Reentrant Readers-Writers: A Case Study Combining Model Checking with Theorem Proving

  • Bernard van Gastel
  • Leonard Lensink
  • Sjaak Smetsers
  • Marko van Eekelen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5596)


The classic readers-writers problem has been extensively studied. This holds to a lesser degree for the reentrant version, where it is allowed to nest locking actions. Such nesting is useful when a library is created with various procedures that each start and end with a lock. Allowing nesting makes it possible for these procedures to call each other. We considered an existing widely used industrial implementation of the reentrant readers-writers problem. We modeled it using a model checker revealing a serious error: a possible deadlock situation. The model was improved and checked satisfactorily for a fixed number of processes. To achieve a correctness result for an arbitrary number of processes the model was converted to a theorem prover with which it was proven.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anand, S., Pasareanu, C.S., Visser, W.: Jpf-se: A symbolic execution extension to java pathfinder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 134–138. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: A model checker for concurrent software. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 484–487. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  3. 3.
    Archer, M., Heitmeyer, C., Sims, S.: TAME: A PVS interface to simplify proofs for automata models. In: User Interfaces for Theorem Provers, Eindhoven, The Netherlands (1998)Google Scholar
  4. 4.
    Barbosa, M.A.: A refinement calculus for software components and architectures. SIGSOFT Softw. Eng. Notes 30(5), 377–380 (2005)CrossRefGoogle Scholar
  5. 5.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development. In: Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite state concurrent systems using temporal logic specifications: A practical approach. In: POPL, pp. 117–126 (1983)Google Scholar
  7. 7.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 2000 International Conference on Software Engineering, pp. 439–448 (2000)Google Scholar
  8. 8.
    Courtois, P.J., Heymans, F., Parnas, D.L.: Concurrent control with “readers” and “writers”. Commun. ACM 14(10), 667–668 (1971)CrossRefGoogle Scholar
  9. 9.
    de Groot, A.: Practical Automaton Proofs in PVS. PhD thesis, Radboud University Nijmegen (2008)Google Scholar
  10. 10.
    Goetz, B., Peierls, T., Bloch, J., Bowbeer, J., Holmes, D., Lea, D.: Java Concurrency in Practice. Addison Wesley Professional, Reading (2006)Google Scholar
  11. 11.
    Groote, J.F., Mathijssen, A.H.J., Reniers, M.A., Usenko, Y.S., van Weerdenburg, M.J.: The formal specification language mCRL2. In: Proc. Methods for Modelling Software Systems, number 06351 in Dagstuhl Seminar Proceedings (2007)Google Scholar
  12. 12.
    Ha, V., Rangarajan, M., Cofer, D., Rues, H., Dutertre, B.: Feature-based decomposition of inductive proofs applied to real-time avionics software: An experience report. In: ICSE 2004: Proceedings of the 26th International Conference on Software Engineering, Washington, DC, USA, pp. 304–313. IEEE Computer Society, Los Alamitos (2004)Google Scholar
  13. 13.
    Havelund, K., Shankar, N.: Experiments in Theorem Proving and Model Checking for Protocol Verification. In: Gaudel, M.-C., Woodcock, J.C.P. (eds.) FME 1996. LNCS, vol. 1051, pp. 662–681. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  14. 14.
    Holzmann, G.J.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)CrossRefGoogle Scholar
  15. 15.
    Jacobs, B., Smetsers, S., Wichers Schreur, R.: Code-carrying theories. Formal Asp. Comput. 19(2), 191–203 (2007)CrossRefMATHGoogle Scholar
  16. 16.
    Katz, S.: Faithful translations among models and specifications. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 419–434. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. International Journal on Software Tools for Technology Transfer 1(1-2), 134–152 (1997)CrossRefMATHGoogle Scholar
  18. 18.
    Leavens, G.T., Kiniry, J.R., Poll, E.: A jml tutorial: Modular specification and verification of functional behavior for java. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, p. 37. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  19. 19.
    McMillan, K.L.: The SMV System. Carnegie Mellon University (1998-2001),
  20. 20.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL — A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002)MATHGoogle Scholar
  21. 21.
    Owre, S., Rushby, J.M., Shankar, N.: PVS: A prototype verification system. In: Kapur, D. (ed.) CADE 1992. LNCS, vol. 607, pp. 748–752. Springer, Heidelberg (1992)Google Scholar
  22. 22.
    Pantelic, V., Jin, X.-H., Lawford, M., Parnas, D.L.: Inspection of concurrent systems: Combining tables, theorem proving and model checking. In: Arabnia, H.R., Reza, H. (eds.) Software Engineering Research and Practice, pp. 629–635. CSREA Press (2006)Google Scholar
  23. 23.
    Queille, J.-P., Sifakis, J.: Specification and verification of concurrent systems in cesar. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  24. 24.
    Robby, E.R., Dwyer, M.B., Hatcliff, J.: Checking jml specifications using an extensible software model checking framework. STTT 8(3), 280–299 (2006)CrossRefMATHGoogle Scholar
  25. 25.
    Shankar, N.: Combining theorem proving and model checking through symbolic analysis. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 1–16. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  26. 26.
    Sutter, H.: The free lunch is over: A fundamental turn toward concurrency in software. Dr. Dobb’s Journal 30(3) (March 2005)Google Scholar
  27. 27.
    Tews, H., Weber, T., Völp, M., Poll, E., van Eekelen, M., van Rossum, P.: Nova Micro–Hypervisor Verification. Technical Report ICIS–R08012, Radboud University Nijmegen, Robin deliverable D13 (May 2008)Google Scholar
  28. 28.
    van Eekelen, M., ten Hoedt, S., Schreurs, R., Usenko, Y.S.: Analysis of a session-layer protocol in mcrl2. verification of a real-life industrial implementation. In: Leue, S., Merino, P. (eds.) FMICS 2007. LNCS, vol. 4916, pp. 182–199. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  29. 29.
    Visser, W., Havelund, K., Brat, G.P., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Bernard van Gastel
    • 1
  • Leonard Lensink
    • 1
  • Sjaak Smetsers
    • 1
  • Marko van Eekelen
    • 1
  1. 1.Institute for Computing and Information SciencesRadboud University NijmegenNijmegenThe Netherlands

Personalised recommendations