This paper explains the details of the memory model underlying the verification of sequential Java programs in the "LOOP" project ([14, 20]). The building blocks of this memory are cells, which are untyped in the sense that they can store the contents of the fields of an arbitrary Java object. The main memory is modeled as three infinite series of such cells, one for storing instance variables on a heap, one for local variables and parameters on a stack, and and one for static (or class) variables. Verification on the basis of this memory model is illustrated both in PVS and in Isabelle/HOL, via several examples of Java programs, involving various subtleties of the language (wrt. memory storage).

This paper describes the role of a computational monad in the denotational semantics of sequential Java and investigates some of its properties. This denotational semantics is an abstraction of the one used for the verication of (sequential) Java programs using proof tools, see [11,15].

This paper examines Java's exception mechanism, and formalises its main operations (throw, try-catch and try-catch-finally) in a type-theoretic setting. This formalisation uses so-called coalgebras for modeling Java statements and expressions, thus providing a convenient setting for handling the various termination options that may arise in exception handling (closely following the Java Language Specification). This semantics of exceptions is used within the LOOP project on Java program verification. It is illustrated in two example verifications in PVS.

This paper describes the basic structures in the denotational and axiomatic semantics of sequential Java, both from a monadic and a coalgebraic perspective. This semantics is an abstraction of the one used for the verification of (sequential) Java programs using proof tools in the LOOP project at the University of Nijmegen. It is shown how the monadic perspective gives rise to the relevant computational structure in Java (composition, extension and repetition), and how the coalgebraic perspective o#ers an associated program logic (with invariants, bisimulations, and Hoare logics) for reasoning about the computational structure provided by the monad.

. This paper explains the details of the memory model underlying the verication of sequential Java programs in the framework of the \LOOP" project ([13, 18]). The building blocks of this memory are cells, which are untyped in the sense that they can store the contents of the elds of an arbitrary Java object. The main memory is then modeled as three innite series of such cells, for storing instance variables on a heap, local variables and parameters on a stack, and static (or class) variables in the third series. Verication on the basis of this memory model is illustrated both in PVS and in Isabelle/HOL, via several examples of Java programs, involving various subtleties of the language (wrt. memory storage). Keywords: Memory model, Java, program verication Classication: 68Q55, 68Q60, 68Q65 (AMS'91); D.1.5, D.2.4, F.3.1, F.4.1 (CR'98). 1 Introduction This paper reports on a (part of an) ambitious project to verify sequential Java programs, by making ecient use of mo...