Analysing Java's safety guarantees under concurrency

Two features distinguish Java from other main-stream programming languages like C and C++: its built-in support for concurrency and safety guarantees such as type safety or safe execution in a sandbox. In this work, we build a formal, unified model of Java concurrency, validate it empirically, and analyse it with respect to the safety guarantees using a proof assistant. We show that type safety and Java's data race freedom guarantee hold. Our analysis, however, revealed a weakness in the Java security architecture, because the Java memory model theoretically allows pointer forgery. As a result, this work clarifies the specification of the Java memory mode

Introducing Simulation and Model Animation in the MDE Topcased Toolkit

International audienceThe Topcased project aims at developing a modular and generic CASE environment for model driven development of safety critical systems. Model validation is a key feature in this project and model simulation is a major way for validation. The purpose of this paper is to present the current Topcased process for building model simulators and animators. After introducing the functional requirements for model simulation and animation, it is explained how simulation is currently being integrated in the Topcased environment, presenting the main components of a simulator: a model animator, a scenario builder and a simulation engine. The approach is illustrated by the presentation of the first simulation experiment conducted in the project: the UML 2 StateMachines case study

Extending Nunchaku to Dependent Type Theory

Nunchaku is a new higher-order counterexample generator based on a sequence of transformations from polymorphic higher-order logic to first-order logic. Unlike its predecessor Nitpick for Isabelle, it is designed as a stand-alone tool, with frontends for various proof assistants. In this short paper, we present some ideas to extend Nunchaku with partial support for dependent types and type classes, to make frontends for Coq and other systems based on dependent type theory more useful.Comment: In Proceedings HaTT 2016, arXiv:1606.0542

Mechanized Metatheory for the Masses: The \u3cb\u3ePOPLMARK\u3c/b\u3e Challenge

How close are we to a world where every paper on programming languages is accompanied by an electronic appendix with machinechecked proofs? We propose an initial set of benchmarks for measuring progress in this area. Based on the metatheory of System F, a typed lambda-calculus with second-order polymorphism, subtyping, and records, these benchmarks embody many aspects of programming languages that are challenging to formalize: variable binding at both the term and type levels, syntactic forms with variable numbers of components (including binders), and proofs demanding complex induction principles. We hope that these benchmarks will help clarify the current state of the art, provide a basis for comparing competing technologies, and motivate further research

A Unified, Machine-Checked Formalisation of Java and the Java Memory Model

We present a machine-checked formalisation of the Java memory model and connect it to an operational semantics for Java source code and bytecode. This provides the link between sequential semantics and the memory model that has been missing in the literature. Our model extends previous formalisations by dynamic memory allocation, thread spawns and joins, infinite executions, the wait-notify mechanism and thread interruption. We prove the Java data race freedom guarantee for the complete formalisation in a modular way. This work makes the assumptions about the sequential semantics explicit and shows how to discharge them

Goal Driven Architecture Development using LEAP

Methods for goal driven system engineering exist and propose a number of categories of goals including behavioural, formal, informal and non-functional. This article goes further than existing goal driven approaches by linking goals directly to the semantics of an architectural modelling language called LEAP with an operational semantics. The behavioural goals are expressed using a Linear Temporal Logic and the non-functional goals are expressed as functions over meta-properties of the model. The meta-properties are supported using an encoding represented using Java reflection. The article describes the LEAP approach using a simple case study written in the LEAP language supported by the LEAP toolset

A Machine-Checked, Type-Safe Model of Java Concurrency : Language, Virtual Machine, Memory Model, and Verified Compiler

The Java programming language provides safety and security guarantees such as type safety and its security architecture. They distinguish it from other mainstream programming languages like C and C++. In this work, we develop a machine-checked model of concurrent Java and the Java memory model and investigate the impact of concurrency on these guarantees. From the formal model, we automatically obtain an executable verified compiler to bytecode and a validated virtual machine