A computational logic handbook
A computational logic handbook
Common LISP: the language (2nd ed.)
Common LISP: the language (2nd ed.)
Automated proofs of object code for a widely used microprocessor
Journal of the ACM (JACM)
Eraser: a dynamic data race detector for multithreaded programs
ACM Transactions on Computer Systems (TOCS)
Mechanized formal reasoning about programs and computing machines
Automated reasoning and its applications
A Mechanically Checked Proof of a Multiprocessor Result via a Uniprocessor View
Formal Methods in System Design
High-speed, analyzable simulators
Computer-Aided reasoning
Tool-supported program abstraction for finite-state verification
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Practical Java: Programming Language Guide
Practical Java: Programming Language Guide
Java Virtual Machine Specification
Java Virtual Machine Specification
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
A Type-Theoretic Memory Model for Verification of Sequential Java Programs
WADT '99 Selected papers from the 14th International Workshop on Recent Trends in Algebraic Development Techniques
Symbolic Simulation of the JEM1 Microprocessor
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
The LOOP Compiler for Java and JML
TACAS 2001 Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
PVS: A Prototype Verification System
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Proceedings of the seventh ACM SIGPLAN international conference on Functional programming
Executable JVM model for analytical reasoning: a study
Proceedings of the 2003 workshop on Interpreters, virtual machines and emulators
Using eternity variables to specify and prove a serializable database interface
Science of Computer Programming - Special issue on mathematics of program construction (MPC 2002)
Modular verification of multithreaded programs
Theoretical Computer Science
Executable JVM model for analytical reasoning: a study
Science of Computer Programming - Special issue on advances in interpreters, virtual machines and emulators (IVME'03)
Model checking the Java metalocking algorithm
ACM Transactions on Software Engineering and Methodology (TOSEM)
Reasoning about safety properties in a JVM-like environment
Science of Computer Programming
It Is Time to Mechanize Programming Language Metatheory
Verified Software: Theories, Tools, Experiments
Verified Software: Theories, Tools, Experiments
Verifying safety properties of concurrent heap-manipulating programs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Formalising java's data race free guarantee
TPHOLs'07 Proceedings of the 20th international conference on Theorem proving in higher order logics
Mechanized metatheory for the masses: the PoplMark challenge
TPHOLs'05 Proceedings of the 18th international conference on Theorem Proving in Higher Order Logics
A parallelized theorem prover for a logic with parallel execution
ITP'13 Proceedings of the 4th international conference on Interactive Theorem Proving
Specification and Verification of Concurrent Programs Through Refinements
Journal of Automated Reasoning
| Hi-index | 0.00 |
We describe a mechanically checked proof of a property of a small system of Java programs involving an unbounded number of threads and synchronization, via monitors. We adopt the output of the javac compiler as the semantics and verify the system at the bytecode level under an operational semantics for the JVM. We assume a sequentially consistent memory model and atomicity at the bytecode level. Our operational semantics is expressed in ACL2, a Lisp-based logic of recursive functions. Our proofs are checked with the ACL2 theorem prover. The proof involves reasoning about arithmetic; infinite loops; the creation and modification of instance objects in the heap, including threads; the inheritance of fields from superclasses; pointer chasing and smashing; the invocation of instance methods (and the concomitant dynamic method resolution); use of the start method on thread objects; the use of monitors to attain synchronization between threads; and consideration of all possible interleavings (at the bytecode level) over an unbounded number of threads. Readers familiar with monitor-based proofs of mutual exclusion will recognize our proof as fairly classical. The novelty here comes from (i) the complexity of the individual operations on the abstract machine; (ii) the dependencies between Java threads, heap objects, and synchronization; (iii) the bytecode-level interleaving; (iv) the unbounded number of threads; (v) the presence in the heap of incompletely initialized threads and other objects; and (vi) the proof engineering permitting automatic mechanical verification of code-level theorems. We discuss these issues. The problem posed here is also put forth as a benchmark against which to measure other approaches to formally proving properties of multithreaded Java programs.