Loose semantics in the verification of communicating systems

The specification language CSP-CASL combines algebraic and process algebraic formalisms for the description of reactive systems with structured data [Rog 03]. We are using this formalism to formally specify and verify a Swiss banking system and its communication protocol. The EP2 banking system describes the actors involved in an electronic payment and the interfaces between them [EP2]. The so-called EP2 terminal is the main customer interface for initiating the transactions; it can connect to different authorisation servers with a customized security protocol. In [GRS 05] we describe some aspects of an EP2 terminal, where the dynamic behaviour is modelled in CSP and the data on the channels is described in the common algebraic specification language CASL [ABK+02]. One particularity of this formalism is that CASL has a loose semantics for the definition of data types [Mos 04]. Intuitively, this means that there are more admissible interpretations of a specification than in the initial semantics; there are no further constraints on the models of a specification. This facilitates the use of parameterised data types and refinement relations between specifications. However, it brings about some unexpected phenomena.