Results 1  10
of
12
Java Program Verification at Nijmegen: Developments and Perspective
 Nijmegen Institute of Computing and Information Sciences
, 2003
"... This paper presents a historical overview of the work on Java program verification at the University of Nijmegen (the Netherlands) over the past six years (19972003). It describes the development and use of the LOOP tool that is central in this work. Also, it gives a perspective on the field. ..."
Abstract

Cited by 47 (5 self)
 Add to MetaCart
This paper presents a historical overview of the work on Java program verification at the University of Nijmegen (the Netherlands) over the past six years (19972003). It describes the development and use of the LOOP tool that is central in this work. Also, it gives a perspective on the field.
Applying sourcecode verification to a microkernel  The VFiasco project
, 2002
"... Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification ..."
Abstract

Cited by 28 (5 self)
 Add to MetaCart
Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification to a complete operatingsystem kernel written in C++. The aim of the VFiasco project is to establish security relevant properties of the Fiasco microkernel using source code verification. The project's main challenges are to develop a clean semantics for the subset of C++ used by the kernel and to enable highlevel reasoning about typed data starting from only lowlevel knowledge about the hardware. In this paper we present our ideas for tackling these challenges. We sketch a semantics of C++ and develop a typesafe object store for reasoning about C++ programs. This object store is based on a hardware model that closely resembles the IA32 virtualmemory architecture, and on guarantees provided by the kernel itself.
Dynamic logic with nonrigid functions: A basis for objectoriented program verification
 IJCAR, volume 4130 of LNCS
, 2006
"... Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators ..."
Abstract

Cited by 20 (9 self)
 Add to MetaCart
Abstract. We introduce a dynamic logic that is enriched by nonrigid functions, i.e., functions that may change their value from state to state (during program execution), and we present a (relatively) complete sequent calculus for this logic. In conjunction with dynamically typed object enumerators, nonrigid functions allow to embed notions of objectorientation in dynamic logic, thereby forming a basis for verification of objectoriented programs. A semantical generalisation of substitutions, called state update, which we add to the logic, constitutes the central technical device for dealing with object aliasing during function modification. With these few extensions, our dynamic logic captures the essential aspects of the complex verification system KeY and, hence, constitutes a foundation for objectoriented verification with the principles of reasoning that underly the successful KeY case studies.
Proving theorems about Java and the JVM with ACL2
 Models, Algebras and Logic of Engineering Software
, 2003
"... We describe a methodology for proving theorems mechanically about Java methods. The theorem prover used is the ACL2 system, an industrialstrength version of the BoyerMoore theorem prover. An operational semantics for a substantial subset of the Java Virtual Machine (JVM) has been defined in ACL2. ..."
Abstract

Cited by 18 (9 self)
 Add to MetaCart
We describe a methodology for proving theorems mechanically about Java methods. The theorem prover used is the ACL2 system, an industrialstrength version of the BoyerMoore theorem prover. An operational semantics for a substantial subset of the Java Virtual Machine (JVM) has been defined in ACL2. Theorems are proved about Java methods and classes by compiling them with javac and then proving the corresponding theorem about the JVM. Certain automatically applied strategies are implemented with rewrite rules (and other proofguiding pragmas) in ACL2 “books” to control the theorem prover when operating on problems involving the JVM model. The Java Virtual Machine or JVM [27] is the basic abstraction Java [17] implementors are expected to respect. We speculate that the JVM is an appropriate level of abstraction at which to model Java programs with the intention of mechanically verifying their properties. The most complex features of the Java subset we handle – construction and initialization of new objects, synchronization, thread management, and virtual method invocation – are all supported directly and with full abstraction as single atomic instructions in the JVM. The complexity of verifying JVM bytecode program stems from the complexity of Java’s semantics, not
Specifying and Verifying a Decimal Representation in Java for Smart Cards
 Algebraic Methodology and Software Technology, number 2422 in Lect. Notes Comp. Sci
, 2002
"... This article describes a case study concerning a component of a Java Purse applet developed by the smart card manufacturer Gemplus. ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
This article describes a case study concerning a component of a Java Purse applet developed by the smart card manufacturer Gemplus.
An Executable Formal Java Virtual Machine Thread Model
, 2001
"... We discuss an axiomatic description of a simple abstract machine similar to the Java Virtual Machine (JVM). Our model supports classes, with fields and bytecoded methods, and a representative sampling of JVM bytecodes for basic operations for both data and control. The GETFIELD and PUTFIELD instru ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We discuss an axiomatic description of a simple abstract machine similar to the Java Virtual Machine (JVM). Our model supports classes, with fields and bytecoded methods, and a representative sampling of JVM bytecodes for basic operations for both data and control. The GETFIELD and PUTFIELD instructions accurately model inheritance, as does the INVOKEVIRTUAL instruction. Our model supports multiple threads, synchronized methods, and monitors. Our current model is inadequate or inaccurate
AHA Amortized Heap Space Usage Analysis
, 2005
"... project involves research into an amortized analysis of heapspace usage by functional and imperative programs. Estimating heap consumption is an active research area since it becomes more and more an issue in many applications. Examples include programming for small devices, e.g. smart cards, mobil ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
project involves research into an amortized analysis of heapspace usage by functional and imperative programs. Estimating heap consumption is an active research area since it becomes more and more an issue in many applications. Examples include programming for small devices, e.g. smart cards, mobile phones, embedded systems and distributed computing, e.g GRID computing. The standard technique for estimating heap consumption gives in many cases unrealistically high bounds. Therefore, in practice amounts of heap are used that are unnecessarily expensive and for small devices highly unpractical. A more accurate analysis is wanted for these cases in particular, and for high integrity realtime applications in general. Amortized analysis is a technique which is used to obtain accurate bounds of resource consumption and gain. For the amortization analysis of a resource one considers not the worst case of a single operation but the worst case of a sequence of operations. The overall amortized cost of a sequence is calculated by taking into account both the higher costs of one operation and the lower costs of another weighing them according to their distribution. In many cases amortized analysis can give rise to much more
Coalgebras and Monads in the Semantics of Java
 Theoretical Computer Science
, 2002
"... This paper describes the basic structures in the denotational and axiomatic semantics of sequential Java, both from a monadic and a coalgebraic perspective. This semantics is an abstraction of the one used for the verification of (sequential) Java programs using proof tools in the LOOP project at th ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
This paper describes the basic structures in the denotational and axiomatic semantics of sequential Java, both from a monadic and a coalgebraic perspective. This semantics is an abstraction of the one used for the verification of (sequential) Java programs using proof tools in the LOOP project at the University of Nijmegen. It is shown how the monadic perspective gives rise to the relevant computational structure in Java (composition, extension and repetition), and how the coalgebraic perspective o#ers an associated program logic (with invariants, bisimulations, and Hoare logics) for reasoning about the computational structure provided by the monad.
Implementing applicationspecific ObjectOriented theories in HOL
"... Abstract. This paper presents a theory of ObjectOriented concepts embedded shallowly in HOL for the verification of OO analysis models. The theory is applicationspecific in the sense that it is automatically constructed depending on the type information of the application. This allows objects to h ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. This paper presents a theory of ObjectOriented concepts embedded shallowly in HOL for the verification of OO analysis models. The theory is applicationspecific in the sense that it is automatically constructed depending on the type information of the application. This allows objects to have attributes of arbitrary types, making it possible to verify models using not only basic types but also highly abstracted types specific to the target domain. The theory is constructed by definitional extension based on the operational semantics of a heap memory model, which guarantees the soundness of the theory. This paper mainly focuses on the implementation details of the theory. 1 Introduction The ObjectOriented developing method is becoming the mainstream of the software development. In the upstream phase of the development, analysis models are constructed with a language such as UML (Unified Modeling Language [1]).To ensure the correctness of the models, formal semantics must be given to them and verification method such as theorem proving must be applied.
Formalising the Safety of Java, the Java Virtual Machine and Java Card
"... State Machine Semantics (ASM), Axiomatic Semantics (AS), Context Rewriting semantics (CR), Continuation or monad Semantics (CS), Denotational Semantics (DS), Natural Semantics (NS), Operational Semantics (OS), Structural Operational Semantics (SOS), or a semantic embedding in a higher odrder logic ( ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
State Machine Semantics (ASM), Axiomatic Semantics (AS), Context Rewriting semantics (CR), Continuation or monad Semantics (CS), Denotational Semantics (DS), Natural Semantics (NS), Operational Semantics (OS), Structural Operational Semantics (SOS), or a semantic embedding in a higher odrder logic (HOL).