Linearizability Is Not Always a Safety Property
We show that, in contrast to the general belief in the distributed computing community, linearizability, the celebrated consistency property, is not always a safety property. More specifically, we give an object for which it is possible to have an infinite history that is not linearizable, even though every finite prefix of the history is linearizable. The object we consider as a counterexample has infinite nondeterminism. We show, however, that if we restrict attention to objects with finite nondeterminism, we can use König’s lemma to prove that linearizability is indeed a safety property. In the same vein, we show that the backward simulation technique, which is a classical technique to prove linearizability, is not sound for arbitrary types, but is sound for types with finite nondeterminism.
KeywordsObject Type Response Event Safety Property Liveness Property Shared Object
The model section and definition of linearizability are based on lecture notes written by the first author with Michel Raynal and then with Petr Kuznetsov. The proof of Theorem 2 is inspired by a proof by Petr Kuznetsov, itself inspired by a proof by Nancy Lynch . We thank Franck van Breugel for helpful discussions.
- 6.Dijkstra, E.W.: On nondeterminacy being bounded. In: Dijkstra, E.W. (ed.) A Discipline of Programming, Chap. 9. Prentice-Hall, Englewood Cliffs (1976)Google Scholar
- 10.König, D.: Über eine Schlussweise aus dem Endlichen ins Unendliche. Acta Litterarum ac Scientiarum Regiae Universitatis Hungaricae Francisco-Josephinae: Sectio Scientiarum Mathematicarum 3, 121–130 (1927). also in chapter VI of Dénes König. Theory of Finite and Infinite Graphs, Birkhäuser, Boston, 1990zbMATHGoogle Scholar
- 12.Lynch, N.: Distributed Algorithms, Chap. 13. Morgan Kaufmann, San Mateo (1996)Google Scholar
- 14.Schenk, E.: The consensus hierarchy is not robust. In: Proceedings of 16th ACM Symposium on Principles of Distributed Computing, p. 279 (1997)Google Scholar