The Mondex Case study is still the most substantial contribution
to the Grand Challenge repository. It has been the target of a
number of formal verification efforts. Those efforts
concentrated on correctness proofs for refinement steps of the
specification in various specification formalisms using
different verification tools. Here, the results of full
functional verification of a Javacard implementation of the case
study is reported. The functional behavior of the application
as well as the security properties to be proven were formalized
in JML and verified using the KeY tool, a
verification tool for deductive verifying Javacard code. The
implementation developed followed, as closely as possible, the
concrete layer of the case study\u27s original Z specification.
The result demonstrates that, with an appropriate specification
language and verification tool, it is possible to bridge the gap
between specification and implementation ensuring a fully
verified result. The complete material - source code, proofs
and binaries of the verification system - is available at
http://www.key-project.org/case_studies/mondex.htm
