Zhenyun Qian. A Formal Specification of the Java Virtual Machine Instructions. http://www.informatik.unibremen. de/ qian/abs-fsjvm.html, 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....in JS, but can be easily overlooked. For example, Sun s Java 2 SDK version 1.4 is affected by this bug. The problem and its solution should be discussed in JS. A better strategy is to assign finite sets of reference types to the operand stack and local variables, merging the sets by union [11,13,14]. For example, the result of merging C and D is C, D . This avoids the above problem altogether, because no new name is introduced by merging: a name N # Subtype checking is described in JS4.9.1, in the context of lazy loading. Indeed, the description could be moved or copied into ....

....not implement the interface) but the relation between this run time check and bytecode verification is not made explicit. These implications should be discussed in JS. The alternative merging strategy described in Section 5. 3 automatically provides a clean and sound treatment of interface types [11,13,14]. Interface names are treated exactly like class names ## . Since merging is set union, multiple inheritance of interfaces is not a problem; there is no need to use java.lang.Object as the result of merging. Therefore, no special treatment of java.lang.Object is necessary and no run time checks ....

Qian Z. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. Fo r ma Syntax and Semantics of Java (Lecture Notes in Computer Science, vol. 1523), Alves-Foss J (ed.). Springer: Berlin, 1999; 271--312.

....of this approach and of its type safety results. Copyright # 2001 John Wiley Sons, Ltd. KEY WORDS: Java; JVM; type safety; bugs 1. INTRODUCTION We are currently developing mathematical specifications for critical components of the Java Virtual Machine (JVM) including the bytecode verifier [1,2,3,4] and the class loading mechanisms [5] A major goal of such efforts is to formally analyze the JVM in order to increase confidence in its correctness. That involves verifying that the existing mechanisms exhibit desired properties, or identifying flaws and proposing fixes. Another major goal of ....

....bytecode verifier never causes resolution (and loading) of any class. The result of merging two FQNs is a set containing the two FQNs. More precisely, the bytecode verifier uses (finite) sets of FQNs (and not just FQNs) as types for stack positions and local variables containing reference types [1,2,3]. Initially (e.g. in the local variables containing method invocation arguments) sets are singletons. Merging is set union. The meaning of a set of FQNs assigned as the type of a local variable or stack position is that the local variable or stack position may contain an instance of a class whose ....

Qian Z. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. Formal Syntax and Semantics of Java (Lecture Notes in Computer Science, vol. 1523), Alves-Foss J (ed.). Springer: Berlin, 1999.

.... a run time type violation: it will either loop or transition to a state (s # , r # ) that matches (S # , R # ) This correctness property was formalized and proved by several authors, including Pusch [43] using the Isabelle HOL prover) Coglio et al. [10] using SpecWare) Goldberg [17] and Qian [44] (using standard mathematics) Two other properties of the abstract interpreter are essential to ensure correctness and termination of the bytecode verification algorithms reviewed in this paper: determinacy of transitions, and monotonicity with respect to the subtyping relation. PROPERTY 2. ....

....machine) of the bytecode verification algorithm described above have been published. Nipkow and Klein s development in Isabell HOL [38, 28, 26] is the closest to the dataflow presentation that we gave above. Other formalizations and correctness proofs of the dataflow approach include those of Qian [44], Coglio et al. [10] and Stark et al. [49] Bytecode verification can also be specified and proved sound using type systems [51, 14, 13] in this framework, the forward dataflow analysis algorithm that we described can be viewed as a type inference algorithm for these type systems. Hartel and ....

[Article contains additional citation context not shown here]

Qian, Z.: 1998, `A formal specification of Java virtual machine instructions for objects, methods and subroutines'. In: J. Alves-Foss (ed.): Formal syntax and semantics of Java, Vol. 1523 of Lecture Notes in Computer Science. SpringerVerlag.

....the verification as a linear pass throughout the code, and leaves the code unmodified. 2.4. Formal studies on byte code verification Most of those studies focus on the type verification part of the algorithms. One of the most complete formal models of the Java virtual machine is given by Qian [15]. He considers a large subset of the byte code and aims at proving the runtime correctness from its static typing. Then, he proposes the proof of a verifier that can be deducted from the virtual machine specification. In a more recent work [5] the authors also propose a correct implementation of ....

....byte code verifier. They view the verification problem as a data flow analysis, and aims to formally describe the specification to extract the corresponding code using the Specware tool. In the Bali project, Push [14] proves a part of the JVM using the prover Isabelle HOL [7] Using Qian works [15], she gives the verifier specification and then proves its correctness. She also defines a subset of Java, java [13] and aims to prove properties over it. More precisely, they formalize the type system and the semantics of this language using the Isabelle theorem prover. In a more recent work ....

Z. Qian. A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines. In Formal Syntax and Semantics of Java, LNCS 1523. Springer, 1999.

....of p is IntPt, ColorPt , so the type checker requires IntPt # Pt and ColorPt # Pt. In our example, we could have used the super class type Pt in place of the set IntPt, ColorPt ,butwithinterfaces and multiple inheritance, this is not always possible. Both GoldbergandQianhaveobservedthisproblem[9,24];the following example is from Knoblock and Rehof [14] interface SA void saMeth( interface SB void sbMeth( interface A extends SA, SB . interface B extends SA, SB . public static void (boolean f, A a, B b) if (f) x = a; else x=b; x.saMeth( x.sbMeth( ....

Z. Qian. A formal specification for Java Virtual Machine instructions for objects, methods, and subroutines. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of LNCS, pages 271--312. Springer, 1999.

....approach 6. 2 Formalizations of Sun s verifier Challenged by the lack of precision in the reference publications of Sun s verifier [9, 31, 14] many researchers have published rational reconstructions, formalizations, and formal proofs of correctness of various subsets of Sun s verifier [6, 22, 21, 23, 7, 18, 25]. See Hartel and Moreau s survey [12] for a more detailed description. These works were influential in understanding the issues, uncovering bugs in Sun s implementation of the verifier, and generating confidence in the algorithm. Unfortunately, most of these works address only a subset of the ....

Qian Z. A formal specification of Java virtual machine instructions for objects, methods and subroutines. In Formal syntax and semantics of Java, Alves-Foss J (ed.), LNCS 1523. SpringerVerlag, 1998.

....information. However, people [e.g. 1] have found a number of weaknesses in the JVM s checks that have caused it to accept programs with unsafe and possibly insecure behavior. Therefore it seems desirable to formalize the Java bytecode language and its type system and to prove safety. Researchers [8, 7, 2] have formulated type systems for subsets of the Java bytecode language and proven their soundness. Copyright 1998 by the Association for Computing Machinery, Inc. Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided ....

....of closures, but they are translated to JVML objects. Freund and Mitchell [2] investigated adding object initialization constraints to JVML 0. It does not appear to be difficult to adapt their approach to JVML 0 C. Qian has formulated type checking and inference for a very rich subset of JVML [7]. However, his machinery to handle subroutines that do not exit cleanly is rather complex [Section 10.6 of [7] For example, for each instruction it constructs a mapping from pairs of subroutine addresses to sets of local variables. Hagiya and Towaza [4] have proposed another method for checking ....

[Article contains additional citation context not shown here]

Z. Qian. A formal specification of Java virtual machine instructions. Formal Syntax and Semantics of Java, Springer-Verlag LNCS, 1998.

....in [7] have motivated considerable research. A number of di#erent approaches have been proposed for type checking bytecode and [6] contains an excellent overview of the area. Most of this work is theoretically oriented and is concerned with formalizing the JVM [2] and defining related type systems [3, 12, 13, 17]. There has also been considerable work on formally proving the soundness of various approaches or verifying su#cient conditions for bytecode verifiers to be correct [2, 8, 10, 11] In the recent years there has been a convergence of ideas in static analysis and model checking: di#erent kinds of ....

Z. Qian. A formal specification of Java virtual machine instructions for objects, methods and subroutines. In Formal Syntax and Semantics of Java, volume 1523 of LNCS, pages 271--311. Springer-Verlag, 1999.

....Cornelia Pusch Institut fur Informatik, Technische Universitat Munchen 80290 Munchen, Germany http: www.in.tum.de pusch Draft September 4, 1998 Abstract. We have formalized large parts of the Java Virtual Machine (JVM) with the theorem prover Isabelle HOL. Based on the work by Qian[Qia98], we have then formalized a specification for a Java bytecode verifier and formally proved the soundness of the specification. 1 Introduction The Java Virtual Machine (JVM) is an abstract machine consisting of a memory architecture and an instruction set. It is part of the Java language design ....

....JVM, where runtime checks are performed to guarantee a type safe execution of the code. The Java Virtual Machine Specification [LY96] describes Sun s implementation of a bytecode verifier where most of the type checking is done statically but several parts are delayed until runtime. Qian [Qia98] has developed a specification for an extended bytecode verifier, where all type checking is done statically. The specification of a bytecode verifier presented in this paper is the result of formalizing Qian s work in Isabelle HOL, and it assumes some familiarity with both the JVM and Qian s ....

[Article contains additional citation context not shown here]

Zhenyu Qian. A Formal Specification of Java Virtual Machine instructions for Objects, Methods and Subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1??? of Lect. Notes in Comp. Sci. Springer-Verlag, 1998. To appear. 11

....(US tys) 5.2 Soundness Proof Qian states a soundness theorem saying that for a statically well typed program, the correctness relation between runtime values and static types of the current operand stack and local variables will be preserved in every execution step. However, his proof given in [Qia97] remains sketchy, and it reveals that the theorem cannot be proved in this form. A stronger proof invariant has to be formulated, assuring the correctness not only of the current operand stack and local variables, but the correctness of the entire state containing all active invocation frames. In ....

Zhenyu Qian. A formal specification of Java Virtual Machine instructions. Technical report, 1997. Dept. of Comp. Sci., University of Bremen.

....the verifier) from a formal specification using the SPECWARE System. SPECWARE [1] a system available from Kestrel Institute [2] supports the formal and provably correct development of programs from specifications written in a specifcation notation based on high order logic. In previous papers [3, 4] we have specified the semantics of the JVM verifier. Collectively these papers deal with most aspects of the JVM including JVM subroutines, dynamic class loading, object initialization, interface types, arrays, and all primitive types. These papers take the perspective that bytecode verification ....

....approaches did not consider static type checking, thus are not directly relevant to bytecode verification. Stata and Abadi [11] proposed a type system for subroutines, provided lengthy proofs for the soundness of the system and clarified several key semantic issues about subroutines. Qian [3] presented a constraint based typing system for objects, primitive values, methods and subroutines and proved the soundness. Freund and Mitchell [16] made a significant extension of Stata and Abadi s type system [11] by considering object initialization. Hagiya and Tozawa [12] presented ....

[Article contains additional citation context not shown here]

Qian, Z. A Formal Specification of Java Virtual Machine Instructions for Objects, Methods, and Subroutines. In, Formal Syntax and Semantics of Java, J. AlvesFoss, Ed. Berlin: Springer-Verlag, LNCS #1523, 1998, pp. 271-312..

No context found.

Zhenyun Qian. A Formal Specification of the Java Virtual Machine Instructions. http://www.informatik.unibremen. de/ qian/abs-fsjvm.html, 1997.

No context found.

Z. Qian. A Formal Specification of the Java Virtual Machine Instructions. http://www.informatik.unibremen. de/ qian/abs-fsjvm.html, 1997.

No context found.

Z. Qian, A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines. I-- Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271-312. Springer, 1999.

No context found.

Z. Qian. A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines. In Formal Syntax and Semantics of Java, pages 271--312, 1999.

No context found.

Zhenyu Qian. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lect. Notes in Comp. Sci., pages 271--311. Springer-Verlag, 1999.

No context found.

Qian, Z.: A formal specification of Java Virtual Machine instructions for objects, methods and subrountines, in J. Alves-Foss (ed.), Formal Syntax and Semantics of Java, Lecture Notes in Comput. Sci. 1523, Springer-Verlag, 1999, pp. 271--312.

No context found.

Qian Z. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. Formal Syntax and Semantics of Java (Lecture Notes in Computer Science, vol. 1523), Alves-Foss J (ed.). Springer: Berlin, 1999; 271--312.

No context found.

Zhenyu Qian. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271--311. Springer Verlag, 1999.

No context found.

Z. Qian. A formal specification of Java virtual machine instructions. Technical report, Universitt Bremen, 1997. URL: http://www.informatik. uni-bremen.de/~qian/pub-list.html.

No context found.

Qian, Z.: 1999, `A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines'. In: J. Alves-Foss (ed.): Formal Syntax and Semantics of Java, Vol. 1523 of Lect. Notes in Comp. Sci. Springer-Verlag, pp. 271--311.

No context found.

Z. Qian, A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines. I-- Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271-312. Springer, 1999.

No context found.

Qian, Z.: 1999, `A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines'. In: J. Alves-Foss (ed.): Formal Syntax and Semantics of Java, Vol. 1523 of LNCS. Springer, pp. 271--311.

No context found.

Zhenyu Qian. A formal specification of Java virtual machine instructions for objects, methods and subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271--

No context found.

Z. Qian. A formal specification of Java Virtual Machine instructions for objects, methods and subroutines. In J. Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of LNCS, pages 271-311. Springer-Verlag, 1999.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC