A machine-checked model for a Java-like language, virtual machine, and compiler

We introduce Jinja, a Java-like programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between the realism of the language and the tractability and clarity of its formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence, a type system and a definite initialisation analysis, a type safety proof of the small step semantics, a virtual machine (JVM), its operational semantics and its type system, a type safety proof for the JVM; a bytecode verifier, that is, a data flow analyser for the JVM, a correctness proof of the bytecode verifier with respect to the type system, and a compiler and a proof that it preserves semantics and well-typedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine, and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.

[1]  Gary A. Kildall,et al.  A unified approach to global program optimization , 1973, POPL.

[2]  Tobias Nipkow,et al.  Higher-order critical pairs , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[3]  Matthias Felleisen,et al.  A Syntactic Approach to Type Soundness , 1994, Inf. Comput..

[4]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[5]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[6]  Wolfgang Weck,et al.  Compound types for Java , 1998, OOPSLA '98.

[7]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[8]  Allen Goldberg,et al.  A specification of Java loading and bytecode verification , 1998, CCS '98.

[9]  Martín Abadi,et al.  A type system for Java bytecode subroutines , 1999, TOPL.

[10]  Jim Alves-Foss,et al.  Formal Syntax and Semantics of Java , 2002, Lecture Notes in Computer Science.

[11]  Don Syme,et al.  Proving Java Type Soundness , 1999, Formal Syntax and Semantics of Java.

[12]  Tobias Nipkow,et al.  Machine-Checking the Java Specification: Proving Type-Safety , 1999, Formal Syntax and Semantics of Java.

[13]  Martin Wirsing,et al.  Formal Syntax and Semantics of Java , 1999 .

[14]  Matthias Felleisen,et al.  A Programmer's Reduction Semantics for Classes and Mixins , 1999, Formal Syntax and Semantics of Java.

[15]  Sophia Drossopoulou,et al.  Describing the Semantics of Java and Proving Type Soundness , 1999, Formal Syntax and Semantics of Java.

[16]  Cornelia Pusch,et al.  Proving the Soundness of a Java Bytecode Verifier Specification in Isabelle/HOL , 1999, TACAS.

[17]  Zhenyu Qian,et al.  Standard fixpoint iteration for Java bytecode verification , 2000, TOPL.

[18]  Robert F. Stärk,et al.  The problem of Bytecode Verification in Current Implementations of the JVM , 2000 .

[19]  Zhenyu Qian,et al.  Toward a provably-correct implementation of the JVM bytecode verifier , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[20]  Tobias Nipkow,et al.  Executing Higher Order Logic , 2000, TYPES.

[21]  David Aspinall,et al.  Proof General: A Generic Tool for Proof Development , 2000, TACAS.

[22]  Stephen N. Freund,et al.  Type systems for object-oriented intermediate languages , 2000 .

[23]  Marieke Huisman,et al.  Reasoning about Java programs in higher order logic using PVS and Isabelle , 2001 .

[24]  Tobias Nipkow,et al.  Verified lightweight bytecode verification , 2001, Concurr. Comput. Pract. Exp..

[25]  Egon Börger,et al.  Java and the Java Virtual Machine: Definition, Verification, Validation , 2001 .

[26]  Pieter H. Hartel,et al.  Formalizing the safety of Java, the Java virtual machine, and Java card , 2001, CSUR.

[27]  Philip Wadler,et al.  Featherweight Java: a minimal core calculus for Java and GJ , 2001, TOPL.

[28]  Davide Ancona,et al.  A core calculus for Java exceptions , 2001, OOPSLA '01.

[29]  Tobias Nipkow Verified Bytecode Verifiers , 2001, FoSSaCS.

[30]  Prof. Dr. Robert F. Stärk,et al.  Java and the Java Virtual Machine , 2001, Springer Berlin Heidelberg.

[31]  Gilles Barthe,et al.  A Formal Executable Semantics of the JavaCard Platform , 2001, ESOP.

[32]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[33]  Tobias Nipkow,et al.  Structured Proofs in Isar/HOL , 2002, TYPES.

[34]  Zhong Shao,et al.  Type-preserving compilation of Featherweight Java , 2002, TOPL.

[35]  Eva Rose,et al.  Vérification de code d'octet de la machine virtuelle Java : formalisation et implantation , 2002 .

[36]  Markus Wenzel,et al.  Isabelle, Isar - a versatile environment for human readable formal proof documents , 2002 .

[37]  Martin Strecker,et al.  Formal Verification of a Java Compiler in Isabelle , 2002, CADE.

[38]  Hanbing Liu,et al.  Executable JVM model for analytical reasoning: a study , 2003, IVME '03.

[39]  Maulik A. Dave,et al.  Compiler verification: a bibliography , 2003, SOEN.

[40]  Norbert Schirmer Java Definite Assignment in Isabelle/HOL , 2003 .

[41]  Gerwin Klein,et al.  Verified Java Bytecode Verification , 2003, Ausgezeichnete Informatikdissertationen.

[42]  Tobias Nipkow,et al.  Verified Bytecode Verifiers , 2001, FoSSaCS.

[43]  Stefan Berghofer,et al.  Proofs, programs and executable specifications in higher order logic , 2003 .

[44]  Tobias Nipkow Jinja: Towards a Comprehensive Formal Semantics for a Java-like Language , 2003 .

[45]  Clemens Ballarin Locales and Locale Expressions in Isabelle/Isar , 2003, TYPES.

[46]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[47]  Norbert Schirmer Analysing the Java package-access concepts in Isabelle-HOL: Research Articles , 2004 .

[48]  Gerwin Klein,et al.  Verified Bytecode Subroutines , 2003, Journal of Automated Reasoning.

[49]  Norbert Schirmer Analysing the Java package/access concepts in Isabelle/HOL , 2004, Concurr. Pract. Exp..

[50]  Graham Hutton,et al.  Compiling Exceptions Correctly , 2004, MPC.

[51]  Alessandro Coglio,et al.  Simple Verification Technique for Complex Java Bytecode Subroutines , 2001 .

[52]  Stephen N. Freund,et al.  A Type System for the Java Bytecode Language and Verifier , 2003, Journal of Automated Reasoning.

[53]  Xavier Leroy,et al.  Java Bytecode Verification: Algorithms and Formalizations , 2003, Journal of Automated Reasoning.

[54]  Tobias Nipkow Java Bytecode Verification , 2004, Journal of Automated Reasoning.

[55]  Martin Strecker,et al.  Verified bytecode verification and type-certifying compilation , 2004, J. Log. Algebraic Methods Program..

[56]  Alessandro Coglio Simple verification technique for complex Java bytecode subroutines: Research Articles , 2004 .

[57]  Gilles Barthe,et al.  A Tool-Assisted Framework for Certified Bytecode Verification , 2004, FASE.

[58]  Tobias Nipkow,et al.  A machine-checked model for a Java-like language, virtual machine, and compiler , 2006, TOPL.

[59]  William D. Young,et al.  A mechanically verified code generator , 1989, Journal of Automated Reasoning.

[60]  John Tang Boyland,et al.  Formal Techniques for Java-Like Programs , 2007, ECOOP Workshops.