Inductive Proof Outlines for Monitors in Java

  • Erika Ábrahám
  • Frank S. de Boer
  • Willem-Paul de Roever
  • Martin Steffen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2884)


The research concerning Java’s semantics and proof theory has mainly focussed on various aspects of sequential sub-languages. Java, however, integrates features of a class-based object-oriented language with the notion of multi-threading, where multiple threads can concurrently execute and exchange information via shared instance variables. Furthermore, each object can act as a monitor to assure mutual exclusion or to coordinate between threads.

In this paper we present a sound and relatively complete assertional proof system for Java’s monitor concept, which generates verification conditions for a concurrent sublanguage Java MT of Java. This work extends previous results by incorporating Java’s monitor methods.


OO Java multithreading monitors deductive verification proof-outlines 


  1. 1.
    Abadi, M., Cardelli, L.: A Theory of Objects. In: Monographs in Computer Science. Springer, Heidelberg (1996)Google Scholar
  2. 2.
    Abadi, M., Leino, K.R.M.: A logic of object-oriented programs. In: Bidoit, M., Dauchet, M. (eds.) CAAP 1997, FASE 1997, and TAPSOFT 1997. LNCS, vol. 1214, pp. 682–696. Springer, Heidelberg (1997); An extended version of this paper appeared as SRC Research Report 161 (September 1998) CrossRefGoogle Scholar
  3. 3.
    Ábrahám, E., de Boer, F.S., de Roever, W.-P., Steffen, M.: A compositional operational semantics for JavaMT. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 290–303. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Ábrahám, E., de Boer, F.S., de Roever, W.-P., Steffen, M.: A Hoare logic for monitors in Java. Techical report TR-ST-03-1, Lehrstuhl für Software-Technologie, Institut für Informatik und Praktische Mathematik, Christian-Albrechts-Universität zu Kiel (April 2003)Google Scholar
  5. 5.
    Ábrahám-Mumm, E., de Boer, F.S., de Roever, W.-P., Steffen, M.: Verification for Java’s reentrant multithreading concept. In: Nielsen, M., Engberg, U.H. (eds.) FOSSACS 2002. LNCS, vol. 2303, pp. 4–20. Springer, Heidelberg (2002); A longer version, including the proofs for soundness and completeness, appeared as Technical Report TR-ST-02-1 (March 2002) CrossRefGoogle Scholar
  6. 6.
    Andrews, G.R.: Foundations of Multithreaded, Parallel, and Distributed Programming. Addison-Wesley, Reading (2000)Google Scholar
  7. 7.
    Buhr, P.A., Fortier, M., Coffin, M.H.: Monitor classification. ACM Computing Surveys 27(1), 63–107 (1995)CrossRefGoogle Scholar
  8. 8.
    de Boer, F.S.: A WP-calculus for OO. In: Thomas, W. (ed.) FOSSACS 1999. LNCS, vol. 1578, pp. 135–156. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  9. 9.
    Detlefs, D.L., Leino, K.R.M., Nelson, G., Saxe, J.B.: Extended static checking. SRC Technical Note 159, Compaq (December 1998)Google Scholar
  10. 10.
    Flanagan, C., Qadeer, S., Seshia, S.: A modular checker for multithreaded programs. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 180–194. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Floyd, R.W.: Assigning meanings to programs. In: Schwartz, J.T. (ed.) Proc. Symp. in Applied Mathematics, vol. 19, pp. 19–32 (1967)Google Scholar
  12. 12.
    Gosling, J., Joy, B., Steele, G.L.: The Java Language Specification. Addison-Wesley, Reading (1996)zbMATHGoogle Scholar
  13. 13.
    Hoare, C.A.R.: An axiomatic basis for computer programming. Communications of the ACM 12, 576–580 (1969)CrossRefzbMATHGoogle Scholar
  14. 14.
    Huisman, M.: Java Program Verification in Higher-Order Logic with PVS and Isabelle. PhD thesis, University of Nijmegen (2001)Google Scholar
  15. 15.
    Leino, K.R.M., Saxe, J.B., Stata, R.: Checking Java programs via guarded commands. SRC Technical Note 1999-002, Compaq (May 1999)Google Scholar
  16. 16.
    Levin, G., Gries, D.: A proof technique for communicating sequential processes. Acta Informatica 15(3), 281–302 (1981)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    The LOOP project: Formal methods for object-oriented systems (2001),
  18. 18.
    Moore, J.S., Porter, G.M.: An executable formal Java Virtual Machine thread model. In: Proceedings of the 2001 JVM Usenix Symposium in Monterey, California (2001)Google Scholar
  19. 19.
    Owicki, S., Gries, D.: An axiomatic proof technique for parallel programs. Acta Informatica 6(4), 319–340 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Poetzsch-Heffter, A., Müller, P.: A programming logic for sequential Java. In: Swierstra, S. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 162–176. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  21. 21.
    Reus, B., Hennicker, R., Wirsing, M.: A Hoare calculus for verifying Java realizations of OCL-constrained design models. In: Hussmann, H. (ed.) FASE 2001. LNCS, vol. 2029, pp. 300–316. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Tang, F., Hofmann, M.: Generation of verification conditions for Abadi and Leino’s logic of objects (extended abstract). In: Proceedings of the 9th International Workshop on Foundations of Object-Oriented Languages, FOOL 2002 (2002); A longer version is available as LFCS technical reportGoogle Scholar
  23. 23.
    von Oheimb, D., Nipkow, T.: Hoare logic for NanoJava: Auxiliary variables, side effects and virtual methods revisited. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 89–105. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Warmer, J.B., Kleppe, A.G.: The Object Constraint Language: Precise Modeling With Uml. Object Technology Series. Addison-Wesley, Reading (1999)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Erika Ábrahám
    • 1
  • Frank S. de Boer
    • 2
  • Willem-Paul de Roever
    • 1
  • Martin Steffen
    • 1
  1. 1.Christian-Albrechts-University KielGermany
  2. 2.CWI AmsterdamThe Netherlands

Personalised recommendations