13 Jul
2011
13 Jul
'11
3:46 p.m.
On 07/13/2011 11:09 AM, Tim Blechmann wrote:
in fact, testing is not the best approach for
verifying lock-free data
structures: an implementation may work for years, if a certain condition is
never triggered. the only reasonable way to ensure the correctness is a formal
proof. unfortunately, most publications assume a sequencially consistent memory
model and sometimes even avoid dealing with the ABA problem.
To me, testing on real devices is needed, it's a pragmatic approach. But I agree
it doesn't solve the entire problem.
That said, what about simulation? One could for example implement a minimal
emulator for the abstract CPU and memory model described in
linux/Documentation/memory-barriers.txt, and test lock-free algorithms on this.
I personally think that's a good approach, in the spirit of unit testing. I'm
not talking about creating a full-fleged CPU emulator, just a minimal one, with
a simple custom language suitable for writing test suites.
Not only ringbuffers could be tested this way, but also other algorithms. But
all in all, it could be quite a lot of work I think. Maybe that would be a good
thesis subject ;)
--
Olivier