The present paper presents an overview of the main results of the ASTEC project Verification of Erlang Programs, focusing in particular on the Erlang verification tool. This is a theorem-proving tool which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated in a specification logic. We give a summary of the verification framework as supported by the tool, discuss reasoning principles essential for successful verification such as inductive and compositional reasoning, and an efficient treatment of side-effect-free code. The experiences of applying the verification tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. The verification tool is essentially a classical proof assistant, or theorem-proving tool, requiring users to intervene in the proof process at crucial steps such as stating program invariants. However, the tool offers considerable support for au...

When verifying Erlang programs in the process algebra µCRL specification, if there exists overlapping between patterns in the Erlang source codes, the problem of overlapping in pattern matching occurs when translating the Erlang codes into the µCRL specification. This paper investigates the problem and proposes an approach to overcome it. The proposed method rewrites an Erlang program with overlapping patterns into a counterpart program that has no overlapping patterns. Structure Splitting Trees (SSTs) are defined and applied for pattern evaluation. The use of SSTs guarantees that no overlapping patterns will be introduced into the rewritten Erlang code.

In order to formally reason about distributed Erlang systems, it is necessary to have a formal semantics. In a previous paper we have proposed such a semantics for distributed Erlang. However, recent work with a model checker for Erlang revealed that the previous attempt was not good enough. In this paper we present a more accurate semantics for distributed Erlang. The more accurate semantics includes several modifications and additions to the semantics for distributed Erlang proposed by Claessen and Svensson in 2005, which in turn is an extension to Fredlund’s formal single-node semantics for Erlang. The most distinct addition to the previous semantics is the possibility to correctly model disconnected nodes.

We present an approach for the verification of Erlang programs using abstract interpretation and model checking. In previous work we defined a framework for abstract interpretations for Erlang. In this framework it is guaranteed, that the abstract operational semantics preserves all paths of the standard operational semantics. We consider properties that have to hold on all paths of a system, like properties in LTL. If these properties can be proven for the abstract operational semantics, then they also hold for the Erlang program. The proof can be automated with model checking if the abstract operational semantics is a finite transition system. But finiteness cannot be guaranteed interpretations we get infinite state systems and model checking is undecidable. In this paper we define an abstraction of the control-flow. It replaces the recursive calls in non-tail positions by jumps to the last call of the same function. The corresponding returns are replaced by jumps to the possible return points. We have implemented this approach as a prototype and are able to prove properties like mutual exclusion or the absence of deadlocks and lifelocks for some Erlang programs.

Erlang is a concurrent functional language, especially tailored for distributed and fault-tolerant software. Its strength has been demonstrated by several successful commercial applications. An important part of Erlang is its support for fault tolerance by implementing failure-recovery, through organising the processes of an Erlang system into trees of processes, in which parent nodes monitor the failure status of their children and are responsible for their restart. In this paper we present ongoing work on a tool that captures the static part of the global process structure of an application Erlang. The tool extracts the process structure from the applications source code, and presents it as a process creation graph. The extracted process structure provides a starting point for understanding and analysis of aspects such as fault handling in Erlang applications.

Abstract. The DARPA Agent Markup Language ontology for Services (DAML-S) enables the description of Web-based services, such that they can be discovered, accessed and composed dynamically by intelligent software agents and other Web services, thereby facilitating the coordination between distributed, heterogeneous systems on the Web. We propose a formalised syntax and an initial reference semantics for DAML-S. Keywords: DAML-S, Web services, concurrent semantics, agents

Several years of experience with the functional language Erlang have learned Ericsson that it is highly beneficial to use this language for programming control software for large systems. Systems that could not be built before, have been constructed in less time and with fewer lines of code than one would need with conventional languages. The success of Ericsson in the business area of telephone switches is partly because of their solid fault tolerant architecture, both in hardware and in software. A lot of time and money have been invested in the development of this fault tolerant architecture, all to catch these errors that are overlooked in numerous tests. By using Erlang and its extensive libraries, the number of these uncaught errors decreases; the fault recovery mechanism of the system is used less. One saves on maintenance costs and the overall performance of a system increases. The additional use of formal verifiation aims on reducing even more the number of uncaught errors.