C. Pusch. Formalizing the Java Virtual Machine in Isabelle /HOL. Technical Report TUM-I9816, Institut fur Informatik, Technische Universitat Munchen, 1998.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....with a variant of Goguen Meseguer noninterference [5] due to Focardi and Gorrieri [4] Admissibility is cast, first, in terms of general labelled transition systems. Mapping this to JVM amounts to an operational semantics. While this subject is getting fairly well understood in general terms (cf. [15, 3]) we face two particular complications: 1. The use of library method calls, to initialize and use window objects such as textfields (from package java.awt) to encrypt decrypt (from javax.crypto) to open and close streams (from java.io) and to write to sockets (from java.net) 2. The need for ....

....running inside Netscape Navigator 4.5. This platform permits us to experiment with concrete applets, equipped with proofs and specifications in the form of admissibility predicates. Proofs and specifications are produced using the Isabelle theorem prover [14] based on earlier work by Pusch [15]. The Isabelle formalization uses the ideas of Sections 5 and 6 rather directly. The formalization presents no essential problems. However, arriving at a good structure of the JVM specification and the proof which permits the checking speeds required for real applications is a matter of continued ....

C. Pusch. Formalizing the Java Virtual Machine in Isabelle /HOL. Technical Report TUM-I9816, Institut fur Informatik, Technische Universitat Munchen, 1998.

....Java Virtual Machine which have some relevance for our work here on Java Card. Bertelsen [1] gives an operational semantics which we have used as a starting point. He also considers the verification conditions, which considerably complicates the rules, however. Pusch has formalised the JVM in HOL [8]. Like us, she considers the class file to be well formed so that the hypotheses of rules are just assignments. The operational semantics is presented directly as a formalisation in HOL, whereas we have chosen (equivalently) to use inference rules. All these works make various simplifications and ....

....Interpretation The signature is not considered to include the return type. We assume that this signature is the same as the argument given to the methods item. There are a number of possibilities for how method lookup should be defined, depending on the definition of inheritance. For example, [1, 8] use a naive lookup which does not take account of visibility modifiers. A fuller discussion of this appears in [9] lookup name (act class, sig, dec class) let dec pk = pack name(dec class) act pk = pack name(act class) meth dec, env name (dec pk) dec class) ....

Cornelia Pusch. Formalizing the Java Virtual Machine in Isabelle/HOL. Technical Report TUM-I9816, Institut fur Informatik, Technische Universitat Munchen, 1998.

.... ; 1h4i] 6 6 aload 0 [obj ; val1; val2hobj i; 1h4i; 7 7 aload 0 [obj ; val1; val2hobj i; 1h4i; obj ] 8 8 ifacmpeq 11 [obj ; val1; val2hobj i; 1h4i; obj ; obj] 11 9 aload 0 10 astore 1 11 jsr 12 [obj ; val1; val2hobj i; 1h4i; 12 12 astore 4 [obj ; val1; val2hobj i; 1h4i; [12] 13 13 ret 3 [obj ; val1; val2hobj i; 1h4i;12] 1h4i Figure 1: A JVM program and an execution The notation obj stands for the reference of the object on which the method is invoked. The notations val1 and val2 stand for the two integer actual parameters. The notation in a local memory ....

....by considering object initialization. Hagiya and Tozawa [8] presented another type system for subroutines, where the soundness proof is extremely simple. Qian [13] presented a constraint based typing system for objects, primitive values, methods and subroutines and proved the soundness. Pusch [12] formalized a subset of JVM in the theorem prover Isabelle HOL and reached a higher degree of reliability. All this work basically aimed at achieving a sound specification, which defines what types memory locations should have, but did not consider how to develop a provably correct implementation ....

C. Pusch. Formalizing the Java Virtual Machine in Isabelle/HOL. Technical report, TUM I9816, Technische Unversitat Munchen, 1998. http://www4.informatik.tu-muenchen.de/~isabelle/bali/.

....considering object initialization. Hagiya and Tozawa [HT98] presented another type system for subroutines, where the soundness proof is extremely simple. Qian [Qia98] presented a constraint based typing system for objects, primitive values, methods and subroutines and proved the soundness. Pusch [Pus98] formalized a subset of the JVM in the theorem prover Isabelle HOL thus achieving a high level of assurance. All of this work is basically aimed at achieving a sound specification, but did not consider how to develop a provably correct implementation. Note that Hagiya and Tozawa discussed issues ....

C. Pusch. Formalizing the Java Virtual Machine in Isabelle/HOL. Technical report, TUM I9816, Technische Unversitat Munchen, 1998. http://www4.informatik.tu-muenchen.de/~isabelle/bali/.

....to automatically collapse the constraint system used in the analysis of method x into a single large (conservatively approximate) constraint for J x Putting the class invariance theorem on a solid semantic foundation. There are several ongoing projects to develop formal semantics for Java [Pus98, DEK99] Is it possible to derive our Theorem 1 from a formal semantics Identifying other categories of class invariants. Are there other de nitions of class invariants that are tractable for static analysis, in Java or in other languages Are there language constructs that would help ....

Cornelia Pusch. Formalizing the Java virtual machine in Isabelle/HOL. Technical report, Technische Universitat Munchen, June 1998.

....considering object initialization. Hagiya and Tozawa [HT98] presented another type system for subroutines, where the soundness proof is extremely simple. Qian [Qia98] presented a constraint based typing system for objects, primitive values, methods and subroutines and proved the soundness. Pusch [Pus98] formalized a subset of the JVM in the theorem prover Isabelle HOL thus achieving a high level of assurance. All of this work is basically aimed at achieving a sound specification, but did not consider how to develop a provably correct implementation. Note that Hagiya and Tozawa discussed issues ....

C. Pusch. Formalizing the Java Virtual Machine in Isabelle/HOL. Technical report, TUM I9816, Technische Unversitat Munchen, 1998. http://www4.informatik.tu-muenchen.de/~isabelle/bali/.

....certification services, for example in the form of a web proxy that certifies all class files that passes by. The full paper includes a list of future work, notably extending the language with exceptions and protection, and an account of the relation to work on formalizing the JVM (Bertelsen 1997, Pusch 1998) on Java type soundness (Drossopoulou, Eisenbach Khurshid 1997, Drossopoulou Eisenbach 1997, Oheimb Nipkow 1998, Nipkow von Oheimb 1998) class loading (Jensen et al. 1998) safety in connection with downloading (Leroy Rouaix 1998) and surely other work reported in the FUJ 98 meeting. ....

Pusch, C. (1998), Formalizing the java virtual machine in isabelle/hol, Technical Report TUM-I9816, Institut fur Informatik, Technische Universitat Munchen.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC