This paper studies the semantics of failure in distributed programming. We present a semantic model for distributed programs that use the standard sockets interface; it covers message loss, host failure and temporary disconnection, and supports reasoning about distributed infrastructure. We consider interaction via the UDP and ICMP protocols.

Network programming is notoriously hard to understand: one has to deal with a variety of protocols (IP, ICMP, UDP, TCP etc), concurrency, packet loss, host failure, timeouts, the complex sockets interface to the protocols, and subtle portability issues. Moreover, the behavioural properties of operating systems and the network are not well documented.

Erlang is a functional programming language developed by Ericsson Telecom, which is particularly well suited for implementing concurrent processes. In this paper we show how methods from the area of term rewriting are presently used at Ericsson. To verify properties of processes, such a property is transformed into a termination problem of a conditional term rewriting system (CTRS). Subsequently, this termination proof can be performed automatically using dependency pairs. The paper illustrates how the dependency pair technique can be applied for termination proofs of conditional TRSs. Secondly, we present three refinements of this technique, viz. narrowing, rewriting, and instantiating dependency pairs. These refinements are not only of use in the industrial applications sketched in this paper, but they are generally applicable to arbitrary (C)TRSs. Thus, in this way dependency pairs can be used to prove termination of even more (C)TRSs automatically.

This paper presents an overview of the main results of the project "Verification of Erlang Programs", which is funded by the Swedish Business Development Agency (NUTEK) and by Ericsson within the ASTEC (Advanced Software TEChnology) initiative. Its main outcome is the Erlang Verification Tool (EVT), a theorem prover which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated as behavioural properties in a modal logic with recursion. We give a summary of the verification framework as supported by EVT, discuss reasoning principles essential for successful proofs such as inductive and compositional reasoning, and an ecient treatment of side-effect-free code. The experiences of applying the tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. EVT is essentially...

This paper is about the mechanical verification of UDP based network programs. It uses the UDP portion of a formal model of the Internet protocols TCP (Transmission Control Protocol) and UDP (User Datagram Protocol). The model includes asynchronous message passing, message loss and host failure. The model is based around the sockets library, the primary API used for writing UDP and TCP based applications. This paper demonstrates that formal, machine-checked, proof is possible in the UDP model by presenting the proof of a safety property for an implementation of Stenning’s Protocol. The protocol is implemented in a fragment of the OCaml language, using the sockets library for UDP network communication. The entire development including the safety proof is carried out in the proof assistant Isabelle; this assures soundness. Thus this paper demonstrates that it is possible to machine verify very concrete representations of distributed programs in a detailed semantics that accurately reflects the programs representations of this protocol have been machine verified. The proof, based on an implementation, provides a contrast to other verifications.

Formal modeling, particularly of softvare requirements, has long been advocated by the softvare engineering research community.

Erlang is a functional programming language with support for concurrency and message passing communication that is used at Ericsson for developing telecommunication applications. We consider the challenge of verifying temporal properties of systems programmed in Erlang with dynamically evolving process structures. To accomplish this a rich verification framework for goal-directed, proof system-- based verification is used. This paper investigates the problem of semi--automating the verification task by identifying the proof parameters crucial for successful proof search. I.

. We present a framework for formal reasoning about the behaviour of distributed programs implementing open distributed systems (ODSs). The framework is based on the following key ingredients: a specification language based on the ¯-calculus, a hierarchical transitional semantics of the implementation language used, a judgment format allowing parametrised behavioural assertions, and a proof system for proving validity of such assertions which includes proof rules for property decomposition. This setting provides the expressive power for behavioural reasoning required by the complex open and dynamic nature of ODSs. The utility of the approach is illustrated on a prototypical ODS. 1 Introduction For a few years now, the Formal Design Techniques group at the Swedish Institute of Computer Science has pursued a programme aimed at enabling formal verification of complex open distributed systems (ODSs) through program code verification. While previous work by the group has been predominantly...

The present paper presents an overview of the main results of the ASTEC project Verification of Erlang Programs, focusing in particular on the Erlang verification tool. This is a theorem-proving tool which assists in obtaining proofs that Erlang applications satisfy their correctness requirements formulated in a specification logic. We give a summary of the verification framework as supported by the tool, discuss reasoning principles essential for successful verification such as inductive and compositional reasoning, and an efficient treatment of side-effect-free code. The experiences of applying the verification tool in an industrial case study are summarised, and an approach for supporting verification in the presence of program libraries is outlined. The verification tool is essentially a classical proof assistant, or theorem-proving tool, requiring users to intervene in the proof process at crucial steps such as stating program invariants. However, the tool offers considerable support for au...

Erlang is a functional programming language developed by Ericsson Telecom which is particularly well suited for implementing concurrent processes. In this paper we show how methods from the area of term rewriting are presently used at Ericsson. To verify properties of processes, such a property is transformed into a termination problem of a conditional term rewriting system (CTRS). Subsequently, this termination proof can be performed automatically using dependency pairs. The paper illustrates how the dependency pair technique can be applied for termination proofs of conditional TRSs. Secondly, we present two refinements of this technique, viz. narrowing and rewriting dependency pairs. These refinements are not only of use in the industrial application sketched in this paper, but they are generally applicable to arbitrary (C)TRSs. Thus, in this way dependency pairs can be used to prove termination of even more (C)TRSs automatically.