Checking a Multithreaded Algorithm with +CAL

A colleague told me about a multithreaded algorithm that was later reported to have a bug. I rewrote the algorithm in the +cal algorithm language, ran the TLC model checker on it, and found the error. Programs are not released without being tested; why should algorithms be published without being model checked?

[1]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[2]  Mark Moir,et al.  DCAS is not a silver bullet for nonblocking algorithm design , 2004, SPAA '04.

[3]  Nir Shavit,et al.  Even Better DCAS-Based Concurrent Deques , 2000, DISC.

[4]  Leslie Lamport The +CAL Algorithm Language , 2006, NCA.

[5]  Nir Shavit,et al.  DCAS-based concurrent deques , 2000, SPAA '00.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .