Verifying erlang code: A resource locker case-study

Abstract

In this paper we describe an industrial case-study on the development of formally verified code for Ericsson’s AXD 301 switch. For the formal verification of Erlang software we have developed a tool to apply model checking to communicating Erlang processes. We make effective use of Erlang’s design principles for large software systems to obtain relatively small models of specific Erlang programs. By assuming a correct implementation of the software components and embedding their semantics into our model, we can concentrate on the specific functionality of the components. We constructed a tool to automatically translate the Erlang code to a process algebra with data. Existing tools were used to generate the full state space and to formally verify properties stated in the modal μ-calculus. As long as the specific functionality of the component has a finite state vector, we can generate a finite state space, even if the state space of the real Erlang system is infinite. In this paper we illustrate this by presenting a case-study based on a piece of software in Ericsson’s AXD 301 switch, which implements a distributed resource locker algorithm. Some of the key properties we proved are mutual exclusion and non-starvation for the program.