Adventures in stochastic processes
Adventures in stochastic processes
Using Z: specification, refinement, and proof
Using Z: specification, refinement, and proof
ZB '00 Proceedings of the First International Conference of B and Z Users on Formal Specification and Development in Z and B
More Powerful Z Data Refinement: Pushing the State of the Art in Industrial Refinement
ZUM '98 Proceedings of the 11th International Conference of Z Users on The Z Formal Specification Notation
Controlling Control Systems: An Application of Evolving Retrenchment
ZB '02 Proceedings of the 2nd International Conference of B and Z Users on Formal Specification and Development in Z and B
Retrenchment: An Engineering Variation on Refinement
B '98 Proceedings of the Second International B Conference on Recent Advances in the Development and Use of the B Method
Maximally Abstract Retrenchments
ICFEM '00 Proceedings of the 3rd IEEE International Conference on Formal Engineering Methods
Data Refinement: Model-Oriented Proof Methods and their Comparison
Data Refinement: Model-Oriented Proof Methods and their Comparison
An outline pattern language for Z: five illustrations and two tables
ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Patterns to guide practical refactoring: examples targetting promotion in Z
ZB'03 Proceedings of the 3rd international conference on Formal specification and development in Z and B
Engineering and theoretical underpinnings of retrenchment
Science of Computer Programming
Retrenching the Purse: The Balance Enquiry Quandary, and Generalised and (1,1) Forward Refinements
Fundamenta Informaticae - This is a SPECIAL ISSUE ON ASM'05
UseCase-Wise Development: Retrenchment for Event-B
ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
A deidealisation semantics for KAOS
Proceedings of the 2010 ACM Symposium on Applied Computing
Retrenching the Purse: The Balance Enquiry Quandary, and Generalised and (1,1) Forward Refinements
Fundamenta Informaticae - This is a SPECIAL ISSUE ON ASM'05
| Hi-index | 0.00 |
The Mondex Electronic Purse system [18] is an outstanding example of formal refinement techniques applied to a genuine industrial scale application, and notably, was the first verification to achieve ITSEC level E6 certification. A formal abstract model including security properties, and a formal concrete model of the system design were developed, and a formal refinement was hand-proved between them in Z. Despite this success, certain requirements issues were set beyond the scope of the formal development, or handled in an unnatural manner. Retrenchment is reviewed in a form suitable for integration with Z refinement, and is used to address one such issue in detail: the finiteness of the transaction sequence number in the purse funds transfer protocol. A retrenchment is constructed from the lowest level model of the purse system to a model in which sequence numbers are finite, using a suitable elaboration of the Z promotion [21] technique. We overview the lifting of that retrenchment to the abstraction level of the higher models of the purse system. The concessions of the various retrenchments generated, formally capture the dissonance between the unbounded sequence number idealisation and the bounded reality. Reasoning about when the concession can become valid influences the actual choice of sequence number bound. The retrenchment-enhanced formal development is proposed as an example of a widely applicable methodological pattern for formal developments of this kind: the Tower Pattern.