Communications of the ACM

Letters to the Editor

Code That Missed Mars

By CACM Staff
Communications of the ACM, April 2014, Vol. 57 No. 4, Page 9
10.1145/2591007
Comments

Gerard J. Holzmann's article "Mars Code" (Feb. 2014) demonstrated a nonblocking implementation of concurrent double-ended queues, or deques,¹ (previously shown to be incorrect by Doherty²) to not work through an application of Holzmann's own Spin model checker. However, the demonstration seemed too shallow. Assuming the writer process of the test driver is allowed to pushRight(0) and pushRight(1) before the reader process gets a chance to run, then the value of rv returned by the first succeeding popRight() in the reader process would definitely not be 0 and the assert(rv==i) would fail because i is 0; that is, the test driver is incorrect and could fail, even with a correct implementation of concurrent deques.

Holzmann's demonstration included a description of a failing run of his test driver exercising the concurrent deque implementation. Even though Holzmann clearly left out some details—the initialize function and complete output of the model checker—the failing run he described was definitely much simpler than the failure described by Doherty,² indicating the failure detected was in the test driver, not in the concurrent deque implementation.

---

No entries found

Log in to Read the Full Article