Formalizing a JVML Verifier for Initialization in a Theorem Prover

  • Yves Bertot
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2102)


The byte-code verifier is advertised as a key component of the security and safety strategy for the Java language, making it possible to use and exchange Java programs without fearing too much damage due to erroneous programs or malignant program providers. As Java is likely to become one of the languages used to embed programs in all kinds of appliances or computer-based applications, it becomes important to verify that the claim of safety is justified.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    G. Barthe, G. Dufay, L. Jakubiec, S. Melo de Sousa, and B. Serpette. A Formal Executable Semantics of the JavaCard Platform. In D. Sands, editor, Proceedings of ESOP’01, volume 2028 of LNCS, pages 302–319. Springer-Verlag, 2001.Google Scholar
  2. 2.
    Yves Bertot. A coq formalization of a type checker for object initialization in the java virtual machine. Research Report RR-4047, INRIA, 2000.Google Scholar
  3. 3.
    Ludovic Casset and Jean-Louis Lanet. How to formally specify the java byte code semantics using the b method. In proceedings of the Workshop on Formal Techniques for Java Programs at ECOOP 99, June 1999.Google Scholar
  4. 4.
    Christina Cornes and Delphine Terrasse. Automatizing inversion of inductive predicates in coq. In Types for Proofs and Programs, volume 1158 of Lecture Notes in Computer Science. Springer-Verlag, 1995.Google Scholar
  5. 5.
    Gilles Dowek, Amy Felty, Hugo Herbelin, Gérard Huet, Chet Murthy, Catherine Parent, Christine Paulin-Mohring, and Benjamin Werner. The Coq Proof Assistant User’s Guide. INRIA, May 1993. Version 5.8.Google Scholar
  6. 6.
    Stephen N. Freund and John C. Mitchell. A Formal Framework for the Java Bytecode Language and Verifier. In ACM Conference on Object-Oriented Programming: Systems, Languages and Applications, November 1999.Google Scholar
  7. 7.
    Stephen N. Freund and John C. Mitchell. A Type System for Object Initialization in the Java Bytecode Language. ACM Transactions on Programming Languages and Systems, September 2000.Google Scholar
  8. 8.
    A. Goldberg. A specification of Java loading and bytecode verification. In Proceedings of 5th ACM Conference on Computer and Communication Security, 1998.Google Scholar
  9. 9.
    Ulrich Hensel, Marieke Huisman, Bart Jacobs, and Hendrik Tews. Reasoning about classes in object-oriented languages: Logical models and tools. In Proceedings of European Symposium on Programming (ESOP’ 98), volume 1381 of LNCS, pages 105–121. Springer-Verlag, March 1998.Google Scholar
  10. 10.
    Marieke Huisman. Java program verification in Higher-order logic with PVS and Isabelle. PhD thesis, University of Nijmegen, 2001.Google Scholar
  11. 11.
    G. A. Kildall. A unified approach to global program optimization. In Proceedings of the ACM Symposium on Principles of Programming Languages, pages 194206, 1973.Google Scholar
  12. 12.
    Tobias Nipkow. Verified bytecode verifiers. unpublished, available at URL, 2000
  13. 13.
    Tobias Nipkow, David von Oheimb, and Cornelia Pusch. µJava: Embedding a programming language in a theorem prover. In Friedrich L. Bauer and Ralf Steinbrüggen, editors, Foundations of Secure Computation, volume 175 of NATO Science Series F: Computer and Systems Sciences, pages 117–144. IOS Press, 2000.Google Scholar
  14. 14.
    R. O'Callahn. A simple, comprehensive type system for java bytecode subroutines. In ACM Symposium on Principles of Programming Languages, pages 70–78. ACM Press, 1999.Google Scholar
  15. 15.
    David von Oheimb and Tobias Nipkow. Machine checking the Java specification: Proving type-safety. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, LNCS. Springer, 1998. To appear.Google Scholar
  16. 16.
    Sam Owre, John Rushby, Natarajan Shankar, and Friedrich von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107–125, feb 1995.CrossRefGoogle Scholar
  17. 17.
    Christine Paulin-Mohring and Benjamin Werner. Synthesis of ML programs in the system Coq. Journal of Symbolic Computation, 15:607–640, 1993.MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Lawrence C. Paulson and Tobias Nipkow. Isabelle: a generic theorem prover, volume 828 of Lecture Notes in Computer Science. Springer-Verlag, 1994.MATHGoogle Scholar
  19. 19.
    Cornelia Pusch. Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL. In W. Rance Cleaveland, editor, Tools and Algorithms for the Construction and Analysis of Systems (TACAS’99), volume 1579 of LNCS, pages p. 89–103. Springer-Verlag, 1999.CrossRefGoogle Scholar
  20. 20.
    Z. Qian. A formal specification of Java Virtual machine instructions for objects, methods, and subroutines. In Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science. Springer-Verlag, 1999.CrossRefGoogle Scholar
  21. 21.
    Joseph Rouyer. Développement de l'algorithme d'unification dans le calcul des constructions avec types inductifs, September 1992. (In french), available at URL
  22. 22.
    Raymie Stata and Martín Abadi. A type system for Java bytecode subroutines. In Proceedings of the 25th Annual ACM Symposium on Principles of Programming Languages, pages 149–160. ACM Press, January 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Yves Bertot
    • 1
  1. 1.INRIA Sophia AntipolisSophia Antipolis CedexFrance

Personalised recommendations