On Register Linearizability and Termination
OOn Register Linearizability and Termination
Vassos Hadzilacos Xing Hu Sam TouegDepartment of Computer ScienceUniversity of TorontoCanadaMarch 1, 2021
Abstract
It is well-known that, for deterministic algorithms, linearizable objects can be used as if they wereatomic objects. As pointed out by Golab, Higham, and Woelfel, however, a randomized algorithm thatworks with atomic objects may lose some of its properties if we replace the atomic objects that it useswith objects that are only linearizable. It was not known whether the properties that can be lost includethe all-important property of termination (with probability 1). In this paper, we first show that arandomized algorithm can indeed lose its termination property if we replace the atomic registers that ituses with linearizable ones.Golab et al. also introduced strong linearizability , and proved that strongly linearizable objects canbe used as if they were atomic objects, even for randomized algorithms : they can replace atomic objectswhile preserving the algorithm’s correctness properties, including termination. Unfortunately, there areimportant cases where strong linearizability is impossible to achieve. In particular, Helmi, Higham, andWoelfel showed a large class of “non-trivial” objects, including MWMR registers, do not have stronglylinearizable implementations from SWMR registers.Thus we propose a new type of register linearizability, called write strong-linearizability , that is strictlystronger than (plain) linearizability but strictly weaker than strong linearizability. This intermediatetype of linearizability has some desirable properties. We prove that some randomized algorithms thatfail to terminate with linearizable registers, work with write strongly-linearizable ones. In other words,there are cases where linearizability is not sufficient but write strong-linearizability is. In contrast tothe impossibility result mentioned above, we prove that write strongly-linearizable MWMR registers are implementable from SWMR registers. Achieving write strong-linearizability, however, is harder thanachieving just linearizability: we give a simple implementation of MWMR registers from SWMR registersand we prove that this implementation is linearizable but not write strongly-linearizable. Finally, weprove that any linearizable implementation of SWMR registers is necessarily write strongly-linearizable;this holds for shared-memory, message-passing, and hybrid systems.
Linearizability is a well-known and very useful property of shared object implementations [24]. Intuitively,with a linearizable (implementation of) object each operation must appear as if it takes effect instantaneouslyat some point during the time interval that it actually spans; for deterministic algorithms linearizable objectscan be used as if they were atomic. As pointed out by the seminal work of Golab et al. [19], however,linearizable objects are not as strong as atomic objects in the following sense: a randomized algorithm thatworks with atomic objects may lose some of its properties if we replace the atomic objects that it useswith objects that are only linearizable. In particular, they present a randomized algorithm that guaranteesthat some random variable has expected value
1, but if we replace the algorithm’s atomic registers withlinearizable registers, a strong adversary can manipulate schedules to ensure that this random variable hasexpected value . Throughout the paper we consider only implementations that are wait free [23]. a r X i v : . [ c s . D C ] F e b .1 Linearizability and termination A natural question is whether termination is one of the properties that can be lost with the use of linearizableobjects. More precisely: is there a randomized algorithm that (a) terminates with probability 1 against astrong adversary when the objects that it uses are atomic, but (b) when these objects are replaced withlinearizable objects, a strong adversary can ensure that the algorithm never terminates? This question isparticularly interesting because achieving termination is one of the main uses of randomized algorithms (e.g.,to “circumvent” the famous FLP impossibility result [18]) [1, 6, 7, 8, 10, 11, 13, 15, 16], but it is not answeredby the results in [19], and to the best of our knowledge, it is also not addressed in subsequent papers on thissubject [14, 17, 22].In this paper, among other things, we show that termination can be lost. Specifically, we give a random-ized algorithm that uses registers such that: (1) if these registers are atomic then the algorithm terminates,i.e., all the processes halt, with probability 1, even against a strong adversary, and (2) if the registers are“only” linearizable, a strong adversary can prevent termination: it can always manipulate schedules so thatprocesses never halt.
Golab et al. also introduced a stronger version of linearizability called strong linearizability [19]. Intuitively,while in linearizability the order of all operations can be determined “off-line” given the entire execution, instrong linearizability the order of all operations has to be fixed irrevocably “on-line” without knowing therest of the execution. Golab et al. proved that strongly linearizable (implementations of) objects are “asgood” as atomic objects, even for randomized algorithms: they can replace atomic objects while preservingthe algorithm’s correctness properties including termination with probability 1. Unfortunately, there areimportant cases where strong linearizability is impossible to achieve.For example, Helmi et al. proved that a large class of so-called non-trivial objects, including multi-writermulti-reader (MWMR) registers, do not have strongly linearizable implementations from single-writer multi-reader (SWMR) registers [22]. This impossibility result may affect many existing randomized algorithms(e.g.,[2, 3, 4, 5, 6, 9]): , these algorithms use atomic MWMR registers, so if we want to run them in systemswith SWMR registers we cannot hope to automatically do so just by replacing their atomic MWMR registerswith strongly linearizable implementations from SWMR registers.Similarly, consider the well-known ABD algorithm that implements linearizable SWMR registers inmessage-passing systems [12]. One important use of this algorithm is to relate message-passing and shared-memory systems as follows: any algorithm that works with atomic shared registers can be automaticallytransformed into an algorithm for message-passing systems by replacing its atomic registers with the ABDregister implementation. It has been recently shown, however, that the ABD register implementation is not strongly linearizable [20]. Thus one cannot use the ABD implementation to automatically transform anyshared-memory randomized algorithm that terminates with probability 1 into an algorithm that works inmessage-passing systems: using the ABD register implementation instead of atomic registers in a randomizedalgorithm may prevent termination.
Motivated by the impossibility of implementing strongly linearizable registers mentioned above, we proposea new type of register linearizability, called write strong-linearizability , that is strictly stronger than (plain)linearizability but strictly weaker than strong linearizability. Intuitively, while in strong linearizability theorder of all operations has to be fixed irrevocably “on-line” without knowing the rest of the execution, inwrite strong-linearizability only the write operations must be ordered “on-line”. This intermediate type oflinearizability has some desirable properties, as described below:• In some cases where linearizability is not sufficient to achieve termination, write strong-linearizability is.To show this, we describe a randomized algorithm such that if the registers of this algorithm are only lin-earizable , then a strong adversary can prevent its termination; but if they are write strongly-linearizable ,then the algorithm terminates with probability 1 (Section 3). This implementation works under the assumption that fewer than half of the processes may crash.
2e then generalize this result as follows: for every randomized algorithm A that solves a task T and terminates with probability 1 against a strong adversary, there is a corresponding randomizedalgorithm A (cid:48) for task T such that: (a) if the registers that A (cid:48) uses are only linearizable, A (cid:48) does notterminate, but (b) if they are write strongly-linearizable, A (cid:48) terminates.• In contrast to the impossibility result proved in [22], write strongly-linearizable MWMR registers are implementable from SWMR registers. To prove this we modify a known implementation of MWMRregisters [26], and we linearize the write operations “on-line” by using vector timestamps that may be only partially formed (Section 4).Achieving write strong-linearizability, however, is harder than achieving just linearizability. We givea simpler implementation of MWMR registers from SWMR registers that uses Lamport clocks to times-tamp writes [25], and we prove that this implementation is linearizable but not write strongly-linearizable(Section 5).• Although the ABD implementation of SWMR registers is not strongly linearizable, we show that it isactually write strongly-linearizable. In fact, we prove that any linearizable implementation of SWMRregisters is necessarily write strongly-linearizable; this holds for message-passing, shared-memory, andhybrid systems (Section 6).Finally, it is worth noting that even though we focus on registers here, our intermediate notion oflinearizability can be extended to other types of objects and operations. Intuitively, an implementation ofan object is strongly linearizable with respect to a subset of operations O if the order of all operations in O must be fixed irrevocably “on-line” without knowing the rest of the execution.All the results presented are proven in this paper, but due to the space limitation several proofs arerelegated to optional appendices. We consider a standard distributed system where asynchronous processes that may fail by crashing com-municate via registers and other shared objects. In such systems, shared objects can be used to implement other shared objects such that the implemented objects are linearizable and wait-free [23, 24].
A register R is atomic if its read and write operations are instantaneous (i.e., indivisible); each read mustreturn the value of the last write that precedes it, or the initial value of R if no such write exists. A SWMRregister R is shared by a set S of processes such that it can be written (sequentially) by exactly one process w ∈ S and can be read by all processes in S ; we say that w is the writer of R [25]. A MWMR register R isshared by a set S of processes such that it can be written and read by all processes in S . In an object implementation, each operation spans an interval that starts with an invocation and terminateswith a response . Definition 1.
Let o and o (cid:48) be any two operations. • o precedes o (cid:48) if the response of o occurs before the invocation of o (cid:48) . • o is concurrent with o (cid:48) if neither precedes the other. Roughly speaking, an object implementation is linearizable [24] if, although operations can be concurrent,operations behave as if they occur in a sequential order (called “linearization order”) that is consistent withthe order in which operations actually occur: if an operation o precedes an operation o (cid:48) , then o is before o (cid:48) in the linearization order (the precise definition is given in [24]).Let H be the set of histories of a register implementation. An operation o is complete in a history H ∈ H if H contains both the invocation and response of o , otherwise o is pending .3 efinition 2. A function f is a linearization function for H (with respect to the type register) if it mapseach history H ∈ H to a sequential history f ( H ) such that:1. f ( H ) contains all completed operations of H and possibly some non-completed ones (with matchingresponses added).2. If operation o precedes o (cid:48) in H , then o occurs before o (cid:48) in f ( H ) .3. For any read operation r in f ( H ) , if no write operation occurs before r in f ( H ) , then r reads the initialvalue of the register; otherwise, r reads the value written by the last write operation that occurs before r in f ( H ) . Definition 3. [19] A function f is a strong linearization function for H if:(L) f is a linearization function for H , and(P) for any histories G, H ∈ H , if G is a prefix of H , then f ( G ) is a prefix of f ( H ) . By restricting the strong linearization requirement, i.e., property (P) to write operations only, we definethe following:
Definition 4.
A function f is a write strong-linearization function for H if:(L) f is a linearization function for H , and(P) for any histories G, H ∈ H , if G is a prefix of H , then the sequence of write operations in f ( G ) is aprefix of the sequence of write operations in f ( H ) . Definition 5.
An algorithm A that implements a register is linearizable, write strongly-linearizable, orstrong linearizable, if there is a linearization, write strong-linearization, or strong linearization function(with respect to the type register) for the set of histories H of A . In this section, we show that in some cases linearizability is not sufficient for termination but write strong-linearizability is. To do so, we present a randomized algorithm, namely Algorithm 1, and prove that (a) it failsto terminate if its registers are only linearizable but (b) it terminates if they are write strongly-linearizable.We then use Algorithm 1 to show that every randomized algorithm A that solves a task and terminateswith probability 1 against a strong adversary, has a corresponding randomized algorithm A (cid:48) for the sametask such that: (a) if the registers that A (cid:48) uses are linearizable, A (cid:48) does not terminate, but (b) if they arewrite strongly-linearizable, A (cid:48) terminates.Algorithm 1 uses three MWMR registers R , R , and C . It can be viewed as a game executed by n ≥ processes, which are partitioned into two groups: the “hosts” p and p and the “players” p , ..., p n . The gameproceeds in asynchronous rounds, each round consisting of two phases. In Phase 1 of a round j , process p writes [1 , j ] into R ; while p first writes [0 , j ] in R , and then it writes the result of a 0-1 coin flip into C (lines 3-7). After doing so, each of p and p proceeds to Phase 2.In Phase 1, each player p i ( ≤ i ≤ n − reads R twice (lines 21–22), and then it reads C (line 23). If p i reads c ∈ { , } from C and the sequence of two values that it read from R is [ c, j ] and then [1 − c, j ] , p i proceeds to Phase 2, otherwise it exits the game (lines 24-29). Every player p i that stays in the game resets R to (line 31) and tries to increment it by 1 (lines 32-34); thus R holds a lower bound on the number ofplayers that enter Phase 2. After doing so p i proceeds to the next round.In Phase 2, each host p and p first resets R to (line 10) and then reads R (line 11). If a host seesthat R ≥ n − then it is certain that all the players remained in the game, and so it also remains in thegame by proceeding to the next round; otherwise it exits the game.We will show that if the registers are only linearizable, then a strong adversary S can manipulate schedulessuch that the game represented by Algorithm 1 continues forever; more precisely, regardless of the coin flipresults, S can construct a run of Algorithm 1 in which all the processes loop forever (Theorem 6 in Section 3.1).We then show that if the registers are write strongly-linearizable, then all the correct processes return fromthe algorithm with probability (Theorem 7 in Section 3.2). A process is correct if it takes infinitely many steps. We assume that processes continue to take steps (forever) even afterreturning from the algorithm in lines 16 or line 36. lgorithm 1 A game for n ≥ processes Shared MWMR registers R , R , C Code of process p i , i ∈ { , } : for rounds j = 1 , , ... do {* Phase 1 *} R ← [ i, j ] if i = 0 then {* p flips a coin and writes it into C *} c ← coin flip C ← c end if {* Phase 2 *} R ← v ← R if v < n − then exit for loop end if end for return Code of process p i , i ∈ { , , . . . , n − } : for rounds j = 1 , , ... do {* Phase 1 *} R ← ⊥ C ← ⊥ u ← R u ← R c ← C if ( u = ⊥ or u = ⊥ or c = ⊥ ) then exit for loop end if if ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) then exit for loop end if {* Phase 2 *} R ← v ← R v ← v + 1 R ← v end for return At high-level, the main idea of the proof is as follows. Assume the register R is not atomic, so each ofits operations spans an interval of time, and operations on R can be concurrent. Consider the time t after p flipped the coin (line 6). Suppose at that time t , the write of [1 , j ] into R by p is still pending andconcurrent with the completed write of [0 , j ] into R by p .If R is linearizable, then adversary has the power to linearize the two writes in either order: [0 , j ] before [1 , j ] , or [1 , j ] before [0 , j ] . So based on the outcome c of the coin flip, the adversary can ensure that all theplayers read [ c, j ] and then [1 − c, j ] from R which forces them to stay in the game.If, on the other hand, R is write strongly-linearizable, the adversary does not have this power: at thetime p completes its write of [0 , j ] into R (and therefore before the adversary can see the result of the coinflip) the adversary must decide whether the concurrent write of [1 , j ] by p is linearized before [0 , j ] or not.With probability at least 1/2, the result of the coin flip will not “match” this decision. So in each round,with probability at least 1/2, the players will not read [ c, j ] and then [1 − c, j ] from R and so they will exitthe game. (Note that if R is atomic, operations are instantaneous, and so of course the adversary has nopower to continue the game forever.)In Algorithm 1 only register R is unbounded, but we can easily make R bounded (see Appendix B). Theorem 6.
If registers R , R , and C are only linearizable, a strong adversary S can construct a run ofAlgorithm 1 where all the processes execute infinitely many rounds.Proof. Assume the registers of Algorithm 1 are only linearizable but not write strongly-linearizable. A strongadversary S can construct an infinite run of Algorithm 1 as follows (Figure 1): Phase 1 (of round j = 1 ):1. Processes p , p , . . . , p n − write ⊥ into R and C in lines 19 and 20.5 ! ! " ! " ! " " ! ! ← [0,1] ( ! ← ! ! ! ! ! " ! " ! " " ( ! ← ! ! ! $ ! ' ! ( ( " ← ! ! ) ← * ! ! ! " ! " ! " " ( ! ← ! ! * ← 1 ! $ ! ' ! ( ( " ← ! ! ) ← *! ! ← [1,1] ! ! ← [0,1]! ! ← [0,1] ! ! ← [1,1]! ! ← [1,1] , = ., = / * ← ) * ← 0 ! ! ←⊥ " ) $ ←⊥ ! ! ←⊥ " ) $ ←⊥! ! ←⊥ " ) $ ←⊥ ‘s denote linearization points Figure 1: Phase 1 in round j = 1 of an infinite execution2. At some time t after all the above write operations complete, process p starts writing [0 , into R in line 3, process p starts writing [1 , into R in line 3, and processes p , p , . . . , p n − start reading R in line 21.3. At time t > t , process p completes its writing of [0 , into R in line 3.4. After time t , process p flips a coin in line 6 and writes the result into the shared register C in line 7.Let t c > t be the time when p completes this write of C .Depending on the result of p ’s coin flip (and therefore the content of C ), the adversary S continuesthe run it is constructing in one of the following two ways: Case 1 : C = 0 at time t c .The continuation of the run in this case is shown at the top right of Figure 1.(a) At time t > t c , p completes its writing of [1,1] into R in line 3.Note that both p and p have now completed Phase 1 of round j = 1 .(b) The adversary S linearizes the write of [1 , into R by p after the write of [0 , into R by p .(c) Note that p , p , . . . , p n − are still reading R in line 21. Now the adversary linearizes these readoperations between the above write of [0 , by p and the write of [1 , by p .(d) At time t > t , processes p , p , . . . , p n − complete their read of R in line 21. By the abovelinearization, they read [0 , , and so they set (their local variable) u = [0 , in line 21.(e) Then processes p , p , . . . , p n − start and complete their read of R in line 22. Since (1) thesereads start after the time t when p completed its write of [1 , into R , and (2) this write islinearized after the write of [0 , by p into R , processes p , p , . . . , p n − read [1 , . So they allset (their local variable) u = [1 , in line 22. Let t > t be the time when every process in { p , p , . . . , p n − } has set u = [1 , in line 22.(f) After time t , processes p , p , . . . , p n − start reading C in line 23. Since C = 0 at time t c and itis not modified thereafter, p , p , . . . , p n − read and set (their local variable) c = 0 in line 23.So at this point, processes p , p , . . . , p n − have u = [0 , , u = [1 , and c = 0 .(g) Then p , p , . . . , p n − execute line 24, and find that the condition ( u = ⊥ or u = ⊥ or c = ⊥ )of this line does not hold, and so they proceed to execute line 27.(h) When p , p , . . . , p n − execute line 27, they find that the condition ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] )of this line does not hold, because they have u = [ c,
1] = [0 , and u = [1 − c,
1] = [1 , .6o p , p , . . . , p n − complete Phase 1 of round j = 1 without exiting in line 28. Recall that both p and p also completed Phase 1 of round j = 1 without exiting. Case 2 : C = 1 at time t c .The continuation of the run in this case is shown at the bottom right of Figure 1. This continuation issymmetric to the one for Case 1: the key difference is that the adversary S now linearizes p ’s write of [1 , into R before p ’s write of [0 , into R , and so processes p , p , . . . , p n − have u = [ c,
1] = [1 , and u = [1 − c,
1] = [0 , and so they will also complete Phase 1 without existing in line 28.Thus in both Case 1 and Case 2, all the n processes complete Phase 1 of round j = 1 without exiting,and are now poised to execute Phase 2 of this round. The adversary S extends the run that it built sofar as follows (Figure 2). " ! " " $ $ $ ← 0$ $ ← 0 " $ , …, " %&" read and increment $ $ successively ! ! ′$ $ ← 0 0 ← $ $ Phase 2 " ) Figure 2: Phase 2 in round j = 1 of an infinite execution Phase 2 (of round j = 1 ):1. Processes p and p write into R in line 10, and processes p , p , . . . , p n − write into R in line 31.2. After all the above write operations complete, processes p , p , . . . , p n − successively read and incre-ment R by executing lines 32–34 in the following order: p executes lines 32–34, and then, for each i ∈ { , . . . , n − } , process p i +1 starts reading R in line 32 after p i completes its write of R in line 34.Let t (cid:48) be the time when the above n − write operations by p , p , . . . , p n − have completed.Note that at time t (cid:48) : (i) register R contains n − , and (ii) all processes p , p , . . . , p n − have com-pleted Phase 2 of round j = 1 .3. After time t (cid:48) , p and p read R into v in line 11, and so they set v = n − in that line.4. Then p and p execute line 12 and find that the condition “ v < n − ” of this line does not hold. So p and p complete Phase 2 of round j = 1 without exiting in line 13.Thus all the n processes p , p , . . . , p n − , have completed Phase 2 of round without exiting; they arenow poised to execute round j = 2 .The adversary S continues to build the run by repeating the above scheduling of p , p , . . . , p n − for rounds j = 2 , . . . . This gives a non-terminating run of Algorithm 1 with probability 1: in this run, all processesare correct, i.e., they take an infinite number of steps, but they loop forever and never reach the returnstatement in lines 16 or line 36. In Appendix A, we prove:
Theorem 7.
If registers R , R , and C are write strongly-linearizable, then Algorithm 1 terminates withprobability 1 against a strong adversary. Combining Theorems 6 and 7, we have: 7 orollary 8. If R , R , and C are1. only linearizable, then a strong adversary can prevent the termination of Algorithm 1;2. write strongly-linearizable, then Algorithm 1 terminates with probability 1 against a strong adversary. Consider any randomized algorithm A that solves some task T , such as consensus, for n ≥ processes p , p , p , . . . , p n − , and terminates with probability 1 against a strong adversary. Using A , we can constructa corresponding randomized algorithm A (cid:48) as follows: every process p i with i ∈ { , , , ..., n − } first executesAlgorithm 1; if p i returns then it executes algorithm A . From Corollary 8 we have: Corollary 9.
Let A be any randomized algorithm that solves a task T for n ≥ processes and terminateswith probability 1 against a strong adversary. There is a corresponding randomized algorithm A (cid:48) that solves T for n ≥ processes such that:1. A (cid:48) uses a set R of three shared registers in addition to the set of base objects of A .2. If the registers in R are only linearizable, then a strong adversary can prevent the termination of A (cid:48) .3. If the registers in R are write strongly-linearizable, then A (cid:48) terminates with probability 1 against astrong adversary. To implement a write strongly-linearizable MWMR register R , we must be able to linearize all the writeoperations “on-line” without looking at what may happen in the future. The challenge is that at the moment t a write operation w completes, for each write w (cid:48) that is concurrent with w and is still pending at time t ,we must have enough information to irrevocably decide whether w (cid:48) should be linearized before or after w ;of course this linearization order must be consistent with the values that processes previously read and willread in the future from R . Using simple “Lamport clocks” to timestamp and linearize write operations doesnot seem to work: in the next section, we give an implementation showing that Lamport clocks are sufficientto implement a linerizable MWMR register, but this implementation is not write strongly-linearizable.In this section we give an implementation of a MWMR register from SWMR registers (Algorithm ), andprove that it is write strongly-linearizable. This is a modification of an implementation given in [26] and ituses vector clocks to timestamp write operations. The question is how to use vector timestamps to linearizewrite operations on-line . Specifically, at the moment t a write operation w completes, for each operation w (cid:48) that is concurrent with w and still pending at time t , how do we decide the order of w (cid:48) with respect to w ? Note that at time t , while the vector timestamp of w is known, the vector timestamp of such w (cid:48) maynot be known: it is still being computed (it may be incomplete with just a few entries set). The proof oflinearization given in [26] does not work here: that proof can linearize all the write operations after seeingtheir complete vector timestamps; and it can do so because linearization is done “off-line”.Algorithm uses SWMR registers V al [ i ] for i = 1 , , ..., n . Each write operation w is timestamped witha vector timestamp; roughly speaking, this represents the number of write operations that every processperformed “causally before” w . Each V al [ k ] contains the latest value that p k wrote to R with its correspond-ing vector timestamp. To write a value v into R , a process p k first constructs a new timestamp new_ts ,incrementally one component at a time, by successively reading V al [1] , . . . , V al [ n ] (lines 1–7); then p k writesthe tuple ( v, new_ts ) into V al [ k ] (line 8); finally p k resets its new_ts to [ ∞ , . . . , ∞ ] (as we will see, this isimportant for the write strong-linearization). To read R , a process p first reads all V al [ − ] (lines 11–13);then r returns the value v with the greatest vector timestamp in lexicographic order ≤ (lines 14–15). Notethat this is a total order.We now prove that this MWMR implementation is indeed write strongly-linearizable. Before we do so,we first illustrate the problem that we mentioned earlier, namely, how to linearize write operations on-linebased on incomplete vector timestamps, and then we give some intuition on how this problem is solved. A (cid:48) also terminates if the registers in R are atomic, because atomic registers are write strongly-linearizable. lgorithm 2 Implementing a write strongly-linearizable MWMR register R from SWMR registers Shared Object:
For i = 1 , , ..., n : V al [ i ] : SWMR register that contains a tuple ( v, ts ) where v is a value and ts is a vector timestamp;initialized to (0 , [0 . . . where is the initial value of R and [0 . . . is an array of length n . Local Object: new _ ts : For each process, a local array of length n ; initialized to [ ∞ , . . . , ∞ ] .When writer p k writes v to R : // ≤ k ≤ n for i = 1 to n do if i (cid:54) = k then new_ts [ i ] ← ( V al [ i ] .ts )[ i ] // V al [ i ] .ts is the vector timestamp of the tuple in V al [ i ] else new_ts [ i ] ← ( V al [ i ] .ts )[ i ] + 1 end if end for V al [ k ] ← ( v, new_ts ) // write to shared register new_ts ← [ ∞ , . . . , ∞ ] return doneWhen a process reads from R : for i = 1 to n do ( v i , ts i ) ← V al [ i ] end for let j be such that ts j = max { ts , ..., ts n } // lexicographic max return ( v j , ts j ) Consider a write operation w that finishes at time t , as illustrated in Figure 3. For each write operationthat is active at time t we must decide whether it should be linearized before or after w . We cannot treat allsuch operations in the same way: we cannot simply linearize all of them before or all of them after w . Thisis because the linearization order of these write operations depends on their timestamps (so as to respect theorder of the read operations that read their values), which may not yet be fully formed at time t . Indeed, thetimestamp of a write operation active at t may end up being greater than, or smaller than, the timestamp of w . For example, in Figure 3 the timestamps eventually computed by the write operations w and w , whichare active at time t , end up being, respectively, greater than and smaller than the timestamp of w . As wewill see, by looking carefully at the progress that each of w and w has made by time t towards computingits vector timestamp, we can determine, at time t , the correct linearization order of w and w relative to w . We do so by (a) initializing the timestamp of each write to [ ∞ , . . . , ∞ ] (so it gets smaller and smallerwhile it is being formed); and (b) ordering the writes by comparing their (possibly incomplete) timestampsin lexicographical order. This makes it possible to linearize the write operations on-line.To prove that the MWMR implementation given by Algorithm is write strongly-linearizable, we givea write strong-linearization function f for the set of histories H of this algorithm. We describe f as analgorithm (Algorithm ) that takes as input any finite or infinite history H ∈ H and outputs a sequentialhistory S that satisfies properties (L) and (P) of Definition 4. Intuitively, Algorithm linearizes all the writeoperations on-line , as follows. It scans the input history H by increasing time; while doing so it maintainsa sequence W S of write operations that it has linearized so far. When it sees that, at some time t i , a writeoperation w i writes to V al [ − ] , it first checks whether w i was already linearized i.e., whether w i is in W S (lines 3–6). If w i is not in W S , it forms the set C i of all the write operations that are “active” at time t i andare not yet in W S (line 7). It then determines the (possibly incomplete) timestamp of each operation in C i at time t i (line 8); note that w i is in C i and w i ’s timestamp, denoted ts iw i , is complete. Finally, it selects the An operation that starts at time s and completes at time f is active at time t if s ≤ t ≤ f . ! ! " ! ! $ ! !" !" ! " ! !" !" Figure 3: Three concurrent writes under Algorithm operations in C i whose (possibly incomplete) timestamps are smaller than or equal to ts iw i (line 9), and thenit appends them to the linearization sequence W S in increasing timestamp order (line 10). To linearize theread operations, it collects all the read operations that return some value ( v, ts ) , and linearizes them afterthe write operation that writes ( v, ts ) , in increasing start time order (lines 22–31).Intuitively, Algorithm gives a write strongly-linearizable function f because: (1) by scanning H inincreasing time, it linearizes each write operation by the time the operation completes without “peeking intothe future”, and (2) it only appends write operations to W S , and so it satisfies the “prefix property” (P) ofDefinition 4. In Appendix C, we prove that Algorithm defines a write strong-linearization function for H and thus show: Theorem 10.
Algorithm is a write strongly-linearizable implementation of a MWMR register from SWMRregisters. Helmi et. al show that there is no strongly linearizable implementation of MWMR registers from SWMRregisters (Corollary 3.7 in [22]). Thus:
Corollary 11.
Algorithm is not a strongly linearizable implementation of a MWMR register. This implies that strong linearizability is strictly stronger than write strong-linearizability.
As we will see, every linearizable implementation of an SWMR register is necessarily write strongly-linearizable.In contrast, here we prove that there is a linearizable implementation of an MWMR register from SWMRregisters (namely, Algorithm 4) that is not write strongly-linearizable.Algorithm 4 implements a MWMR register R from SWMR registers V al [ i ] for i = 1 , , ..., n . Each valuewritten to R is timestamped with tuple (cid:104) sq, pid (cid:105) where sq is a sequence number and pid is the id of theprocess that writes the value; intuitively, these are Lamport clocks that respect the causal order of writeevents. Each register V al [ k ] contains the latest value that p k wrote to R with its corresponding timestamp.To write a value v into R , p k first reads every register V al [ − ] (lines 1–3); then p k forms a new sequencenumber new_sq by incrementing the maximum sequence number that it read from V al [ − ] (line 4); finally, p k writes the tuple ( v, new_ts ) , where new_ts = (cid:104) new_sq , k (cid:105) , into V al [ k ] (lines 5–6). To read R , a process p first reads all registers V al [ − ] (lines 8–10); then r returns the value v with the greatest timestamp inlexicographic order (lines 11–12).Intuitively, Algorithm 4 implements a linearizable MWMR register: the write operations can be linearizedby their timestamps (which form a total order); the read operations are linearized according to the valuethat they read. The proof of the following theorem is given in Appendix D. Theorem 12.
Algorithm is a linearizable implementation of a MWMR register from SWMR registers. lgorithm 3 A write strong-linearization function f for the set of histories H of Algorithm Input: a history H ∈ H Output: S , a sequential history of the operations in H linearization of write operations in H W S ← () m ← the number of operations that write to V al [ − ] in H // m can be ∞ for i = 1 , , . . . , m do t i ← the time of the i th write to a register V al [ − ] in H (line 8 of Algorithm ) w i ← the operation that writes to V al [ − ] at time t i if w i / ∈ W S i − then C i ← { w | w is a write operation such that w / ∈ W S i − and w is active at time t i in H } ∀ w ∈ C i , ts iw ← the value of new_ts , at time t i , of the process executing w B i ← { w | w ∈ C i and ts iw ≤ ts iw i } W S i ← W S i − ◦ ( the sequence of operations w ∈ B i in increasing order of ts iw ) else C i ← ∅ ; B i ← ∅ W S i ← W S i − end if end for if m = ∞ then W S ← lim i →∞ W S i else W S ← W S m end if linearization of read operations in H S (cid:48) ← W S for every value ( v, ts ) that processes read in H do R ← { r | r is a read operation that returns ( v, ts ) in H } S R ← the sequence of operations in R in increasing order of their start time if ts = [0 , . . . , then prepend S R to S (cid:48) else w ← the operation in S (cid:48) that writes ( v, ts ) insert S R after w and before any subsequent write operation in S (cid:48) end if end for S ← S (cid:48) The implemented register, however, is not write strongly-linearizable: roughly speaking the informationprovided by Lamport clocks is not sufficient to linearize the write operations on-line.
Theorem 13.
Algorithm is not a write strongly-linearizable implementation of a MWMR register.Proof. Consider the set of histories H of Algorithm executed by n = 3 processes, p , p and p . To provethat Algorithm is not a write strongly-linearizable implementation, we show that H is notwrite strongly-linearizable. More precisely, we prove that for any function f that maps histories in H to sequential histories, there exist histories G, H ∈ H such that G is a prefix of H but f ( G ) is not a prefixof f ( H ) .Let f be a function that maps histories in H to sequential histories. Consider the following history G ∈ H (shown at the left of Figure 4):• Initially, R contains , and each register V al [ i ] contains (0 , (cid:104) , i (cid:105) ) .11 At time t , process p starts an operation w to write a value v (cid:54) = 0 to R . By lines 1–2, p first reads (0 , (cid:104) , (cid:105) ) from V al [1] into ( − , ts ) , say at time t , and then reads (0 , (cid:104) , (cid:105) ) from V al [2] into ( − , ts ) ,say at time t . Thus, p now has ts = (cid:104) , (cid:105) and ts = (cid:104) , (cid:105) , i.e., ts .sq = ts .sq = 0 .• At time t > t , process p starts an operation w to write a value v (cid:48) to R such that v (cid:48) (cid:54) = v and v (cid:48) (cid:54) = 0 . By lines 1–2, p reads (0 , (cid:104) , (cid:105) ) from V al [1] into ( − , ts ) , (0 , (cid:104) , (cid:105) ) from V al [2] into ( − , ts ) ,and (0 , (cid:104) , (cid:105) ) from V al [3] into ( − , ts ) . Thus, p now has ts = (cid:104) , (cid:105) , ts = (cid:104) , (cid:105) , and ts = (cid:104) , (cid:105) ,i.e., ts .sq = ts .sq = ts .sq = 0 . By lines 5–6, p then writes ( v (cid:48) , (cid:104) , (cid:105) ) to V al [2] and completes w at time t . Then at time t , V al [1] contains (0 , (cid:104) , (cid:105) ) , V al [2] contains ( v (cid:48) , (cid:104) , (cid:105) ) , and V al [3] contains (0 , (cid:104) , (cid:105) ) .Since the write operation w completes in G ∈ H and f is a linearization function for H , by property 1 ofDefinition 2, w is in f ( G ) . Since the write operation w is concurrent with w , there are two cases: (1) w is not before w in f ( G ) , or (2) w is before w in f ( G ) . Case 1 : w is not before w in f ( G ) . Consider the following history H ∈ H (shown at the top right ofFigure 4):• H is an extension of G , i.e., G is a prefix of H .• At time t > t , p continues the operation w and reads (0 , (cid:104) , (cid:105) ) from V al [3] into ( − , ts ) so it has ts .sq = 0 . By lines 5–6, p writes ( v, (cid:104) , (cid:105) ) to V al [1] . After that, p completes w , say at time t . Attime t , V al [1] contains ( v, (cid:104) , (cid:105) ) , V al [2] contains ( v (cid:48) , (cid:104) , (cid:105) ) , and V al [3] contains (0 , (cid:104) , (cid:105) ) .• At time t > t , p starts a read operation r to read R . In lines 8–9, p reads ts = (cid:104) , (cid:105) , ts = (cid:104) , (cid:105) ,and ts = (cid:104) , (cid:105) . Since ts = (cid:104) , (cid:105) > ts = (cid:104) , (cid:105) > ts = (cid:104) , (cid:105) , by line 11, r returns ( v (cid:48) , (cid:104) , (cid:105) ) – thevalue written by w .Since the read operation r returns the value written by w in H ∈ H , and f is a linearization function for H ,by property 3 of Definition 2, r is after w and before any subsequent write operation in f ( H ) . Since r starts Algorithm 4
Implementing a linearizable MWMR register R from SWMR registers Shared Object:
For i = 1 , , ..., n : V al [ i ] : SWMR register that contains a tuple ( v, ts ) where v is a value and ts is a tuple of the form (cid:104) sq, pid (cid:105) ;initialized to (0 , (cid:104) , i (cid:105) ) . Local Object: new_sq : a register initialized to . new_ts : a register initialized to (cid:104) , k (cid:105) for process p k .When writer p k writes v to R // ≤ k ≤ n for i = 1 to n do ( v i , ts i ) ← V al [ i ] end for new_sq ← max { ts .sq, ..., ts n .sq } + 1 new_ts ← (cid:104) new _ sq, k (cid:105) V al [ k ] ← ( v, new _ ts ) return doneWhen a process reads from R for i = 1 to n do ( v i , ts i ) ← V al [ i ] end for let j be such that ts j = max { ts , ..., ts n } // lexicographic max return ( v j , ts j ) w completes, by property 2 of Definition 2, r is after w in f ( H ) . Thus, w is before w in f ( H ) .Since, by assumption, w is in f ( G ) and w is not before w in f ( G ) , f ( G ) is not a prefix of f ( H ) . Case 2 : w is before w in f ( G ) . Consider the following history H ∈ H (shown at the bottom right ofFigure 4):• H is an extension of G .• At time t > t , process p starts an operation w to write v (cid:48)(cid:48) to R such v (cid:48)(cid:48) (cid:54) = v . In lines 1–2, p reads (0 , (cid:104) , (cid:105) ) from V al [1] into ( − , ts ) , ( v (cid:48) , (cid:104) , (cid:105) ) from V al [2] into ( − , ts ) , and (0 , (cid:104) , (cid:105) ) from V al [3] into ( − , ts ) Thus, p now has ts = (cid:104) , (cid:105) , ts = (cid:104) , (cid:105) , and ts = (cid:104) , (cid:105) , i.e., ts .sq = 0 , ts .sq = 1 , and ts .sq = 0 . By lines 5–6, p then writes ( v (cid:48)(cid:48) , (cid:104) , (cid:105) ) to V al [3] . and completes w at time t .• At time t > t , p continues the operation w and reads ( v (cid:48)(cid:48) , (cid:104) , (cid:105) ) from V al [3] into ( − , ts ) so it has ts .sq = 2 . By lines 5–6, p writes ( v, (cid:104) , (cid:105) ) to V al [1] . After that, p completes w , say at time t . Attime t , V al [1] contains ( v, (cid:104) , (cid:105) ) , V al [2] contains ( v (cid:48) , (cid:104) , (cid:105) ) , and V al [3] contains ( v (cid:48)(cid:48) , (cid:104) , (cid:105) ) .• At time t > t , p starts a read operation r to read R . In lines 8–9, p reads ( v, (cid:104) , (cid:105) ) from V al [1] into ( − , ts ) , ( v (cid:48) , (cid:104) , (cid:105) ) from V al [2] into ( − , ts ) , and ( v (cid:48)(cid:48) , (cid:104) , (cid:105) ) from V al [3] into ( − , ts ) . Since ts = (cid:104) , (cid:105) > ts = (cid:104) , (cid:105) > ts = (cid:104) , (cid:105) , by line 11, r returns ( v, (cid:104) , (cid:105) ) – the value written by w .Since the read operation r returns the value written by w in H ∈ H , and f is a linearization functionfor H , by property 3 of Definition 2, r is after w and before any subsequent write operation in f ( H ) . Since r starts after w completes, by property 2 of Definition 2, r is after w in f ( H ) . Thus, w is before w in f ( H ) . Since, by assumption, w is before w in f ( G ) , f ( G ) is not a prefix of f ( H ) .Then, in both case 1 and case 2, there is a history H ∈ H such that G is a prefix of H but f ( G ) is not aprefix of f ( H ) . Therefore the theorem holds. !" ! ! , ! ←&'([1] " ! " " " $ ! " ! " , " ←&'([2] % ( ! , ←&'([3] ) "%*+(') * !" & ' !" /! $%& 1 = -, 3,1$%& 2 = -′, 1,2$%& 3 = -′′, 2,3 ‘s denote linearization points !" ! ! , ! ←&'([1] !" ! " " " $ ! " ! " , " ←&'([2] !" % $%& 1 = 0, 0,1$%& 2 = 0, 0,2$%& 3 = 0, 0,3 $%& 1 = 0, 0,1$%& 2 = -′, 1,2$%& 3 = 0, 0,3 !" ! ! , ! ←&'([1] /" ! " " " $ ! " ! " , " ←&'([2] % & ! , ←&'([3] ' "%*+('′) ( !" ! $%& 1 = -, 1,1$%& 2 = -′, 1,2$%& 3 = 0, 0,3 ‘s denote linearization points Case 1Case 2 ‘s denote linearization points
Figure 4: Histories G and H for Cases 1 and 213 Linearizable SWMR registers are necessarily write strongly-linearizable
In Appendix E, we show that any linearizable implementation of SWMR registers is write strongly-linearizable(this holds for message-passing, shared-memory, and hybrid systems). Thus, the well-known ABD implemen-tation of SWMR registers in message-passing systems is not only linearizable; it is actually write strongly-linearizable.
Theorem 14.
Any linearizable implementation of a SWMR register is necessarily write strongly-linearizable.
As we mentioned earlier, many randomized algorithms in the literature use atomic MWMR registers.An interesting open problem is to determine which ones can also (be made to) work in systems withatomic SWMR registers. If we replace a randomized algorithm’s atomic MWMR registers with linearizable implementations of MWMR registers from atomic SWMR registers, we may break it: it may lose some of itsproperties [19] including, as we showed in this paper, termination. On the other hand, we cannot replace analgorithm’s atomic MWMR registers with strongly linearizable implementations of MWMR registers fromatomic SWMR registers — which would automatically preserve the correctness of this algorithm — simplybecause no such implementation exists [22]. But perhaps many (maybe even most) of the known randomizedalgorithms that use atomic MWMR registers do not actually need the full strength of strongly linearizableregisters: in particular, they may not need the “strong linearizability property” to hold for both read andwrite operations. Randomized algorithms that need the strong linearizability properties only for write op-erations , also work in systems with atomic SWMR registers: just replace their MWMR registers with theregister implementation given by Algorithm . Acknowledgments
We thank Wojciech Golab and Philipp Woelfel for their helpful comments.
References [1] K. Abrahamson. On achieving consensus using a shared memory. In
Proceedings of the seventh annualACM Symposium on Principles of distributed computing , pages 291–302, 1988.[2] D. Alistarh, J. Aspnes, K. Censor-Hillel, S. Gilbert, and R. Guerraoui. Tight bounds for asynchronousrenaming.
J. ACM , 61(3), June 2014.[3] D. Alistarh, J. Aspnes, K. Censor-Hillel, S. Gilbert, and M. Zadimoghaddam. Optimal-time adaptivestrong renaming, with applications to counting. In
Proceedings of the 30th annual ACM Symposium onPrinciples of distributed computing , pages 291–302, 2011.[4] D. Alistarh, J. Aspnes, S. Gilbert, and R. Guerraoui. The complexity of renaming. In
IEEE 52ndAnnual Symposium on Foundations of Computer Science , pages 718–727, 2011.[5] D. Alistarh, H. Attiya, S. Gilbert, A. Giurgiu, and R. Guerraoui. Fast randomized test-and-set andrenaming. In , pages 94–108, 2010.[6] J. Aspnes. Time- and space-efficient randomized consensus.
J. Algorithms , 14(3):414–431, May 1993.[7] J. Aspnes. Lower bounds for distributed coin-flipping and randomized consensus.
J. ACM , 45(3), May1998. In fact, a recent paper shows that a well-known randomized algorithm by Aspness and Herlihy that assumes atomic registersdoes not actually need any linearizability property: it works correctly with registers that are only regular [21].
Distributed Computing , 16(2–3):165–175,Sept. 2003.[9] J. Aspnes and K. Censor. Approximate shared-memory counting despite a strong adversary.
ACMTrans. Algorithms , 6(2), Apr. 2010.[10] J. Aspnes and M. Herlihy. Fast randomized consensus using shared memory.
J. Algorithms ,11(3):441–461, Sept. 1990.[11] J. Aspnes and O. Waarts. Randomized consensus in expected O ( n (log n ) ) operations per processor. In Annual Symposium on Foundations of Computer Science , volume 33, pages 137–137, 1992.[12] H. Attiya, A. Bar-Noy, and D. Dolev. Sharing memory robustly in message-passing systems.
J. ACM ,42(1), Jan. 1995.[13] H. Attiya and K. Censor. Tight bounds for asynchronous randomized consensus.
J. ACM , 55(5), Nov.2008.[14] H. Attiya and C. Enea. Putting Strong Linearizability in Context: Preserving Hyperproperties inPrograms That Use Concurrent Objects. In ,pages 2:1–2:17, 2019.[15] G. Bracha and O. Rachman. Randomized consensus in expected O ( n log n ) operations. In InternationalWorkshop on Distributed Algorithms , pages 143–150, 1991.[16] T. D. Chandra. Polylog randomized wait-free consensus. In
Proceedings of the fifteenth annual ACMsymposium on Principles of distributed computing , pages 166–175, 1996.[17] O. Denysyuk and P. Woelfel. Wait-freedom is harder than lock-freedom under strong linearizability. In , pages 60–74, 2015.[18] M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed consensus with one faultyprocess.
J. ACM , 32(2), Apr. 1985.[19] W. Golab, L. Higham, and P. Woelfel. Linearizable implementations do not suffice for randomizeddistributed computation. In
Proceedings of the Forty-Third Annual ACM Symposium on Theory ofComputing , page 373–382, 2011.[20] V. Hadzilacos, X. Hu, and S. Toueg. On atomic registers and randomized consensus in M&M systems,2020.[21] V. Hadzilacos, X. Hu, and S. Toueg. Randomized consensus with regular registers, 2020.[22] M. Helmi, L. Higham, and P. Woelfel. Strongly linearizable implementations: Possibilities and impos-sibilities. In
Proceedings of the 2012 ACM Symposium on Principles of Distributed Computing , page385–394, 2012.[23] M. Herlihy. Wait-free synchronization.
ACM Trans. Program. Lang. Syst. , 13(1):124–149, Jan. 1991.[24] M. P. Herlihy and J. M. Wing. Linearizability: A correctness condition for concurrent objects.
ACMTrans. Program. Lang. Syst. , 12(3):463–492, July 1990.[25] L. Lamport. On interprocess communication Parts I–II.
Distributed Computing , 1(2):77–101, May 1986.[26] M. Li, J. Tromp, and P. M. B. Vitányi. How to share concurrent wait-free variables.
J. ACM , 43(4),July 1996. 15 ppendix A Proof of Theorem 7
We now prove Theorem 7 in Section 3.2, namely, if registers R , R , and C are write strongly-linearizable,Algorithm 1 terminates with probability 1 even against a strong adversary. To prove this, we first show fourlemmas (Lemmas 15–18) about some safety properties of Algorithm 1. Specifically, Lemma 16 and 17 statethat processes p and p on one side, and processes p , p , . . . , p n − on the other side, remain within oneround of each other. Lemma 15 and 18 state that the non- ⊥ values that p , p , . . . , p n − read from registers R and C in any round j were also written in round j .To prove that Lemmas 15-18 hold, we rely on our assumption that registers R , R , and C are lineariz-able [24]. So in the following proofs, we refer to the linearization times of the read and write operations thatare applied on these registers. For example, when we say “a process p writes a value v into R at time t ”, wemean that this write of R “took effect” at time t , in other words, this write operation is linearized at time t (where t is within the time interval of the operation).In the following lemmas, we say that a process “enters round r ≥ ” if it executes line 1 or 17 with j = r . Lemma 15.
For all j ≥ , if p i ∈ { p , p , . . . , p n − } reaches line 31 in round j , then p i previously read both [ b, j ] and [1 − b, j ] for some b ∈ { , } from register R in lines 21 and 22 in round j .Proof. Suppose p i ∈ { p , p , . . . , p n − } reaches line 31 in a round j ≥ . Since p i reaches line 31 in round j , p i did not exit in lines 25 and 28 in round j . So p i found the condition of lines 24 and 27 to be false in round j . Thus, p i found that c (cid:54) = ⊥ and ( u = [ c, j ] and u = [1 − c, j ] ) in lines 24 and 27 in round j . Note that: (i) u and u contain the values that p i read from register R in lines 21 and 22 in round j , and (ii) c containsthe value that p i read from register C in lines 23 in round j ; since c (cid:54) = ⊥ and the only non- ⊥ values writtenin C are or , c = b ∈ { , } . Thus, p i read [ b, j ] and [1 − b, j ] for b ∈ { , } from register R in lines 21and 22 in round j . Lemma 16.
For all j ≥ , if p i ∈ { p , p , . . . , p n − } reaches line 31 in round j , then p and p previouslyentered round j .Proof. Suppose p i ∈ { p , p , . . . , p n − } reaches line 31 in round j . By Lemma 15, p i previously read both [ b, j ] and [1 − b, j ] for some b ∈ { , } from register R in lines 21 and 22 in round j . So both [0 , j ] and [1 , j ] were previously written into R . Since p and p are the only processes that write [0 , j ] and [1 , j ] , and theyonly do so in (line 3 of) round j , we conclude that p and p previously entered round j . Lemma 17.
For all j ≥ , if p or p enters round j + 1 , then every p i ∈ { p , p , . . . , p n − } previouslyreached line 37 in round j .Proof. To prove this part, we show the slightly stronger claim that if p or p enters round j + 1 at sometime t , then every p i ∈ { p , p , . . . , p n − } writes R in line 34 in round j before time t . The proof is byinduction on j . • base case: Let j = 1 . Suppose that a process p ∈ { p , p } enters round j + 1 = 2 at some time t . Wemust show that p i writes R in line 34 in round j = 1 before time t . Claim 17.1
Up to and including time t , no process in { p , p , . . . , p n − } writes R in line 34 in anyround r ≥ .Proof. Suppose, for contradiction, that some process p (cid:48) ∈ { p , p , . . . , p n − } writes R in line 34 in around r ≥ at some time ˆ t ≤ t . So p (cid:48) reaches line 31 in round at some time ˆ t (cid:48) < ˆ t ≤ t , i.e., p (cid:48) reaches line 31 in round before p ∈ { p , p } enters round — a contradiction to Lemma 16.Note that before p enters round at time t , p does the following in round : it writes into R in line 10at some time t , it reads R into v in line 11 at some time t , and then it finds that v ≥ n − in line 12(because p does not exit in line 13); clearly, t < t < t . Thus, some process p j ∈ { p , p , . . . , p n − } musthave written a value u ≥ n − into R in line 34 at some time t (cid:48) ∈ [ t , t ] in some round r . Since t (cid:48) ≤ t < t ,by Claim 17.1, r ≤ . So p j writes u ≥ n − into R in line 34 in round at time t (cid:48) ∈ [ t , t ] (*). Claim 17.2
If a process in { p , p , . . . , p n − } writes k ≥ into R in line 34 in round at some time ˆ t ≤ t ,then at least k distinct processes in { p , p , . . . , p n − } write R in line 34 in round by time ˆ t . roof. The proof is by induction on k .• Base Case:
For k = 1 the claim trivially holds.• Induction Step:
Let k ≥ . Induction Hypothesis ( § ): if a process in { p , p , . . . , p n − } writes k into R in line 34 in round at some time ˆ t ≤ t , then at least k distinct processes in { p , p , . . . , p n − } write R in line 34 in round by time ˆ t .Suppose that a process p (cid:96) ∈ { p , p , . . . , p n − } writes k + 1 into R in line 34 in round at some time t k +1 w ≤ t , we must show that at least k + 1 distinct processes in { p , p , . . . , p n − } write R in line 34in round by time t k +1 w .Since p (cid:96) writes k + 1 into R in line 34 in round at time t k +1 w ≤ t :1. p (cid:96) writes into R in line 31 in round at some time t w , and2. p (cid:96) reads k from R in line 32 in round at some time t kr , such that t w < t kr < t k +1 w ≤ t < t .Thus, some process p ∗ ∈ { p , p , . . . , p n − } must have written k into R in line 34 at some time t ∗ ∈ [ t w , t kr ] in some round r . Since t ∗ < t , by Claim 17.1, r = 1 . So p ∗ writes k into R inline 34 in round at time t ∗ ∈ [ t w , t kr ] . Since t ∗ ≤ t kr < t , by the Induction Hypothesis ( § ), atleast k distinct processes in { p , p , . . . , p n − } write R in line 34 in round by time t ∗ . Recall that p (cid:96) ∈ { p , p , . . . , p n − } also writes R in line 34 in round at time t k +1 w . Thus, since each processin { p , p , . . . , p n − } writes R in line 34 in round at most once , at least k + 1 distinct processes in { p , p , . . . , p n − } write R in line 34 in round by time t k +1 w .Recall that by (*), p j writes u ≥ n − into R in line 34 in round at time t (cid:48) ∈ [ t , t ] . Since t (cid:48) ≤ t , byClaim 17.2, at least n − distinct processes in { p , p , . . . , p n − } write R in line 34 in round by time t (cid:48) .Thus every process in { p , p , . . . , p n − } writes R in line 34 in round by time t (cid:48) . Since t (cid:48) ≤ t < t , every p i ∈ { p , p , . . . , p n − } writes R in line 34 in round before time t . • Induction Step:
Let j ≥ . Induction Hypothesis ( (cid:63) ): for all r , ≤ r ≤ j , if p or p enters round r + 1 at some time t , then p i writes R in line 34 in round r before time t .Suppose that a process p ∈ { p , p } enters round j + 2 at some time t . We must show that p i writes R inline 34 in round j + 1 before time t . Claim 17.3
Up to and including time t , no process in { p , p , . . . , p n − } writes R in line 34 in any round r ≥ j + 2 .Proof. Suppose, for contradiction, that some process p (cid:48) ∈ { p , p , . . . , p n − } writes R in line 34 in around r ≥ j + 2 at some time ˆ t ≤ t . So p (cid:48) reaches line 31 in round j + 2 at some time ˆ t (cid:48) < ˆ t ≤ t ,i.e., p (cid:48) reaches line 31 in round j + 2 before p ∈ { p , p } enters round — a contradiction to Lemma 16.Note that before p enters round j + 2 at time t , p does the following in round j + 1 : it writes into R in line 10 at some time t , it reads R into v in line 11 at some time t , and then it finds that v ≥ n − inline 12 (because p does not exit in line 13); clearly, t < t < t . Thus, some process p j ∈ { p , p , . . . , p n − } must have written a value u ≥ n − into R in line 34 at some time t (cid:48) ∈ [ t , t ] in some round r . Since t (cid:48) ≤ t < t , by Claim 17.3, r ≤ j + 1 . Claim 17.4 r = j + 1 .Proof. Suppose, for contradiction, r ≤ j . Thus p j writes R in line 34 in round r ≤ j at time t (cid:48) ∈ [ t , t ] ,i.e., after the time t when p writes into R in line 10 in round j + 1 . So p j writes R in line 34 in round r ≤ j after p ∈ { p , p } enters round r + 1 ≤ j + 1 — a contradiction to our Induction Hypothesis ( (cid:63) ).From Claim 17.4: p j writes u ≥ n − into R in line 34 in round j + 1 at time t (cid:48) ∈ [ t , t ] ( † ). Claim 17.5
If a process in { p , p , . . . , p n − } writes k ≥ into R in line 34 in round j + 1 at some time ˆ t ≤ t , then at least k distinct processes in { p , p , . . . , p n − } write R in line 34 in round j + 1 by time ˆ t . roof. The proof is by induction on k .• Base Case:
For k = 1 the claim trivially holds.• Induction Step:
Let k ≥ . Induction Hypothesis ( §§ ): if a process in { p , p , . . . , p n − } writes k into R in line 34 in round j + 1 at some time ˆ t ≤ t , then at least k distinct processes in { p , p , . . . , p n − } write R in line 34 in round j + 1 by time ˆ t .Suppose that a process p (cid:96) ∈ { p , p , . . . , p n − } writes k + 1 into R in line 34 in round j + 1 at sometime t k +1 w ≤ t , we must show that least k + 1 distinct processes in { p , p , . . . , p n − } write R in line 34in round j + 1 by time t k +1 w .Since p (cid:96) writes k + 1 into R in line 34 in round j + 1 at some time t k +1 w ≤ t :1. p (cid:96) writes into R in line 31 in round j + 1 at some time t w , and2. p (cid:96) reads k from R in line 32 in round j + 1 at some time t kr , such that t w < t kr < t k +1 w ≤ t < t .Thus, some process p ∗ ∈ { p , p , . . . , p n − } must have written k into R in line 34 at some time t ∗ ∈ [ t w , t kr ] in some round r . Since t ∗ < t , by Claim 17.3, r ≤ j + 1 . Claim 17.5.1 r = j + 1 .Proof. Suppose, for contradiction, that r ≤ j . Since p j reaches line 31 in round j + 1 at time t w , byLemma 16, both p and p entered round j + 1 before time t w . So p and p enter round r + 1 ≤ j + 1 before p ∗ writes R in line 34 in round r ≤ j (at time t ∗ ) — a contradiction to our InductionHypothesis ( (cid:63) ).From Claim 17.5.1, p ∗ writes k into R in line 34 in round j + 1 at time t ∗ ∈ [ t w , t kr ] . Since t ∗ ≤ t kr < t ,by the Induction Hypothesis ( §§ ), at least k distinct processes in { p , p , . . . , p n − } write R in line 34in round j + 1 by time t ∗ . Recall that p (cid:96) ∈ { p , p , . . . , p n − } also writes R in line 34 in round j + 1 at time t k +1 w . Thus, since each process in { p , p , . . . , p n − } writes R in line 34 in round j + 1 atmost once , at least k + 1 distinct processes in { p , p , . . . , p n − } write R in line 34 in round j + 1 bytime t k +1 w .Recall that by ( † ), p j writes u ≥ n − into R in line 34 in round j + 1 at time t (cid:48) ∈ [ t , t ] . Since t (cid:48) ≤ t , byClaim 17.5, at least n − distinct processes in { p , p , . . . , p n − } write R in line 34 in round j + 1 by time t (cid:48) . Thus every process in { p , p , . . . , p n − } writes R in line 34 in round j + 1 by time t (cid:48) . Since t (cid:48) ≤ t < t ,every p i ∈ { p , p , . . . , p n − } writes R in line 34 in round j + 1 before time t . Lemma 18.
For all j ≥ , if p i ∈ { p , p , . . . , p n − } reaches line 27 in round j , then in that line p i has c = b such that b ∈ { , } and p wrote b into register C in line 7 in round j .Proof. Suppose that some p i ∈ { p , p , . . . , p n − } reaches line 27 in round j ≥ . We must show that p i has c = b for some b ∈ { , } in line 27 in round j ≥ , and p wrote b into C in line 7 in round j .Since p i reaches line 27 in round j , in each round k , ≤ k ≤ j , the following occurs:1. p i first writes ⊥ into register C in line 20, then2. p i reads some value b k from C into c in line 23.Note that b k (cid:54) = ⊥ , because otherwise p i would exit in line 25 (by the condition of line 24) in round k before reaching line 27 in round j . Moreover, since b k (cid:54) = ⊥ and p is the only process that writes non- ⊥ values (namely, or ) into C , b k must be a value in { , } that p wrote into C (in line 7). Therefore: ineach round k , ≤ k ≤ j , p i writes ⊥ into C at some time t k , and at some time t (cid:48) k > t k , p i reads from C avalue b k ∈ { , } written by p into C at some time in [ t k , t (cid:48) k ] (*).18ince p writes a value into C only once in each round, (*) implies that the value b j that p i reads from C in round j was written by p into C in some round r ≥ j (**).Let t be the time p i reads b j from C in round j (in line 23). At time t , p i has not yet reached line 34 inround j . Thus, from Lemma 17, process p has not entered round j + 1 by time t . So, by time t , process p has not written any value into register C in any round (cid:96) ≥ j + 1 . Therefore, by (**), the value b j that p i reads from C into c in line 23 in round j at time t was written by p into C in round r = j . We concludethat p i has c = b j for b j ∈ { , } in line 27 in round j , and p wrote b j into C in line 7 in round j .We now prove that if registers R , R , and C are write strongly-linearizable, then Algorithm 1 terminateswith probability 1 even against a strong adversary (Theorem 7). Intuitively, this is because if R , R , and C are write strongly-linearizable, then the order in which [0 , j ] and [1 , j ] are written into R in line 3 in round j is already fixed before the adversary S can see the result of the coin flip in line 6 in round j . So for every round j ≥ , the adversary can not “retroactively” decide on this linearization order of write operations accordingto the coin flip result (like it did when R was merely linearizable) to ensure that processes p , p , ..., p n − do not exit by the condition of line 27. Thus, with probability 1/2, all these processes will exit in line 28.And if they all exit there, then no process will increment register R in lines 32-34, and so p and p willalso exit.The proof of Theorem 7 is based on the following: Lemma 19.
For all rounds j ≥ , with probability at least / , no process enters round j + 1 .Proof. Consider any round j ≥ . There are two cases:(I) Process p does not complete its write of [0 , j ] into register R in line 3 in round j . Thus, p does not invoke the write of any value into C in line 7 in round j (*). Claim 19.1
No process enters round j + 1 .Proof. We first show that no process in { p , p , . . . , p n − } reaches line 34 in round j . To see why,suppose, for contradiction, some process p i with i ∈ { , , ..., n − } reaches line 34 in round j . ByLemma 18, in that line p i has c = b ∈ { , } such that p invoked the write of b into C in line 7 inround j — a contradiction to (*).Thus no process in { p , p , . . . , p n − } reaches line 34 in round j . By Lemma 17, neither p nor p enters round j + 1 .(II) Process p completes its write of [0 , j ] into register R in line 3 in round j .Claim 19.2 With probability at least 1/2, no process enters round j + 1 .Proof. Consider the set of histories H of Algorithm 1; this is a set of histories over the registers R , R , C .Since these registers are write strongly-linearizable, by Lemma 4.8 of [19], H is write strongly-linearizable,i.e., it has at least one write strong-linearization function that satisfies properties (L) and (P) of Defi-nition 4. Let f be the write strong-linearization function that the adversary S uses.Let g be an arbitrary history of the algorithm up to and including the completion of the write of [0 , j ] into R by p in line 3 in round j . Since p completes its write of [0 , j ] into R in g , this write operationappears in the write strong-linearization f ( g ) . Now there are two cases:• Case A : In f ( g ) , the write of [1 , j ] into R by p in line 3 in round j occurs before the write of [0 , j ] into R by p in line 3 in round j .Since f is a write strong-linearization function, for every extension h of the history g (i.e., forevery history h such that g is a prefix of h ), the write of [1 , j ] into R occurs before the write of [0 , j ] into R in the linearization f ( h ) (note that for all j ≥ , each of [1 , j ] and [0 , j ] is written at most once in R , so it appears at most once in h and f ( h ) ). Thus, in g and every extension h of g , no process can first read [0 , j ] from R and then read [1 , j ] from R ( (cid:63) ).19et P be the subset of processes in { p , p , . . . , p n − } that evaluate the condition ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) in line 27 in round j . Note that for each process p i in P , u and u are the valuesthat p i read from R consecutively in lines 21 and 22 in round j . By ( (cid:63) ), p i cannot first read u = [0 , j ] and then read u = [1 , j ] from R . Thus, no process p i in P can have both u = [0 , j ] and u = [1 , j ] in line 27 in round j ( (cid:63)(cid:63) ).Let P (cid:48) ⊆ P be the subset of processes in P that have c = 0 in line 27 in round j . Claim 19.2.1 (a) No process in P (cid:48) reaches line 34 in round j .(b) If P (cid:48) = P then neither p nor p enters round j + 1 .Proof. To see why Part (a) holds, note that no process p i in P (cid:48) can find the condition ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) in line 27 in round j to be false: otherwise p i would have both u = [ c, j ] = [0 , j ] and u = [1 − c, j ] = [1 , j ] in that line, but this is not possible by ( (cid:63)(cid:63) ). Thus, no process in P (cid:48) reaches line 34 in round j (it would exit in line 28 before reaching that line).To see why Part (b) holds, suppose P (cid:48) = P and consider any process p i in { p , p , . . . , p n − } . If p i (cid:54)∈ P then p i never evaluates the condition in line 27 in round j ; and if p i ∈ P , then p i ∈ P (cid:48) ,and so from Part (a), p i does not reach line 34 in round j . So in both cases , p i does not reachline 34 in round j . Thus, by Lemma 17, neither p nor p enters round j + 1 .Now recall that g is the history of the algorithm up to and including the completion of the writeof [0 , j ] into R by p in line 3 in round j . After the completion of this write, i.e., in any extension h of g , p is supposed to flip a coin and write the result into C in line 7 in round j . Thus, withprobability at least / , p will not invoke the operation to write into C in line 7 in round j .So, from Lemma 18, with probability at least / , every process in P has c = 0 in line 27 inround j ; this means that with probability at least / , P (cid:48) = P . Therefore, from Claim 19.2.1,with probability at least / :(a) No process in P reaches line 34 in round j .(b) Neither p nor p enters round j + 1 .This implies that in Case A, with probability at least / , no process enters round j + 1 .• Case B : In f ( g ) , the write of [1 , j ] into R by p in line 3 in round j does not occur before thewrite of [0 , j ] into R by p in line 3 in round j . This case is essentially symmetric to the one forCase A, we include it below for completeness.Since f is a write strong-linearization function, for every extension h of the history g , the writeof [1 , j ] into R does not occur before the write of [0 , j ] into R in the linearization f ( h ) . Thus,in g and every extension h of g , no process can first read [1 , j ] from R and then read [0 , j ] from R ( † ).Let P be the subset of processes in { p , p , . . . , p n − } that evaluate the condition ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) in line 27 in round j . Note that for each process p i in P , u and u are the valuesthat p i read from R consecutively in lines 21 and 22 in round j . By ( † ), p i cannot first read u = [1 , j ] and then read u = [0 , j ] from R . Thus, no process p i in P can have both u = [1 , j ] and u = [0 , j ] in line 27 in round j ( †† ).Let P (cid:48) ⊆ P be the subset of processes in P that have c = 1 in line 27 in round j . Claim 19.2.2 (a) No process in P (cid:48) reaches line 34 in round j .(b) If P (cid:48) = P then neither p nor p enters round j + 1 .Proof. To see why (a) holds, note that no process p i in P (cid:48) can find the condition ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) in line 27 in round j to be false: otherwise p i would have both u = [ c, j ] = [1 , j ] and u = [1 − c, j ] = [0 , j ] in that line, but this is not possible by ( †† ). Thus, no process in P (cid:48) reaches line 34 in round j (it would exit in line 28 before reaching that line).To see why (b) holds, suppose P (cid:48) = P and consider any process p i in { p , p , . . . , p n − } . If p i (cid:54)∈ P then p i never evaluates the condition in line 27 in round j ; and if p i ∈ P , then p i ∈ P (cid:48) , and so20rom (a), p i does not reach line 34 in round j . So in both cases , p i does not reach line 34 in round j . Thus, by Lemma 17, neither p nor p enters round j + 1 .Now recall that g is the history of the algorithm up to and including the completion of the writeof [0 , j ] into R by p in line 3 in round j . After the completion of this write, i.e., in any extension h of g , p is supposed to flip a coin and write the result into C in line 7 in round j . Thus, withprobability at least / , p will not invoke the operation to write into C in line 7 in round j .So, from Lemma 18, with probability at least / , every process in P has c = 1 in line 27 inround j ; this means that with probability at least / , P (cid:48) = P . Therefore, from Claim 19.2.2,with probability at least / :(a) No process in P reaches line 34 in round j .(b) Neither p nor p enters round j + 1 .This implies that in Case B, with probability at least / , no process enters round j + 1 .So in both Cases A and B, with probability at least 1/2, no process enters round j + 1 .Therefore, from Claims 19.1 and 19.2 of Cases (I) and (II), with probability at least / , no process entersround j + 1 .We can now complete the proof of Theorem 7, namely, that with write strongly-linearizable registers, Algo-rithm 1 terminates with probability 1 even against a strong adversary. Theorem 7.
If registers R , R , and C are write strongly-linearizable, then Algorithm 1 terminates withprobability 1 against a strong adversary.Proof. Consider any round j ≥ . By Lemma 19, with probability at least / , no process enters round j + 1 . Since this holds for every round j ≥ , then, with probability 1, all the correct processes return inlines 16 or line 36 within a finite number of rounds r . Appendix B Bounding the registers of Algorithm 1
We now explain how to obtain our result of Section 3, namely Theorems 6–7, with bounded shared registers.Note that Algorithm 1 that we used to obtain our results uses three shared MWMR registers, and only oneof them, namely register R , is unbounded. Specifically, R is unbounded because each process p i , i ∈ { , } ,writes a tuple [ i, j ] into R in rounds j = 1 , , . . . . As we show below, however, it is sufficient for R tocontain only the values , , or ⊥ . To achieve this, we modify Algorithm 1 as follows:• Each process p i , i ∈ { , } , writes i (instead of the tuple [ i, j ] ) into R in line 3.• The guard ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) is replaced by the guard ( u (cid:54) = c or u (cid:54) = 1 − c ) in line 27.To understand why the above changes do not affect the behaviour of the algorithm (i.e., why Algorithm 1and the modified algorithm have exactly the same runs), consider how the tuples [ i, j ] written into R areactually used in Algorithm 1. In each round j ≥ , each process p ∈ { p , p , . . . , p n − } reads R twice (inlines 21 and in line 22, respectively), and then it checks the two values u and u that it read in line 24 andin line 27. Specifically:1. In line 24, p checks whether u or u is ⊥ .Note that p has u = [ i, j ] ( (cid:54) = ⊥ ) in line 24 in Algorithm 1 if and only if p has u = i ( (cid:54) = ⊥ ) in line 24in the modified algorithm. The same holds for u in line 24.Thus, the guard ( u = ⊥ or u = ⊥ or c = ⊥ ) in line 24 has the same effect in the modified algorithmas in Algorithm 1. 21. In line 27, p checks whether ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) for some specific value c .Lemma 20 (proven below) states that when p reaches line 27 in round j and is poised to check whether( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ), it must be the case that u = [ − , j ] and u = [ − , j ] . So checkingwhether the second component of the two tuples is j or not is useless. Thus, the guard ( u (cid:54) = [ c, j ] or u (cid:54) = [1 − c, j ] ) in Algorithm 1 has the same effect as the guard ( u (cid:54) = c or u (cid:54) = 1 − c ) in the modifiedalgorithm.So to show that the modified algorithm behaves exactly as Algorithm 1, it now is sufficient to prove: Lemma 20.
For all j ≥ , if p i ∈ { p , p , . . . , p n − } reaches line 27 in round j , then in that line p i has u = [ − , j ] and u = [ − , j ] .Proof. Suppose that some p i ∈ { p , p , . . . , p n − } reaches line 27 in round j ≥ . We must show that p i has u = [ − , j ] and u = [ − , j ] in line 27 in round j .Since p i reaches line 27 in round j , u (cid:54) = ⊥ and u (cid:54) = ⊥ in that line, because otherwise p would haveexited in line 25 (by the condition of line 24) before reaching line 27 in round j . Note that u and u containthe values that p i reads from R in lines 21 and 22 in round j , after it wrote ⊥ into R in line 19 in round j .So in line 27 in round j of p i , each of u and u contains a non- ⊥ value that some process in { p , p } wroteinto R (in line 3) between the time t w when p i wrote ⊥ into R in line 19 in round j and the time t r when p i read R in line 22 in round j (*). Let p b be any process in { p , p } that writes R (in line 3) at any timein [ t w , t r ] . Note that p b does this write before p i reaches line 34 in a round j . Thus, by Lemma 17, p b doesthis write in a round r ≤ j . So this is a write of [ b, r ] with r ≤ j and b ∈ { , } into R . Thus, from (*), p i has u = [ b , r ] and u = [ b , r ] with ≤ r , r ≤ j and b , b ∈ { , } in line 27 in round j (**). Claim 20.1 r = r = j Proof.
Recall that ≤ r , r ≤ j . If j = 1 , it follows that r = r = j = 1 . Now assume that j ≥ . Suppose,for contradiction, that r (cid:54) = j or r (cid:54) = j , and so ≤ r ≤ j − or ≤ r ≤ j − . Without loss of generality,say that ≤ r ≤ j − . By (**), p i has u = [ b , r ] with b ∈ { , } in line 27 in round j . So p i read [ b , r ] from R in lines 21 in round j , and p i did so after writing ⊥ into R in line 19 in round j . Note that before p i wrote ⊥ into R in line 19 in round j , the following occurred: (i) p i reached line 32 in round r ≤ j − ;and so by Lemma 15, (ii) p i read the value [ b , r ] from R in round r ≤ j − . From the code of processes { p , p } it is clear that [ b , r ] is written only once into R (specifically, by process p b in round r ). Thus,since p i read [ b , r ] from R in round r ≤ j − before process p i writes ⊥ into R in line 19 in round j , itcan not read [ b , r ] again from R in lines 21 in round j — a contradiction.From Claim 20.1 and (**), process p i has u = [ b , j ] and u = [ b , j ] with b , b ∈ { , } in line 27 inround j . Appendix C Proof of Theorem 10
We now prove Theorem 10 in Section 4, namely, Algorithm is a write strongly-linearizable implementationof a MWMR register from SWMR registers. In the following, we consider an arbitrary history H ∈ H of Algorithm and the history S = f ( H ) constructed by Algorithm on input H . We first show f is alinearization function of H , i.e., S satisfies properties 1–3 of Definition 2. Definition 21.
An operation that starts at time s and completes at time f is active at time t if s ≤ t ≤ f . Definition 22.
Let a and b be two timestamps then: • a < b if and only if a precedes b in lexicographic order. • a ≤ b if and only if a = b or a < b . Observation 23.
Relation ≤ is a total order on the set of timestamps. Notation.
Let w be an operation that writes into V al [ − ] . We denote by ts w the timestamp that w writesinto V al [ − ] . That is, if w writes ( − , ts ) , ts w = ts . bservation 24. The tuples ( v, ts ) and ( v (cid:48) , ts (cid:48) ) written to V al [ − ] by two distinct write operations havedistinct timestamps, i.e., ts (cid:54) = ts (cid:48) . Observation 25.
Consider the execution of a write operation (lines 1–10) by a process p k . During thatexecution, the values of the variable new_ts of p k are non-increasing with time. Observation 26.
If a read operation returns ( v, ts ) (cid:54) = (0 , [0 , . . . , , then there is an operation w that writes ( v, ts ) to V al [ − ] . Lemma 27.
If a read operations r starts after an operation w writes to V al [ − ] and r returns ( − , ts ) , then ts ≥ ts w .Proof. Assume a read operations r starts after an operation w writes to some V al [ k ] and r returns ( − , ts ) .Then r reads V al [ i ] (line 12 of Algorithm ) for every ≤ i ≤ n after w writes ( − , ts w ) to V al [ k ] . Since thetimestamps in each V al [ − ] are monotonically increasing, r reads ( − , ts (cid:48)(cid:48) ) from V al [ k ] for some ts (cid:48) ≥ ts w .Since ts is the largest timestamp that r reads among all V al [ − ] (lines 14–15 of Algorithm ), ts ≥ ts (cid:48) ≥ ts w . Observation 28.
If an operation w writes to V al [ − ] , there is an i ≥ such that w = w i . Observation 29.
If an operation w writes to V al [ − ] , there is a unique j ≥ such that w ∈ B j . Observation 30.
For every write operation w , w ∈ S if and only if there is an i such that w ∈ B i . By Observations 29 and 30, we have:
Corollary 31.
If an operation w writes to V al [ − ] , then w ∈ S . Observation 32.
For any two write operations w and w (cid:48) , if w ∈ B i , w (cid:48) ∈ B j , and i < j , then w is before w (cid:48) in S . Recall that ts iw is the value of new_ts , at time t i , of the process executing the write operation w (seeline 8 of f ). Observation 33.
For all i ≥ , if w i ∈ B i then ts iw i = ts w i . Observation 34.
For all i ≥ , for all operations w ∈ B i , if w (cid:54) = w i then ts iw < ts w i . By Observation 25, we have:
Observation 35.
For all i ≥ , for all operations w ∈ B i that write to V al [ − ] , ts w ≤ ts iw . By Observations 34 and 35, we have:
Observation 36.
For all i ≥ , for all operations w ∈ B i that write to V al [ − ] , ts w ≤ ts w i . Lemma 37.
For all i ≥ , for all operations w that write to V al [ − ] , if w ∈ C i and w / ∈ B i , then ts w > ts w i .Proof. Let i ≥ and assume that an operation w writes to V al [ − ] such that w ∈ C i and w / ∈ B i . By line 9of Algorithm , ts iw > ts iw i . Since by Observation 33 ts iw i = ts w i , ts iw > ts w i (*). There are two cases: Case 1: ts iw contains no ∞ . This implies ts w = ts iw . Thus, by (*), ts w = ts iw > ts w i . Case 2: ts iw contains ∞ . Then there is a k such that for every k ≤ l ≤ n , w reads ( V al [ l ] .ts )[ l ] (lines 3and 5 of Algorithm ) after time t i . Note that w i reads ( V al [ l ] .ts )[ l ] before time t i for every k ≤ l ≤ n , and w i writes ( − , ts w i ) to some V al [ − ] at time t i . Thus, for every k ≤ l ≤ n , since ( V al [ l ] .ts )[ l ] is non-decreasing, ts w [ l ] ≥ ts w i [ l ] ( † ).For every ≤ l ≤ k − , since w reads ( V al [ l ] .ts )[ l ] before time t i , ts w [ l ] = ts iw [ l ] . By (*), ts iw [1 , . . . , k − ≥ ts w i [1 , . . . , k − . So ts w [1 , . . . , k − ≥ ts w i [1 , . . . , k − ( †† ).By ( † ) and ( †† ), ts w ≥ ts w i . Since w / ∈ B i , w (cid:54) = w i . By Observation 24, ts w (cid:54) = ts w i . Thus, ts w > ts w i . Lemma 38.
For all j > i ≥ , if w ∈ B i , w (cid:48) ∈ B j , and w and w (cid:48) both write to V al [ − ] , then ts w (cid:48) > ts w . roof. Assume j > i ≥ , w ∈ B i , w (cid:48) ∈ B j , and w and w (cid:48) both write to V al [ − ] . Claim 38.1 ts w (cid:48) > ts w i .Proof. Since w (cid:48) ∈ B j and j > i , w (cid:48) / ∈ B i and w (cid:48) / ∈ W S i . There are two cases: Case 1 : w (cid:48) ∈ C i . Since w (cid:48) ∈ C i and w (cid:48) / ∈ B i , by Lemma 37, ts w (cid:48) > ts w i . Case 2 : w (cid:48) / ∈ C i . By lines 10 and 13 of Algorithm , W S i − is a prefix of W S i . Since w (cid:48) / ∈ W S i , w (cid:48) / ∈ W S i − . Since w (cid:48) / ∈ C i , by line 7 of Algorithm , w (cid:48) is not active at time t i . Since w (cid:48) ∈ B j ⊆ C j , byline 7 of Algorithm , w (cid:48) is active at time t j . Since i < j , t i < t j . So w (cid:48) starts after t i and w (cid:48) reads all ( V al [ − ] .ts )[ − ] (lines 1–7 of Algorithm ) after t i . Note that w i reads ( V al [ l ] .ts )[ l ] before time t i for every ≤ l ≤ n , and w i writes ( − , ts w i ) to some V al [ − ] at time t i . Thus, for every ≤ l ≤ n , since ( V al [ l ] .ts )[ l ] is non-decreasing, ts w (cid:48) [ l ] ≥ ts w i [ l ] . So ts w (cid:48) ≥ ts w i . Since w (cid:48) / ∈ B i , w (cid:48) (cid:54) = w i . By Observation 24, ts w (cid:48) (cid:54) = ts w i and so ts w (cid:48) > ts w i .Therefore in both cases, ts w (cid:48) > ts w i .Since w ∈ B i , by Observation 36, ts w ≤ ts w i . By Claim 38.1, ts w (cid:48) > ts w i ≥ ts w (cid:48) .We now show that for every two operations o and o , if o completes before o starts in H and o , o ∈ S ,then o is before o in S . Lemma 39.
If a write operation w completes before a write operation w (cid:48) starts and w, w (cid:48) ∈ S , then w isbefore w (cid:48) in S .Proof. Assume a write operation w completes before a write operation w (cid:48) starts and w, w (cid:48) ∈ S . By Obser-vation 30, there are i and j such that w ∈ B i and w (cid:48) ∈ B j . By line 7 of Algorithm , w and w (cid:48) are active attime t i and t j respectively. Since w (cid:48) starts after w completes, t i < t j and so i < j . Thus, by Observation 32, w is before w (cid:48) in S . Lemma 40.
If an operation w writes to V al [ − ] at time t and w ∈ B i for some i ≥ , then t i ≤ t .Proof. Assume, for contradiction, an operation w writes to V al [ − ] at time t , w ∈ B i for some i ≥ , and t i > t . By Observation 28, there is a k ≥ such that w = w k and t = t k . By lines 6–10 of Algorithm (the k th iteration of the for loop), w k ∈ W S k . Since t i > t = t k , k ≤ i − . By lines 10 and 13 of Algorithm , W S k is a prefix of W S i − . Since w k ∈ W S k , w k ∈ W S i − . Thus, by line 7 of Algorithm , w k / ∈ C i and so w k / ∈ B i . Since w k = w , this contradicts that w ∈ B i . Lemma 41.
If a read operation r completes before a write operation w starts and r, w ∈ S , then r is before w in S .Proof. Assume a read operation r completes before a write operation w starts and r, w ∈ S . Let ( − , ts ) denote the value that r returns. Case 1 : ts = [0 , . . . , . By lines 25–26 of Algorithm , r is before all the write operations in S . Thus, r is before w in S . Case 2 : ts (cid:54) = [0 , . . . , . By Observation 26, an operation w (cid:48) writes ( − , ts ) to V al [ − ] and by Corollary 31, w (cid:48) ∈ S . By lines 28–29 of Algorithm , r is after w (cid:48) and before any subsequent write in S . So to show r isbefore w in S , it is sufficient to show that w (cid:48) is before w in S . Claim 41.1 w (cid:48) is before w in S .Proof. Since w (cid:48) , w ∈ S , by Observation 30, there are i and j such that w (cid:48) ∈ B i and w ∈ B j . Let t (cid:48) be thetime when w (cid:48) writes ( − , ts ) to V al [ − ] . Since w (cid:48) ∈ B i , by Lemma 40, t i ≤ t (cid:48) . Since r returns ( − , ts ) , r reads ( − , ts ) from V al [ − ] and so r completes after t (cid:48) ≥ t i . Since w starts after r completes, w starts after time t i . Since w ∈ B j ⊆ C j , by line 7 of Algorithm , w is active at time t j . Thus, t i < t j and so i < j . ByObservation 32, w (cid:48) is before w in S .Therefore, in both cases 1 and 2, r is before w in S . Lemma 42.
If a write operation w writes to V al [ − ] before a read operation r starts and w, r ∈ S , then w is before r in S . roof. Assume a write operation w writes to V al [ − ] before a read operation r starts and w, r ∈ S . Let ( − , ts ) denote the value that r returns. By Lemma 27, ts ≥ ts w and so ts (cid:54) = [0 . . . . By Observation 26, anoperation w (cid:48) writes ( − , ts ) to V al [ − ] and by Corollary 31, w (cid:48) ∈ S . By lines 28–29 of Algorithm , r is after w (cid:48) in S . Since ts ≥ ts w , there are two cases: Case 1: ts = ts w . By Observation 24, w = w (cid:48) . So r is after w = w (cid:48) in S . Case 2: ts > ts w . Since r is after w (cid:48) in S , to show w is before r in S , it is sufficient to show that w isbefore w (cid:48) in S . Claim 42.1 w is before w (cid:48) in S .Proof. Since w, w (cid:48) ∈ S , by Observation 30, there are i and j such that w ∈ B i and w (cid:48) ∈ B j . Case (a) : i (cid:54) = j . Since w ∈ B i , w (cid:48) ∈ B j , i (cid:54) = j , and ts > ts w , by Lemma 38, j > i (otherwise ts < ts w ).Thus, by Observation 32, w is before w (cid:48) in S . Case (b) : i = j . Then w, w (cid:48) ∈ B i . Claim 42.1.1 w (cid:48) = w i .Proof. Since w ∈ B i ⊆ C i , by line 7 of Algorithm , w is active at time t i . Since r starts after w completes, r starts after t i . Then by Lemma 27 ts ≥ ts w i . Since w (cid:48) ∈ B i , by Observation 36, ts ≤ ts w i . Thus, ts = ts w i and by Observation 24, w (cid:48) = w i .Since ts (cid:54) = ts w , w (cid:48) (cid:54) = w . Thus, w (cid:54) = w i . Since w ∈ B i , by line 10 of Algorithm , w is before w i = w (cid:48) in S .Thus, in both cases (a) and (b), w is before w (cid:48) in S .Therefore, in both cases 1 and 2, w is before r in S .Note that a completed write operation w writes to V al [ − ] before it completes. Thus, Lemma 42 imme-diately implies the following: Corollary 43.
If a write operation w completes before a read operation r starts and w, r ∈ S , then w isbefore r in S . Lemma 44.
If a read operation r completes before a read operation r (cid:48) starts and r, r (cid:48) ∈ S , then r is before r (cid:48) in S .Proof. Assume a read operation r completes before a read operation r (cid:48) starts and r, r (cid:48) ∈ S . Let ( − , ts ) denote the value that r returns and ( − , ts (cid:48) ) denote the value that r (cid:48) returns. Case A: ts (cid:48) = ts . By lines 23–24 of Algorithm , r and r (cid:48) are in the same sequence S R that is orderedby their start time. Since r (cid:48) starts after r completes, r is before r (cid:48) in S R . By lines 26 and 29, r is before r (cid:48) in S . Case B: ts (cid:48) (cid:54) = ts . Subcase B.1 : ts = [0 , . . . , . By lines 25–26 of Algorithm , r is before all the write operations in S . Since ts (cid:48) (cid:54) = ts , ts (cid:48) (cid:54) = [0 , . . . , . By Observation 26, an operation w (cid:48) writes ( − , ts (cid:48) ) to V al [ − ] and byCorollary 31, w (cid:48) ∈ S . By lines 28–29 of Algorithm , r (cid:48) is after w (cid:48) in S . Since r is before w (cid:48) in S , r is before r (cid:48) in S . Subcase B.2 : ts > [0 , . . . , . By Observation 26, an operation w writes ( − , ts ) to V al [ − ] and byCorollary 31, w ∈ S . Since r reads ( − , ts ) from V al [ − ] and r (cid:48) starts after r completes, r (cid:48) starts after w writes ( − , ts ) to V al [ − ] . By Lemma 27, ts (cid:48) ≥ ts . So ts (cid:48) ≥ ts > [0 , . . . , . By Observation 26, an operation w (cid:48) writes ( − , ts (cid:48) ) to V al [ − ] and by Corollary 31, w (cid:48) ∈ S . Since ts (cid:48) (cid:54) = ts , w (cid:48) (cid:54) = w . By lines 28–29 of Algorithm , r (cid:48) is after w (cid:48) before any subsequent write in S and r is after w before any subsequent write in S . Since r (cid:48) starts after w writes to V al [ − ] , by Lemma 42, w is before r (cid:48) in S . Thus, w is before w (cid:48) in S and so r isbefore w (cid:48) in S . Since r (cid:48) is after w (cid:48) in S , r is before r (cid:48) in S .Therefore, in both cases A and B, r is before r (cid:48) in S .From Lemma 39, Lemma 41, Corollary 43, and Lemma 44, we have the following: Corollary 45.
For every two operations o and o , if o completes before o starts and o , o ∈ S , then o is before o in S . emma 46. S contains all completed operations of H and possibly some non-completed ones.Proof. By Corollary 31, S contains all the completed write operations in H and possibly some non-completedones. Let r be any completed read operation in H . Since r is completed, r returns some value ( − , ts ) . If ts = [0 , ... , by line 26 of Algorithm , r is in S . If ts (cid:54) = [0 , ... , by Observation 26 and Corollary 31, thereis a write operation w in S that writes ( v, ts ) . So by lines 28 and 29 of Algorithm , r is in S . In both cases, S contains the completed read operation r . Thus, S contains all completed operations of H and possiblysome non-completed ones. Observation 47.
For any read operation r in S , if no write precedes r in S , then r returns the initial valueof the register; Otherwise, r returns the value written by the last write that occurs before r in S Lemma 48. f is a linearization function of H .Proof. Recall that: (1) S is the output of Algorithm “executed” on an arbitrary history H ∈ H ofAlgorithm (the implementation on MRMW registers), and (2) Algorithm defines the linearization function f ; in other words, f ( H ) = S . Furthermore, S satisfies properties 1, 2, and 3 of Definition 2, by Lemma 46,Corollary 45, and Observation 47, respectively. Thus, f is a linearization function of H .To prove that f is a write strong-linearization function for the set of histories H of Algorithm , it nowsuffices to show that f also satisfies property (P) of Definition 4, namely: Lemma 49.
For any
G, H ∈ H , if G is a prefix of H , then the sequence of write operations in f ( G ) is aprefix of the sequence of write operations in f ( H ) .Proof. Consider two histories G ∈ H and H ∈ H such that G is a prefix of H . If G = H , the lemma triviallyholds. Henceforth we assume that G is a proper prefix of H , and so G is finite.In the following we use superscripts G and H to distinguish the value of the variables of Algorithm (that defines the linearization function f ) when it is applied to input G or H . For example, W S Gi denotesthe value of W S i of Algorithm on input G , and W S Hi denotes the value of W S i of Algorithm on input H . Let w , w , . . . , w k be the operations that write to V al [ − ] in history G ∈ H . Since G is a prefix of H ,then w , w , . . . , w k are also the first k operations that write to V al [ − ] in history H ∈ H . Furthermore, for ≤ i ≤ k , w i writes to V al [ − ] at the same time in G and H , say at time t i . Claim 49.1
W S Gk = W S Hk .Proof. We use induction to prove that for all ≤ i ≤ k , W S Gi = W S Hi .• Base Case: i = 0 . By line 1 of Algorithm , W S G = W S H = () . The claim holds.• Inductive Step: assume for some ≤ i < k , W S Gi = W S Hi (IH). Case 1 : w i +1 ∈ W S Gi . By (IH), w i +1 ∈ W S Hi . By line 13 of Algorithm , W S Gi +1 = W S Gi and W S Hi +1 = W S Hi . So by (IH), W S Gi +1 = W S Gi = W S Hi = W S Hi +1 . Case 2 : w i +1 / ∈ W S Gi . By (IH), w i +1 / ∈ W S Hi . Since G is a prefix of H , the set of write operationsthat are active at time t i +1 is the same in G and H . So by (IH) and line 7 of Algorithm , C Gi +1 = C Hi +1 .Furthermore, for all w ∈ C Gi +1 = C Hi +1 , ts i ( G ) w = ts i ( H ) w . By line 9 of Algorithm , B Gi +1 = B Hi +1 . So thesequence of operations w ∈ B Gi +1 in increasing order of ts i ( G ) w is equal to the sequence of operations w ∈ B Hi +1 in increasing order of ts i ( H ) w . Thus, by (IH) and line 10 of Algorithm , W S Gi +1 = W S Hi +1 .In both cases, the claim holds.Thus, since W S Hk is a prefix of W S H , W S Gk is a prefix of W S H . Since w k is the last operation thatwrites to V al [ − ] in G , W S G = W S Gk . So W S G is a prefix of W S H . Note that W S G and W S H are thesequences of write operations in f ( G ) and f ( H ) , respectively. So the lemma holds.By Lemmas 48–49, the function f defined by Algorithm is a write strong-linearization function for theset of histories H of Algorithm . Therefore: Theorem 10.
Algorithm is a write strongly-linearizable implementation of a MWMR register from SWMRregisters. ppendix D Proof of Theorem 12 We now prove Theorem 12 in Section 5, namely, Algorithm is a linearizable implementation of a MWMRregister from SWMR registers. Let H be the set of histories of the Algorithm . Consider an arbitraryhistory H ∈ H . We first note that the timestamps of write operations respect the causal order of writeevents (they are Lamport clocks for these events). Lemma 50.
If operations w and w (cid:48) write ( − , ts ) and ( − , ts (cid:48) ) to V al [ − ] , respectively, and w writes to V al [ − ] before w (cid:48) starts, then ts < ts (cid:48) .Proof. Suppose operations w and w (cid:48) write ( − , ts ) and ( − , ts (cid:48) ) to V al [ − ] respectively and w writes to V al [ − ] before w (cid:48) starts. Then w (cid:48) reads all V al [ − ] after w writes ( − , ts ) to V al [ − ] . Since the timestamp in each V al [ − ] are non-decreasing, w (cid:48) reads ( − , ts (cid:48)(cid:48) ) from V al [ − ] for some ts (cid:48)(cid:48) ≥ ts . By lines 5–6 of Algorithm , ts (cid:48) .sq > ts (cid:48)(cid:48) .sq and so ts (cid:48) > ts (cid:48)(cid:48) . So ts ≤ ts (cid:48)(cid:48) < ts (cid:48) . Observation 51.
The tuples ( v, ts ) and ( v (cid:48) , ts (cid:48) ) written to V al [ − ] by two distinct write operations havedistinct timestamps, i.e., ts (cid:54) = ts (cid:48) . Observation 52.
If a read operation r returns ( v, ts ) such that ts.sq (cid:54) = 0 , then there is a unique writeoperation w that writes ( v, ts ) to V al [ − ] . Observation 53.
If a read operation r returns ( − , ts ) such that ts.sq = 0 then ts = (cid:104) , n (cid:105) . Observation 53 implies:
Observation 54.
If a read operation r returns ( − , ts ) and a read operation r (cid:48) returns ( − , ts (cid:48) ) such that ts (cid:48) > ts , then ts (cid:48) .sq > . Definition 55.
Let f be a function that maps the arbitrary history H ∈ H of Algorithm to a sequentialhistory f ( H ) = S such that the following holds:(i) S contains:(a) all the write operations that write to
V al [ − ] (line 6 of Algorithm ) in H , and(b) all the read operations that complete, i.e., return some value ( v, ts ) (line 12 of Algorithm ) in H .(ii) If two write operations w and w (cid:48) write ( − , ts ) and ( − , ts (cid:48) ) to V al [ − ] in H such that ts < ts (cid:48) , then w is before w (cid:48) in S.(iii) If a read operation r returns some ( − , ts ) with ts.sq = 0 in H , then r occurs in S before every writeoperation w in S.(iv) If a read operation r returns some ( − , ts ) with ts.sq (cid:54) = 0 in H , then r occurs in S as follows:(a) after the unique write operation w that writes ( − , ts ) in S (the operation w is well-defined byObservation 52), and(b) before every other subsequent write operation in S.(v) If two read operations r and r (cid:48) read some ( − , ts ) , and r completes before r (cid:48) starts in H , then r occursbefore r (cid:48) in S. We now show that f ( H ) = S satisfies properties 1, 2, and 3 of Definition 2, and so f is a linearizationfunction for the set of histories H of Algorithm . Lemma 56.
S contains all completed operations of H and possibly some non-completed ones.Proof. This follows immediately by (i) of Definition 55 and the fact that every completed write operationwrites to
V al [ − ] (line 6 of Algorithm ) before it completes in H .By Lemma 50 and (ii) of Definition 55, we have: 27 orollary 57. If a write operation w writes to V al [ − ] before a write operation w (cid:48) starts and w, w (cid:48) ∈ S then w is before w (cid:48) in S. Corollary 58.
If a write operation w completes before a write operation w (cid:48) starts and w, w (cid:48) ∈ S, then w isbefore w (cid:48) in S. Lemma 59.
If a read operation r completes before a write operation w starts and r, w ∈ S, then r is before w in S.Proof. Assume a read operation r completes before a write operation w starts and r, w ∈ S . Since w ∈ S ,by (i), w writes some ( − , ts ) to V al [ − ] . Let ( − , ts (cid:48) ) denote the value that r returns. Case 1: ts (cid:48) .sq = 0 . By (iii) of Definition 55, r is before all the write operations in S . So r is before w in S . Case 2: ts (cid:48) .sq (cid:54) = 0 . By (iv) of Definition 55, there is a unique write operation w (cid:48) ∈ S that writes ( − , ts (cid:48) ) to V al [ − ] such that r is after w (cid:48) and before any subsequent write operations in S . Since r reads ( − , ts (cid:48) ) from V al [ − ] and w starts after r completes, w starts after w (cid:48) writes ( − , ts (cid:48) ) to V al [ − ] . By Corollary 57, w (cid:48) is before w in S . So r is before w in S . Lemma 60.
If a write operation w completes before a read operation r starts and w, r ∈ S, then w is before r in S.Proof. Assume a write operation w completes before a read operation r starts and w, r ∈ S . Since w completes, w writes some ( − , ts ) to V al [ − ] . Let ( − , ts (cid:48) ) denote the value that r returns. Since w completesbefore r starts, r reads all V al [ − ] after w writes ( − , ts ) to V al [ − ] . Since the timestamp in each V al [ − ] arenon-decreasing, r reads ( − , ts (cid:48)(cid:48) ) from V al [ − ] for some ts (cid:48)(cid:48) ≥ ts . By line 11 of Algorithm , ts (cid:48)(cid:48) ≤ ts (cid:48) . So ts ≤ ts (cid:48)(cid:48) ≤ ts (cid:48) . Case 1: ts = ts (cid:48) . By Observation 51, r returns the value that w writes. So by (iv) of Definition 55, r isafter w in S . Case 2: ts < ts (cid:48) . By Observation 54, ts (cid:48) .sq > . By (iv) of Definition 55, some write operation w (cid:48) ∈ S writes ( − , ts (cid:48) ) to V al [ − ] and r is after w (cid:48) in S . Since ts < ts (cid:48) , by (ii) of Definition 55, w is before w (cid:48) in S .Since r is after w (cid:48) , w is before r in S . Lemma 61.
If a read operation r completes before a read operation r (cid:48) starts in H and r, r (cid:48) ∈ S, then r isbefore r (cid:48) in S.Proof. Assume a read operation r completes before a read operation r (cid:48) starts in H and r, r (cid:48) ∈ S . Let ( − , ts ) and ( − , ts (cid:48) ) denote the values that r and r (cid:48) return, respectively. Since r completes before r (cid:48) starts, r (cid:48) readsall V al [ − ] after r reads ( − , ts ) from V al [ − ] . Since the timestamps in each V al [ − ] are non-decreasing, r (cid:48) reads ( − , ts (cid:48)(cid:48) ) from V al [ − ] for some ts (cid:48)(cid:48) ≥ ts . By line 11 of Algorithm , ts (cid:48)(cid:48) ≤ ts (cid:48) . So ts ≤ ts (cid:48)(cid:48) ≤ ts (cid:48) . Case 1: ts = ts (cid:48) . Since r completes before r (cid:48) starts, r is before r (cid:48) in S R . So by (v) of Definition 55, r isbefore r (cid:48) in S . Case 2: ts < ts (cid:48) . By Observation 54, ts (cid:48) .sq > . By (iv) of Definition 55, there is a write operation w (cid:48) ∈ S that writes ( − , ts (cid:48) ) to V al [ − ] such that r (cid:48) is after w (cid:48) in S . Subcase 2.1 : ts.sq = 0 . By (iii) of Definition 55, r is before all the write operations in S . Then r isbefore w (cid:48) in S . So r is before r (cid:48) in S . Subcase 2.2 : ts.sq (cid:54) = 0 . By (iv) of Definition 55, some write operation w ∈ S writes ( − , ts ) to V al [ − ] and r is after w and before any subsequent write operations in S . Since ts < ts (cid:48) , by (ii) of Definition 55, w is before w (cid:48) in S . So r is before w (cid:48) in S . Since r (cid:48) is after w (cid:48) in S , r is before r (cid:48) in S .By Corollary 58, Lemma 59, Lemma 60, and Lemma 61, we have: Corollary 62.
If an operation o completes before an operation o (cid:48) starts in H and o, o (cid:48) ∈ S, then o is before o (cid:48) in S. By (iii) and (iv) of Definition 55, we have:
Observation 63.
For any read operation r in S, if no write operation precedes r in S, then r reads theinitial value of the register; otherwise, r reads the value written by the last write operation that occurs before r in S.
28y Lemma 56, Corollary 62 and Observation 63, f ( H ) = S satisfies properties 1, 2, and 3 of Definition 2.So: Lemma 64. f is a linearization function for the set of histories H of Algorithm . Thus:
Theorem 12.
Algorithm is a linearizable implementation of a MWMR register from SWMR registers. Appendix E Proof of Theorem 14
We now prove Theorem 14 in Section 6, namely, any linearizable implementation of SWMR registers iswrite strongly-linearizable (this holds for message-passing, shared-memory, and hybrid systems). Thus, thewell-known ABD implementation of SWMR registers in message-passing systems is not only linearizable; itis actually write strongly-linearizable. (This implementation however is not strongly linearizable [20].)Consider an arbitrary implementation A of a SWMR register. Let H be the set of histories of A . Since A implements a single-writer register, the following holds: Observation 65.
In any history H ∈ H ,1. there are no concurrent write operations, and2. there is at most one incomplete write operation. By part 1 of Observation 65 and property 2 of Definition 2, we have the following:
Observation 66.
For any history H ∈ H and any linearization function f of H , the write operations in f ( H ) are totally ordered by their start time in H . Lemma 67. If A is linearizable, then A is write strongly-linearizable.Proof. Assume A is linearizable. By Definition 5, there is a linearization function f for H . Consider afunction f ∗ that is modified from f as follows: for any history H and its linearization f ( H ) , if the lastoperation o in f ( H ) is a write operation that is incomplete in H , then we obtain f ∗ ( H ) by removing o from f ( H ) ; otherwise, f ∗ ( H ) equals f ( H ) . Claim 67.1
If a write operation w is in f ∗ ( H ) , then w is completed or read by some read operation in H .Proof. Assume, for contradiction, a write operation w ∈ f ∗ ( H ) is incomplete and not read by any readoperation in H . Since w ∈ f ∗ ( H ) , w is in f ( H ) such that w is not the last operation in f ( H ) ( (cid:63) ). Since w is incomplete, by Observation 65, w is the last write operation in H . By Observation 66, w is the last writeoperation in f ( H ) . Furthermore, since w is not read by any read operation in H , no read operation is after w in f ( H ) . Thus, w is the last operation in f ( H ) , which contradicts ( (cid:63) ). Claim 67.2
If a write operation w is completed or read by some read operation in H , then w is in f ∗ ( H ) ,Proof. Assume a write operation w is completed or read by some read operation in H . Case 1: w is completed in H . Since f is a linearization function for H , by property 1 of Definition 2, w is in f ( H ) . Since f ∗ ( H ) removes only the incomplete operation from f ( H ) , w is in f ∗ ( H ) . Case 2: w is read by some read operation r in H . Since f is a linearization function for H , by property 3of Definition 2, w is before r in f ( H ) and so w is not the last operation in f ( H ) . Since f ∗ ( H ) removes onlythe last operation from f ( H ) , w is in f ∗ ( H ) .Thus, in both cases 1 and 2, w is in f ∗ ( H ) . Claim 67.3 f ∗ is a linearization function of H .Proof. Consider any history H ∈ H . Since f ∗ ( H ) removes from f ( H ) only the operation that is incompletein H , f ∗ ( H ) still satisfies properties 1 and 2 of Definition 2. Since f ∗ ( H ) removes only the last operationfrom f ( H ) , f ∗ ( H ) still satisfies property 3 of Definition 2. Therefore, f ∗ is a linearization function of H .29 laim 67.4 f ∗ satisfies property (P) of Definition 4.Proof. Consider histories
G, H ∈ H such that G is a prefix of H . Let W G and W H denote the write sequencesin f ∗ ( G ) and f ∗ ( H ) respectively. By Claim 67.1, all the operations in W G are completed in G or read bysome read operations in G . Since G is a prefix of H , all operations in W G are also completed in H or read bysome read operations in H . So By Claim 67.2, W H contains all the operations in W G . By Observation 66,the write operations in W G and W H are totally ordered by their start time in G and H , respectively. Thensince G is a prefix of H and W H contains all the operations in W G , W G is a prefix of W H . So f satisfiesproperty (P) of Definition 4.Thus, f is a write strong-linearization function for H and A is write strongly-linearizable. Theorem 14.