Retrenching the Purse: Finite Exception Logs, and Validating the Small

The Mondex electronic purse is an outstanding example of industrial scale formal refinement, and was the first verification to achieve ITSEC level E6 certification. A formal abstract model and a formal concrete model were developed, and a formal refinement was hand-proved between them. Nevertheless, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. The retrenchment tower pattern is used to address one such issue in detail: the finiteness of the purse log (which records unsuccessful transactions). A retrenchment is constructed from the lowest level model of the purse system to a model in which logs are finite, and is then lifted to create two refinement developments of the purse, working at different levels of detail, and connected via retrenchments, forming the tower. The tower development is appropriately validated, vindicating the design used

[1]  Susan Stepney,et al.  Patterns to Guide Practical Refactoring: Examples Targetting Promotion in Z , 2003, ZB.

[2]  Jim Woodcock,et al.  An Electronic Purse: Specification, Refinement and Proof , 2000 .

[3]  Manfred Broy,et al.  Specification and Development of Interactive Systems , 2001, Monographs in Computer Science.

[4]  Susan Stepney,et al.  Retrenching the Purse: Finite Sequence Numbers, and the Tower Pattern , 2005, FM.

[5]  Susan Stepney,et al.  Retrenching the Purse: The Balance Enquiry Quandary, and Generalised and (1, 1) Forward Refinements , 2007, Fundam. Informaticae.

[6]  Jonathan P. Bowen,et al.  ZB 2003: Formal Specification and Development in Z and B , 2003, Lecture Notes in Computer Science.

[7]  R. Banacha,et al.  Retrenchment : An Engineering Variation on Refinement , 2022 .

[8]  Richard Banach,et al.  Sharp Retrenchment, Modulated Refinement and Simulation , 2005, Formal Aspects of Computing.

[9]  D. S. Neilson From Z to C : illustration of a rigorous development method , 1989 .

[10]  Eerke A. Boiten,et al.  Formal Program Development with Approximations , 2005, ZB.

[11]  Susan Stepney,et al.  An Outline Pattern Language for Z: Five Illustrations and Two Tables , 2003, ZB.

[12]  Richard Banach,et al.  Retrenchment: An Engineering Variation on Refinement , 1998, B.

[13]  Richard Banach,et al.  Retrenching partial requirements into system definitions: a simple feature interaction case study , 2003, Requirements Engineering.

[14]  John Derrick,et al.  Refinement in Z and Object-Z , 2001 .

[15]  Pierre Courtieu,et al.  Tool-Assisted Specification and Verification of the JavaCard Platform , 2002, AMAST.

[16]  Richard Banach,et al.  Maximally abstract retrenchments , 2000, ICFEM 2000. Third IEEE International Conference on Formal Engineering Methods.

[17]  Jim Woodcock,et al.  Using Z - specification, refinement, and proof , 1996, Prentice Hall international series in computer science.

[18]  DPhil John Derrick BSc,et al.  Refinement in Z and Object-Z , 2001, Formal Approaches to Computing and Information Technology.

[19]  Czeslaw Tadeusz Jeske,et al.  Algebraic Integration of Retrenchment and Refinement , 2006 .

[20]  Manfred Broy,et al.  Specification and development of interactive systems: focus on streams, interfaces, and refinement , 2001 .

[21]  Richard Banach,et al.  Composition mechanisms for retrenchment , 2008, J. Log. Algebraic Methods Program..

[22]  Richard Banach,et al.  Controlling Control Systems: An Application of Evolving Retrenchment , 2002, ZB.

[23]  H. Vos Trade and Industry , 1946 .