Automated proofs of object code for a widely used microprocessor
Journal of the ACM (JACM)
The SimpleScalar tool set, version 2.0
ACM SIGARCH Computer Architecture News
Efficient Simulation of Formal Processor Models
Formal Methods in System Design
ACM Transactions on Programming Languages and Systems (TOPLAS)
Java Virtual Machine Specification
Java Virtual Machine Specification
Computer-Aided Reasoning: An Approach
Computer-Aided Reasoning: An Approach
Symbolic Simulation of the JEM1 Microprocessor
FMCAD '98 Proceedings of the Second International Conference on Formal Methods in Computer-Aided Design
A Commuting Diagram Relating Threaded and Non-threaded JVM Models
A Commuting Diagram Relating Threaded and Non-threaded JVM Models
An executable formal java virtual machine thread model
JVM'01 Proceedings of the 2001 Symposium on JavaTM Virtual Machine Research and Technology Symposium - Volume 1
Reasoning about safety properties in a JVM-like environment
Science of Computer Programming
A Mechanical Analysis of Program Verification Strategies
Journal of Automated Reasoning
CoqJVM: an executable specification of the Java virtual machine using dependent types
TYPES'07 Proceedings of the 2007 international conference on Types for proofs and programs
The Right Tools for the Job: Correctness of Cone of Influence Reduction Proved Using ACL2 and HOL4
Journal of Automated Reasoning
Journal of Automated Reasoning
| Hi-index | 0.00 |
To study the properties of the Java Virtual Machine (JVM) and Java programs, our research group has produced a series of JVM models written in a functional subset of Common Lisp. In this paper, we present our most complete JVM model from this series, namely, M6, which is derived from a careful study of the J2ME KVM [Connected Limited Device Configuration (CLDC) and the K Virtual Machine, http://java.sun.con/products/cldc/] implementation.On the one hand, our JVM model is a conventional machine emulator. M6 implements dynamic class loading, class initialization and synchronization via monitors. It executes most J2ME CLDC Java programs that do not use any I/O or floating point operations. Engineers may consider M6 an implementation of the JVM. The June 2003 version is implemented with around 10K lines of Lisp in 28 modules.On the other hand, M6 is novel because it allows for analytical reasoning in addition to conventional testing. M6 is written in an applicative (side-effect free) subset of Common Lisp, for which we have given precise meaning in terms of axioms and inference rules. Properties of M6 and its bytecoded programs can be expressed as formulas and proved as theorems. Proofs are constructed interactively with a mechanical theorem prover. Its concreteness, completeness, executability and mechanized reasoning support make our model unique among JVM models.We argue that our approach of building an executable model of the system with an axiomatically described functional language can bring benefits from both the testing and the formal reasoning worlds.