Gerwin Klein

Verified bytecode verifiers

Using the theorem prover Isabelle/HOL we have formalized and proved correct and executable bytecode verifier in the style of Kildalls algorithm for a significant subset of the Java Virtual Machine (JVM). First an abstract framework for proving correctness of data flow based type inference algorithms for assembly languages is formalized. It is shown that under certain conditions Kildalls algorithm yields a correct bytecode verifier. Then the framework is instantiated with our previous work about the JVM. Finally, we demonstrate the flexibility of the framework by extending our previous JVM model and the executable bytecode verifier with object initialization.

Verified lightweight bytecode verification

Eva and Kristoffer Rose proposed a (sparse) annotation of Java Virtual Machine code with types to enable a one‐pass verification of well‐typedness. We have formalized a variant of their proposal in the theorem prover Isabelle/HOL and proved soundness and completeness. Copyright

Verified Bytecode Subroutines

Bytecode subroutines are a major complication for Java bytecode verification: They are difficult to fit into the dataflow analysis that the JVM specification suggests. Hence, subroutines are left out or are restricted in most formalizations of the bytecode verifier. We examine the problems that occur with subroutines and give an overview of the most prominent solutions in the literature. Using the theorem prover Isabelle/HOL, we have extended our substantial formalization of the JVM and the bytecode verifier with its proof of correctness by the most general solution for bytecode subroutines.

Verified bytecode verification and type-certifying compilation

Abstract This article presents a type certifying compiler for a subset of Java and proves the type correctness of the bytecode it generates in the proof assistant Isabelle. The proof is performed by defining a type compiler that emits a type certificate and by showing a correspondence between bytecode and the certificate which entails well-typing. The basis for this work is an extensive formalization of the Java bytecode type system, which is first presented in an abstract, lattice-theoretic setting and then instantiated to Java types.