Verifying a Compiler for Java Threads

  • Andreas Lochbihler
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6012)


A verified compiler is an integral part of every security infrastructure. Previous work has come up with formal semantics for sequential and concurrent variants of Java and has proven the correctness of compilers for the sequential part. This paper presents a rigorous formalisation (in the proof assistant Isabelle/HOL) of concurrent Java source and byte code together with an executable compiler and its correctness proof. It guarantees that the generated byte code shows exactly the same observable behaviour as the semantics for the multithreaded source code.


Virtual Machine Abstract Syntax Correctness Proof Exception Handler Single Thread 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Aceto, L., van Glabbeek, R.J., Fokkink, W., Ingólfsdóttir, A.: Axiomatizing prefix iteration with silent steps. Information and Computation 127(1), 26–40 (1996)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Alves-Foss, J. (ed.): Formal Syntax and Semantics of Java. LNCS, vol. 1523. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Aspinall, D., Ševčík, J.: Formalising Java’s data-race-free guarantee. In: Schneider, K., Brandt, J. (eds.) TPHOLs 2007. LNCS, vol. 4732, pp. 22–37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  4. 4.
    Belblidia, N., Debbabi, M.: A dynamic operational semantics for JVML. Journal of Object Technology 6(3), 71–100 (2007)Google Scholar
  5. 5.
    Bergstra, J.A., Klop, J.W., Olderog, E.R.: Failures without chaos: a new process semantics for fair abstraction. In: IFIP 1987, Formal Description of Programming Concepts III, pp. 77–103. Elsevier Science Publishing, Amsterdam (1987)Google Scholar
  6. 6.
    Dave, M.A.: Compiler verification: a bibliography. SIGSOFT Software Engineering Notes 28(6), 2 (2003)CrossRefGoogle Scholar
  7. 7.
    Flanagan, C., Freund, S.N., Lifshin, M., Qadeer, S.: Types for atomicity: Static checking and inference for Java. ACM TOPLAS 30(4), 1–53 (2008)CrossRefGoogle Scholar
  8. 8.
    Gosling, J., Joy, B., Steele, G., Bracha, G.: The Java Language Specification, 3rd edn. Addison-Wesley, Reading (2005)Google Scholar
  9. 9.
    Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8(6), 399–422 (2009)CrossRefGoogle Scholar
  10. 10.
    Huisman, M., Petri, G.: BicolanoMT: a formalization of multi-threaded Java at bytecode level. In: BYTECODE 2008. ENTCS (2008)Google Scholar
  11. 11.
    Klein, G., Nipkow, T.: A machine-checked model for a Java-like language, virtual machine and compiler. ACM TOPLAS 28, 619–695 (2006)CrossRefGoogle Scholar
  12. 12.
    Leinenbach, D.: Compiler Verification in the Context of Pervasive System Verification. PhD thesis, Saarland University (2008)Google Scholar
  13. 13.
    Leroy, X.: Formal certification of a compiler backend or: Programming a compiler with a proof assistant. In: POPL 2006, pp. 42–54. ACM, New York (2006)CrossRefGoogle Scholar
  14. 14.
    Leroy, X.: Formal verification of a realistic compiler. Communications of the ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  15. 15.
    Leroy, X.: A formally verified compiler back-end. Journal of Automated Reasoning 43(4), 363–446 (2009)zbMATHCrossRefMathSciNetGoogle Scholar
  16. 16.
    Lindholm, T., Yellin, F.: The Java Virtual Machine Specification, Second Edition. Addison-Wesley, Reading (1999)Google Scholar
  17. 17.
    Liu, H., Moore, J.S.: Executable JVM Model for Analytical Reasoning: A Study. In: IVME 2003, pp. 15–23 (2003)Google Scholar
  18. 18.
    Lochbihler, A.: Type safe nondeterminism - a formal semantics of Java threads. In: FOOL 2008 (2008)Google Scholar
  19. 19.
    Lochbihler, A.: Jinja with threads. In: The Archive of Formal Proofs (2009), (Formal proof development)
  20. 20.
    Milner, R.: A modal characterisation of observable machine-behaviour. In: Astesiano, E., Böhm, C. (eds.) CAAP 1981. LNCS, vol. 112, pp. 25–34. Springer, Heidelberg (1981)Google Scholar
  21. 21.
    Milner, R.: Communication and Concurrency. Prentice Hall, Englewood Cliffs (1989)zbMATHGoogle Scholar
  22. 22.
    Nipkow, T. (ed.): Special Issue on Java Bytecode Verification. Journal of Automated Reasoning, vol. 30(3-4). Springer, Heidelberg (2003)Google Scholar
  23. 23.
    Nipkow, T., Paulson, L.C., Wenzel, M.T. (eds.): Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)zbMATHGoogle Scholar
  24. 24.
    Rittri, M.: Proving the correctness of a virtual machine by a bisimulation. Licentiate thesis, Göteborg University (1988)Google Scholar
  25. 25.
    Ševčík, J., Aspinall, D.: On validity of program transformations in the Java memory model. In: Vitek, J. (ed.) ECOOP 2008. LNCS, vol. 5142, pp. 27–51. Springer, Heidelberg (2008)Google Scholar
  26. 26.
    Stärk, R.F., Schmid, J., Börger, E.: Java and the Java Virtual Machine. Springer, Heidelberg (2001)zbMATHGoogle Scholar
  27. 27.
    Wand, M.: Compiler correctness for parallel languages. In: FPCA 1995, pp. 120–134. ACM, New York (1995)CrossRefGoogle Scholar
  28. 28.
    Wasserrab, D., Lohner, D., Snelting, G.: On PDG-based noninterference and its modular proof. In: PLAS 2009, pp. 31–44. ACM, New York (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Andreas Lochbihler
    • 1
  1. 1.Karlsruher Institut für Technologie (KIT)KarlsruheGermany

Personalised recommendations