An Abstract Class Loader for the SSP and its Implementation in TL

The SSP is a hardware implementation of a subset of the JVM for use in high consequence embedded applications. In this context, a majority of the activities belonging to class loading, as it is deflned in the speciflcation of the JVM, can be performed statically. Static class loading has the net result of dramatically simplifying the design of the SSP as well as increasing its performance. Due to the high consequence nature of its applications, strong evidence must be provided that all aspects of the SSP have been implemented correctly. This includes the class loader. This article explores the possibility of formally verifying a class loader for the SSP implemented in the strategic programming language TL. Speciflcally, an implementation of the core activities of an abstract class loader is presented and its veriflcation in ACL2 is considered.

[1]  V. Rich Personal communication , 1989, Nature.

[2]  George Porter,et al.  An Executable Formal Java Virtual Machine Thread Model , 2001, Java Virtual Machine Research and Technology Symposium.

[3]  C. Kirchner,et al.  Introduction to the Rewriting Calculus , 1999 .

[4]  Steve Roach,et al.  Transformation-oriented programming: A development methodology for high assurance software , 2003, Adv. Comput..

[5]  J. S. Moore,et al.  Proving Theorems About Java-Like Byte Code , 1999, Correct System Design.

[6]  Eelco Visser,et al.  Strategic Pattern Matching , 1999, RTA.

[7]  Victor L. Winter Strategy application, observability, and the choice combinator. , 2004 .

[8]  J. Strother Moore Piton: A Mechanically Verified Assembly-Level Language , 1996 .

[9]  Robert S. Boyer,et al.  Automated proofs of object code for a widely used microprocessor , 1996, JACM.

[10]  Mahadevan Subramaniam,et al.  The transient combinator, higher-order strategies, and the distributed data problem , 2004, Sci. Comput. Program..

[11]  Martin Wirsing,et al.  Algebraic Specification , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[12]  Paul Klint,et al.  Term rewriting with traversal functions , 2003, TSEM.

[13]  James Moore,et al.  Proving Theorems about Java and the JVM with ACL2 , 2002 .

[14]  Matt Kaufmann,et al.  A Mechanically Checked Proof of the , 1998 .

[15]  Frank Yellin,et al.  Inside the Java Virtual Machine , 1997 .

[16]  Robert S. Boyer,et al.  A computational logic handbook , 1979, Perspectives in computing.

[17]  James A. McCoy An embedded system for safe, secure and reliable execution of high consequence software , 2000, Proceedings. Fifth IEEE International Symposium on High Assurance Systems Engineering (HASE 2000).

[18]  Bishop Brock,et al.  ACL2 Theorems About Commercial Microprocessors , 1996, FMCAD.

[19]  Eelco Visser,et al.  Building program optimizers with rewriting strategies , 1998, ICFP '98.

[20]  Steve Roach,et al.  The SSP: an example of high-assurance systems engineering , 2004, Eighth IEEE International Symposium on High Assurance Systems Engineering, 2004. Proceedings..

[21]  Claude Kirchner,et al.  An overview of ELAN , 1998, WRLA.

[22]  Eelco Visser Scoped Dynamic Rewrite Rules , 2001, Electron. Notes Theor. Comput. Sci..

[23]  Victor L. Winter Strategy Construction in the Higher-Order Framework of TL , 2005, Electron. Notes Theor. Comput. Sci..