1. IntroductionA concurrent object is a data structure shared by concurrent processes. The traditional approach to imple-menting a concurrent object is to use critical regions [7], letting only a single process access the object at atime. Critical regions unnecessarilylimit the degree of concurrency possiblewhen the type semantics of theobject are ignored [11]. For example, multiple processes wishing to insert elements into a multiset shouldbe permitted to go on concurrently without one blocking any of the others. Moreover, critical regions areill-suited for asynchronous, fault-tolerant systems: if afaulty process halts in a critical region, non-faultyprocesses will also be unable to progress [9].Recently, other approaches for implementing concurrent objects have been proposed [10, 11, 1, 13, 14,15, 16, 2, 5]. In the design and implementation of a concurrent object, we are faced with two problems:1. What is our notion of correctness for a system composed of concurrent objects?2. Given some notion of correctness, how can we show a given implementation is correct?Answering the first question is one of definition; the second,of method. While there is no generalagreement on an answer to the first, we choose the correctnesscondition called linearizability, which hasrecentlycaptured theattentionof theresearch community. Linearizability, first coinedinHerlihyandWing’s1987 POPL paper [11], generalizes correctness notions that had previously been defined for specific datastructures like atomic registers and FIFO queues. It is an intuitively appealing notion of correctness, andalsoenjoysotherpropertieslikelocality, whichsimplifiesthe proof method, that othernotionsof correctnessdo not.With regard to the second question,we advocate usingthe complementary techniquesof verification andtesting. This paper in particulardescribes an environment for testing implementations of concurrent objectsthroughsimulation. Provinglinearizabilityof a data object is a nontrivialtask. In [15], the proof of a simpleconcurrent set consists of five propositions, one lemma and one theorem. The more definitive approach ofverification is the subject of other papers [6, 15] includingHerlihy and Wing’s original POPL paper.Our simulation package provides a means of finding bugs in implementations, as well as hintingat waysforimprovingthem. We intendourpackage toserve the followingpurposes: (1) todetect an implementationis incorrect, (2) to give some additional assurance that an implementation is correct
[1]
John Mellor-Crummey.
Concurrent Queues: Practical Fetch-and-Phi Algorithms.
,
1987
.
[2]
Gary L. Peterson,et al.
Constructing multi-reader atomic values from non-atomic values
,
1987,
PODC '87.
[3]
Leslie Lamport,et al.
How to Make a Multiprocessor Computer That Correctly Executes Multiprocess Programs
,
2016,
IEEE Transactions on Computers.
[4]
Maurice Herlihy,et al.
Impossibility and universality results for wait-free synchronization
,
1988,
PODC '88.
[5]
Jeannette M. Wing,et al.
A Library of Concurrent Objects and Their Proofs of Correctness
,
1990
.
[6]
Gregory R. Andrews,et al.
Concepts and Notations for Concurrent Programming
,
1983,
CSUR.
[7]
Maurice Herlihy,et al.
Axioms for concurrent objects
,
1987,
POPL '87.
[8]
James J. Horning,et al.
The Larch Family of Specification Languages
,
1985,
IEEE Software.
[9]
Maurice Herlihy,et al.
Linearizability: a correctness condition for concurrent objects
,
1990,
TOPL.
[10]
Leslie Lamport,et al.
Concurrent reading and writing
,
1977,
Commun. ACM.
[11]
Dennis Shasha,et al.
Concurrent set manipulation without locking
,
1988,
PODS '88.