Formal Reasoning About Non-atomic Java Card Methods in Dynamic Logic

  • Wojciech Mostowski
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4085)


We present an extension to Java Card Dynamic Logic, a program logic for reasoning about Java Card programs, to handle Java Card’s so-called non-atomic methods. Although Java Card DL already supports the atomic transaction mechanism of Java Card, non-atomic methods present an additional challenge: state updates triggered by such a non-atomic method are not subjected to any transaction that may possibly be in progress. The semantics of a non-atomic method itself seems to be simple and straightforward to formalise, however experimental studies showed that non-atomic methods affect the whole semantics of the Java Card transaction mechanism in a subtle way, in particular, it affects the notion of a transaction roll-back. In this paper we show how to adapt Java Card DL to accommodate this newly discovered complex transaction behaviour. The extension completes the formalisation of all of Java Card in Dynamic Logic.


Smart Card Array Element Object Constraint Language Dynamic Logic Proof Obligation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and Systems Modeling 4(1), 32–54 (2005)CrossRefGoogle Scholar
  2. 2.
    Beckert, B.: A dynamic logic for the formal verification of JavaCard programs. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 6–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Beckert, B., Mostowski, W.: A program logic for handling JavaCard’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Burdy, L., Requet, A., Lanet, J.-L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Chen, Z.: JavaCard Technology for Smart Cards: Architecture and Programmer’s Guide. Java Series. Addison-Wesley, Reading (2000)Google Scholar
  6. 6.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings, ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, pp. 234–245. ACM Press, New York (2002)CrossRefGoogle Scholar
  7. 7.
    Hähnle, R., Mostowski, W.: Verification of safety properties in the presence of transactions. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 151–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)zbMATHGoogle Scholar
  9. 9.
    Hubbers, E., Poll, E.: Reasoning about card tears and transactions in JavaCard. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 114–128. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Hubbers, E., Poll, E.: Transactions and non-atomic API calls in JavaCard: Specification ambiguity and strange implementation behaviours. Deptartment of Computer Science NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
  11. 11.
    Huisman, M., Jacobs, B.: Java program verification via a Hoare logic with abrupt termination. In: Maibaum, T. (ed.) FASE 2000. LNCS, vol. 1783, pp. 284–303. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Jacobs, B., Poll, E.: Java program verification at Nijmegen: Developments and perspective. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 134–153. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  13. 13.
    Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. Journal of Logic and Algebraic Programming 58(1–2), 89–106 (2004)zbMATHCrossRefGoogle Scholar
  14. 14.
    Meyer, J., Poetzsch-Heffter, A.: An architecture for interactive program provers. In: Schwartzbach, M.I., Graf, S. (eds.) TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  15. 15.
    Mostowski, W.: Formalisation and verification of java card security properties in dynamic logic. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 357–371. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Mostowski, W.: The KeY Book, ch. 9. From Sequential Java to JavaCard. Springer, Heidelberg (to appear, 2006)Google Scholar
  17. 17.
    Stenzel, K.: A formally verified calculus for full JavaCard. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 491–505. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Sun Microsystems, Inc., Santa Clara, California, USA. JavaCard 2.2.1 Runtime Environment Specification (October 2003)Google Scholar
  19. 19.
    von Oheimb, D.: Analyzing Java in Isabelle/HOL. PhD thesis, Institut für Informatik, Technische Universität München (January 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Wojciech Mostowski
    • 1
  1. 1.Department of Computing ScienceRadboud University NijmegenNijmegenThe Netherlands

Personalised recommendations