This paper presents an overview of the main results of the project "Verification of Erlang Programs", which is funded by the Swedish Business Development Agency (NUTEK) and by Ericsson within the ASTEC (Advanced Software TEChnology) initiative. Its main outcome is the Erlang Verification Tool (EVT), a theorem prover which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated as behavioural properties in a modal logic with recursion. We give a summary of the verification framework as supported by EVT, discuss reasoning principles essential for successful proofs such as inductive and compositional reasoning, and an ecient treatment of side-effect-free code. The experiences of applying the tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. EVT is essentially...

The behavior of concurrent and parallel programs can be specified in a functional style. We introduced a relational model for synthesizing abstract parallel imperative programs earlier. In this paper we investigate the applicability of the specification and verification tools of the model for proving temporal properties of concrete programs written in a pure functional language, in Concurrent Clean. Destructive updates preserving referential transparency are possible by using so called unique types. Clean programs perform I/O by accessing their unique environment. We present a methodology for proving safety and liveness properties of concurrent, interleaved Clean Object I/O processes and show examples for verification of simple Clean programs.

The present paper presents an overview of the main results of the ASTEC project Verification of Erlang Programs, focusing in particular on the Erlang verification tool. This is a theorem-proving tool which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated in a specification logic. We give a summary of the verification framework as supported by the tool, discuss reasoning principles essential for successful verification such as inductive and compositional reasoning, and an efficient treatment of side-effect-free code. The experiences of applying the verification tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. The verification tool is essentially a classical proof assistant, or theorem-proving tool, requiring users to intervene in the proof process at crucial steps such as stating program invariants. However, the tool offers considerable support for au...

The behavior of concurrent and parallel programs can be speci ed in a functional style. We introduced a relational model for synthesizing abstract parallel imperative programs this way earlier. In this paper we investigate the applicability of the speci cation and veri cation tools of the model for proving temporal properties of concrete programs written in a pure functional language, in Concurrent Clean. Destructive updates preserving referential transparency are possible in this language by using the so called unique types. For example Clean programs perform I/O by accessing their unique environment. Furthermore, dynamic types of Clean make it possible to load some pieces of the program during run-time. We present a methodology for proving safety and liveness properties of concurrent, interleaved Clean Object I/O processes that also use dynamic types and show simple examples for veri cation of correctness of such Clean programs.

Several years of experience with the functional language Erlang have learned Ericsson that it is highly beneficial to use this language for programming control software for large systems. Systems that could not be built before, have been constructed in less time and with fewer lines of code than one would need with conventional languages. The success of Ericsson in the business area of telephone switches is partly because of their solid fault tolerant architecture, both in hardware and in software. A lot of time and money have been invested in the development of this fault tolerant architecture, all to catch these errors that are overlooked in numerous tests. By using Erlang and its extensive libraries, the number of these uncaught errors decreases; the fault recovery mechanism of the system is used less. One saves on maintenance costs and the overall performance of a system increases. The additional use of formal verifiation aims on reducing even more the number of uncaught errors.