Skip to main content
SpringerLink
Log in

Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

This paper explains how the Alloy model-finding method has been used to check the specification of an electronic purse (also called smart card) system, called the Mondex case study, initially written in Z. After describing the payment protocol between two electronic purses, and presenting an overview of the Alloy model-finding method, this paper explains how technical issues about integers and conceptual issues about the object layout in Z have been tackled in Alloy, giving general methods that can be used in most case studies with Alloy. This work has also pointed out some significant bugs in the original Z specification such as reasoning bugs in the proofs, and proposes a way to solve them.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Arkoudas K, Khurshid S, Marinov D, Rinard M (2003) Integrating model-checking and theorem proving for relational reasoning. In: 7th international seminar on relational methods in computer science (RelMiCS)

  2. The Alloy model-finding method. http://alloy.mit.edu

  3. The Athena interactive theorem proving system. http://www.cag.csail.mit.edu/~kostas/dpls/athena

  4. Frias MF, López Pombo CG, Baum GA, Aguirre NM, Maibaum TSE (2005) Reasoning about static and dynamic properties in alloy: a purely relational approach. ACM Trans Softw Eng Methodol 14(4):478–526

    Article  Google Scholar 

  5. Gheyi R, Massoni T, Borba P (2005) An abstract equivalence notion for object models. Electr Notes Theor Comput Sci 130:3–21

    Article  Google Scholar 

  6. Hall A (1990) Using Z as a Specification Calculus for Object-oriented Systems. In: VDM90: VDM and Z Formal Methods in Software Development, Lecture Notes in Computer Science, number 428, pp 290–318

  7. Jackson D (2000) Automating first-order relational logic. In: Proceedings of ACM SIGSOFT conferences on foundations of software engineering, p 11

  8. Jackson D (2002) Alloy: a lightweight object modelling notation. ACM Trans Softw Eng Methodol 11(2):256–290

    Article  Google Scholar 

  9. Jackson D (2006) Software abstractions: logic, language and analysis. The MIT Press, Cambridge

    Google Scholar 

  10. KIV, the Karlsruhe Interactive Verifier. http://i11www.iti.uni-karlsruhe.de/~kiv

  11. Lev-Ami T, Immerman N, Reps TW, Sagiv S, Srivastava S, Yorsh G (2005) Simulating reachability using first-order logic with applications to verification of linked data structures. In: Proceedings of 20th international conference on automated deduction, pp 99–115

  12. The Mondex Case Study. http://qpq.csl.sri.com/vsr/private/repository/MondexCaseStudy

  13. Momtahan L (2004) Towards a small model theorem for data independent systems. Electr Notes Theor Comput Sci 128(6):3

    Google Scholar 

  14. The Mondex electronic purse system. http://www.mondex.com

  15. Ramananandro T (2006) The Mondex Case Study with Alloy. http://www.eleves.ens.fr/~ramanana/work/mondex

  16. Ramananandro T (2006) Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method. Internship report, MIT and École normale supérieure

  17. Stepney S, Cooper D, Woodcock J (2000) An electronic purse: specification, refinement and proof. Technical Monograph PRG-126. Oxford University Computing Laboratory, Programming Research Group

  18. Schellhorn G, Grandy H, Haneberg D, Reif W (2006) The mondex challenge: machine-checked proofs for an electronic purse. Technical report, Lehrstuhl für Softwaretechnik und Programmiersprachen, Universität Augsburg, 2

  19. Spivey MJ (1992) The Z notation: a reference manual, 2 edn. Prentice Hall, Englewood Cliffs

    Google Scholar 

  20. Torlak E, Jackson D (2007) Kodkod: a relational model finder. In: Grumberg O, Huth M (eds) TACAS. vol 4424 of Lecture Notes in Computer Science. Springer, Heidelberg, pp 632–647

    Google Scholar 

  21. Torlak E (2007) Kodkod, model finder for first order relational logic. http://web.mit.edu/emina/www/kodkod.html

  22. Thousands of Problems for Theorem Provers. http://www.cs.miami.edu/~tptp

  23. Woodcock J, Davies J (1996) Using Z: specification, refinement and proof. Prentice Hall, Englewood Cliffs

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. École Normale Supérieure, 45, rue d’Ulm, 75005, Paris, France

    Tahina Ramananandro

Authors
  1. Tahina Ramananandro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tahina Ramananandro.

Additional information

J. C. P. Woodcock

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ramananandro, T. Mondex, an electronic purse: specification and refinement checks with the Alloy model-finding method. Form Asp Comp 20, 21–39 (2008). https://doi.org/10.1007/s00165-007-0058-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-007-0058-z

Keywords

Search

Navigation