Results 1 
8 of
8
Java and the Java Virtual Machine  Definition, Verification, Validation
, 2001
"... State Machines which one may view as code written in an abstract programming language, can be applied to other virtual machines and to other programming languages as well. The target readers are practitionersprogrammers, implementors, standardizers, lecturers, studentswho need for their work ..."
Abstract

Cited by 97 (12 self)
 Add to MetaCart
State Machines which one may view as code written in an abstract programming language, can be applied to other virtual machines and to other programming languages as well. The target readers are practitionersprogrammers, implementors, standardizers, lecturers, studentswho need for their work a complete, correct, and at the same time transparent definition, and an executable model of the language and of the virtual machine underlying its intended implementation. As a consequence, in our models for the language and the machine, we first of all try to directly and faithfully reflect, in a complete way, as far as possible without becoming inconsistent, and in an unambiguous yet for the human reader graspable way, the intuitions and design decisions which are expressed in the reference manuals [18, 23] and underlie the current implementations of the language and the machine. We clarify various ambiguities and inconsistencies we discovered in the manuals and in the implementations, concerning fundamental notions like legal Java program, legal bytecode, verifiable bytecode, etc. Our analysis of the JVM bytecode verifier, which we relate to the static analysis of the Java parser (rules of definite assignment and reachability analysis), goes beyond the work of Stata and Abadi [34], Qian [27, 28], Freund and Mitchell [16], and O'Callahan [26]. 1.1 The goals of the book 3 In this introduction, we give an overview of the general goals of the book, its contents, the structuring techniques we use for decomposing Java and the JVM, and the literature we used. For additional information on the book and updates made after its publication, see the Home Page of Jbook at http://www.inf.ethz.ch/~jbook. 1.1 The goals of the book Our main goal is not to write an introduction to progr...
Formal system development with KIV
 FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, NUMBER 1783 IN LNCS
, 2000
"... KIV is a tool for formal systems development. It can be employed, e.g., – for the development of safety critical systems from formal requirements specifications to executable code, including the verification of safety requirements and the correctness of implementations, – for semantical foundations ..."
Abstract

Cited by 49 (26 self)
 Add to MetaCart
KIV is a tool for formal systems development. It can be employed, e.g., – for the development of safety critical systems from formal requirements specifications to executable code, including the verification of safety requirements and the correctness of implementations, – for semantical foundations of programming languages from a specification of the semantics to a verified compiler, – for building security models and architectural models as they are needed for high level ITSEC [7] or CC [1] evaluations. Special care was (and is) taken to provide strong proof support for all validation and verification tasks. KIV can handle large scale formal models by efficient proof techniques, multiuser support, and an ergonomical user interface. It has been used in a number of industrial pilot applications, but is also useful as an educational tool for formal methods courses. Details on KIV can be found in [9] [10] [11] and under http://www.informatik.uniulm.de/pm/kiv/.
Formal Verification of a Java Compiler in Isabelle
, 2002
"... This paper reports on the formal proof of correctness of a compiler from a substantial subset of Java source language to Java bytecode in the proof environment Isabelle. This work is based on extensive previous formalizations of Java, which comprise all relevant features of objectorientation. W ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
This paper reports on the formal proof of correctness of a compiler from a substantial subset of Java source language to Java bytecode in the proof environment Isabelle. This work is based on extensive previous formalizations of Java, which comprise all relevant features of objectorientation. We place particular emphasis on describing the e#ects of design decisions in these formalizations on the compiler correctness proof.
Abstract state machines at the cusp of the millenium
 Abstract State Machines: Theory and Applications, number 1912 in LNCS
, 2000
"... The ASM’2000 Workshop marks for the ASM method the transition from its adolescence to the maturation period. The goals which have been achieved open new frontiers and put us into the position to embark on new challenges. 1 The Start at the End of the Twentieth Century We went a long way since the Sp ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
The ASM’2000 Workshop marks for the ASM method the transition from its adolescence to the maturation period. The goals which have been achieved open new frontiers and put us into the position to embark on new challenges. 1 The Start at the End of the Twentieth Century We went a long way since the Spring of 1987 when Yuri Gurevich visited Pisa and, in a series of lectures on the fundamental problem of semantics of programming languages, presented the world première of the concept of ASMs (then called dynamic/evolving structures/algebras). He gave the main motivation: reconsider Turing’s thesis in the light of the problem of semantics of programs. He illustrated his ideas with examples, in particular specifications of Turing machines, stack machines and some Pascal programs. He gave also proofs of simple properties of these programs. This material appeared a year later in [22]. It was preceded by the first appearance of the ASM Thesis, in embryo in a 1984 technical report [20], and fully spelled out in a notice presented on May 13 of 1985 to the American Mathematical Society [21]. It was accompanied by the first realworld application,
A Mechanically Verified Compiling Specification for a Realistic Compiler
, 2002
"... We report on a large formal verification effort in mechanically proving correct a compiling specification for a realistic bootstrap compiler from ComLisp (a subset of ANSI Common Lisp sufficiently expressive to serve as a compiler implementation language) to binary Transputer code using the PVS syst ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We report on a large formal verification effort in mechanically proving correct a compiling specification for a realistic bootstrap compiler from ComLisp (a subset of ANSI Common Lisp sufficiently expressive to serve as a compiler implementation language) to binary Transputer code using the PVS system. The compilation is carried out in five steps through a series of intermediate languages. In the first phase, ComLisp is translated into a stack intermediate language (SIL), where parameter passing is implemented by a stack technique. Expressions are transformed from a prefix notation into a postfix notation according to the stack principle. SIL is then compiled into C int where the ComLisp data structures (sexpressions) and operators are implemented in linear integer memory using a runtime stack and a heap. These two steps are machine independent. In the compiler’s backend, first control structures (loops, conditionals) of the intermediate language C int are implemented by linear assembler code with relative jumps, the infinite memory model of C int is realized on the finite Transputer memory, and the basic C int statements for accessing the stack and heap are implemented by a sequence of assembler instructions. The fourth phase consists of the implementation of
Computation and specification models. A comparative study
 Department of Computer Science at University of Aarhus
, 2002
"... For each of the principal current models of computation and of highlevel system design, we present a uniform set of transparent easily understandable descriptions, which are faithful to the basic intuitions and concepts of the investigated systems. Our main goal is to provide a mathematical basis fo ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
For each of the principal current models of computation and of highlevel system design, we present a uniform set of transparent easily understandable descriptions, which are faithful to the basic intuitions and concepts of the investigated systems. Our main goal is to provide a mathematical basis for the technical comparison of established models of computation which can contribute to rationalize the scientific evaluation of different system specification approaches in the literature, clarifying in detail their advantages and disadvantages. As a side effect we obtain a powerful yet simple new conceptual framework for teaching the fundamentals of computation theory. 1
The ASM Method: a Cornerstone in Computer Science Education
 Proc. of the 12th Int’l Workshop on Abstract State Machines. (2005) 49–56
, 2005
"... The versatility and wide applicability of the Abstract State Machines Method for the design and the analysis of computational systems has not yet been fully exploited for teaching. We suggest to use it for introducing basic algorithmic concepts in a succinct and uniform way, which makes the defin ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The versatility and wide applicability of the Abstract State Machines Method for the design and the analysis of computational systems has not yet been fully exploited for teaching. We suggest to use it for introducing basic algorithmic concepts in a succinct and uniform way, which makes the definitions adoptable in traditionally unrelated courses, covering the full range of computing science curricula from computation theory to the engineering of software systems.
Decomposition of verification of machine programs based on controlstate Abstract State Machines.
"... We are presenting a method verifying programs based on extended controlstate Abstract State Machines (ASM). Programs are special initial states in ASM’s. The aim is to prove that every run holds an algebraic specification of functions. The proof of different functions could be made by independent s ..."
Abstract
 Add to MetaCart
We are presenting a method verifying programs based on extended controlstate Abstract State Machines (ASM). Programs are special initial states in ASM’s. The aim is to prove that every run holds an algebraic specification of functions. The proof of different functions could be made by independent steps. 1.