This post argues that Application Management should use a design model, a representation describing aspects of a system that is not easily, or sufficiently, captured through implementation, in managing on-line openness in IT. The post introduces development architecture and specification driven process resulting to better systems, ease in system development management, ease in system test management, and generally allowing better control of IT development, and explains, how to keep design model and implementation in sync, and how scaling up of the approach is achieved.
NOTICE: mpashkovskiy has implemented Truffle tests for the Bank contract in https://github.com/mpashkovskiy/ethereum-bank-tests. These tests identified several issues in this post:
- missing payable modifiers
- false positive in Run 3 for setup3 – Find 2nd Bug (because environment model in sbuilder-eth allows using contract address as a message sender in a way which is not possible on EVM)
TODO: fix sbuilder-eth model and this blog post based on the findings in https://github.com/mpashkovskiy/ethereum-bank-tests.
This post uses a simple 10 line Solidity contract containing two (subtle) “bugs” (=violations of correctness promise), and a demonstrates, how to use invariants in Sbuilder to find these violations.
This blog entry uses a very contrived example to demonstrate, how to include manually crafted TLA+ snippets into a formal model created by SBuilder. The main purpose is to 1) show, how to bind TLA code with Solidity interfaces, 2) understand TLA -files generated in Sbuilder translation, and 3) explain, how Sbuilder “possibility” operator relates to model checking formal model correctness. A more realistic example of using manual TLA+ to specify is given in another post.