Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method

This paper explains how the Alloy model-finding method has been used to check the specification of an electronic purse (also called smart card) system, called the Mondex case study, initially written in Z. After describing the payment protocol between two electronic purses, and presenting an overview of the Alloy model-finding method, this paper explains how technical issues about integers and conceptual issues about the object layout in Z have been tackled in Alloy, giving general methods that can be used in most case studies with Alloy. This work has also pointed out some significant bugs in the original Z specification such as reasoning bugs in the proofs, and proposes a way to solve them.

[1]  Nazareno Aguirre,et al.  Reasoning about static and dynamic properties in alloy , 2005, ACM Trans. Softw. Eng. Methodol..

[2]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[3]  Lorenzo Bettini,et al.  Data Privacy in Tuple Space Based Mobile Agent Systems , 2005, SecCo.

[4]  Anthony Hall,et al.  Using Z as a Specification Calculus for Object-Oriented Systems , 1990, VDM Europe.

[5]  Peter W. O'Hearn,et al.  Verified Software: A Grand Challenge , 2006, Computer.

[6]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[7]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[8]  Wolfgang Reif,et al.  The Mondex Challenge: Machine Checked Proofs for an Electronic Purse , 2006, FM.

[9]  Emina Torlak,et al.  Kodkod: A Relational Model Finder , 2007, TACAS.

[10]  Paulo Borba,et al.  An Abstract Equivalence Notion for Object Models , 2005, Electron. Notes Theor. Comput. Sci..

[11]  Chris George,et al.  Specification and Proof of the Mondex Electronic Purse , 2006, FM 2006.

[12]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[13]  Sarfraz Khurshid,et al.  Integrating Model Checking and Theorem Proving for Relational Reasoning , 2003, RelMiCS.

[14]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[15]  Neil Immerman,et al.  Simulating Reachability Using First-Order Logic with Applications to Verification of Linked Data Structures , 2005, CADE.

[16]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[17]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[18]  Daniel Jackson Automating first-order relational logic , 2000, SIGSOFT '00/FSE-8.

[19]  Lee Momtahan Towards a Small Model Theorem for Data Independent Systems in Alloy , 2005, Electron. Notes Theor. Comput. Sci..

[20]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.