Hanbing Liu
ABSTRACT
To study the properties of the Java Virtual Machine(JVM) and Java programs, our research group has produced a series of JVM models written in a functional subset of Common Lisp. In this paper, we present our most complete JVM model from this series, namely, M6, which is derived from a careful study of the J2ME KVM [16] implementation.On the one hand, our JVM model is a conventional machine emulator. M6 models accurately almost all aspects of the KVM implementation, including the dynamic class loading, class initialization and synchronization via monitors. It executes most J2ME Java programs that do not use any I/O or floating point operations. Engineers may consider M6 an implementation of the JVM. It is implemented with around 10K lines in 20+ modules.On the other hand, M6 is a novel model that allows for analytical reasoning besides conventional testing. M6 is written in an applicative (side-effect free) subset of Common Lisp, for which we have given precise meaning in terms of axioms and inference rules. A property of M6 can be expressed as a formula. Rules of interference can be used analytically to derive properties of M6 and the Java programs that run on the model, using a mechanical theorem prover.We argue that our approach of building an executable model of the system with an axiomatically described functional language can bring benefits from both the testing and the formal reasoning worlds.
- R. Cohen. Defensive Java Virtual Machine Version 0.5 alpha Release. Available from http://www.cli.com/software/djvm/index.html, 1997.]]Google Scholar
- The Coq Development Team. Technical report.]]Google Scholar
- D. Burger and T. M. Austin. The SimpleScalar tool set, Version 2.0. Technical Report 1342, Universit of Wisconsin-Madison Computer Science Department, June 1997.]]Google ScholarDigital Library
- D. Hardin, D. Greve, M. Wilding, and J. Cowles. Single-threaded formal processor models: Enabling proof and high-speed execution. Technical report, Rockwell Collins Advanced Technology Center, Cedar Rapids, IA 52498, 1999.]]Google Scholar
- G. Barthe, G. Dufay, L. Jakubiec, B. Serpette, and S. Melo de Sousa. A formal executable semantics of the javacard platform. In D. Sands, editor, Proceedings of ESOP'01, 2001.]] Google ScholarDigital Library
- D. Greve. Symbolic simulation of the JEM1 microprocessor. In Ganesh Gopalakrishnan and Phillip Windley, editors, Formal Methods in Computer-Aided Design (FMCAD'98), pages 321--333, Palo Alto, CA, 1998.]] Google ScholarDigital Library
- H. Liu and J S. Moore. A formal study of bytecode verification in ACL2. Partial results on the correctness of the bytecode verification algorithm for the JVM model M3, unpublished, March 2002.]]Google Scholar
- H. Liu and J S. Moore. JVM model: M6 source code. http://www.cs.utexas.edu/users/hbl/pub/M6/ivme03/, March 2003.]]Google Scholar
- J S. Moore and G. Porter. An executable formal java virtual machine thread model. In Proceedings of 2001 JVM Usenix Symposium, Monterey, California, April 2001. USENIX.]] Google ScholarDigital Library
- J S. Moore, R. Krug, H. Liu, and G. Porter. Formal models of Java at the JVM level a survey from the ACL2 perspective. In Workshop on Formal Techniques for Java Programs. 2001.]]Google Scholar
- M. Kaufmann, P. Manolios, and J S. Moore. Computer-aided Reasoning: An approach. Kluwer Academic Publishers, 2000.]] Google ScholarDigital Library
- M. Wilding, D. Greve, and D. Hardin. Efficient simulation of formal processor models. Formal Methods in System Design, 18(3), May 2001.]] Google ScholarDigital Library
- J S. Moore. Proving theorems about Java and the JVM with ACL2. In M. Broy, editor, Lecture Notes of the Marktoberdorf 2002 Summer School. Springer, 2002.]]Google Scholar
- J S. Moore and G. Porter. The apprentice challenge. ACM Transactions on Programming Languages and Systems (TOPLAS), 24(3):193--216, 2002.]] Google ScholarDigital Library
- G. Porter. A commuting diagram relating threaded and non-threaded JVM models. Technical report, Honors Thesis, Department of Computer Sciences, University of Texas at Austin, 2001.]] Google ScholarDigital Library
- Connected Limited Device Configuration (CLDC) and the K Virtual Machine. http://java.sun.com/products/cldc/.]]Google Scholar
- Connected Limited Device Configuration (CLDC) Specification 1.1. http://jcp.org/en/jsr/detail?id=139.]]Google Scholar
- Java 2 Platform, Micro Edition. http://java.sun.com/j2me/.]]Google Scholar
- T. Lindholm and F. Yellin. The Java Virtual Machine Specification. Addison-Wesley Publisher, second edition, 1999.]] Google ScholarDigital Library
Index Terms
- Executable JVM model for analytical reasoning: a study
Recommendations
Executable JVM model for analytical reasoning: a study
Special issue on advances in interpreters, virtual machines and emulators (IVME'03)To study the properties of the Java Virtual Machine (JVM) and Java programs, our research group has produced a series of JVM models written in a functional subset of Common Lisp. In this paper, we present our most complete JVM model from this series, ...
JVM: platform independent vs. performance dependent
Nowadays Java technology has become an important reference to application developers. The great acceptance from software developer's community is mainly based on its platform independence execution environment. In this paper, we analyze the degree of ...
Cloneable JVM: a new approach to start isolated java applications faster
VEE '07: Proceedings of the 3rd international conference on Virtual execution environmentsJava has been successful particularly for writing applications in the server environment. However, isolation of multiple applications hasnot been efficiently achieved in Java. Many customers require that their applications are guarded by independent OS ...
Reviews
Mordechai Ben-Menachem
This paper represents a very interesting conundrum. The authors present the results of a study of the development of a Java Virtual Machine, in a LISP-derivative language, as a simulator. They place strong emphasis on the state machine presentation in the simulator. They go to great lengths to describe details of the simulator, how it works, and how they attained their results. Overall, the paper is well written and well constructed. Seemingly, all aspects of the simulator are discussed, with a level of detail that seems appropriate. Anyone interested in this area would do well to read this paper. Now, for the interesting problem: immediately after the abstract, the authors provide, as is customary, a list of keywords, categories, and subject descriptors. From my perusal of these, I glean that the authors are describing a paper that is quite deeply in the domain of software engineering (while other keywords also exist, these words are first, presumably implying importance). The Association for Computing Machinery (ACM) and Institute of Electrical and Electronics Engineers (IEEE) have a joint effort to create curricula within a taxonomy, dividing computing into four main domains: computer science (CS), computer engineering (CE), information systems (IS), and software engineering (SE). This paper is a fine example of a paper in the CS domain, with little relation to SE. I commend the authors for a job well done, and worth doing. Unfortunately, potential readers may be misled by a less than careful choice of keywords. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments