Denotational semantics is given for a Java-like language with pointers, subclassing and dynamic dispatch, class oriented visibility control, recursive types and methods, and privilegebased access control. Representation independence (relational parametricity) is proved, using a semantic notion of confinement similar to ones for which static disciplines have been recently proposed.

In this paper, we define a program logic (an instance of Dynamic

We present a formal semantics as a conservative shallow embedding of the Object Constraint Language (OCL). OCL is currently under development within an open standardization process within the OMG; our work is an attempt to accompany this process by a proposal solving open questions in a consistent way and exploring alternatives of the language design. Moreover, our encoding gives the foundation for tool supported reasoning over OCL specifications, for example as basis for test case generation.

The byte-code verier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the languages used to embed programs in all kinds of appliances or computer-based applications, it becomes important to verify that the claim of safety is justified. We worked on a type system proposed in [7] to enforce a discipline for object initialization in the Java Virtual Machine Language and implemented it in the Coq [5] proof and specification language. We first produced mechanically checked proofs of the theorems in [7] and then we constructed a functional implementation of a byte-code verifier. We have a mechanical proof that this byte-code verifier only accepts programs that have a safe behavior with respect to initialization. Thanks to the extraction mechanism provided in Coq...

Based on experiences gained from an embedding of the Object Constraint Language (OCL) in higher-order logic [1], we explore several key issues of the design of a formal semantics of the OCL. These issues comprise the question of the interpretation of invariants, pre- and postconditions, an executable sub-language and the possibilities of refinement notions. A particular emphasize is put on the issue of mechanized deduction in UML/OCL specification.

In this paper, we show that one can "deep-embed" the Java bytecode language, a fairly complicated language with a rich semantics, into the first order logic of ACL2 by modeling a realistic JVM. We show that with proper support from a semi-automatic theorem prover in that logic, one can reason about the correctness of Java programs. This reasoning can be done in a direct and intuitive way without incurring the extra burden that has often been associated with hand proofs, or proofs that make use of less automated proof assistance. We present proofs for two simple Java programs as a showcase.

We have used Isabelle/HOL to formalize and prove correct an approach to bytecode verification based on model checking that we have developed for the Java Virtual Machine. Our work builds on, and extends, the formalization of the Java Virtual Machine and data ow analysis framework of Pusch and Nipkow. By building on their framework, we can reuse their results that relate the run-time behavior of programs with the existence of well-typings for the programs.

The status of the Common Framework Initiative (CoFI) and the Common Algebraic Specification Language (Casl) are briefly presented.

Operational models of fragments of the Java Virtual Machine and the .NET Common Language Runtime have been the focus of considerable study in recent years, and of particular interest have been specifications and machine-checked proofs of type soundness. In this paper we aim to increase the level of automation used when checking type soundness for these formalizations. We present a semi-automated technique for reducing a range of type soundness problems to a form that can be automatically checked using a decidable first-order theory. Deciding problems within this fragment is exponential in theory but is often efficient in practice, and the time required for proof checking can be controlled by further hints from the user. We have applied this technique to two case studies, both of which are type soundness properties for subsets of the .NET CLR. These case studies have in turn aided us in our informal analysis of that system.

Abstract. This paper presents a theory of Object-Oriented concepts embedded shallowly in HOL for the verification of OO analysis models. The theory is application-specific in the sense that it is automatically constructed depending on the type information of the application. This allows objects to have attributes of arbitrary types, making it possible to verify models using not only basic types but also highly abstracted types specific to the target domain. The theory is constructed by definitional extension based on the operational semantics of a heap memory model, which guarantees the soundness of the theory. This paper mainly focuses on the implementation details of the theory. 1 Introduction The Object-Oriented developing method is becoming the mainstream of the soft-ware development. In the upstream phase of the development, analysis models are constructed with a language such as UML (Unified Modeling Language [1]).To ensure the correctness of the models, formal semantics must be given to them and verification method such as theorem proving must be applied.