article

Open access

A machine-checked model for a Java-like language, virtual machine, and compiler

Authors:

Tobias NipkowAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 28, Issue 4

Pages 619 - 695

https://doi.org/10.1145/1146809.1146811

Published: 01 July 2006 Publication History

Abstract

We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between the realism of the language and the tractability and clarity of its formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence, a type system and a definite initialisation analysis, a type safety proof of the small step semantics, a virtual machine (JVM), its operational semantics and its type system, a type safety proof for the JVM; a bytecode verifier, that is, a data flow analyser for the JVM, a correctness proof of the bytecode verifier with respect to the type system, and a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine, and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.

References

[1]

Alves-Foss, J., ed. 1999. Formal Syntax and Semantics of Java. LNCS, vol. 1523. Springer, New York.]]

Digital Library

[2]

Ancona, D., Lagorio, G., and Zucca, E. 2001. A core calculus for Java exceptions. In Proceedings of the 16th ACM Conference on Object Oriented Programming, Systems, Languages, and Applications. 16--30.]]

Digital Library

[3]

Aspinall, D. 2000. Proof general---A generic tool for proof development. In Proceedings of the Tools and Algorithms for Construction and Analysis of Systems Conference, TACAS 2000, S. Graf and M. Schwartzbach, eds. LNCS, vol. 1785. Springer, New York, 38--42.]]

Digital Library

[4]

Ballarin, C. 2003. Locales and locale expressions in Isabelle/Isar. In Proceedings of the Types for Proofs and Programs Conference, TYPES 2003, S. Berardi, et al. eds. LNCS, vol. 3085. Springer, New York, 34--50.]]

[5]

Barthe, G. and Dufay, G. 2004. A tool-assisted framework for certified bytecode verification. In Proceedings of the Conference Fundamental Approaches to Software Engineering, FASE 2004, M. Wermelinger and T. Margaria, eds. LNCS, vol. 2984. Springer, New York, 99--113.]]

[6]

Barthe, G., Dufay, G., Jakubiec, L., Serpette, B., and de Sousa, S. M. 2001. A formal executable semantics of the JavaCard platform. In Proceedings of the Programming Languages and Systems (ESOP 2001) Conference, D. Sands, ed. LNCS, vol. 2028. Springer, New York, 302--319.]]

Digital Library

[7]

Berghofer, S. 2003. Proofs, programs and executable specifications in higher order logic. Ph.D. thesis, Institut für Informatik, Technische Universität München.]]

[8]

Berghofer, S. and Nipkow, T. 2002. Executing higher order logic. In Proceedings of the Types for Proofs and Programs (TYPES'00) Conference, P. Callaghan, et al. eds. LNCS, vol. 2277. Springer, New York, 24--40.]]

Digital Library

[9]

Bertelsen, P. 1997. Semantics of Java bytecode. Tech. rep., Technical University of Denmark. Mar. http://home.tiscali.dk/petermb/.]]

[10]

Büchi, M. and Weck, W. 1998. Compound types for Java. In Proceedings of the 13th ACM Conference Object-Oriented Programming, Systems, Languages, and Application. ACM Press, New York.]]

Digital Library

[11]

Coglio, A. 2004. Simple verification technique for complex Java bytecode subroutines. Concurrency and Comput. Practice and Experience 16, 7 (June), 647--670.]]

Digital Library

[12]

Coglio, A., Goldberg, A., and Qian, Z. 2000. Toward a provably-correct implementation of the JVM bytecode verifier. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX'00), vol. 2. IEEE Computer Society Press, Las Alamitos, Calif., 403--410.]]

[13]

Cohen, R. 1997. The defensive Java virtual machine specification. Tech. rep., Computational Logic Inc. http://www.cli.com/software/djvm/.]]

[14]

Dave, M. A. 2003. Compiler verification: A bibliography. SIGSOFT Softw. Eng. Notes 28, 6, 2--2.]]

Digital Library

[15]

Drossopoulou, S. and Eisenbach, S. 1999. Describing the semantics of Java and proving type soundness. In Formal Syntax and semantics of a Java. LNCS, vol. 1523. Springer, New York 41--82.]]

Digital Library

[16]

Flatt, M., Krishnamurthi, S., and Felleisen, M. 1999. A programmer's reduction semantics for classes and mixins. In Formal Syntax and semantics of a Java. LNCS, vol. 1523. Springer, New York, 241--269.]]

Digital Library

[17]

Freund, S. N. 2000. Type systems for object-oriented intermediate languages. Ph.D. thesis, Stanford University.]]

Digital Library

[18]

Freund, S. N. and Mitchell, J. C. 2003. A type system for the Java bytecode language and verifier. J. Automated Reasoning 30, 271--321.]]

Digital Library

[19]

Goldberg, A. 1998. A specification of Java loading and bytecode verification. In Proceedings of the 5th ACM Conference on Computer and Communications Security. ACM Press, New York, 49--58.]]

Digital Library

[20]

Hartel, P. and Moreau, L. 2001. Formalizing the safety of Java, the Java virtual machine and Java card. ACM Comput. Surv. 33, 517--558.]]

Digital Library

[21]

Huisman, M. 2001. Reasoning about Java programs in higher order logic with PVS and Isabelle. Ph.D. thesis, Universiteit Nijmegen.]]

[22]

Hutton, G. and Wright, J. 2004. Compiling exceptions correctly. In Mathematics of Program Construction, MPC 2004, D. Kozen and C. Shankland, eds. LNCS, vol. 3125. Springer, New York, 211--227.]]

[23]

Igarashi, A., Pierce, B. C., and Wadler, P. 2001. Featherweight Java: A minimal core calculus for Java and GJ. ACM Trans. Program. Lang. Syst. 23, 396--450.]]

Digital Library

[24]

Kildall, G. A. 1973. A unified approach to global program optimization. In Proceedings of the ACM Symposium on Principles of Programming Languages. ACM Press, New York, 194--206.]]

Digital Library

[25]

Klein, G. 2003. Verified Java bytecode verification. Ph.D. thesis, Institut für Informatik, Technische Universität München.]]

[26]

Klein, G. and Nipkow, T. 2001. Verified lightweight bytecode verification. Concurrency and Comput. Practice and Experience 13, 1133--1151.]]

[27]

Klein, G. and Nipkow, T. 2003. Verified bytecode verifiers. Theor. Comput. Sci. 298, 583--626.]]

Digital Library

[28]

Klein, G. and Strecker, M. 2004. Verified bytecode verification and type-certifying compilation. J. Logic Algebraic Program. 58, 1--2, 27--60.]]

[29]

Klein, G. and Wildmoser, M. 2003. Verified bytecode subroutines. J. Automated Reasoning 30, 363--398.]]

Digital Library

[30]

League, C., Shao, Z., and Trifonov, V. 2002. Type-Preserving compilation of featherweight Java. ACM Trans. Program. Lang. Syst. 24, 112--152.]]

Digital Library

[31]

Leroy, X. 2003. Java bytecode verification: Algorithms and formalizations. J. Automated Reasoning 30, 235--269.]]

Digital Library

[32]

Lindholm, T. and Yellin, F. 1999. The Java Virtual Machine Specification. Addison-Wesley, Reading, Mass.]]

Digital Library

[33]

Liu, H. and Moore, J. S. 2003. Executable JVM model for analytical reasoning: A study. In Proceedings of the 2003 Workshop on Interpreters, Virtual Machines and Emulators. ACM Press, New York 15--23.]]

Digital Library

[34]

Muchnick, S. S. 1997. Advanced Compiler Design and Implementation. Morgan Kaufmann San Fransisco, Calif.]]

Digital Library

[35]

Nipkow, T. 1991. Higher-order critical pairs. In Proceedings of the 6th IEEE Symposium on Logic in Computer Science. IEEE Computer Society Press, Los Alamitos, Calif., 342--349.]]

[36]

Nipkow, T. 2001. Verified bytecode verifiers. In Proceedings of the Foundations of Software Science and Computation Structures Conference, (FOSSACS 2001), F. Honsell, ed. LNCS, vol. 2030. Springer, New York, 347--363.]]

Digital Library

[37]

Nipkow, T., ed. 2003a. Special Issue on Java Bytecode Verification. J. Automated Reasoning, 30, 3--4.]]

Digital Library

[38]

Nipkow, T. 2003b. Structured proofs in Isar/HOL. In Proceedings of the Types for Proofs and Programs Conference (TYPES 2002), H. Geuvers and F. Wiedijk, eds. LNCS, vol. 2646. Springer, New York, 259--278.]]

[39]

Nipkow, T. 2005. Jinja: Towards a comprehensive formal semantics for a Java-like language. In Proof Technology and Computation, Proceedings of the Marktobderdorf Summer School Conference 2003, H. Schwichtenberg and K. Spies, eds. IOS Press Amsterdam, the Netherlands.]]

[40]

Nipkow, T. and Oheimb, D. v. 1998. Java&ell;ight is type-safe---Definitely. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages. ACM Press, New York, 161--170.]]

Digital Library

[41]

Nipkow, T., Paulson, L., and Wenzel, M. 2002. Isabelle/HOL---A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, New York. http://www.in.tum.de/~nipkow/LNCS2283/.]]

[42]

Oheimb, D. v. and Nipkow, T. 1999. Machine-Checking the Java specification: Proving type-safety. In Formal Syntax and semantics of a Java. LNCS, vol. 1523. Springer, New York, 119--156.]]

Digital Library

[43]

Pusch, C. 1999. Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL. In Proceedings of the Tools and Algorithms for the Construction and Analysis of Systems Conference (TACAS'99), W. Cleaveland, ed. LNCS, vol. 1579. Springer, New York, 89--103.]]

Digital Library

[44]

Qian, Z. 2000. Standard fixpoint iteration for Java bytecode verification. ACM Trans. Program. Lang. Syst. 22, 638--672.]]

Digital Library

[45]

Rose, E. 2002. Vérification de code d'octet de la machine virtuelle Java. Formalisation et implantation. Ph.D. thesis, Université Paris VII.]]

[46]

Rose, E. 2003. Lightweight bytecode verification. J. Automated Reasoning 31, 3--4, 303--334.]]

Digital Library

[47]

Rose, E. and Rose, K. 1998. Lightweight bytecode verification. In Proceedings of the OOPSLA'98 Workshop on Formal Underpinnings of Java.]]

[48]

Schirmer, N. 2003. Java definite assignment in Isabelle/HOL. In Proceedings of the Formal Techniques for Java-like Programs 2003 Conference, S. Eisenbach et al. eds. Chair of Software Engineering, ETH Zürich. Technical Report 108.]]

[49]

Schirmer, N. 2004. Analysing the Java package/access concepts in Isabelle/HOL. Concurrency and Comput. Practice and Experience 16, 689--706.]]

Digital Library

[50]

Stärk, R. and Schmid, J. 2001. The problem of bytecode verification in current implementations of the JVM. Tech. rep., Department of Computer Science, ETH Zürich.]]

[51]

Stärk, R., Schmid, J., and Börger, E. 2001. Java and the Java Virtual Machine---Definition, Verification, Validation. Springer, New York.]]

Digital Library

[52]

Stata, R. and Abadi, M. 1998. A type system for Java bytecode subroutines. In Proceedings of the 25th ACM Symposium on Principles of Programming Languages. ACM Press, New York, 149--161.]]

Digital Library

[53]

Strecker, M. 2002. Formal verification of a Java compiler in Isabelle. In Automated Deduction---CADE-18, A. Voronkov, ed. LNCS, vol. 2392. Springer, New York, 63--77.]]

Digital Library

[54]

Syme, D. 1999. Proving Java type soundness. In Formal Syntax and Semantics of Java. LNCS, vol. 1523. Springer, New York. 83--118.]]

Digital Library

[55]

Wenzel, M. 2002. Isabelle/Isar---A versatile environment for human-readable formal proof documents. Ph.D. thesis, Institut für Informatik, Technische Universität München. http://tumb1.biblio.tu-muenchen.de/publ/diss/in/2002/wenzel.html.]]

[56]

Wright, A. and Felleisen, M. 1994. A syntactic approach to type soundness. Inf. Comput. 115, 38--94.]]

Digital Library

[57]

Young, W. D. 1989. A mechanically verified code generator. J. Automated Reasoning 5, 493--518.]]

Digital Library

Cited By

Rao XRadziuk SWatt CGardner P(2025)Progressful Interpreters for Efficient WebAssembly MechanisationProceedings of the ACM on Programming Languages10.1145/37048589:POPL(627-655)Online publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1145/3704858
Youn DShin WLee JRyu SBreitner JGardner PLindley SPretnar MRao XWatt CRossberg A(2024)Bringing the WebAssembly Standard up to Speed with SpecTecProceedings of the ACM on Programming Languages10.1145/36564408:PLDI(1559-1584)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656440
Steinhöfel DHähnle R(2024)Schematic Program Proofs with Abstract ExecutionJournal of Automated Reasoning10.1007/s10817-023-09692-068:2Online publication date: 26-Mar-2024
https://dl.acm.org/doi/10.1007/s10817-023-09692-0
Show More Cited By

Index Terms

A machine-checked model for a Java-like language, virtual machine, and compiler
1. Software and its engineering
  1. Software notations and tools
    1. Compilers
    2. Formal language definitions
      1. Semantics
2. Theory of computation
  1. Semantics and reasoning
    1. Program constructs
      1. Object oriented constructs
    2. Program semantics

Recommendations

Coinductive big-step operational semantics for type soundness of Java-like languages
FTfJP '11: Proceedings of the 13th Workshop on Formal Techniques for Java-Like Programs

We define a coinductive semantics for a simple Java-like language by simply interpreting coinductively the rules of a standard big-step operational semantics.

We prove that such a semantics is sound w.r.t. the usual small-step operational semantics, and ...
How to prove type soundness of Java-like languages without forgoing big-step semantics
FTfJP'14: Proceedings of 16th Workshop on Formal Techniques for Java-like Programs

Small-step operational semantics is the most commonly employed formalism for proving type soundness of statically typed programming languages, because of its ability to distinguish stuck from non-terminating computations, as opposed to big-step ...
Mechanising a Type-Safe Model of Multithreaded Java with a Verified Compiler

This article presents JinjaThreads, a unified, type-safe model of multithreaded Java source code and bytecode formalised in the proof assistant Isabelle/HOL. The semantics strictly separates sequential aspects from multithreading features like locks, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Programming Languages and Systems

ACM Transactions on Programming Languages and Systems Volume 28, Issue 4

July 2006

217 pages

ISSN:0164-0925

EISSN:1558-4593

DOI:10.1145/1146809

Issue’s Table of Contents

Copyright © 2006 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2006

Published in TOPLAS Volume 28, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

182
Total Citations
View Citations
2,001
Total Downloads

Downloads (Last 12 months)161
Downloads (Last 6 weeks)11

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rao XRadziuk SWatt CGardner P(2025)Progressful Interpreters for Efficient WebAssembly MechanisationProceedings of the ACM on Programming Languages10.1145/37048589:POPL(627-655)Online publication date: 7-Jan-2025
https://dl.acm.org/doi/10.1145/3704858
Youn DShin WLee JRyu SBreitner JGardner PLindley SPretnar MRao XWatt CRossberg A(2024)Bringing the WebAssembly Standard up to Speed with SpecTecProceedings of the ACM on Programming Languages10.1145/36564408:PLDI(1559-1584)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656440
Steinhöfel DHähnle R(2024)Schematic Program Proofs with Abstract ExecutionJournal of Automated Reasoning10.1007/s10817-023-09692-068:2Online publication date: 26-Mar-2024
https://dl.acm.org/doi/10.1007/s10817-023-09692-0
Blazy S(2024)From Mechanized Semantics to Verified Compilation: the Clight Semantics of CompCertFundamental Approaches to Software Engineering10.1007/978-3-031-57259-3_1(1-21)Online publication date: 6-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57259-3_1
Watt CTrela MLammich PMärkl F(2023)WasmRef-Isabelle: A Verified Monadic Interpreter and Industrial Fuzzing Oracle for WebAssemblyProceedings of the ACM on Programming Languages10.1145/35912247:PLDI(100-123)Online publication date: 6-Jun-2023
https://dl.acm.org/doi/10.1145/3591224
Hiep HMaathuis OBian Jde Boer Fde Gouw S(2022)Verifying OpenJDK’s LinkedList using KeY (extended paper)International Journal on Software Tools for Technology Transfer (STTT)10.1007/s10009-022-00679-724:5(783-802)Online publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1007/s10009-022-00679-7
Desharnais MBrunthaler SHriţcu CPopescu A(2021)Towards efficient and verified virtual machines for dynamic languagesProceedings of the 10th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3437992.3439923(61-75)Online publication date: 17-Jan-2021
https://dl.acm.org/doi/10.1145/3437992.3439923
Watt CRao XPichon-Pharabod JBodin MGardner P(2021)Two Mechanisations of WebAssembly 1.0Formal Methods10.1007/978-3-030-90870-6_4(61-79)Online publication date: 10-Nov-2021
https://doi.org/10.1007/978-3-030-90870-6_4
Mansky SGunter E(2020)Safety of a Smart Classes-Used Regression Test Selection AlgorithmElectronic Notes in Theoretical Computer Science10.1016/j.entcs.2020.08.004351(51-73)Online publication date: Sep-2020
https://doi.org/10.1016/j.entcs.2020.08.004
Hiep HMaathuis OBian Jde Boer Fvan Eekelen Mde Gouw S(2020)Verifying OpenJDK’s LinkedList using KeYTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45237-7_13(217-234)Online publication date: 25-Apr-2020
https://dl.acm.org/doi/10.1007/978-3-030-45237-7_13
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents