Actor models (e.g., Erlang/Elixir) avoid shared-memory concurrency issues but remain prone to protocol violations and deadlocks due to asynchronous, unidirectional message passing. To address this, we propose the first behavioral type system supporting *mailbox types*, and design Pat—a novel actor-based programming language grounded in this system. Our contributions are threefold: (1) the first integration of mailbox types into a practical programming language; (2) a cooperative context algorithm based on quasi-linear types and reverse bidirectional type inference, ensuring both decidability and completeness; and (3) a precise semantic model of asynchronous communication, combining shuffle-regular expression semantics with a process-calculus–to–language semantic translation technique. We implement a prototype type checker and evaluate it on industrial factory automation scenarios and the Savina benchmark suite, demonstrating high-fidelity modeling of real-world actor communication patterns and effective detection of protocol errors.

The asynchronous and unidirectional communication model supported by mailboxes is a key reason for the success of actor languages like Erlang and Elixir for implementing reliable and scalable distributed systems. While many actors may send messages to some actor, only the actor may (selectively) receive from its mailbox. Although actors eliminate many of the issues stemming from shared memory concurrency, they remain vulnerable to communication errors such as protocol violations and deadlocks. Mailbox types are a novel behavioural type system for mailboxes first introduced for a process calculus by de’Liguoro and Padovani in 2018, which capture the contents of a mailbox as a commutative regular expression. Due to aliasing and nested evaluation contexts, moving from a process calculus to a programming language is challenging. This paper presents Pat, the first programming language design incorporating mailbox types, and describes an algorithmic type system. We make essential use of quasi-linear typing to tame some of the complexity introduced by aliasing. Our algorithmic type system is necessarily co-contextual, achieved through a novel use of backwards bidirectional typing, and we prove it sound and complete with respect to our declarative type system. We implement a prototype type checker, and use it to demonstrate the expressiveness of Pat on a factory automation case study and a series of examples from the Savina actor benchmark suite.