Procurement of Materials

Compulsory Adjudication Effects, Procedure & Inter- Relation with Other Contractual ADR Construction Work Contracts Procurement of Materials and Labour Contracts Construction Consultancy Contracts Contracts Carried Out

535 views • 34 slides
Summary 12th June 2003 The ST/CV control system requirements ST/CV control system

Summary 12th June 2003 The ST/CV control system requirements ST/CV control system

LHC Controls Project Workshop Summary 12th June 2003 The ST/CV control system requirements ST/CV control system architecture ST/CV Control System and Projects Integration in CERN Network Projects and contracts ( running /

202 views • 4 slides
On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations

On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations

On constraining the spin of the MBH the GC via star orbits: the effects of stellar perturbations Zhang Fupeng, Sun Yat-sen University, China Collaborator: Lu, Youjun (NAOC), Yu, Qingjuan (PKU), Lorenzo Iorio (MIUR) 2016. 2. 11, Aspen Center for

650 views • 25 slides
Constraining the reionization era and inflation with the CMB polarization at large angular scales

Constraining the reionization era and inflation with the CMB polarization at large angular scales

Constraining the reionization era and inflation with the CMB polarization at large angular scales Anna Mangilli ! Institut dAstrophysique Spatiale & Laboratoire de lAcclrateur Linaire ! Orsay, Paris Sud LPSC Grenoble - January

787 views • 41 slides
Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic

Constraining the symmetry energy of the EoS in relativistic energy of the EoS in relativistic heavy-ion reactions A. Krasznahorkay, ATOMKI, Debrecen Introduction The neutronskin thickness ( r )

873 views • 30 slides
Contracts 1 Contracts IC 6-1.1-4-17 Subject to the approval of the DLGF, a county

Contracts 1 Contracts IC 6-1.1-4-17 Subject to the approval of the DLGF, a county

Assessment and Software Contracts 1 Contracts IC 6-1.1-4-17 Subject to the approval of the DLGF, a county assessor may employ professional appraisers as technical advisors for assessments in all townships in the county. The DLGF may

266 views • 9 slides
Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and

Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and

Constraining fossil fuel CO emissions by the joint assimilation of atmospheric CO and CO measurements Sourish Basu, John Miller, Scott Lehman A T M O S P N D H A E R C I I C N A A E D M C O I N L I S

549 views • 18 slides
Contracts Hot Topics - Compliant Contracts at the Speed of War Presented By: Ms. Marie Greening

Contracts Hot Topics - Compliant Contracts at the Speed of War Presented By: Ms. Marie Greening

One team, one voice delivering global acquisition insight that matters . Contracts Hot Topics - Compliant Contracts at the Speed of War Presented By: Ms. Marie Greening Chief Operations Officer 26 April 2017 Unclassified Agenda DCMA

240 views • 11 slides
SCE-Proposed QF PPA for Firm Power Contracts (Qualifying Facilities with Expiring Contracts)

SCE-Proposed QF PPA for Firm Power Contracts (Qualifying Facilities with Expiring Contracts)

SCE-Proposed QF PPA for Firm Power Contracts (Qualifying Facilities with Expiring Contracts) CPUC Workshop November 15, 2007 Introduction This presentation provides a summary level overview of key contract attributes contained in SCEs

349 views • 14 slides
Constraining the slope parameter of symmetry energy from nuclear structure International

Constraining the slope parameter of symmetry energy from nuclear structure International

Constraining the slope parameter of symmetry energy from nuclear structure International Symposium on Neutron Star Matter (NSMAT2016) - Recent Progress in Observations, Experiments and Theories - November 21 st 24 th , 2016 Tohoku

400 views • 12 slides
Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science

Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science

Constraining h s s at lepton colliders Matthias Schla ff er Weizmann Institute of Science based on ongoing work with: J. Duarte-Campderros, G. Perez, A. So ff er GGI, Florence August 2018 Gauge boson masses Higgs is main source of

525 views • 39 slides
Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of

Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of

Tagging strange jets & constraining h s s Matthias Schlaffer Weizmann Institute of Science based on: 1811.09636 (J. Duarte-Campderros, G. Perez, MS, A. Soffer) work in progress 4th NPKI workshop, Seoul May 2019 Gauge boson masses

589 views • 45 slides

More recommend