Model checking Erlang programs - abstracting the context-free structure

Abstract We present an approach for the verification of Erlang programs using abstract interpretation and model checking. In previous work we defined a framework for abstract interpretations for Erlang. In this framework it is guaranteed, that the abstract operational semantics preserves all paths of the standard operational semantics. We consider properties that have to hold on all paths of a system, like properties in LTL. If these properties can be proven for the abstract operational semantics, then they also hold for the Erlang program. The proof can be automated with model checking if the abstract operational semantics is a finite transition system. But finiteness cannot be guaranteed because of non-tail recursive function calls. Even for finite domain abstract interpretations we get infinite state systems and model checking is undecidable. In this paper we define an abstraction of the control–flow. It replaces recursive calls in non–tail positions by jumps to the last call of the same function. The corresponding returns are replace by jumps to the possible return points. We have implemented this approach as a prototype and are able to prove properties like mutual exclusion or the absence of deadlocks and lifelocks for some Erlang programs.

[1]  Joe Armstrong,et al.  Concurrent programming in ERLANG , 1993 .

[2]  Bernhard Steffen,et al.  Model Checking for Context-Free Processes , 1992, CONCUR.

[3]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[4]  Javier Esparza,et al.  More infinite results , 2001, INFINITY.

[5]  David A. Schmidt,et al.  Program Analysis as Model Checking of Abstract Interpretations , 1998, SAS.

[6]  Flemming Nielson,et al.  Abstract interpretation: a semantics-based tool for program analysis , 1995, LICS 1995.

[7]  Frank Huch,et al.  Verification of Erlang programs using abstract interpretation and model checking , 1999, ICFP '99.

[8]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[9]  Lars-Åke Fredlund,et al.  The Erlang Verification Tool , 2001, TACAS.

[10]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[11]  Matthias Felleisen,et al.  A Syntactic Theory of Sequential Control , 1987, Theor. Comput. Sci..

[12]  Matthew B. Dwyer,et al.  Filter-based model checking of partial systems , 1998, SIGSOFT '98/FSE-6.

[13]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[14]  Gerard J. Holzmann Tutorial: Proving Properties of Concurrent System with SPIN , 1995, CONCUR.