Process Synchronization: Semaphores [75]

• semaphores and classical problems

• interprocess communication (IPC)

• cooperating processes:

• synchronized (orderly) access to shared globals

• process control:

• mechanism to prevent execution until a certain event occurs

• send of a message

• wakeup of a sleeping process

• signal of a semaphore

• wait and signal guarantee only one process

• at a time executes a critical section of code

• protects the shared access to global variables

Critical Section: Example Problem [76]

        program code:            global variable x:
                      x=0;                       0
                      x++;                       1
                      printf x;                  1 <=== output

• interleave 3 processes executing the same program code:

        PID 1          PID 2          PID 3      x:
        x=0;                                     0
        x++;                                     1
                       x=0;                      0
                                      x=0;       0
        printf x;                                0 <=== output
                       x++;                      1
                       printf x;                 1 <=== output
                                      x++;       2
                                      printf x;  2 <=== output

Critical Section: Attempted Solution [77]

Shared Variable:

int v=0; /* v==0 => critical section OPEN; v==1 => critical section CLOSED */

Code: At p_i in {1,...,n}:

   while (1) {

     /* trying region */
     while (v == 1)  /* do nothing */ ;
     
     v = 1;
     /* critical section (region) */ 
     x = 0;
     x++;
     printf x;

     v = 0;
     /* remainder region */   
   }

• what is wrong? what if critical section is: dial_phone("555-1212")?

• how can it be fixed?

• is this spinlock good or bad?

Critical Section: General Problem [78]

• n processes each with segment of code called critical section

• one process changes common (shared) variables, writes to a file.

• no other process is allowed to execute in its critical section

• execution of critical sections is mutually exclusive in time

• one solution: semaphore

• lets one process into the critical section

• puts other processes in a semphore queue (no busy waiting)

• process is finished: head of FIFO queue enters section

Semaphore: wait and signal [79]

Semaphore: wait and signal [80]

• critical section: general solution

                    while(1) {
                       pm_wait(sem);
                       /* critical section or region */
                       pm_signal(sem);
                    }

• critical section: example solution

                    while(1) {
                       pm_wait(sem);
                       x=0;
                       x++;
                       printf x;
                       pm_signal(sem);
                    }

Semaphore: wait and signal [81]

• semaphore has count and FIFO queue of waiting processes

                    struct {
                       int count=1;
                       FIFO queue;
                    } semaphore;

• count >= 0 IMPLIES queue is empty

• count of negative n IMPLIES queue has n waiting processes

  wait(semaphore) : if (--semaphore.count<0){
                      put_at_tail(pid,semaphore.queue);
                      suspend(pid) }
        
signal(semaphore) : if (semaphore.count++<0){
                      pid=get_at_head(semaphore.queue);
                      ready(pid) }

Semaphore: Initialization [82]

• usually first process to wait is allowed access to critical section

• next process to wait is placed on the semaphore queue

• until the first process is finished (signal)

• to guarantee this first access, initialize either:

• by setting count=1

• sem = pm_seminit(1);

• by setting count=0 and then signal:

• sem = pm_seminit(0);

• pm_signal(sem);

Semaphore: Count [83]

            PID 1                 PID 2                 count
            sem=pm_seminit(1);                            1
            pm_wait(sem);                                 0
               |                  pm_wait(sem);          -1
    (critical) |
               v
            pm_signal(sem);                               0
            pm_wait(sem);            |                   -1
                                     | (critical)
                                     v
                                  pm_signal(sem);         0
               |                  pm_wait(sem);          -1
    (critical) |
               v
            pm_signal(sem);                               0

Critical Section Solution [84]

Here is a summary:

	DEFINITION	PROOF TECHNIQUE
MUTEX	at most 1 proc in C.S.	can't prove not mutex
NOT MUTEX	at least 2 procs in C.S.	slice before locking
PROGRESS	at least 1 proc does work, liveness	can't prove not progress
NOT PROGRESS	0 procs do work, deadlock, but not starvation	all spinning (or blocked on semaphores)
FAIRNESS	all procs do work	can't prove not fairness
NOT FAIRNESS	1 proc does work at expense of another not doing work, starvation, asymmetrical relationship	one proc releases but retakes lock, other proc just misses

Of course, it's impossible to enumerate every possible proof of NOT MUTEX. So you really don't prove that it has MUTEX. But you always try NOT MUTEX first and, if you can't find such a proof and you feel more confident about the code, you very carefully say that it does guarantee MUTEX.

This is not a proof technique of unfairness: I pick a priority scheduler, always run P0, but never run P1. P1 starves.Well, what happens if you are given some different code? Are you going to repeat the same proof? Then you are given some more code. You repeat the same argument? You're not analyzing the code you're given - and that's the main point. You have to give P1 some opportunities to run on the CPU. But you can choose those opportunities (devil's advocate), and choose these such that P0 has taken the lock back, and P1 just misses everytime.

All of the following is older detail about this topic, but the table above is the simplest way of viewing this topic.

• mutual exclusion:

• guarantee only one process is executing its critical section

• also called ``safety''

• progress:

• guarantee that at least one process makes steps through (around) program code

• some work is being completed

• also called ``liveness'', opposite of ``deadlock''

• Silberschatz is much more specific: if a process is out of its critical section, it should not be able to block others from getting into the critical section. For example, consider an algorithm that allocates the critical section STRICTLY by alternating turns. If process B does not take its turn - because it is busy doing other work or because it has crashed - then process A cannot get into its critical section even though it is available. Note that this could also be considered some form of ``deadlock'' and the system does not exhibit ``liveness''. Silberschatz says the selection cannot be postponed indefinitely. This phrase should be applied to the next concept of ``fairness'', i.e. we don't want one particular process to be postponed indefinitely from getting into the critical section. So I would stay away from this phrase. Bottom Line: Progress means that at least one process is getting work done.

• fairness:

• guarantee that all processes get some work done, opposite of ``starvation''

• starvation is also called ``indefinite postponement''

  IMPORTANT: If two processes are deadlocked, i.e., no progress, this is NOT a proof of unfairness (starvation). Admittedly, they are not getting any work done, but unfairness results from ASYMMETRY, i.e., one process is getting work done at the expense of another process not getting work done.

• eventuality: by some time

• time-bounded: by a specified time

• turn-bounded: by some specifed number of tries

• or just plain bounded-waiting

  Just remember this: progress means at least one process gets some work done; fairness means that all processes get work done.

  To prove NO with respect to safety, progress or fairness, you need to make a counter example, i.e., a proof by contradiction. And if you can prove, say NO to safety, then that has no bearning on progress or fairness. That is, all three are independent and there are no rules of thumb to help correlate the answers.

  And this is NOT a proof: assume a priority scheduler which never runs process 2 (a low priority process). Hence, process 2 is starving. But that would be a proof that could be used against ANY code example, regardless of the code. You have to at least let process 2 get some CPU time and attempt the critical section. But usually the proofs follow this pattern: process 2 gets the CPU but just at the wrong instant to be granted the critical section.

  To prove YES is more difficult. You can't try every possible counter example. But if you try hard to answer NO but can't find a proof, then you carefully answer YES, after examining the logic of the code.

Critical Section: Deadlock [85]

• deadlock:

• all processes are waiting indefinitely for some event to occur

• that can only be caused by one of the waiting processes

• ``mutual waiting''

• none of the processes make progress

Kansas legislature:

When two trains approach each other at a crossing,

both shall come to a full stop

and neither shall start up again until the other has gone.

Semaphores: Deadlock [86]

• process 1 waits for semaphore S and Q:

                       pm_wait(S);
                       pm_wait(Q);
                       /* critical section */ 
                       pm_signal(S);
                       pm_signal(Q);

• process 2 waits for semaphore Q and S:

                       pm_wait(Q);
                       pm_wait(S);
                       /* critical section */ 
                       pm_signal(Q);
                       pm_signal(S);

• both processes are deadlocked as each are waiting for the other