Bytecode subroutines are a major complication for Java bytecode
verification: they are difficult to fit into the data flow analysis
that the JVM specification suggests.
Because of that, subroutines are left out or are restricted in most
formalizations of the bytecode verifier. We examine the problems that
occur with subroutines and give an overview of the most prominent
solutions in the literature. Using the theorem prover Isabelle/HOL, we
have extended our substantial formalization of the JVM and the
bytecode verifier with its proof of correctness by the most general solution
for bytecode subroutines.
A formalization of the Java bytecode verifier, including
a defensive JVM, exceptions, constructor calls, object initialization, jsr/ret instructions, and arrays:
@article{KleinW-JAR03,
author = {Gerwin Klein and Martin Wildmoser},
title = {Verified Bytecode Subroutines},
journal = {Journal of Automated Reasoning},
year = 2003,
volume = 30,
number = {3--4},
pages = {363--398},
editor = {Tobias Nipkow},
url = {\url{http://www4.in.tum.de/~kleing/papers/KleinW-JAR02.html}}
}