Java Card applet EEPROM vs RAM testing

7
votes

One of typical bugs in Java Card applets is using the persistent memory for temporary variables which are supposed to be in RAM.

These bugs can slow down the applet and cause some serious troubles (e.g. Symptoms of EEPROM damage).

Unit tests can hardly reveal these bugs. Unit tests access the applet as a blackbox and all they can do is to check outputs for given inputs. They can measure time and report suspiciously slow commands, of course, but overwriting a single byte in the persistent memory takes almost the same time as overwriting a single byte in RAM.

Is there any way to get rid of these bugs (other than being careful when coding)? Could I somehow detect EEPROM changes and how many of them were done when processing a particular APDU?

A good simulator could do the job, of course. However, both JCardSim (www.jcardsim.org) and NXP JCOP Tools seem to be far away from being able to report EEPROM usage statistics.

Do you know any other tool or a testing technique that could possibly help me?

1
unit-testingdebuggingsimulationsmartcardjavacard
It would be an interesting feature to see in a simulator. That said, I haven't seen one up to now. I don't get to see what all the competitors are up to though :)Maarten Bodewes
@MaartenBodewes I think the problem is that all the simulators use the Java Card applets as plain Java objects with replaced Java Card packages (exceptions, JCSystem etc.). That is why they do not care about RAM/EEPROM at all, because Java does not know this problem.vojta
That's not true, most simulators that I've encountered actually implement the Java Card system including Java Card VM (except that they usually use a different Hardware Adoptation Layer and possibly different crypto libs). JCOP certainly doesn't run on a Java RE. Note that implementing Java Card in Java is tricky where it comes to transient byte arrays and such.Maarten Bodewes
@MaartenBodewes What about static source code analysis? Have you heard of anything like this for Java Card?vojta
I did not hear about it, but I do have my own particular ideas :)Maarten Bodewes

1 Answers

0
votes

A test command can be implemented and test scenario can be added which will return available memory. That can be achived by getAvailableMemory(byte memoryType);