Causal Linearizability: Compositionality for Partially Ordered Executions

In the interleaving model of concurrency, where events are totally ordered, linearizability is compositional: the composition of two linearizable objects is guaranteed to be linearizable. However, linearizability is not compositional when events are only partially ordered, as in many weak-memory models that describe multicore memory systems. In this paper, we present causal linearizability, a correctness condition for concurrent objects implemented in weak-memory models. We abstract from the details of specific memory models by defining our condition using Lamport's execution structures. We apply our condition to the C11 memory model, providing a correctness condition for C11 objects. We develop a proof method for verifying objects implemented in C11 and related models. Our method is an adaptation of simulation-based methods, but in contrast to other such methods, it does not require that the implementation totally order its events. We also show that causal linearizability reduces to linearizability in the totally ordered case.

[1]  Sarita V. Adve,et al.  Shared Memory Consistency Models: A Tutorial , 1996, Computer.

[2]  Alexey Gotsman,et al.  Library abstraction for C/C++ concurrency , 2013, POPL.

[3]  Sebastian Burckhardt,et al.  Concurrent Library Correctness on the TSO Memory Model , 2012, ESOP.

[4]  Radha Jagadeesan,et al.  On abstraction and compositionality for weak-memory linearisability , 2018, VMCAI.

[5]  Oleg Travkin,et al.  Handling TSO in Mechanized Linearizability Proofs , 2014, Haifa Verification Conference.

[6]  Leslie Lamport,et al.  On interprocess communication , 1986, Distributed Computing.

[7]  Jeehoon Kang,et al.  Repairing sequential consistency in C/C++11 , 2017, PLDI.

[8]  Viktor Vafeiadis,et al.  A Program Logic for C11 Memory Fences , 2016, VMCAI.

[9]  Jade Alglave,et al.  Herding cats: modelling, simulation, testing, and data-mining for weak memory , 2014, PLDI 2014.

[10]  Peter W. O'Hearn,et al.  Abstraction for concurrent objects , 2009, Theor. Comput. Sci..

[11]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[12]  John Derrick,et al.  A Sound and Complete Proof Technique for Linearizability of Concurrent Data Structures , 2014, TOCL.

[13]  Mark Moir,et al.  Formal Verification of a Practical Lock-Free Queue Algorithm , 2004, FORTE.

[14]  Gil Neiger,et al.  Causal memory: definitions, implementation, and programming , 1995, Distributed Computing.

[15]  Jeremy Manson,et al.  The Java memory model , 2005, POPL '05.

[16]  John Derrick,et al.  Reasoning Algebraically About Refinement on TSO Architectures , 2014, ICTAC.

[17]  Viktor Vafeiadis,et al.  Tackling Real-Life Relaxed Concurrency with FSL++ , 2017, ESOP.

[18]  Leslie Lamport,et al.  How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs , 2016, IEEE Transactions on Computers.

[19]  Rachid Guerraoui,et al.  On the correctness of transactional memory , 2008, PPoPP.

[20]  Hongseok Yang,et al.  Show No Weakness: Sequentially Consistent Specifications of TSO Libraries , 2012, DISC.

[21]  Ori Lahav,et al.  Strong Logic for Weak Memory: Reasoning About Release-Acquire Consistency in Iris , 2017, ECOOP.

[22]  Peter Sewell,et al.  Mathematizing C++ concurrency , 2011, POPL '11.

[23]  John Derrick,et al.  Verifying Linearisability , 2015, ACM Comput. Surv..

[24]  John Wickerson,et al.  Overhauling SC atomics in C11 and OpenCL , 2016, POPL.

[25]  John Derrick,et al.  Linearizability and Causality , 2016, SEFM.

[26]  Maurice Herlihy,et al.  The art of multiprocessor programming , 2020, PODC '06.

[27]  Ori Lahav,et al.  Taming release-acquire consistency , 2016, POPL.