{"title":"A Formalization of JML in the Coq Proof System","authors":"Andreas Kägi, Hermann Lehner, Peter Müller","doi":"10.3929/ETHZ-A-006903145","DOIUrl":null,"url":null,"abstract":"JML is a complex specication language for Java. Its large scale and manifold features make it hard to precisely dene its semantics in a reference manual. It is thus desirable to formally specify the syntax and semantics of JML. There are many good reasons for a formalized semantics of JML in a theorem prover: It can be used to develop a sound verication condition generator for JML constructs. By formally defining the semantics in a theorem prover, we can detect and eliminate ambiguousities in the language. When using the semantics with an operational semantics for Java source code, we can dene a runtime assertion checker and prove it's soundness with respect to the semantics in Coq. We divide the problem of dening JML in Coq into several steps. Firstly, we dene a basic JML subset that has the full expressiveness of JML, but without syntactic sugar. We define the semantics for this subset in Coq. We introduce an extended (full) JML Syntax and a syntactic rewriting function from the extended syntax into the basic syntax. Finally, we built a translation frontend that transforms a JML-annotated Java program into it's equivalent in Coq. We managed to dene the full JML and Java syntax in Coq, minus some very rare and not clearly described concepts and minus everything related to floating point numbers. We implemented a lightweight translation frontent in Java. We defined a large set of rewritings that simplify the syntax of JML without loosing any precision. We then dened the semantics of the desugared JML, using Bicolano as a basis for the semantic domain. Finally, we conducted a case study evaluating the feasibility of proving on top of the formalisation.","PeriodicalId":10841,"journal":{"name":"CTIT technical reports series","volume":"27 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2009-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"CTIT technical reports series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3929/ETHZ-A-006903145","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
Abstract
JML is a complex specication language for Java. Its large scale and manifold features make it hard to precisely dene its semantics in a reference manual. It is thus desirable to formally specify the syntax and semantics of JML. There are many good reasons for a formalized semantics of JML in a theorem prover: It can be used to develop a sound verication condition generator for JML constructs. By formally defining the semantics in a theorem prover, we can detect and eliminate ambiguousities in the language. When using the semantics with an operational semantics for Java source code, we can dene a runtime assertion checker and prove it's soundness with respect to the semantics in Coq. We divide the problem of dening JML in Coq into several steps. Firstly, we dene a basic JML subset that has the full expressiveness of JML, but without syntactic sugar. We define the semantics for this subset in Coq. We introduce an extended (full) JML Syntax and a syntactic rewriting function from the extended syntax into the basic syntax. Finally, we built a translation frontend that transforms a JML-annotated Java program into it's equivalent in Coq. We managed to dene the full JML and Java syntax in Coq, minus some very rare and not clearly described concepts and minus everything related to floating point numbers. We implemented a lightweight translation frontent in Java. We defined a large set of rewritings that simplify the syntax of JML without loosing any precision. We then dened the semantics of the desugared JML, using Bicolano as a basis for the semantic domain. Finally, we conducted a case study evaluating the feasibility of proving on top of the formalisation.