Using the Alloy Analyzer to Verify Data Refinement in Z

Christie Bolton
2005 Electronical Notes in Theoretical Computer Science  
In the development of critical systems, standards dictate that it is necessary to first design, construct and formally analyse abstract models of the system. Developers must then verify that the final implementation is consistent with these more abstract specifications. Z is an example of a state-based specification language. It has been shown to be effective in a variety of cases-indeed it was developed as part of a joint collaboration between Oxford University's PRG and IBM Hursley for the
more » ... cification of the CICS system. However, Z's main weakness is that it does not have the necessary tool support: whilst there are associated type checkers, there is no tool for automatically verifying refinement in Z. The contribution of this paper is to show how data refinement in Z can be automatically verified using the Alloy Analyzer. The soundness and joint completeness of the simulation rules for Z have already been established: here we translate them to Alloy. We then show how data types expressed in Z can also be translated to Alloy, before presenting the assertions necessary for the Alloy Analyzer to identify the retrieve relation and hence verify refinement. We present a simple example in which the Alloy Analyzer successfully identifies the retrieve relation between two data types thereby verifying simulation and hence refinement. We conclude the paper with a discussion of the suitability of the Alloy Analyzer for such a task.
doi:10.1016/j.entcs.2005.04.023 fatcat:3jfpxnh2nrbtzgvbmz4d6m5hr4