The Safety-Critical Java Memory Model Formalised

Research output: Contribution to journalArticlepeer-review


Safety-Critical Java (SCJ) is a version of Java for real-time programming, restricted to facilitate certification of implementations of safety-critical systems. Its development is the result of an international effort involving experts from industry and academia. What we provide here is, as far as we know, the first formalisation of the SCJ model of memory regions. We use Hoare and He’s unifying theories of programming (UTP), enabling the integration of our theory with refinement models for object orientation and concurrency. In developing the SCJ theory, we also make a contribution to UTP by providing a general theory of invariants (an instance of which is used in the SCJ theory). The results presented here are a first essential ingredient to formalise the novel programming paradigm embedded in SCJ, and enable the justification and development of formal reasoning techniques based on refinement.
Original languageEnglish
Pages (from-to)37-57
Number of pages21
JournalFormal Aspects of Computing
Issue number1
Publication statusPublished - Jan 2013


  • Safety-Critical Java; Memory safety; Semantics; Unifying theories of programming; Integration; Refinement

Cite this