Departmental Papers (CIS)

Date of this Version


Document Type

Journal Article


From the 18th International Conference, CAV 2006, Seattle, WA, USA, August 17-20, 2006.


Many multithreaded programs employ concurrent data types to safely share data among threads. However, highly-concurrent algorithms for even seemingly simple data types are difficult to implement correctly, especially when considering the relaxed memory ordering models commonly employed by today’s multiprocessors. The formal verification of such implementations is challenging as well because the high degree of concurrency leads to a large number of possible executions. In this case study, we develop a SAT-based bounded verification method and apply it to a representative example, a well-known two-lock concurrent queue algorithm. We first formulate a correctness criterion that specifically targets failures caused by concurrency; it demands that all concurrent executions be observationally equivalent to some serial execution. Next, we define a relaxed memory model that conservatively approximates several common shared-memory multiprocessors. Using commit point specifications, a suite of finite symbolic tests, a prototype encoder, and a standard SAT solver, we successfully identify two failures of a naive implementation that can be observed only under relaxed memory models. We eliminate these failures by inserting appropriate memory ordering fences into the code. The experiments confirm that our approach provides a valuable aid for desigining and implementing concurrent data types.

Subject Area

CPS Formal Methods

Publication Source

Lecture Notes in Computer Science: Computer Aided Verification



Start Page


Last Page




Copyright/Permission Statement

The original publication is available at



Date Posted: 29 November 2006

This document has been peer reviewed.