A Java Bytecode Formalisation

  • Patryk Czarnik
  • Jacek Chrząszcz
  • Aleksy Schubert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11294)


This paper presents the first Coq formalisation of the full Java bytecode instruction set and its semantics. The set of instructions is organised in a hierarchy depending on how the instructions deal with the runtime structures of the Java Virtual Machine such as threads, stacks, heap etc. The hierarchical nature of Coq modules neatly reinforces this view and facilitates the understanding of the Java bytecode semantics. This approach makes it possible to both conduct verification of properties for programs and to prove metatheoretical results for the language. Based upon our formalisation experience, the deficiencies of the current informal bytecode language specification are discussed.


Formalisation Coq Semantics Java bytecode 


  1. 1.
    Atkey, R.: CoqJVM: an executable specification of the Java virtual machine using dependent types. In: Miculan, M., Scagnetto, I., Honsell, F. (eds.) TYPES 2007. LNCS, vol. 4941, pp. 18–32. Springer, Heidelberg (2008). Scholar
  2. 2.
    Aydemir, B.E., et al.: Mechanized metatheory for the masses: the PoplMark challenge. In: Hurd, J., Melham, T. (eds.) TPHOLs 2005. LNCS, vol. 3603, pp. 50–65. Springer, Heidelberg (2005). Scholar
  3. 3.
    Bertelsen, P.: Dynamic semantics of Java bytecode. Future Gener. Comput. Syst. 16(7), 841–850 (2000)CrossRefGoogle Scholar
  4. 4.
    Bertot, Y.: Formalizing a JVML verifier for initialization in a theorem prover. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 14–24. Springer, Heidelberg (2001). Scholar
  5. 5.
    Chrza̧szcz, J.: Modules in Coq are and will be correct. In: Berardi, S., Coppo, M., Damiani, F. (eds.) TYPES 2003. LNCS, vol. 3085, pp. 130–146. Springer, Heidelberg (2004). Scholar
  6. 6.
    Chrząszcz, J., Czarnik, P., Schubert, A.: A dozen instructions make Java bytecode. ENTCS 264(4), 19–34 (2011)Google Scholar
  7. 7.
    Coglio, A., Goldberg, A., Qian, Z.: Toward a provably-correct implementation of the JVM bytecode verifier. In: Proceedings DARPA Information Survivability Conference and Exposition, 2000. DISCEX 2000, vol. 2, pp. 403–410. IEEE Computer Society (2000)Google Scholar
  8. 8.
    Coglio, A.: Improving the official specification of Java bytecode verification. Concurr. Comput.: Pract. Exp. 15(2), 155–179 (2003). Scholar
  9. 9.
    Coq development team: the Coq proof assistant reference manual V8.4. Technical Report 255, INRIA, France, March 2012.
  10. 10.
    Czarnik, P., Chrząszcz, J., Schubert, A.: CoJaq: a hierarchical view on the Java bytecode formalised in Coq. In: Swacha, J. (ed.) Advances in Software Development, pp. 147–157. Polish Information Processing Society (2013)Google Scholar
  11. 11.
    Demange, D., Jensen, T., Pichardie, D.: A provably correct stackless intermediate representation for Java bytecode. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 97–113. Springer, Heidelberg (2010). Scholar
  12. 12.
    Farzan, A., Chen, F., Meseguer, J., Roşu, G.: Formal analysis of Java programs in JavaFAN. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 501–505. Springer, Heidelberg (2004). Scholar
  13. 13.
    Freund, S.N., Mitchell, J.C.: The type system for object initialization in the Java bytecode language. ACM Trans. Program. Lang. Syst. 21(6), 1196–1250 (1999)CrossRefGoogle Scholar
  14. 14.
    Freund, S.N., Mitchell, J.C.: A type system for the Java bytecode language and verifier. J. Autom. Reason. 30(3–4), 271–321 (2003). Scholar
  15. 15.
    Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification. The Java Series, 3rd edn. Addison Wesley, Boston (2005)zbMATHGoogle Scholar
  16. 16.
    Hagiya, M., Tozawa, A.: On a new method for dataflow analysis of Java virtual machine subroutines. In: Levi, G. (ed.) SAS 1998. LNCS, vol. 1503, pp. 17–32. Springer, Heidelberg (1998). Scholar
  17. 17.
    Hartel, P.H., Moreau, L.: Formalizing the safety of Java, the Java virtual machine, and Java card. ACM Comput. Surv. 33(4), 517–558 (2001)CrossRefGoogle Scholar
  18. 18.
    Jacobs, B., Poll, E.: A logic for the Java modeling language JML. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 284–299. Springer, Heidelberg (2001). Scholar
  19. 19.
    Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine, and compiler. ACM Trans. Program. Lang. Syst. 28(4), 619–695 (2006)CrossRefGoogle Scholar
  20. 20.
    Leroy, X.: Bytecode verification on Java smart cards. Softw. Pract. Exper. 32(4), 319–340 (2002)CrossRefGoogle Scholar
  21. 21.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, 2nd edn. Addison-Wesley Professional, Boston (1999). Specification available at
  22. 22.
    Lochbihler, A.: A Machine-Checked, Type-Safe Model of Java Concurrency : Language, Virtual Machine, Memory Model, and Verified Compiler. Ph.D. thesis, Karlsruher Institut für Technologie, Fakultät für Informatik, July 2012Google Scholar
  23. 23.
    Milner, R., Harper, R., MacQueen, D., Tofte, M.: The Definition of Standard ML - Revised. The MIT Press, Cambridge (1997)Google Scholar
  24. 24.
    MOBIUS Consortium: Deliverable 3.1: bytecode specification language and program logic (2006).
  25. 25.
    Moore, J.S.: Proving theorems about Java and the JVM with ACL2. In: Broy, M., Pizka, M. (eds.) Models, Algebras and Logic of Engineering Software, pp. 227–290. IOS Press, Amsterdam (2003)Google Scholar
  26. 26.
    O’Callahan, R.: A simple, comprehensive type system for Java bytecode subroutines. In: Proceedings of POPL1999, pp. 70–78. ACM (1999)Google Scholar
  27. 27.
    Pichardie, D.: Bicolano - Byte Code Language in Coq (2006). Summary appears in [24]
  28. 28.
    Posegga, J., Vogt, H.: Byte code verification for Java smart cards based on model checking. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 175–190. Springer, Heidelberg (1998). Scholar
  29. 29.
    Pusch, C.: Proving the soundness of a Java bytecode verifier specification in Isabelle/HOL. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, pp. 89–103. Springer, Heidelberg (1999). Scholar
  30. 30.
    Qian, Z.: A formal specification of Java\(\cal{M}\) virtual machine instructions for objects, methods and subroutines. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, pp. 271–311. Springer, Heidelberg (1999). Scholar
  31. 31.
    Raghavan, A.D., Leavens, G.T.: Desugaring JML method specifications. Technical Report TR #00-03d, Iowa State University, March 2000Google Scholar
  32. 32.
    Rose, E.: Lightweight bytecode verification. J. Autom. Reason. 31, 303–334 (2003)CrossRefGoogle Scholar
  33. 33.
    Soubiran, E.: Développement modulaire de théories et gestion de l’espace de nom pour l’assistant de preuve Coq. Ph.D. thesis, Ecole Polytechnique (2010)Google Scholar
  34. 34.
    Stärk, R.F., Schmid, J., Börger, E.: Java and the Java Virtual Machine: Definition, Verification, Validation. Springer, Heidelberg (2001). Scholar
  35. 35.
    Stata, R., Abadi, M.: A type system for Java bytecode subroutines. ACM Trans. Program. Lang. Syst. 21(1), 90–137 (1999)CrossRefGoogle Scholar
  36. 36.
    Yelland, P.M.: A compositional account of the Java virtual machine. In: Proceedings of POPL1999, pp. 57–69. ACM (1999)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Patryk Czarnik
    • 1
  • Jacek Chrząszcz
    • 1
  • Aleksy Schubert
    • 1
  1. 1.Institute of InformaticsUniversity of WarsawWarsawPoland

Personalised recommendations