Using TLA+ to Fix a Very Difficult glibc Bug - Malte Skarupke - C++Now 2025
9 views
Skip to first unread message
Markus Kuppe
1:11 PM (8 hours ago) 1:11 PM
to tla...@googlegroups.com
Using TLA+ to Fix a Very Difficult glibc Bug - Malte Skarupke - C++Now 2025
The glibc condition variable (meaning std::condition_variable) was subtly broken for years, breaking Python, C#, OCaml and countless programs. There were various attempted fixes but nobody seemed to fully understand this complex implementation of condition variables. I used the formal specification language TLA+ to model glibc condition variables and to reproduce the bug, figure out which of the patches actually worked (not the one everyone was using) and then used my TLA+ implementation to reason about the working patch, allowing me to clean it up and simplify it. I will show how you can take complex real world C code and do a straightforward translation into TLA+. It really is quite a pleasure to use since it has a simple model of "just run all interleavings of all threads" that makes it easy to translate code and to reason about what simplifications are necessary.
https://www.youtube.com/watch?v=Brgfp7_OP2c
The glibc condition variable (meaning std::condition_variable) was subtly broken for years, breaking Python, C#, OCaml and countless programs. There were various attempted fixes but nobody seemed to fully understand this complex implementation of condition variables. I used the formal specification language TLA+ to model glibc condition variables and to reproduce the bug, figure out which of the patches actually worked (not the one everyone was using) and then used my TLA+ implementation to reason about the working patch, allowing me to clean it up and simplify it. I will show how you can take complex real world C code and do a straightforward translation into TLA+. It really is quite a pleasure to use since it has a simple model of "just run all interleavings of all threads" that makes it easy to translate code and to reason about what simplifications are necessary.
https://www.youtube.com/watch?v=Brgfp7_OP2c
Reply all
Reply to author
Forward
0 new messages