|
|
|
|
|
|
by hwayne
381 days ago
|
|
|
This is a quick demo of TLA+ I like: https://gist.github.com/hwayne/39782de71f14dc9addb75f3bec515... It models N threads non-atomically incrementing a shared counter, with the property "the counter eventually equals the number of threads in the model". When checked in TLA+, it finds a race condition where one threads overwrites another value. I've written implementations of the buggy design and on my computer, they race on less than 0.1% of executions, so testing for it directly would be very hard. Most TLA+ specs are for significantly more complex systems than this, but this is a good demo because the error is relatively simple. |
|
|