Summary. A composite register is an array-like shared data object that is partitioned into a number of components. An operation of such a register either writes a value to a single component, or reads the values of all components. A composite register reduces to an ordinary atomic register when there is only one component. In this paper, we show that a composite register with multiple writers per component can be implemented in a wait-free manner from a composite register with a single writer per component. It has been previously shown that registers of the latter kind can be implemented from atomic registers without waiting. Thus, our results establish that any composite register can be implemented in a wait-free * Preliminary version was presented at the Ninth Annual ACM Symposium on Principles of Distributed Computing [2] ** Much of the work described herein was completed while the author was with the University of Texas at Austin and the University of Maryland at College Park. This work was supported at the University of Texas by ONR Contract N00014-89-J-1913, and at the University of Maryland by NSF Contract CCR9109497 and by an award from the University of Maryland General Research Board manner from atomic registers. We show that our construction has comparable space compexity and better time complexity than other constructions that have been presented in the literature.
Introduction
The wait-free implementation of concurrent shared data objects is a subject that has received much attention in the concurrent programming literature. A shared data object is a data structure that is accessed by a collection of processes by means of a fixed set of operations. An implementation of a shared data object is wait-free iff the operations of the data object are implemented without any unbounded busy-waiting loops or idle-waiting primitives. Wait-free implementations are preferable to those that employ mutually exclusive "critical sections" because they are inherently resilient to halting failures. In particular, a process that halts while accessing a wait-free shared data object cannot prevent subsequent accesses by other processes. Also, because such an object can be accessed concurrently by any number of the processes that share it, wait-free implementations allow processes to execute with maximum parallelism.
The notion of an atomic register is of fundamental importance in the study of wait-free shared data objects [24, 25, 28, 30] . An atomic register is shared data object that can either be read or written (but not both) in a single operation. An atomic register can be characterized by the number of processes that can read or write it, and the number of bits that it stores. The simplest atomic register can be read by one process, can be written by one process, and can store a one-bit value; the most complicated can be read or written by several processes and can store any number of bits. It has been shown in a series of papers that the most complicated atomic register can be implemented without waiting in terms of the simplest [6, 13, 14, 20, 21, 25, 26, 29, 30, 31, 32, 33, 34] . This work shows that, using only atomic registers of the simplest kind, the classical readers-writers problem [171 can be solved without requiring either readers or writers to wait.
In this paper, we consider a shared data object, called a composite register, that extends the notion of an atomic register. The notion of a composite register was first introduced by Anderson [2, 3, 4] , and is similar to the atomic snapshot memory of Afek et al. [ 1 ] . A composite register is an array-like shared data object that is partitioned into a number of components. An operation of a composite register either writes a value to a single component, or reads the values of all components. Note that a composite register differs significantly from an atomic register: a write operation of a composite register only overwrites a portion of the register, namely the contents of a particular component, while leaving the rest of the register unchanged. By contrast, a write operation of an atomic register overwrites the previous contents of the entire register.
In this paper, we show that composite registers can be implemented from atomic registers without waiting. Specifically, we show that a composite register with multiple writers per component -hereafter called a multiwriter composite register -can be constructed in a waitfree manner from a composite register with one writer per component -hereafter called a single-writer composite register. As explained below, wait-free constructions of single-writer composite registers from atomic registers have been given previously by several authors. Along with these previous constructions, the results of this paper show that multi-writer composite registers can be implemented in a wait-free manner using only atomic registers. It follows from this result that atomic registers can be used to implement a shared memory that can be read in its entirety in a single "snapshot" operation, without using mutual exclusion.
The problem of constructing a composite register from atomic registers was first considered by us in [2, 3, 4] and by Afek et al. in [1 ] . The construction given in this paper is based on the multi-writer construction of [2, 4] . More recently, several constructions have been presented by Kirousis et al. [22, 23] , for the special case in which there is only one reader.
Our approach in constructing a composite register from atomic registers differs from that of Afek et al. in several respects. Afek et al. presented two constructions, one that implements a single-writer composite register from multi-reader, single-writer atomic registers, and another that implements a multi-writer composite register from multi-reader, multi-writer atomic registers. We have also given constructions for both the single-and multiwriter cases. Like that of Afek et al., our single,writer composite register construction, which is given in [2, 3] , is based on multi-reader, single-writer atomic registers. However, our multi-writer construction differs from theirs in that it is based on a single-writer composite register.
By employing the single-writer constructions previously mentioned, our multi-writer construction shows that a multi-writer composite register can be implemented using only single-writer atomic registers. As such, our construction solves the problem of implementing a multi-writer atomic register (the case in which there is only one component) from single-writer ones.
The construction of this paper and the multi-writer construction of Afek et al. also differ in complexity. It is assumed in [ 1] that the constructed composite register is shared by N processes, and that each process may read the register or write any component. Under these assumptions, our multi-writer construction has comparable space complexity and better time complexity than the multi-writer construction of Afek et al. In fact, the time complexity of our construction is (asymptotically) the same as the single-writer composite register used in the construction. Thus, because the time complexity of the single-writer construction in [1] is O (N2), our construction shows that multi-writer composite registers can also be implemented with time complexity that is O (N2). 1 The multi-writer construction of Afek et al. has time complexity that is O (N3).
Composite registers are quite powerful and can be used to implement a number of interesting shared data objects without waiting. For example, as shown in [7, 8, 10] , composite registers can be used to implement waitfree shared data objects with "pseudo" read-modify-write (PRMW) operations. A PRMW operation is simitar to a "true" read-modify-write (RMW) operation in that it modifies the value of a shared variable 2 based upon the original value of that variable. However, unlike RMW operations, a PRMW operation does not return the value of the variable that it modifies. An operation that increments a shared variable without returning its value is an example of a PRMW operation. It is shown in [7, 8, 10] that composite registers can be used to implement without waiting any shared data object that can either be read~ written, or modified by a commutative PRMW operation. As explained in Sect. 5. these results have been recently extended in [9] , where it is shown that composite registers can be used to implement an even larger class of objects Such results stand in sharp contrast to those of [5, 18] , where it is shown that RMW operations cannot, in general, be implemented from atomic registers without waiting.
The rest of the paper is organized as fol!ows. In Sect. 2, we formally define the problem of constructing a composite register of one type from a composite register of a simpler type, and in Sect. 3 we present a sufficiem condition for proving that a construction is correct. Then~ At about the same time as this paper was accepted for publication, a O (NlogN) single-writer construction was presented by Attiya and Rachman in [ 11 ] . By using their construction as the basis for ours. we get a multi-writer construction with time complexity O (Nlog N). If other, more efficient single-writer constructions are developed, then our construction can be used to obtain a corresponding improvement for the multi-writer case 2 The term variable is used to denote an arbitrary data item. The term register is used when referring to a particular shared data object, such as an atomic register or composite register in Sect. 4 , we present our construction along with its proof of correctness. Concluding remarks appear in Sect. 5.
Composite register construction
In this section, we consider the problem of constructing a composite register of one type from composite registers of a simpler type, and give the conditions that such a construction must satisfy to be correct. (The simpler composite register used in such a construction could, for instance, have fewer components, fewer readers, etc.).
A construction consists of a set of procedures along with a set of variables. Each procedure has the following form:
procedure name (inputs) private vat... begin body;
where name is the name of the procedure, either Reader or Writer, inputs is an optional list of input parameters, outputs is an optional list of output parameters, and body is a program fragment comprised of atomic statements. One may think of each procedure as being resident to a particular process. A Reader procedure is invoked by a process to read the values of all components of the constructed register, and a Writer procedure is invoked by a process to write a value to a particular component of the register. Each Reader procedure has one output parameter for each component of the constructed register, and each Writer procedure has an input parameter indicating the value to be written. We assume that each process invokes its resident procedures in a serial manner.
For convenience, we designate a composite register construction by a 4-tuple C/B/W/R, where C is the number of components, B is the number of bits per component, W is the number of Writers per component, and R is the number of Readers. (Thus, a 1/B/W/R composite register is an ordinary atomic register.) The structure of a C/B/W/R composite register construction is depicted in Fig. 1 . Note that this figure only depicts the Writer procedures for component i. For an example of a Reader or Writer procedure, see Fig. 3 .
Each variable of a construction is either private or shared. A private variable is defined only within the scope of a single procedure, whereas a shared variable is defined globally and may be accessed within more than one procedure. (Each procedure's program counter is considered to be a private variable.) A construction is required to satisfy the following two restrictions.
-Atomicity restriction. Each shared variable is required to be of the same type as the simpler composite register used in the construction. Note that this restriction constrains those statements that access shared variables.
-Wait-Freedom restriction. As mentioned in the introduction, each procedure is required to be "wait-free", i.e., idle-waiting primitives and unbounded busy-waiting loops We now define several concepts that are needed to state the correctness condition for a construction. These definitions apply to a given construction. A state is an assignment of values to all variables (private and shared) of the construction. One or more states are designated as initial states. An event is an execution of a statement of a procedure. We use s -~ t to denote the fact that state t is reached from state s via the occurrence of event e. A history of the construction is a sequence (either finite or infinite) s o --~ s 1 e~ ... where s o is an initial state. It is important to note that a given statement may be executed many times in a history; each such execution corresponds to a distinct event. Event e precedes another event f in a history iff e occurs before f in the history.
The sequence of events in a history corresponding to some procedure invocation is called an operation. Note that every event in a history is part of some operation of the constructed register. Thus, our notion of a history abstracts from those "external activities" of the processes sharing the constructed register that do not directly affect that register. An operation p precedes another operation q in a history iff each event of p precedes all events of q. An operation of a Reader (Writer) procedure is called Read operation (Write operation). 3 A Write operation of component k of the constructed composite register, where 0 < k < C, is called a k-Write operation.
As mentioned above, each Reader procedure has an output parameter for each component of the constructed register, which is used to return the value read from that component; the value read by a Read operation from a component is called the output value of the operation for that component. As also mentioned above, each Writer procedure has an input parameter that specifies the value to be written to the constructed register; the value written to the constructed register by a Write operation is called the input value of that operation.
An operation of a procedure P in a history is complete iff the last event of the operation occurs as the result of executing the return statement of P. A history is wellformed iff each operation in the history is complete.
Given this terminology, we are now in a position to state the correctness condition for a construction. In or-der to avoid special cases in the correctness condition, we make the following assumption concerning the initial Write operations.
Initial Writes. For each k, where 0 < k < C, there exists a k-Write operation that precedes each other k-Write operation and all Read operations.
The correctness condition is based upon the notion of "linearizability." Linearizability provides the illusion that each operation is executed instantaneously, despite the fact that it is actually executed as a sequence of events. Intuitively, a history is linearizable if every operation in the history "appears" to take effect at some point between its first and last events. It can be shown that the following definition is equivalent to the more general definition of linearizability given by Herlihy and Wing in [19] , when restricted to the special case of constructing a composite register.
Linarizable histories.
Let h be a well-formed history of a construction. History h is linearizable iff the precedence relation on operations (which is a partial order) can be extended 4 to a total order ~ where for each Read operation r in h and each k in the range 0__< k < C, the output value of r for component k is the same as the input value of the k-Write operation v defined as follows: v~r ^ --3 (3 w:w is a k-Write: vr-'-wr--r).
Note that the Write operation v in the definition above exists by our assumption concerning the initial Writes. A construction of a composite register is correct iff it satisfies the Atomicity and Wait-Freedom restrictions and each of its well-formed histories is linearizable.
Shrinking Lemma
The correctness condition given in Sect. 2, while intuitive, is rather difficult to use. We now present a lemma that gives a set of conditions that are sufficient for establishing that a history is linearizable. Intuitively, a history is linearizable if each operation in the history can be shrunk to a point; that is, there exists a point between the first and last events of each operation at which that operation appears to take effect. For this reason, the following 1emma is referred to as the "Shrinking Lemma." Uniqueness totally orders the Write operations on a given component in accordance with the partial precedence ordering defined by h. According to Integrity, the output value of a Read operation for a given component must equal the input value of some Write operation for that component. This condition prohibits a Read operation from returning a predetermined value for some component. Proximity ensures that a Read operation does not return a value from the "fnture", or one from the "far past" that has subsequently been "overwritten" (i. e.. each output value of a Read operation must be the input value of a Write operation in close proximity). Read Precedence disallows two Read operations from obtaining inconsistent snapshots. Write Precedence orders Write operations of one component with respect to Write operations of another component. Conditions similar to Integrity, Proximity, and Read Precedence have been used elsewhere as a correctness condition for atomic register constructions; see, for example, the Integrity, Safety, and Precedence conditions in [32] , Proposition 3 in [25] , and the definition of an atomic run and the Shrinking Function Theorem in [12] .
The correctness proof for the Shrinking Lemma is given in [3] . The proof is somewhat tedious, but is not hard. First, the precedence relation on operations in history h is augmented by adding pairs of operations. These added pairs of operations are defined based upon the five conditions of the lemma. Then, the resulting relation is shown to be an irreflexive partial order. Finally, it is shown that any extension of this relation to an irreflexive total order satisfies the condition given in the definition of a linearizable history in SeeL 2. To ensure that tags can be stored over some bounded range, a mechanism is needed for distinguishing "new" tags from "old" ones (so that new tags are not confused with old ones in the event that tags "wrap around"). We use sequence numbers to distinguish old tags from new ones. In addition to choosing a tag, each Write operation chooses a sequence number and makes copies of other Writers' sequence numbers. The sequence number chosen by a Write operation is selected so as to be distinct from all corresponding copies. Once the sequence number associated with a given tag has been copied "several" times by the same Writer, that tag is considered old.
C/B/W/R construction
A more detailed description of the construction is presented next in Sect. 4.1. A discussion of space and time complexity follows in Sect. 4.2. Then, in Sect. 4.3, a correctness proof is given. Finally, in Sect. 4.4, we show that the tags used in the construction can be stored over a bounded range.
4.! Informal description
The architecture of our C/B/W/R construction is shown in Fig. 2 . This figure depicts onty the W Writers for component k. The construction itself is given in Fig. 3 
procedure Reader ( 1: for k=0 toC-1 do . This is why each component of the constructed register consists of 2 W elements of Q, instead of just W. This strategy guarantees that it is always the case that the done field is true for at least half of the elements of each component.
In order to determine which element of a component has the maximum tag, it is necessary only to consider those elements that have been written "recently". By exploiting this fact, it is possible to bound the size of the tag fields. We say that a recently-written element is [j ] , so that the resulting value is distinct from all copies of it. (Observe that, because each sequence number ranges over 0...2W, it is possible for a Write operation to choose a value for its primary sequence number differing from its previous value and any of the 2W-1 copies of it.) At the same time, the Write operation updates its copy of each other primary sequence number to correspond to the current value of that sequence number as stored in Q. More specifically, each (k, j)-Write operation tries to make the value of Q [k,j] .seq [n] equal to that of Q[k, nl.seq [n] , for each nCj.
If the primary sequence number for a gwen element of Q remains unchanged for a sufficiently long period of time, then it will eventually be copied by some Write operation. An element of Q is no longer "alive" once its primary sequence number has been copied by "several" successive operations of the same Writer. This condition is detected by means of the flag and count fields in Q. To see that the tag fields can be restricted to range over some bounded range, consider a (k, j)-Write operation w. Note that the maximum tag for the alive elements of component k can increase by a "large" amount between w's second read and second write of Q (i.e., while w is computing its tag) only if a "large" number of k-Write operations occur in this interval. But, in this case, the primary sequence number for w will be read by "several" successive operations of some Writer, and Q[k,j] will not be alive after w's second write to Q. So, if Q[k,j] is alive after w's second write to Q, then the value of its tag field will differ from that of some other alive element by only a "small" amount.
The alive elements of Q are determined formally by the predicate ALIVE, which is defined as follows.
Definition of ALIVE. Let 0_< k < C and 0 _< j < 2 W.
Then, 
We complete our explanation of the ALIVE (Q, k, j) predicate by explaining more precisely the role of the flag and count fields. For the sake of this discussion, let us refer to the maximum tag value taken from the alive elements of a component as the "best" tag value for that component. As seen in Sect. 4.3, to show that each Read operation gets a consistent snapshot, one of the key proof obligations is that of showing that each component's best tag value never decreases. Intuitively, this property ensures that if a Read operation r precedes another Read operation s, then the return value of r for component k will not be "more recent" than that of s. In establishing this proof obligation, one important case that arises occurs when the element containing the previous best tag value for a component becomes dead.
This case is illustrated in Fig. 4 . In this and subsequent figures, operations are denoted by line segments, with "time" running from left to right. An event is denoted by a point along a line segment, labeled by the corresponding statement number. In Fig. 4 , t and u are consecutive states. At state t, element Q [k, j], which was last written by Write operation w, has the best tag value for component k. State u is reached from t via a write to Q [k, n], n C j, by Write operation v. This write establish- [j] , which implies that Q[k,j] is no longer alive at state u. Note that v is the fourth consecutive operation of the same Writer to copy w's primary sequence number; call v's three predecessors v-3. v-~. and v-l, respectively. As illustrated in Fig. 4 , v-3 may have obtained w's sequence number "by accident," i.e., by copying an old sequence number from Q[k,j] that w has subsequently recycled. However, it can be shown that v -2 and v-1 must have actually read from Q [k, j ] after it was written by w. Note that, because Q[k,j] is alive at state t, w computes its flag variable to be false. Thus, it must be the case that v-1 (the third consecutive operation to copy w's sequence number) performs its first write to Q after w's second read from Q. This implies that v-~ and v compute their tag values after w's second read from Q. From this, it is possible to show that the tag value for v-1 is at least that of w, and the tag value for v is bigger than that of w. The latter can be used to show that the best tag value for component k increases from state t to state u.
One final point bears mentioning before leaving this example. Observe that, if v -~ had performed its first write to Q before w's second read. then w would have computed its flag variable to be true. Intuitively, this corresponds to the situation in which w is overwritten by a concurrent k-Write operation. Note that, in this case, because v-2 is completely contained within w, in linearizing the operations, w can be "shrunk" to occur at a point immediately prior to v-2 Had the algorithm been such that w set its flag upon finding that its sequence number had been copied once or twice, rather than three times, then the existence of such an operation contained within w would not have been guaranteed. The method described above for bounding the tag fields is very similar to the one employed in the atomic register construction of Li, Tromp, and Vitanyi in [26] . This construction is also based on the protocol of Vitanyl and Awerbuch described above. The method for bounding the tag fields employed by Li et al. is similar to the one described above in that "newer" operations mark the tag values of "older" ones. Although their implementation of markers differs from that described above, the two implementations are very similar: in both cases, a tag value is declared "old" (no longer alive) once it has been marked several times by some Writer.
Complexity
The space and time complexity of our construction depend on the space and time complexity of Q. 
S ( C, B, W, R ) = S ( C W, B " , 1 C W + R ). Similarly, let TR (C, B, IV, R) and TW(C, B, W, R)
denote the number of reads and writes of multireader, single-writer atomic registers required to Read and Write, respectively, a C/B/W/R composite register. (For simplicity, we do not go down to the level of single-reader, single-writer atomic bits when computing time complexity.) Then, for our construction,
TR(C,B,W,R)=TR(CW, B',I, CW+R) and TW(C, B, W, R)=2TR(CW, B',I, CW § (CW, B', 1, CW+ R). The actual values of S(CW, B', 1, CW+ R), TR(CW, B', 1, CW+ R), and TW(CW, B', 1, CW+R) depend on the implementation of Q.
Let us now compare the complexity of our construction with the multi-writer construction of Afek et al. [ 1 ] . In [1 ] , the assumption is made that each of the processes that share the constructed register can both read the register and write each component. Under this assumption, it is possible to reduce the complexity of our construction. 
Correctness proof
To prove that the construction is correct, we must show that it satisfies the Atomicity and Wait-Freedom restrictions and each of its well-formed histories is linearizable. The Atomicity restriction is satisfied because Q is the only (nonauxiliary) shared variable, and Q is a single-writer composite register. The Wait-Freedom restriction is satisfied because no procedure contains any unbounded loops or synchronization primitives. In this section, we prove that each well-formed history is linearizable. We first prove this for the construction as is, i.e., with unbounded tags. In the next section, we show how to transform the construction into one with bounded tags.
The correctness proof is based on the Shrinking Lemma. We first define functions ~bo,..., q5 c-1 for a given history, and then show that the defined ~b's satisfy the five conditions of Uniqueness, Integrity, Proximity, Read Precedence, and Write Precedence. We now present a 5 See footnote 1 number of definitions and notational conventions that will be used in the rest of the paper.
Unless stated otherwise, we henceforth assume that k ranges over { 0,..., C-1 }, that i, j, and n each range over { 0 ..... 2 W-1}, and that v and w are k-Write operations. In order to avoid using too many parentheses, we define a binding order for the symbols that we use. The following is a list of these symbols, grouped by binding power; the groups are ordered from highest binding power to lowest. If event e precedes event f, then we write e ~f. We let (e _< f) --(e = f v e < f). If x is a private variable of operation p, then p ! x denotes the final value of variable x as assigned by p. (Note that, in the proof of correctness, p!x can be thought of as a "constant" value: once we have fixed on a particular history, and an operation p in that history, the value p!x is also fixed. In other words, p!x is not to be thought of as a variable whose value varies from state to state.) Let i be a label of a statement of some Reader or Writer procedure, and let p denote an operation of that procedure. Then, p 9 i denotes the event corresponding to the execution of statement i by p.
IfE is an expression that holds at state t, then we write t ~ E. Whenever we say that a given assertion holds without referring to a particular state, we mean that the assertion is an invariant; i.e., it is true at each state of every history. Let E and F be two expressions over the variables of a construction. Following [15] , we say that the assertion E unless F holds iff for every pair of consecutive states in any history, if E ^ --7 F holds in the first state, then E v F holds in the second state. An assertion E is stable iff E unless false holds.
We assume that each state in every history is distinct. This assumption is easy to ensure by introducing an integer auxiliary variable that is incremented with each event. In the history t o --~ . 9 9 t i ei) ti+ l " . ", ti is the state prior to the event e~ and ti+l is the state following % Similarly, ei is the event prior to the state t;+ 1 and the event following state ti. Note that the events prior to and following a given state are uniquely defined since, by assumption, each state appears at most once in a history.
Let p be an operation of some Reader or Writer procedure P. As in Sect. 4.1, we use p-1 to denote the operation of P that immediately precedes p, p-2 to denote the operation of P that immediately precedes p-1, etc. Similarly, we use p +1 to denote the operation of P that immediately succeeds p, p +2 to denote the operation of P that immediately succeeds p + 1, etc. Observe that if Let X be a shared variable of the construction, and let p be an operation. The assertion last (X) = p holds at a state iff the last event to write to X before that state is an event of p. (Note that, because the construction uses only single-writer shared variables, p is an operation of the Reader or Writer with write-access to X). If e is an event in some history, then after (e) is true at a state of the history iff that state occurs after event e.
Based on the definition of ALIVE given in Sect. 4.1, we define two predicates: alive indicates whether a Write operation is "alive," and pref indicates whether an alive operation is "preferable," i.e., has the "best" tag value for its component. 
Definition of alive and pref
Proof Let n~j, let n' =n@ W, and assume that the following expression holds for some state t. 
(1)
Our remaining proof obligation is to show that w: 5 < v-1 : 1. To this end, we first prove that w: 1 < v-~ : 5. Assume, to the contrary that v a: 5 <w:l. Let e be the event prior to state t, and let t' be the state prior to w: 1. 
contradicts Lemma 2. Thus, our assumption that v-~: 5 -< w: 1 is false, i.e.,w: 1<v-1:5.
We now prove that w: 5 < v a : 1. Assume, to the contrary, that v-a: 1-< w:5. We consider two cases, depending on the relative ordering of w: 1 and v-~ : 1. We show that both cases lead to a contradiction.
First, suppose that w: 1 < v-a : 1 < w: 5. Because v-l is a (k, n' )-Write and w is a (k, j )-Write operation, this precedence assertion implies that j =~n'. 
However, this contradicts (1). In the remainder of the proof, we assume that
t~last(Q[k,j])=w.
In this case, because t
--1 alive(w,k ), by the definition of alive, t --7 ALIVE(Q, k,j).
We now show that there exists a state u, where u either equals or occurs before t, such that for some n 4~j the following expression holds. 
Proof Let t be a state such that for some k-Write operation v, t ~ after(v: 10). Let S denote the set of k-Write operations defined as follows: p is in S iff t ~ after (p: 10).
Note that v is in S, i.e., S is nonempty. Let w denote the k-Write operation in S such that for each other k-Write operation w' in S, w' : 5-< w: 5. Then, by Lemma 4,
t ~ alive (w, k). []

Corollary. (~ v:: after (v: I0)) = (~ w: :pref(w, k)).
According to the next lemma, (3 j:: ALIVE (Q, k, j)) is an invariant. As a result, the computation of max [k] and max in the Reader and Writer procedures, respectively, is well-defined.
Lemma 6. (~ j-: ALIVE (Q, k, j)).
Proof The given assertion is initially true, by the definition of the initial state. It could potentially be falsified only by an event of the form w: 5 or w: 10, where w is a k-Write operation. Consider an event e of this form, and let t be the state following e. Also, let v denote the initial k-Write operation, and assume that v is a (k,j)-Write operation. We consider two cases, depending on whether after(v: 10) 
t ~ (Vn:n,j: Q[k,n].done A --7 Q[k,n].flagA (V i:0_< i <2W:Q[k,n].count[i]=O)).
By the definition of
ALIVE, this implies that t ~ (Vn:n r :ALIVE(Q, k, n)).
Because, by assumption, n ranges over 0 _< n < 2 W, the range in this expression is not empty. Therefore, [j] . When reading the proof of this lemma, the reader may wish to refer to Fig. 6 .
t ~ (~ n: :ALIVE(Q,k,n)). []
Lemma 7. (last (Q [k,j]) = w A (~ n: n r Q [k, @done
A Q [k, n].count [j] = 3 ^ Q [k, n].seq [j] = Q [k, jl.seq [J])) unless (last (Q [k, j]) ~ w).
Proof Let t and u be consecutive states such that t~ last(Q[k,j])=w and u ~ last(Q[k,j])=w, and assume that tile following expression holds for some n 4@ t ~ Q[k,n]Mone A Q[k,n].count~j]=3 A Q [k, nl.seq [j ] = Q [k, j ].seq [j ] (3)
Our proof obligation is to show that there exists some [j] . Because last(Q[k,j])=w at both states t and u, by Lemma 1, Q [k,j] .seq [j] has the same value at both t and u. Therefore, if Q [k, n] has the same value at both t and u. then by (3), our proof obligation is satisfied with n' = n. In the remainder of the proof, assume that the value of Q [k, n] at u differs from its value at t.
Let v be the (k,n)-Write operation such that (
Because u is reached from ~ via the occurrence of v + 
Because u ~ last(Q [k,j])= w, by the definition of alive, our proof obligation is to show that ALIVE(Q, k, j) is false at state u.
187
Because t and u are consecutive states and t ~ after(w: 10), by (7) and the text of the Writer procedure,
t ~ last(Q[k,j])=w A after(w: 10). (8) Because t ~ last(Q[k,j])=w A -q alive ( w, k ), by the definition of alive, t ~--nALIVE(Q,k,j).
By (8) [j ] . In the former case, by (7) and (8) and Lemma 1, we have u ~ Q [k,j] .flag. In the latter case, by (7), (8), and Lemma7, there exists n', where n'~j,
[]
The following lemma considers a (k, j )-Write operation v and a (k, n)-Write operation w. According to this lemma, if v assigns the value false to its private variable flag (indicating that its sequence number has not yet been copied three times by any other Writer), and if w is the third of three successive operations of the same Writer to read the value v!seq [j] from Q [k,j] .seq [j] , then v does not read the value assigned to Q [k, n] by w when computing flag.
Lemma 9. Let v be a (k,j)-Write operation, and let w be a (k,n)-Write operation. If-qv!flag^w!seq[j]= v!seq[j]^ w[count[j]>_2, then last(Q[k,n])~w at the state prior v: 6.
Proof Let v and w be as defined in the lemma, and let t be the state prior to v: 6 
. Assume that -"qv!flag A w!seq [j ] = v! seq [j] ^ w! count [j ] >_ 2. Our proof obligation is to show that t ~ last(Q[k,n])r
Assume, to the contrary, that t ~ last (Q [k, hi) = w. Then, by Lem-
. Because t is the state prior to v:6, t~Q=v!z.
is nonzero, by statement 4 of the Writer procedure, w is not a (k, j)-Write operation, i.e., j ~ n. This implies that vlflag is true, which is a contradiction. Thus, our assumption
In the following two lemmas, we consolidate a number of simple properties that will be used repeatedly in the lemmas that follow. 
Lemma 10. Let w be a (k,j)-Write operation. Then pref(w,k) ~ alive(w,k) and alive(w,k) = last(Q[k,j]) = w A ALIVE(Q, k,j) A after (w: 10).
Proof Let w be a (k, j)-Write operation. By the definition of pref, pref (w, k) ~ alive (w, k ). By the definition of alive, alive(w,k) ~ last(Q[k,j] = w A ALIVE(Q,k,j). By the definition of ALIVE, ALIVE(Q,k,j)= Q[k,j].done. By the text of the Writer procedure, last(Q[k,j])= W A Q[k,j].done = after(w: lO). []
last(Q[k,j])= w A Q[k,j].done 6 --7 Q[k,j].flag ^ (Vn:nq=j: Q[k,n].count[j] =0 ^
Q[k,j].tag > Q[k,n].tag)
This implies that pref (w, k) holds. []
The next lemma gives the conditions under which alive (v, k) may be falsified. The two cases of the lemma are illustrated in Figures 7 (a) and 7 (b) . Lemma ,j] )=v holds at t but not u, u is reached from t via the occurrence of the event v+2:5. This is illustrated in Fig. 7 (a) . Consider the Write operation v +1. Because v+2:5 is the event prior to u, u ~ after(v+1: 10). Because v and v +t are successive operations of the same Writer, v: 10<v +' :0. Therefore, letting w= v + 1, our proof obligation is satisfied.
Suppose that t and u are consecutive states such that t ~ alive (v, k) and u ~ --7 alive (v, k). Then, there exists a k-Write operation w such that u ~ after(w:
In the remainder of the proof, we assume that
This case is illustrated in Fig. 7 (b). Because t ~ alive (v, k) , by Lemma 10 and the definition of (v, k) does not hold at u, this implies that there exists n, where n~j, such that the following expression holds.
Let w be the Write operation such that u (9) This establishes the following assertion. (10) and Lemma 9, we have a contradiction. Thus, our assumption that w-' : 5 -<v:6 is false, i.e., v:6-<w-1:5.
The next lemma considers a (k, j)-Write operation w; this lemma speeifie~ an assertion over the fields of Q that holds whenever pref(w, k) does.
Proof Let w be a (k,j)-Write operation, and suppose that pref(w, k) holds at some state t. Then, by Lemma 
10, t ~ last (Q[k, j]) = w ^ after (w: lO) ^ ALIVE (Q,k, j).
Therefore, by Lemma 1,
Our final proof obligation is to show that v!tag <w!tag. Ifu ~ alive(v,k), then, because u ~ pref (w,k), we have v ! tag < w ! tag. Also, if v is the initial k-Write operation, then, by Lemma 11, v 
Because u ~ alive(w",k), by Lemma 10, u after (w" : 10). This implies that w" :10-< e. Also, because u ~ after(w" 10), by (12), we have w' :5___ w" :5. Therefore, v:6<w' : 5__< w" :5<w" : 105e.
Let t' be the state prior to v:6 and let t" be the state prior to w" : 6. Notice that the above precedence assertion implies that t" occurs between t' and t. Because v is not the initial k-Write operation, by ou r assumption concerning the initial Writes, the initial k-Write operation precedes both v and w". The following lemma shows that the value of the "best" tag/process identifier pair does not decrease from state to state.
Lemma 16. Let t and u be consecutive states such that t ~ pref(v,k) and u ~ pref(v',k). Then, (v!tag, v!i) <(v' !tag, v" !i). Proof
Let t, u, v, and v' be as defined in the 1emma. If u
~ alive(v,k), then because u~pref(v',k), we have (v!tag, v!i)<_ (v'!tag, v'!i).
Thus, in this case, our proof obligation is satisfied. In the remainder of the proof, assume that u ~ -7 alive ( v, k ).
Because u~pref(v',k), by Lemmal0, u after (v' : 10). Hence, by Lemma (13), q:5__<w:5. Therefore, either v:10<w:5 or v:6 < q-1 : 5 < q-1 : 10 < q: 5 _ w: 5. We consider these two cases separately.
First, suppose that v: 10 < w: 5. Let e be the event prior to state u, i.e., t e~u. By (13) 
We now show that v!tag>w!tag. Because t after(w':lO), (16) (w, k ) . But, by the statement of the lemma, t ~ pref (w, k). Therefore, we have a contradiction. Hence, our assumption that there exists w' such that w: 10<w' :0-<w" "10<r:0 is false. [] According to the next lemma, for each Read operation r there exists a preceding k-Write operation w that is "preferable" when r reads from Q. As shown in the proof of Integrity, the output value of r for component k equals the input value of w. Q [k, jl.tag, j) ). (17) We now show that the value of Q [k,j] 
v: lO-<r:O=(ok(v)_<_(ok(r).
Let t denote the state prior to the event r:0, let u denote the state prior to the event v: 0, and let u' denote the state prior to the event v: 10. 
Ck(r)--<(ok(s).
Write precedence. Let r be a Read operation, let v be a j-Write operation, and let w be a k-Write operation. Assume that v precedes w and (ok(w)<r
In the proof of Proximity, we showed that r: 0 < w: 0 ~ r k (r) < Ck (w). By the contrapositive of this expression and by our assumption that (ok (w) _< (ok (r), we conclude that w: 0 < r: 0. 
Bounding the tags
In this section, we show that is possible to bound the size of the tag fields. As seen in Fig. 3 , a Read or Write operation compares the tag fields of two different ele-ments of Q only if both elements are alive. In what follows, we show that the tag fields of the alive elements of a particular component are within some bounded range, particularly a range of size 4 W. Based on this, we then explain how to obtain a construction that uses only bounded variables. We establish the former by proving that the following expression holds.
(It is actually possible to prove a slightly tighter bound, at the expense of a somewhat longer proof.) Therefore, if the smallest tag field among the alive elements for some component is b, then the tag fields for these elements lie within the range b ..... b + 4 W-1. As explained below, this implies that we can restrict the size of each tag field to range over 0.. 8 W-2.
The following lemma is used in the proof. This lemma gives us means for determining how much the "best" tag value for a given component can increase over an interval of states. there are no events between t and u of the form p'5, where p is a (k,j)-Write operation. Because successive operations of the same Writer write to different elements of Q, this implies that between t and u there is at most one event p-10, where p is a (k, j)-Write operation, and at most one such event, where p is a (k, j')-Write operation.
Let n 4:j ^ n 4:j', and let n' = n~ IV. In the remainder of the proof, we use q to denote an arbitrary (k, n)-or (k, n')-Write operation. We show that there are at most four events of the form q: 10 between t and u. Assume, to the contrary, that there are at least five such events between t and u, and let w: 10 be the last such event. Let e be the event following state t, and let f be the event prior to state u. Then, because there are at least five events of the form q:10 between t and u, the following precedence assertion holds. 
Without loss of generality, assume that w is a (k, n)-Write operation. Because w:10 is the last event between t and u of the form q. 10 (and because successive operations of the same Writer write to different elements of Q), (18) implies that w-10 is the last event to write to Q [k,n] So, to summarize, there is at most one event between t and u of the form p: 10, ifp is a (k, j)-Write operation; at most one such event, if p is a (k, j')-Write operation; and at most four such events, if p is either a (k, n)-or (k, n ~ W)-Write operation, 0 _< n < W and n --/:.1 modulo W. Therefore, there are at most 2 + 4 ( W-1) such events in total between t and u. Hence, D <-4 W-2. This establishes our proof obligation. []
Proof Let u be a state, and suppose that u Because v is the initial k-Write operation, by Lemma 11, t ~ pref(v, k) 
ALIVE(Q,k,i) ^ ALIVE(Q,k,j), where i-r
we have u ~ alive(w,k). Therefore,
By (19) 
By (20) and Lemma 15, v!tag<_ w!tag. Also, by (20) and the corollary to Lemma 5, there exists a k-Write operation w' such that pref(w', k) holds at u (the state following e). By (19) and the definition ofpref, w!tag<_w" !tag. Because v! tag <_ w! tag <_ w' ! tag, to establish our proof ob-!igation, it suffices to prove that w" !tag <_ v! tag + 4 W-1. We consider two cases, depending on whether v is the initial k-Write operation. First, suppose that v is the initial k-Write operation. Let t be the state following v: 10. Because v is the initial k-Write operation, by our assumption concerning the initial Writes, v precedes w. Furthermore, by Lemma 11, t ~ pref(v, k Now, suppose that v is not the initial k-Write operation. Let t' be the state prior to v: 6. By our assumption concerning the initial Writes, the initial k-Write operation precedes v. By the corollary to Lemma 5, this implies that there exists a k-Write operation v' such that t ' ~ pref(v', k []
We now explain how the original construction given in Fig. 3 can be modified to use only bounded variables. We obtain the bounded construction via a series of correctness-preserving transformations. The first transformation involves the introduction of new fields in Qtype for holding bounded tags, and corresponding modifications to the Reader and Writer procedures for reading and updating these fields. Specifically, we change the definition of Qtype by adding a new field btag, ranging over 0..8 W-2. We require that all btag fields, both in Q and in the private variables y and z of each Writer, are initially 0. We modify the Reader procedure by changing statement 1 to the following. In the above code fragment, bmax is a new private variable that ranges over 0..2 W-1, and btag is a new private variable that ranges over 0..8 W-2, initially 0. Statment 8' is inserted after statement 8, and statement 9' is inserted after statement 9. Finally, we modify statements 5 and 10 of the Writer procedure so that the value of the private variable btag is assigned to the corresponding btag field of Q.
Observe that, with the above transformation, all bmax and btag variables can be viewed as being auxiliary. Thus, the construction's correctness is preserved. We now prove two lemmas that show that it is possible to interchange the roles of the bmax and btag variables with that of the max and tag variables, respectively, making the former nonauxiliary and the latter auxiliary. Our final transformation will then involve removing the max and tag var-iables. The following lemma shows that the unbounded and bounded tags within each element of Q remain congruent.
Lemma 22. Q[k,j].btag= Q[k,j].tag modulo 8 W-1.
Proof The lemma is proved by induction. The base case follows from the initial conditions specified above and in Fig. 3 . Now, assume that the lemma holds for the given history at all states prior to some state u. We show that the lemma also holds at state u. Note that the lemma could possibly be falsified only if state u is reached via the occurrence of the event w: 10 for some (k,j)-Write operation w. However, by the induction hypothesis, the lemma holds at the state prior to w: 6. Thus, at that state, the tag and btag fields of each element of Q are congruent. [k ] in the Reader procedure. By Lemma 23, this transformation preserves the construction's correctness. Note that, with this change, all max and tag variables can now be viewed as being auxiliary variables. Thus, all such variables can be removed without affecting the construction's correctness. The resulting construction uses only bounded variables. Furthermore, because this construction was obtained from the original one via transformations that were shown to preserve the latter's correctness, by Theorem 1, we have the following. Theorem 2. Each well-formed history of the bounded construction is linearizable.
Concluding remarks
According to our results, if each operation of a concurrent program either writes a single shared variable or reads several shared variables (but not both), then the operations of that program can be implemented from atomic registers without waiting. By contrast, operations that either write several shared variables, or that both read and write shared variables cannot, in general, be implemented from atomic registers in a wait-free manner [5, 16, 18, 27] .
Our construction shows that multi-writer composite registers can be implemented with space and time complexity that is very close to that required for implementing single-writer composite registers. (The time complexity is asymptotically the same, given the assumption of [ 1] that each process that shares the constructed register can both read the register and write each component.) Thus, in the quest for optimal composite register constructions, it probably suffices to focus on the single-writer case: using our multi-writer construction, any improvement in complexity in the single-writer case yields a corresponding improvement for the multi-writer case.
The results of [7, 8. 10] show that composite registers are quite powerful and can be used to implement a variety of other nontrivial shared data objects without waiting. A complete characterization of the class of shared data objects that can be implemented in a wait-free manner from composite registers (and hence atomic registers) remains an important open question. An initial step towards answering this question is given in [9] , where a necessary and sufficient condition for wait-free implementation is established for a class of objects called "snapshot objects." A snapshot object can be modified by a set of operations that do not return values, or can be read in its entirely by any process by means of a "snapshot" operation. The condition for wait-free irnplementation requires that for any pair of operation invocations, either the two invocations commute or one overwrites the other. Assuming unbounded space, the sufficiency of this condition follows from previous results given in [10] , where composite registers are used to obtain a wait-free construction with unbounded space complexity that amplements any snapshot object satisfying the commutes/ overwrites condition. A bounded-space construction for a large subclass of snapshot objects is given in [9] . It is further shown in [9] that no snapshot object that fails to satisfy the commutes/overwrites condition has a waitfree implementation from atomic registers.
