Verification of Safety Properties in the Presence of Transactions
Journal article, 2005
The JavaCard transaction mechanism can ensure that a sequence of statements either is executed to completion or is not executed at all. Transactions make verification of JavaCard programs considerably more difficult, because they cannot be formalised in a logic based on pre- and postconditions. The KeY system includes an interactive theorem prover for JavaCard source code that models the full JavaCard standard including transactions. Based on a case study of realistic size we show the practical difficulties encountered during verification of safety properties. We provide an assessment of current JavaCard source code verification, and we make concrete suggestions towards overcoming the difficulties by design for verification. The main conclusion is that largely automatic verification of realistic JavaCard software is possible provided that it is designed with verification in mind from the start.
safety properties
transactions
formal specification
formal verification
interactive theorem proving
Java Card
Author
Reiner Hähnle
Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)
Wojciech Mostowski
Chalmers, Computer Science and Engineering (Chalmers), Computing Science (Chalmers)
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
03029743 (ISSN) 16113349 (eISSN)
Vol. 3362 151-171Subject Categories
Computer and Information Science
DOI
10.1007/978-3-540-30569-9_8