On 10/31/06, Michael Sperber <sperber_at_informatik.uni-tuebingen.de> wrote:
>
> "Carl Eastlund" <cce_at_ccs.neu.edu> writes:
>
> > In PLT, contracts require explicit identification of both parties. In
> > general, contracts are attached to values exported across module
> > boundaries (though other boundaries are possible). The two sides of
> > the boundary must be named; in the conventional case, this is the
> > names of both modules. So if a procedure contract is violated, the
> > "caller" is the module that imported the function and the "callee" is
> > the module that exported the function.
>
> What if the imported value is passed to another, third, module, which
> calls it violating the contract?
There are enough entities, now, that I will give them names. Module A
defines our function F with some contract. Module B imports F.
Modules A and B have now "agreed" on the contract: module A agrees
that F will behave appropriately, and module B agrees that F will be
used appropriately.
Now module B passes F to module C; we will assume there is no relevant
additional contract associated with this. Now if module C uses F
inappropriately, that is module B's fault. Module B should not have
passed F anywhere that might violate its contract.
If module B needs to be sure of module C, it needs to add a contract
to the point where it hands off F, so that C will be blamed for
violating that additional contract before B gets blamed for the
original one.
Does that clarify the issue?
--
Carl Eastlund
Received on Tue Oct 31 2006 - 12:27:34 UTC