Formal Reasoning About Non-atomic Java Card Methods in Dynamic Logic
We present an extension to Java Card Dynamic Logic, a program logic for reasoning about Java Card programs, to handle Java Card’s so-called non-atomic methods. Although Java Card DL already supports the atomic transaction mechanism of Java Card, non-atomic methods present an additional challenge: state updates triggered by such a non-atomic method are not subjected to any transaction that may possibly be in progress. The semantics of a non-atomic method itself seems to be simple and straightforward to formalise, however experimental studies showed that non-atomic methods affect the whole semantics of the Java Card transaction mechanism in a subtle way, in particular, it affects the notion of a transaction roll-back. In this paper we show how to adapt Java Card DL to accommodate this newly discovered complex transaction behaviour. The extension completes the formalisation of all of Java Card in Dynamic Logic.
KeywordsSmart Card Array Element Object Constraint Language Dynamic Logic Proof Obligation
Unable to display preview. Download preview PDF.
- 5.Chen, Z.: JavaCard Technology for Smart Cards: Architecture and Programmer’s Guide. Java Series. Addison-Wesley, Reading (2000)Google Scholar
- 10.Hubbers, E., Poll, E.: Transactions and non-atomic API calls in JavaCard: Specification ambiguity and strange implementation behaviours. Deptartment of Computer Science NIII-R0438, Radboud University Nijmegen (2004)Google Scholar
- 16.Mostowski, W.: The KeY Book, ch. 9. From Sequential Java to JavaCard. Springer, Heidelberg (to appear, 2006)Google Scholar
- 18.Sun Microsystems, Inc., Santa Clara, California, USA. JavaCard 2.2.1 Runtime Environment Specification (October 2003)Google Scholar
- 19.von Oheimb, D.: Analyzing Java in Isabelle/HOL. PhD thesis, Institut für Informatik, Technische Universität München (January 2001)Google Scholar