Checking a Multithreaded Algorithm with + CAL
A colleague told me about a multithreaded algorithm that was later reported to have a bug. I rewrote the algorithm in the + cal algorithm language, ran the TLC model checker on it, and found the error. Programs are not released without being tested; why should algorithms be published without being model checked?
KeywordsModel Check Error Trace Spin Model Checker Algorithm Language Heap Location
Unable to display preview. Download preview PDF.
- 2.Doherty, S., Detlefs, D.L., Groves, L., Flood, C.H., Luchangco, V., Martin, P.A., Moir, M., Shavit, N., Steele Jr., G.L.: Dcas is not a silver bullet for nonblocking algorithm design. In: Gibbons, P.B., Adler, M. (eds.) SPAA 2004: Proceedings of the Sixteenth Annual ACM Symposium on Parallel Algorithms, Barcelona, pp. 216–224. ACM, New York (2004)CrossRefGoogle Scholar
- 3.Lamport, L.: The + CAL algorithm language. The page can also be found by searching the Web for the 25-letter string obtained by removing the “-” from uid-lamportpluscalhomepage, URL http://research.microsoft.com/users/lamport/tla/pluscal.html
- 4.Lamport, L.: An example of using + CAL to find a bug. The page can also be found by searching the Web for the 28-letter string formed by concatenating uid and lamportdcaspluscalexample, http://research.microsoft.com/users/lamport/tla/dcas-example.html
- 6.Azul Systems: Web page, http://www.azulsystems.com
- 7.Lamport, L.: Specifying Systems. Addison-Wesley, Boston (2003)Google Scholar
- 8.Holzmann, G.J.: The Spin Model Checker. Addison-Wesley, Boston (2004)Google Scholar
- 9.Moir, M.: Private communication (2006)Google Scholar