A Formalization of JML in the Coq Proof System

Andreas Kägi, Hermann Lehner, Peter Müller
{"title":"A Formalization of JML in the Coq Proof System","authors":"Andreas Kägi, Hermann Lehner, Peter Müller","doi":"10.3929/ETHZ-A-006903145","DOIUrl":null,"url":null,"abstract":"JML is a complex specication language for Java. Its large scale and manifold features make it hard to precisely dene its semantics in a reference manual. It is thus desirable to formally specify the syntax and semantics of JML. There are many good reasons for a formalized semantics of JML in a theorem prover: It can be used to develop a sound verication condition generator for JML constructs. By formally defining the semantics in a theorem prover, we can detect and eliminate ambiguousities in the language. When using the semantics with an operational semantics for Java source code, we can dene a runtime assertion checker and prove it's soundness with respect to the semantics in Coq. We divide the problem of dening JML in Coq into several steps. Firstly, we dene a basic JML subset that has the full expressiveness of JML, but without syntactic sugar. We define the semantics for this subset in Coq. We introduce an extended (full) JML Syntax and a syntactic rewriting function from the extended syntax into the basic syntax. Finally, we built a translation frontend that transforms a JML-annotated Java program into it's equivalent in Coq. We managed to dene the full JML and Java syntax in Coq, minus some very rare and not clearly described concepts and minus everything related to floating point numbers. We implemented a lightweight translation frontent in Java. We defined a large set of rewritings that simplify the syntax of JML without loosing any precision. We then dened the semantics of the desugared JML, using Bicolano as a basis for the semantic domain. Finally, we conducted a case study evaluating the feasibility of proving on top of the formalisation.","PeriodicalId":10841,"journal":{"name":"CTIT technical reports series","volume":"27 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2009-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CTIT technical reports series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3929/ETHZ-A-006903145","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2

Abstract

JML is a complex specication language for Java. Its large scale and manifold features make it hard to precisely dene its semantics in a reference manual. It is thus desirable to formally specify the syntax and semantics of JML. There are many good reasons for a formalized semantics of JML in a theorem prover: It can be used to develop a sound verication condition generator for JML constructs. By formally defining the semantics in a theorem prover, we can detect and eliminate ambiguousities in the language. When using the semantics with an operational semantics for Java source code, we can dene a runtime assertion checker and prove it's soundness with respect to the semantics in Coq. We divide the problem of dening JML in Coq into several steps. Firstly, we dene a basic JML subset that has the full expressiveness of JML, but without syntactic sugar. We define the semantics for this subset in Coq. We introduce an extended (full) JML Syntax and a syntactic rewriting function from the extended syntax into the basic syntax. Finally, we built a translation frontend that transforms a JML-annotated Java program into it's equivalent in Coq. We managed to dene the full JML and Java syntax in Coq, minus some very rare and not clearly described concepts and minus everything related to floating point numbers. We implemented a lightweight translation frontent in Java. We defined a large set of rewritings that simplify the syntax of JML without loosing any precision. We then dened the semantics of the desugared JML, using Bicolano as a basis for the semantic domain. Finally, we conducted a case study evaluating the feasibility of proving on top of the formalisation.
Coq证明系统中JML的形式化
JML是一种复杂的Java规范语言。它的规模大,特征多,很难在参考手册中精确地判断其语义。因此,需要正式指定JML的语法和语义。在定理证明器中使用JML的形式化语义有很多很好的理由:它可以用于为JML构造开发可靠的验证条件生成器。通过形式化地定义定理证明中的语义,我们可以检测和消除语言中的歧义。当将语义与Java源代码的操作语义一起使用时,我们可以定义一个运行时断言检查器,并证明它相对于Coq中的语义是健全的。我们将在Coq中定义JML的问题分为几个步骤。首先,我们定义了一个基本的JML子集,它具有JML的全部表达能力,但没有语法糖。我们在Coq中定义了这个子集的语义。我们介绍了扩展的(完整的)JML语法和从扩展语法到基本语法的语法重写功能。最后,我们构建了一个翻译前端,用于将带有jml注释的Java程序转换为Coq中的等效程序。我们设法在Coq中定义了完整的JML和Java语法,减去了一些非常罕见的和没有明确描述的概念,并减去了与浮点数相关的所有内容。我们用Java实现了一个轻量级的翻译前端。我们定义了大量的重写,这些重写简化了JML的语法,同时又不丢失任何精度。然后,我们使用Bicolano作为语义域的基础,定义了糖化后的JML的语义。最后,我们进行了一个案例研究,评估了在形式化之上证明的可行性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信