Machine-Checking the Java Specification: Proving Type-Safety
In this article we present Bali, the formalization of a large (hitherto sequential) sublanguage of Java. We give its abstract syntax, type system, well-formedness conditions, and an operational evaluation semantics. Based on these definitions, we can express soundness of the type system, an important design goal claimed to be reached by the designers of Java, and prove that Bali is indeed type-safe.
All definitions and proofs have been done formally in the theorem prover Isabelle/HOL. Thus this article demonstrates that machine-checking the design of non-trivial programming languages has become a reality.
KeywordsOperational Semantic Method Call High Order Logic Type Soundness Transition Semantic
Unable to display preview. Download preview PDF.
- AFM97.Ole Agesen, Stephen N. Freund, and John C. Mitchell. Adding type parameterization to the Java language. In ACM Symp. Object-Oriented Programming: Systems, Languages and Applications, 1997.Google Scholar
- BCM+93.Kim B. Bruce, Jon Crabtree, Thomas P. Murtagh, Robert van Gent, Allyn Dimock, and Robert Muller. Safe and decidable type checking in an objectoriented language. In Proc. OOPSLA’93, volume 18 of ACM SIGPLAN Notices, pages 29–46, October 1993.Google Scholar
- BM88.Robert S. Boyer and J Strother Moore. A Computational Logic Handbook. Academic Press, 1988.Google Scholar
- Bru93.Kim B. Bruce. Safe type checking in a statically-typed object-oriented programming language. In Proc. 20th ACM Symp. Principles of Programming Languages, pages 285–298. ACM Press, 1993.Google Scholar
- BS98.Egon Börger and Wolfram Schulte. A programmer friendly modular definition of the dynamic semantics of Java. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, Lect. Notes in Comp. Sci. Springer-Verlag, 1998. Chapter 11 of this volume.Google Scholar
- BvGS95.Kim B. Bruce, Robert van Gent, and Angela Schuett. PolyTOIL: A typesafe polymorphic object-oriented language. In ed]W. Olthoff, editor, ECOOP’ 95, volume 952 of Lect. Notes in Comp. Sci., pages 27–51. Springer-Verlag, 1995.Google Scholar
- BW98.Martin Büchi and Wolfgang Weck. Java needs compound types. Technical Report 182, Turku Center for Computer Science, May 1998. http://www.abo.fi/~mbuechi/publications/CompoundTypes.html.
- Coh97.Richard M. Cohen. The defensive Java Virtual Machine specification. Technical report, Computational Logic Inc., 1997. Draft version.Google Scholar
- Coo89.William Cook. A proposal for making Eiffel type-safe. In Proc. ECOOP’89, pages 57–70. Cambridge University Press, 1989.Google Scholar
- DE97.Sophia Drossopoulou and Susan Eisenbach. Is the Java type system sound? In Proc. 4th Int. Workshop Foundations of Object-Oriented Languages, January 1997.Google Scholar
- DE98.Sophia Drossopoulou and Susan Eisenbach. Java is type safe — probably. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, Lect. Notes in Comp. Sci. Springer-Verlag, 1998. Chapter 3 of this volume.Google Scholar
- Dea97.Drew Dean. The security of static typing with dynamic linking. In Proc. 4th ACM Conf. Computer and Communications Security. ACM Press, 1997.Google Scholar
- GJS96.James Gosling, Bill Joy, and Guy Steele. The Java Language Specfication. Addison-Wesley, 1996.Google Scholar
- GM93.M.J.C. Gordon and T.F. Melham. Introduction to HOL: a theorem-proving environment for higher order logic. Cambridge University Press, 1993.Google Scholar
- Har97.John Harrison. Proof style. Technical Report 410, University of Cambridge Computer Laboratory, 1997.Google Scholar
- MBL97.Andrew C. Myers, Joseph A. Bank, and Barbara Liskov. Parameterized types for Java. In Proc. 24th ACM Symp. Principles of Programming Languages, pages 132–145, 1997.Google Scholar
- NN97.Wolfgang Naraschewski and Tobias Nipkow. Type inference verified: Algorithm W in Isabelle/HOL. In C. Paulin-Mohring, editor, Proc. Int. Workshop TYPES’96, volume 1??? of Lect. Notes in Comp. Sci. Springer-Verlag, 1997. To appear.Google Scholar
- NO98.Tobias Nipkow and David von Oheimb. Javalight is type-safe — definitely. In Proc. 25th ACM Symp. Principles of Programming Languages, pages 161–170. ACM Press, 1998.Google Scholar
- OW97.Martin Odersky and Philip Wadler. Pizza into Java: Translating theory into practice. In Proc. 24th ACM Symp. Principles of Programming Languages, pages 146–159, 1997.Google Scholar
- Pau94.Lawrence C. Paulson. Isabelle: A Generic Theorem Prover, volume 828 of Lect. Notes in Comp. Sci. Springer-Verlag, 1994.Google Scholar
- Sli96.Konrad Slind. Function definition in higher order logic. In J. vonWright, J. Grundy, and J. Harrison, editors, Theorem Proving in Higher Order Logics, volume 1125 of Lect. Notes in Comp. Sci., pages 381–397. Springer-Verlag, 1996.Google Scholar
- Sym97a.Donald Syme. DECLARE: A prototype declarative proof system for higher order logic. Technical Report 416, University of Cambridge Computer Laboratory, 1997.Google Scholar
- Sym97b.Donald Syme. Proving Java type soundness. Technical Report 427, University of Cambridge Computer Laboratory, 1997.Google Scholar
- Sym98.Donald Syme. Proving Java type soundness. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, Lect. Notes in Comp. Sci. Springer-Verlag, 1998. Chapter 4 of this volume.Google Scholar
- Van97.Myra VanInwegen. Towards type preservation for core SML. University of Cambridge Computer Laboratory, 1997.Google Scholar