Reasoning about Polymorphic Manifest Contracts
share
Manifest contract calculi, which integrate cast-based dynamic contract checking and refinement type systems, have been studied as foundations for hybrid contract checking. In this article, we study techniques to reasoning about a polymorphic manifest contract calculus, including a few program transformations related to static contract verification. We first define a polymorphic manifest contract calculus F_H, which is much simpler than a previously studied one with delayed substitution, and a logical relation for it and prove that the logical relation is sound with respect to contextual equivalence. Next, we show that the upcast elimination property, which has been studied as correctness of subtyping-based static cast verification, holds for F_H. More specifically, we give a subtyping relation (which is not part of the calculus) for F_H types and prove that a term obtained by eliminating upcasts---casts from one type to a supertype of it---is logically related and so contextually equivalent to the original one. We also justify two other program transformations for casts: selfification and static cast decomposition, which help upcast elimination. A challenge is that, due to the subsumption-free approach to manifest contracts, these program transformations do not always preserve well-typedness of terms. To address it, the logical relation and contextual equivalence in this work are defined as semityped relations: only one side of the relations is required to be well typed and the other side may be ill typed.
READ FULL TEXT