Results 1  10
of
40
A machinechecked model for a Javalike language, virtual machine and compiler
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 2004
"... We introduce Jinja, a Javalike programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big an ..."
Abstract

Cited by 97 (8 self)
 Add to MetaCart
We introduce Jinja, a Javalike programming language with a formal semantics designed to exhibit core features of the Java language architecture. Jinja is a compromise between realism of the language and tractability and clarity of the formal semantics. The following aspects are formalised: a big and a small step operational semantics for Jinja and a proof of their equivalence; a type system and a definite initialisation analysis; a type safety proof of the small step semantics; a virtual machine (JVM), its operational semantics and its type system; a type safety proof for the JVM; a bytecode verifier, i.e. data flow analyser for the JVM; a correctness proof of the bytecode verifier w.r.t. the type system; a compiler and a proof that it preserves semantics and welltypedness. The emphasis of this work is not on particular language features but on providing a unified model of the source language, the virtual machine and the compiler. The whole development has been carried out in the theorem prover Isabelle/HOL.
Random testing in isabelle/hol
 Software Engineering and Formal Methods (SEFM 2004
, 2004
"... When developing nontrivial formalizations in a theorem prover, a considerable amount of time is devoted to “debugging ” specifications and conjectures by failed proof attempts. To detect such problems early in the proof and save development time, we have extended the Isabelle theorem prover with a ..."
Abstract

Cited by 42 (2 self)
 Add to MetaCart
When developing nontrivial formalizations in a theorem prover, a considerable amount of time is devoted to “debugging ” specifications and conjectures by failed proof attempts. To detect such problems early in the proof and save development time, we have extended the Isabelle theorem prover with a tool for testing specifications by evaluating propositions under an assignment of random values to free variables. Distribution of the test data is optimized via mutation testing. The technical contributions are an extension of earlier work with inductive definitions and a generic method for randomly generating elements of recursive datatypes. 1.
Formal Verification of a Java Compiler in Isabelle
, 2002
"... This paper reports on the formal proof of correctness of a compiler from a substantial subset of Java source language to Java bytecode in the proof environment Isabelle. This work is based on extensive previous formalizations of Java, which comprise all relevant features of objectorientation. W ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
This paper reports on the formal proof of correctness of a compiler from a substantial subset of Java source language to Java bytecode in the proof environment Isabelle. This work is based on extensive previous formalizations of Java, which comprise all relevant features of objectorientation. We place particular emphasis on describing the e#ects of design decisions in these formalizations on the compiler correctness proof.
A Reflective Functional Language for Hardware Design and Theorem Proving
 Journal of Functional Programming
, 2003
"... ch we can both execute functions efficiently and express algorithms over the syntactic structure of their definitions. Our presentation at DCC 2004 will describe reFL [4], a new language designed to meet these and other theorem proving and hardware design requirements. reFL is strongly typed and ..."
Abstract

Cited by 25 (7 self)
 Add to MetaCart
ch we can both execute functions efficiently and express algorithms over the syntactic structure of their definitions. Our presentation at DCC 2004 will describe reFL [4], a new language designed to meet these and other theorem proving and hardware design requirements. reFL is strongly typed and similar to ML [5], but has quotation and antiquotation constructs that can be used to construct and decompose expressions in the reFL language itself. This provides a form of reflection like that in LISP but in a strongly typed language. The reFL language is fully implemented and replaces FL in future versions of the Forte system. The target applications of theorem proving and hardware design give intensional analysis a primary role in reFL . Our language therefore differs from other `metaprogramming' languages, such as MetaML [14] and Template Haskell [12], that are aimed more at program generation and optimization of evaluation. Our presentation will describe these differences and the
Certifying machine code safety: Shallow versus deep embedding
 IN TPHOLS, NUMBER 3223 IN LNCS
, 2004
"... We formalise a simple assembly language with procedures and a safety policy for arithmetic overflow in Isabelle/HOL. To verify individual programs we use a safety logic. Such a logic can be realised in Isabelle/HOL either as shallow or deep embedding. In a shallow embedding logical formulas are wri ..."
Abstract

Cited by 21 (3 self)
 Add to MetaCart
We formalise a simple assembly language with procedures and a safety policy for arithmetic overflow in Isabelle/HOL. To verify individual programs we use a safety logic. Such a logic can be realised in Isabelle/HOL either as shallow or deep embedding. In a shallow embedding logical formulas are written as HOL predicates, whereas a deep embedding models formulas as a datatype. This paper presents and discusses both variants pointing out their specific strengths and weaknesses.
Verified Bytecode Subroutines
 JOURNAL OF AUTOMATED REASONING
, 2003
"... Bytecode subroutines are a major complication for Java bytecode verification: they are difficult to fit into the data flow analysis that the JVM specification suggests. Because of that, subroutines are left out or are restricted in most formalizations of the bytecode verifier. We examine the problem ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
Bytecode subroutines are a major complication for Java bytecode verification: they are difficult to fit into the data flow analysis that the JVM specification suggests. Because of that, subroutines are left out or are restricted in most formalizations of the bytecode verifier. We examine the problems that occur with subroutines and give an overview of the most prominent solutions in the literature. Using the theorem prover Isabelle/HOL, we have extended our substantial formalization of the JVM and the bytecode verifier with its proof of correctness by the most general solution for bytecode subroutines.
Certified sizechange termination
 In Proc. 21st CADE, volume 4603 of LNAI
, 2007
"... Abstract. We develop a formalization of the SizeChange Principle in Isabelle/HOL and use it to construct formally certified termination proofs for recursive functions automatically. 1 ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
Abstract. We develop a formalization of the SizeChange Principle in Isabelle/HOL and use it to construct formally certified termination proofs for recursive functions automatically. 1
Flyspeck i: Tame graphs
 International Joint Conference on Automated Reasoning, volume 4130 of LNCS
, 2006
"... Abstract. We present a verified enumeration of tame graphs as defined in Hales ’ proof of the Kepler Conjecture and confirm the completeness of Hales ’ list of all tame graphs while reducing it from 5128 to 2771 graphs. 1 ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. We present a verified enumeration of tame graphs as defined in Hales ’ proof of the Kepler Conjecture and confirm the completeness of Hales ’ list of all tame graphs while reducing it from 5128 to 2771 graphs. 1
An operational semantics and type safety proof for multiple inheritance in C++
 IN OOPSLA '06: PROCEEDINGS OF THE 21ST ANNUAL ACM SIGPLAN CONFERENCE ON OBJECTORIENTED PROGRAMMING SYSTEMS, LANGUAGES, AND APPLICATIONS
, 2006
"... We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behaviour of method calls, field accesses, and two forms of casts in C++ class hierarchies exactly, and the type safety proof was formalized and machinechecked in Isabelle/HOL. Our se ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
We present an operational semantics and type safety proof for multiple inheritance in C++. The semantics models the behaviour of method calls, field accesses, and two forms of casts in C++ class hierarchies exactly, and the type safety proof was formalized and machinechecked in Isabelle/HOL. Our semantics enables one, for the first time, to understand the behaviour of operations on C++ class hierarchies without referring to implementationlevel artifacts such as virtual function tables. Moreover, it can—as the semantics is executable—act as a reference for compilers, and it can form the basis for more advanced correctness proofs of, e.g., automated program transformations. The paper presents the semantics and type safety proof, and a discussion of the many subtleties that we encountered in modeling the intricate multiple inheritance model of C++.
Verifying and reflecting quantifier elimination for Presburger arithmetic
 LOGIC FOR PROGRAMMING, ARTIFICIAL INTELLIGENCE, AND REASONING
, 2005
"... We present an implementation and verification in higherorder logic of Cooper’s quantifier elimination for Presburger arithmetic. Reflection, i.e. the direct execution in ML, yields a speedup of a factor of 200 over an LCFstyle implementation and performs as well as a decision procedure handcode ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
We present an implementation and verification in higherorder logic of Cooper’s quantifier elimination for Presburger arithmetic. Reflection, i.e. the direct execution in ML, yields a speedup of a factor of 200 over an LCFstyle implementation and performs as well as a decision procedure handcoded in ML.