Automatic Verification of Erlang-Style Concurrency

TL;DR

This paper introduces Lambda-Actor, a formal model and verification framework for Erlang-style concurrency, enabling automatic safety property verification of higher-order concurrent programs with practical efficiency.

Contribution

It presents Lambda-Actor and Actor Communicating System models, along with a new abstract interpretation framework, leading to the first fully-automatic infinite-state model checker for Erlang-like programs.

Findings

Soter tool effectively verifies safety properties in practice.

Abstract interpretation provides accurate and efficient analysis.

Verification problems are solvable despite theoretical complexity.

Abstract

This paper presents an approach to verify safety properties of Erlang-style, higher-order concurrent programs automatically. Inspired by Core Erlang, we introduce Lambda-Actor, a prototypical functional language with pattern-matching algebraic data types, augmented with process creation and asynchronous message-passing primitives. We formalise an abstract model of Lambda-Actor programs called Actor Communicating System (ACS) which has a natural interpretation as a vector addition system, for which some verification problems are decidable. We give a parametric abstract interpretation framework for Lambda-Actor and use it to build a polytime computable, flow-based, abstract semantics of Lambda-Actor programs, which we then use to bootstrap the ACS construction, thus deriving a more accurate abstract model of the input program. We have constructed Soter, a tool implementation of the verification method, thereby obtaining the first fully-automatic, infinite-state model checker for a core fragment of Erlang. We find that in practice our abstraction technique is accurate enough to verify an interesting range of safety properties. Though the ACS coverability problem is Expspace-complete, Soter can analyse these verification problems surprisingly efficiently.