This paper formalises a semantics for statements and expressions (in sequential imperative languages) which includes non-termination, normal termination and abrupt termination (e.g. because of an exception, break, return or continue). This extends the traditional semantics underlying e.g. Hoare logic, which only distinguishes termination and non-termination. An extension of Hoare logic is elaborated that includes means for reasoning about abrupt termination (and side-effects). It prominently involves rules for reasoning about while loops, which may contain exceptions, breaks, continues and returns. This extension applies in particular to Java. As an example, a standard pattern search algorithm in Java (involving a while loop with returns) is proven correct using the proof-tool PVS.

This paper explains the details of the memory model underlying the verification of sequential Java programs in the "LOOP" project ([14, 20]). The building blocks of this memory are cells, which are untyped in the sense that they can store the contents of the fields of an arbitrary Java object. The main memory is modeled as three infinite series of such cells, one for storing instance variables on a heap, one for local variables and parameters on a stack, and and one for static (or class) variables. Verification on the basis of this memory model is illustrated both in PVS and in Isabelle/HOL, via several examples of Java programs, involving various subtleties of the language (wrt. memory storage).

This paper examines Java's exception mechanism, and formalises its main operations (throw, try-catch and try-catch-finally) in a type-theoretic setting. This formalisation uses so-called coalgebras for modeling Java statements and expressions, thus providing a convenient setting for handling the various termination options that may arise in exception handling (closely following the Java Language Specification). This semantics of exceptions is used within the LOOP project on Java program verification. It is illustrated in two example verifications in PVS.

This paper describes the basic structures in the denotational and axiomatic semantics of sequential Java, both from a monadic and a coalgebraic perspective. This semantics is an abstraction of the one used for the verification of (sequential) Java programs using proof tools in the LOOP project at the University of Nijmegen. It is shown how the monadic perspective gives rise to the relevant computational structure in Java (composition, extension and repetition), and how the coalgebraic perspective o#ers an associated program logic (with invariants, bisimulations, and Hoare logics) for reasoning about the computational structure provided by the monad.

Abstract not found

This paper describes a technique that combines algebraic specifications and monads to build derivative verification condition generators (VCGs) by extending a base VCG. Extensions are compositional and can be stacked while the base VCG is left unchanged. The technique can be used to build a set of weaker VCGs, which are useful to support light weight verification. Moreover, it enables us to add an ability to generate validation traces. The paper explains the technique through an example that extends a simple language L0 with new constructs to handle exceptions. To deal with exceptions, not only that the logic of L0 has to be extended with new rules, its structure also needs to be changed. We show that using our technique the extension can be implemented in a simple and compositional way, without any change to the underlying logic. 1

. This paper explains the details of the memory model underlying the verication of sequential Java programs in the framework of the \LOOP" project ([13, 18]). The building blocks of this memory are cells, which are untyped in the sense that they can store the contents of the elds of an arbitrary Java object. The main memory is then modeled as three innite series of such cells, for storing instance variables on a heap, local variables and parameters on a stack, and static (or class) variables in the third series. Verication on the basis of this memory model is illustrated both in PVS and in Isabelle/HOL, via several examples of Java programs, involving various subtleties of the language (wrt. memory storage). Keywords: Memory model, Java, program verication Classication: 68Q55, 68Q60, 68Q65 (AMS'91); D.1.5, D.2.4, F.3.1, F.4.1 (CR'98). 1 Introduction This paper reports on a (part of an) ambitious project to verify sequential Java programs, by making ecient use of mo...

This paper describes LPS, a Language Prototyping System that facilitates the modular development of interpreters from semantic building blocks. The system is based on the integration of ideas from Modular Monadic Semantics and Generic Programming. To define a new programming language, the abstract syntax is described as the fixpoint of non-recursive pattern functors. For each functor an algebra is defined whose carrier is the computational monad obtained from the application of several monad transformers to a base monad. The interpreter is automatically generated by a catamorphism or, in some special cases, a monadic catamorphism. The system has been implemented as a domain-specific language embedded in Haskell and we have also implemented an interactive framework for language testing. 1

State Machine Semantics (ASM), Axiomatic Semantics (AS), Context Rewriting semantics (CR), Continuation or monad Semantics (CS), Denotational Semantics (DS), Natural Semantics (NS), Operational Semantics (OS), Structural Operational Semantics (SOS), or a semantic embedding in a higher odrder logic (HOL).