Soundness. In this section we present the soundness of the monitoring mechanism in λCoS, namely the property that in a well-typed program P in which a module p “behaves well”, p cannot be blamed. We proceed according to the following roadmap. First, we introduce the notion of contract entailment to specify when a contract is “more demanding than” another (Section 5.1). Entailment is a natural generalization of subtyping of session types [Gay and Hole 2005]. Using entailment, we formalize the notion of locally correct module p as a module that always honors the contracts of the endpoints it uses. Locality refers to the fact that the correctness of p solely depends on the actions performed by, and on information known to, the module p itself (Section 5.2). Finally, we characterize the soundness of a module p as a set of invariant properties of the (busy) monitors in which the label p occurs. A direct consequence of soundness is that a well-typed, locally correct module p cannot be blamed (Section 5.3).
Appears in 2 contracts
Sources: Chaperone Contracts for Higher Order Sessions, Chaperone Contracts for Higher Order Sessions