DMCA
Linearizability: a correctness condition for concurrent objects (1990)
Cached
Download Links
| Citations: | 1178 - 28 self |
Citations
| 4182 | Communicating Sequential Processes
- Hoare
- 1985
(Show Context)
Citation Context ...re’s work to handle concurrent programs [37] by including axioms for general concurrent programming language constructs such as the parallel operator. Apt et al. [3] use an axiomatic approach for CSP =-=[27]-=-. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors [7, 14,28,44]. We appeal to this past work when we perform syntax-direct... |
| 1751 | An Axiomatic Basis for Computer Programming - Hoare - 1969 |
| 1231 |
How to make a multiprocessor computer that correctly executes multiprocess programs
- Lamport
- 1979
(Show Context)
Citation Context ...concurrency, yet it permits programmers to specify and reason about concurrent objects using standard verification techniques. Unlike alternative correctness conditions such as sequential consistency =-=[31]-=- or serializability [40], linearizability is a local property: a system is linearizable if each individual object is linearizable. Locality enhances modularity and concurrency, since objects can be im... |
| 567 |
The notion of consistency and predicate locks in database systems.
- Eswaran, Gary, et al.
- 1976
(Show Context)
Citation Context ...lizable if the transactions’ order in the sequential history is compatible with their precedence order. Strict serializability is ensured by some synchronization mechanisms, such as two-phase locking =-=[12]-=-, but not by others, such as multiversion timestamp schemes [41], or schemes that provide high levels of availability in the presence of network partitions [22]. Linearizability can be viewed as a spe... |
| 566 | Monitors: An Operating System Structure Concept: The origin of Concurrent Programming from Semahphore to Remote Procedure calls
- Hoare
- 1974
(Show Context)
Citation Context ...roofs in the Appendices. Our notion of linearizability generalizes and unifies similar notions found in specific examples in the literature. The use of concurrency control mechanisms such as monitors =-=[26]-=- or Ada tasks [9] is usually illustrated by simple implementations of linearizable objects such as bounded FIFO queues. These implementations permit very little concurrency, since operations execute o... |
| 505 | The existence of refinement mappings.
- Abadi, Lamport
- 1991
(Show Context)
Citation Context ...nd unifies a number of correctness conditions both implicit and explicit in theliterature. Using axiomatic specifications and our notion of linearizability, we can reason about two kinds of problems: =-=(1)-=- We reason about the correctness of linearizable object implementations using new techniques that generalize the notions of representation invariant and abstraction function [18, 251 to the concurrent... |
| 484 |
Proof of correctness of data representation
- Hoare
- 1972
(Show Context)
Citation Context ...e the degree of concurrency. Our work builds upon, not replaces, older verification technology. Related axiomatic work in abstract data types deals with proofs of correctness of their implementations =-=[25]-=-, where, typically, first-order predicate logic preand post conditions are used for the specification of each operation of the type. Standish [43] and Nakajima [36] use a similar approach. The algebra... |
| 383 |
Axiomatic Proof Techniques for Parallel Programs
- Owicki
- 1975
(Show Context)
Citation Context ...ns invariant over abstract invocation and responses and over complete rep operations. Thus, it can be conjoined to the preand post conditions of Figure 6 as justified by the Owicki-Gries proof method =-=[38]-=-. Axioms I and R give us the result for abstract invocation and response events. INC and READ leave the abstraction function the same. Thus, we are left with two cases, STORE and SWAP. By Lemma 15 we ... |
| 255 | A dichromatic framework for balanced trees. - Guibas, Sedgewick - 1978 |
| 249 | Fundamentals of Algebraic Specification 1, - Ehrig, Mahr - 1985 |
| 246 | The Serializability of Concurrent Database Updates.
- Papadimitriou
- 1979
(Show Context)
Citation Context ...its programmers to specify and reason about concurrent objects using standard verification techniques. Unlike alternative correctness conditions such as sequential consistency [31] or serializability =-=[40]-=-, linearizability is a local property: a system is linearizable if each individual object is linearizable. Locality enhances modularity and concurrency, since objects can be implemented and verified i... |
| 217 | Specifying Concurrent Program Modules.
- Lamport
- 1983
(Show Context)
Citation Context ...the sequence implementing each abstract operation. Another, more subtle difficulty arises when attempting to define an abstraction function. One natural approach is the following, proposed by Lamport =-=[32]-=-. A (continually defined) abstraction function A is chosen so that each abstract operation “takes effect” instantaneously at some step in its execution. In our queue example, when a process enqueues a... |
| 177 | Efficient locking for concurrent operations on B-trees. - LEHMAN, YAO - 1981 |
| 173 |
Verifying properties of parallel programs: An axiomatic approach,
- Owicki, Gries
- 1976
(Show Context)
Citation Context ... the rep invariant may be temporarily violated, leaving the abstraction function undefined. We show here how to overcome this difficulty relying on the standard trick of using (auxiliary) hidden data =-=[37]-=-, thereby permitting us to reintroduce a continually defined abstraction function with the extended representation as its domain. Both the problem and the solution are best illustrated by a simple exa... |
| 165 |
Proving Liveness Properties of Concurrent Programs.
- Owicki, Lamport
- 1982
(Show Context)
Citation Context ... Like serializability, linearizability is a safety property; it states that certain interleavings cannot occur, but makes no guarantees about what must occur. Other techniques, such as temporal logic =-=[32,34,39]-=-, must be used to reason about liveness properties such as fairness or priority. An implementation of a concurrent object need not realize all interleavings permitted by linearizability, but all inter... |
| 158 | Putting theories together to make specifications - Burstall, Goguen - 1977 |
| 115 | Concurrency of Operations on B-Trees. - Bayer, Schkolnick - 1977 |
| 114 |
Heterogeneous algebras,
- Birkhoff, Lipson
- 1970
(Show Context)
Citation Context ...ons are used for the specification of each operation of the type. Standish [43] and Nakajima [36] use a similar approach. The algebraic approach, which defines data types to be heterogeneous algebras =-=[5]-=-, uses axioms to specify properties of programs and abstract data types, but the axioms are restricted to equations. Much work has been done on algebraic specifications for abstract data types [2,8, 1... |
| 110 | Implementing atomic actions on decentralized data.
- Reed
- 1983
(Show Context)
Citation Context ...compatible with their precedence order. Strict serializability is ensured by some synchronization mechanisms, such as two-phase locking [12], but not by others, such as multiversion timestamp schemes =-=[41]-=-, or schemes that provide high levels of availability in the presence of network partitions [22]. Linearizability can be viewed as a special case of strict serializability where transactions are restr... |
| 109 | The Larch family of specification languages - Guttag, Horning, et al. - 1985 |
| 106 | Software Development: A Rigorous Approach - Jones - 1980 |
| 94 | Basic techniques for the efficient coordination of very large numbers of cooperating sequential processors.
- Gottlieb, Lubachevsky, et al.
- 1983
(Show Context)
Citation Context ... Deq operations of x and y respectively. From the assumption that j < i, qj-1 = [y, . . . , X, . . .I, which implies that y is enqueued before x, a contradiction. 0 Gottlieb, Lubachevsky, and Rudolph =-=[15]-=- adopt the property proved in Theorem 6 as the (informal) correctness property for a linearizable queue implementation. The difficulty of reasoning informally about concurrent histories is illustrated... |
| 93 | Efficient Synchronization on Multiprocessors with Shared Memory
- Kruskal, Rudolph, et al.
- 1988
(Show Context)
Citation Context ...the array in ascending order, starting at index 1. For each element, it atomically swaps null with the current contents. If the value returned is not equal to null, 3 Like the FETCH-AND-ADD operation =-=[30]-=-, INC returns the value of its argument from before the invocation, not the newly incremented value. ACM Transactions on Programming Languages and Systems, Vol. 12, No. 3, July 1990.s476 l M. Herlihy ... |
| 92 |
Local atomicity properties: Modular concurrency control for abstract data types
- Weihl
- 1989
(Show Context)
Citation Context ...entions to ensure that all objects’ concurrency control mechanisms are compatible with one another. For example, it is well known that two-phase locking is incompatible with multiversion timestamping =-=[46]-=-. Another important formal difference is that serializability places more rigorous restrictions on concurrency. Serializability is inherently a blocking property: under certain circumstances, a transa... |
| 91 | Axioms for Concurrent Objects
- Herlihy, Wing
(Show Context)
Citation Context ...tectures in which the shared objects are message queues, A preliminary version of this paper appeared in the Proceedings of the 14th ACM Symposium on Principles of Programming Languages, January 1987 =-=[21]-=-. This research was sponsored by IBM and the Defense Advanced Research Projects Agents (DOD), ARPA order 4976 (Amendment 20), under contract F33615-87-C-1499, monitored by the Avionics Laboratory, Air... |
| 91 | Impossibility and universality results for wait-free synchronization
- HERLIHY
- 1988
(Show Context)
Citation Context ...implementations of linearizability, but is is not inherent to the correctness property itself. (Techniques for constructing nonblocking implementations of linearizable objects are discussed elsewhere =-=[23]-=-.) This theorem suggests that linearizability is an appropriate correctness condition for systems where concurrency and real-time response are important. We shall see that alternative correctness cond... |
| 80 | Axioms for memory access in asynchronous hardware systems,”
- Misra
- 1986
(Show Context)
Citation Context ...tricted to register objects providing read and write operations, our intuitive notion of acceptability corresponds exactly to the notion used in Misra’s careful axiomatization of concurrent registers =-=[35]-=-. Our approach can be thought of as generalizing Misra’s approach to objects with richer sets of operations. For example, H5 in Figure 2a is acceptable, but H6 is not (examples are taken from [35]). T... |
| 75 | Dynamic quorum adjustment for partitioned data
- Herlihy
- 1987
(Show Context)
Citation Context ...n mechanisms, such as two-phase locking [12], but not by others, such as multiversion timestamp schemes [41], or schemes that provide high levels of availability in the presence of network partitions =-=[22]-=-. Linearizability can be viewed as a special case of strict serializability where transactions are restricted to consist of a single operation applied to a single object. Nevertheless, this single-ope... |
| 74 | Abstract data types and software validation”, - Guttag, Horowitz, et al. - 1978 |
| 67 | The specification and application to programming of abstract data types. - GUTTAG - 1975 |
| 66 |
Larch in Five Easy Pieces
- Guttag, Horning, et al.
- 1985
(Show Context)
Citation Context ...ch object subhistory H ] x belongs to the sequential specification for x. Many conventional techniques exist for defining sequential specifications. In this paper, we use the axiomatic style of Larch =-=[19]-=-, in which an object’s sequential history is summarized by a value, which (informally speaking) reflects the object’s state at the end of the history. These values are used in axioms giving the pre- a... |
| 66 | Concurrent operations on B-trees with overtaking - Sagiv - 1985 |
| 60 |
A proof system for Communicating Sequential Processes.
- Apt, Francez, et al.
- 1980
(Show Context)
Citation Context ...n [ 241. Owicki and Gries extended Hoare’s work to handle concurrent programs [37] by including axioms for general concurrent programming language constructs such as the parallel operator. Apt et al. =-=[3]-=- use an axiomatic approach for CSP [27]. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors [7, 14,28,44]. We appeal to this ... |
| 36 | Concurrency search and insertion in 2-3 trees - Ellis - 1980 |
| 34 |
Signaling in monitors
- Howard
- 1976
(Show Context)
Citation Context ...parallel operator. Apt et al. [3] use an axiomatic approach for CSP [27]. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors =-=[7, 14,28,44]-=-. We appeal to this past work when we perform syntax-directed reasoning about our implementations. In particular, we rely on standard techniques to deal with noninterference, using auxiliary data to e... |
| 29 | Simultaneous update of priority structures - Biswas, Browne - 1987 |
| 27 |
Abstract Data Types as Initial Algebras and Correctness of Data Representations
- Goguen
- 1975
(Show Context)
Citation Context ...nd returns. This computation is represented by the following history, where rep operations are indented and shown in upper-case. End4 A EnqW B INC(q.back) A OK(l) A INC(q.back) B OK(2) B STORE(q.items=-=[2]-=-, y) B OK( 1 B ON 1 B ACM Transactions on Programming Languages and Systems, Vol. 12, No. 3, July 1990.sLinearizability: A Correctness Condition for Concurrent Objects 477 Let r be the rep value after... |
| 11 | Concurrency control mechanisms and the serializability of concurrent tree algorithms - FORD, CALHOUN - 1984 |
| 8 |
Verification of Concurrent Programs, Part I: The Temporal Framework.
- Manna, Pnueli
- 1981
(Show Context)
Citation Context ... Like serializability, linearizability is a safety property; it states that certain interleavings cannot occur, but makes no guarantees about what must occur. Other techniques, such as temporal logic =-=[32,34,39]-=-, must be used to reason about liveness properties such as fairness or priority. An implementation of a concurrent object need not realize all interleavings permitted by linearizability, but all inter... |
| 8 |
Data structures: An axiomatic approach
- STANDISH
- 1973
(Show Context)
Citation Context ...s with proofs of correctness of their implementations [25], where, typically, first-order predicate logic preand post conditions are used for the specification of each operation of the type. Standish =-=[43]-=- and Nakajima [36] use a similar approach. The algebraic approach, which defines data types to be heterogeneous algebras [5], uses axioms to specify properties of programs and abstract data types, but... |
| 5 |
Hierarchical program specification and verification-A many-sorted logical approach
- NAKAJIMA, HONDA, et al.
- 1980
(Show Context)
Citation Context ...orrectness of their implementations [25], where, typically, first-order predicate logic preand post conditions are used for the specification of each operation of the type. Standish [43] and Nakajima =-=[36]-=- use a similar approach. The algebraic approach, which defines data types to be heterogeneous algebras [5], uses axioms to specify properties of programs and abstract data types, but the axioms are re... |
| 2 | Proving monitors revisited: A first step towards verifying object oriented systems.
- Gerth, Roever
- 1986
(Show Context)
Citation Context ...parallel operator. Apt et al. [3] use an axiomatic approach for CSP [27]. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors =-=[7, 14,28,44]-=-. We appeal to this past work when we perform syntax-directed reasoning about our implementations. In particular, we rely on standard techniques to deal with noninterference, using auxiliary data to e... |
| 1 |
An axiomatic treatment of a parallel language
- BROOKES
- 1985
(Show Context)
Citation Context ...parallel operator. Apt et al. [3] use an axiomatic approach for CSP [27]. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors =-=[7, 14,28,44]-=-. We appeal to this past work when we perform syntax-directed reasoning about our implementations. In particular, we rely on standard techniques to deal with noninterference, using auxiliary data to e... |
| 1 |
A generalization of Owicki-Gries-Hoare logic for a concurrent while language
- STIRLING
- 1987
(Show Context)
Citation Context ...parallel operator. Apt et al. [3] use an axiomatic approach for CSP [27]. Many researchers have also developed proof techniques for concurrent programs using conditional critical regions and monitors =-=[7, 14,28,44]-=-. We appeal to this past work when we perform syntax-directed reasoning about our implementations. In particular, we rely on standard techniques to deal with noninterference, using auxiliary data to e... |
