Program errors are hard to detect and to prove absent. Contract checking allows us to (a) statically verify that a function satisfies its contract; (b) precisely blame functions at fault both statically and dynamically when there is a contract violation. Static contract checking catches all bugs but can only check restricted properties while dynamic checking can check more expressive properties, but is not complete. In this project, we integrate static and dynamic contract checking for a subset of OCaml. We exploit a static checker as much as possible and leave the residual contract satisfaction checks to run-time. Thus, no (potential) bugs can escape and yet expressive properties can be expressed.
Dynamic contract checking for OCaml (.pdf)
Hybrid contract checking via symbolic simplification (.pdf, INRIA technical report .pdf, HOSC .pdf)
svn checkout http://caml.inria.fr/svn/ocaml/branches/contracts
To build (bytecode) ocamlc:
cd contracts
./configure
make coldstart
make ocamlc
bytecode: ocamlc-linux
bytecode: ocamlc-mac
If you use the compiled ocamlc above, rename the downloaded bytecode to "ocamlc"
To compile an OCaml program to bytecode:
ocamlc -scontract -c program.ml
ocamlc -o program.byte program.cmo
To run the bytecode:
./program.byte
Options
-scontract is for static contract checking only,
-dcontract is for dynamic contract checking only,
-hcontract is for hybrid contract checking.
| program | total LOC | Ann LOC | Time (sec) |
| intro123, neg | 23 | 4 | 0.13 |
| mc91 | 4 | 1 | 0.14 |
| ack, fhnhn | 12 | 2 | 0.13 |
| arith, sum, max | 26 | 4 | 0.30 |
| zipunzip | 12 | 2 | 0.30 |
| std/list.ml | 109 | 20 | 1.10 |
| riser | 33 | 3 | 0.13 |
| insertion sort | 52 | 2 | 0.09 |
| selection sort | 41 | 2 | 0.16 |
| bubble sort | 33 | 2 | 0.11 |
| merge sort | 57 | 7 | 1.29 |
| quick sort | 86 | 9 | 0.42 |
| AVL tree | 328 | 12 | 491.75 (=8min11.75s) |
| Redblack tree | 154 | 10 | 4.18 |