Abstract
In this paper, we describe a tool to verify Erlang programs and show, by means of an industrial case study, how this tool is used. The tool includes a number of components, including a translation component, a state space generation component and a model checking component.
To verify properties of the code, the tool first translates the Erlang code into a process algebraic specification. The outcome of the translation is made more efficient by taking advantage of the fact that software written in Erlang builds upon software design patterns such as client–server behaviours. A labelled transition system is constructed from the specification by use of the μCRL toolset. The resulting labelled transition system is model checked against a set of properties formulated in the μ-calculus using the Caesar/Aldébaran toolset.
As a case study we focus on a simplified resource manager modelled on a real implementation in the control software of the AXD 301 ATM switch. Some of the key properties we verified for the program are mutual exclusion and non-starvation. Since the toolset supports only the regular alternation-free μ-calculus, some ingenuity is needed for checking the liveness property “non-starvation”. The case study has been refined step by step to provide more functionality, with each step motivated by a corresponding formal verification using model checking .
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Armstrong JL, Virding SR, Williams MC, Wikström C (1996) Concurrent programming in Erlang, 2nd edn. Prentice-Hall, Upper Saddle River, NJ
Arts T, Benac Earle C (2001) Development of a verified distributed resource locker. In: Proceedings of FMICS, Paris, July 2001
Arts T, Benac Earle C, Derrick J (2002) Verifying Erlang code: a resource locker case-study. In: Proceedings of the Formal Methods Europe symposium (FME02), Copenhagen, July 2002
Arts T, Dam M, Fredlund LÅ, Gurov D (1998) System description: verification of distributed Erlang programs. In: Proceedings of CADE’98, Lindau, July 1998. Lecture notes in artificial intelligence, vol 1421, Springer, Berlin Heidelberg New York, pp 38–42
Arts T, Noll T (2000) Verifying generic Erlang client-server implementations. In: Proceedings of IFL2000, Aachen, Germany, September 2000. Lecture notes in computer science, vol 2011, Springer, Berlin Heidelberg New York, pp 37–53
Arts T, Sánchez Penas JJ (2002) Global schedular properties derived from local restrictions. In: Proceedings of the ACM SIGPLAN Erlang workshop, Pittsburgh, October 2002
Blau S, Rooth J (1998) AXD 301 – a new generation ATM switching system. Ericsson Rev 1:10–17
Bollig B, Leucker M, Weber M (2001) Local parallel model checking for the alternation free μ–Calculus. In: Proceedings of the 9th international SPIN workshop on model checking software, Grenoble, France, April 2002. Lecture notes in computer science, vol 2318, Springer, Berlin Heidelberg New York, pp 128–147
Clarke EM, Grumberg O, Peled D (1999) Model checking. MIT Press, Cambridge, MA
Corbett J, Dwyer M, Hatcliff L (2000) Bandera: a source-level interface for model checking Java programs. In: Proceedings of the teaching and research demos at ICSE’00, Limerick, Ireland, 4–11 June 2000
CWI (1999) A language and tool set to study communicating processes with data. Available at: http://www.cwi.nl/∼mcrl
Emerson EA, Lei CL (1986) Efficient model checking in fragments of the propositional Mu-Calculus, In: Proceedings of the 1st LICS, Cambridge, MA, June 1986, pp 267–278
Open Source Erlang (1999) http://www.erlang.org
Fredlund L-Å et al (2003) A tool for verifying software written in Erlang, Int J Software Tools Technol Trans (in press) (http://link.springer.de/)
Fernandez JC, Garavel H, Kerbrat A, Mateescu R, Mounier L, Sighireau M (1996) Cadp (Caesar/Aldébaran development package): a protocol validation and verification toolbox. In: Proceedings of CAV, New Brunswick, NJ, July 1996. Lecture notes in computer science, vol 1102, Springer, Berlin Heidelberg New York, pp 437–440
Groote JF (1997) The syntax and semantics of timed μCRL. Technical report SEN-R9709, CWI, June 1997. Available at: http://www.cwi.nl
Havelund K, Pressburger T (2000) Model checking Java programs using Java PathFinder. Int J Software Tools Technol Trans 2(4):366–381
Holzmann G (1991) The design and validation of computer protocols. Prentice-Hall, Upper Saddle River, NJ
Huch F (1999) Verification of Erlang programs using abstract interpretation and model checking. In: Proceedings of ICFP’99, Paris, September 1999
Kozen D (1983) Results on the propositional μ-calculus. J Theor Comput Sci 27:333–354
Milner R (1980) A calculus of communicating systems. Springer, Berlin Heidelberg New York
Van de Pol JC (2001) A prover for the μCRL toolset with applications, version 0.1. Technical report SEN-R0106, CWI, Amsterdam. Available at: http://www.cwi.nl
Wells D (1999) Extreme programming: a gentle introduction. Available at: http://www. extremeprogramming.org
Wouters AG (2001) Manual for the μCRL tool set, version 2.8.2. Technical report SEN-R0130, CWI, Amsterdam
Author information
Authors and Affiliations
Corresponding authors
Rights and permissions
About this article
Cite this article
Arts, T., Benac Earle, C. & Derrick, J. Development of a verified Erlang program for resource locking. STTT 5, 205–220 (2004). https://doi.org/10.1007/s10009-003-0114-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-003-0114-9