Verification of Safety Properties in the Presence of Transactions
Artikel i vetenskaplig tidskrift, 2005

The JavaCard transaction mechanism can ensure that a sequence of statements either is executed to completion or is not executed at all. Transactions make verification of JavaCard programs considerably more difficult, because they cannot be formalised in a logic based on pre- and postconditions. The KeY system includes an interactive theorem prover for JavaCard source code that models the full JavaCard standard including transactions. Based on a case study of realistic size we show the practical difficulties encountered during verification of safety properties. We provide an assessment of current JavaCard source code verification, and we make concrete suggestions towards overcoming the difficulties by design for verification. The main conclusion is that largely automatic verification of realistic JavaCard software is possible provided that it is designed with verification in mind from the start.

safety properties

transactions

formal specification

formal verification

interactive theorem proving

Java Card

Författare

Reiner Hähnle

Chalmers, Data- och informationsteknik, Datavetenskap

Wojciech Mostowski

Chalmers, Data- och informationsteknik, Datavetenskap

Lecture Notes in Computer Science

0302-9743 (ISSN)

Vol. 3362 151-171

Ämneskategorier

Data- och informationsvetenskap

DOI

10.1007/978-3-540-30569-9_8

Mer information

Skapat

2017-10-07