...menustart
- lecture 6 : Synchronization
- Lecture 7 : Implementing Mutual Exclusion, Semaphores, Monitors, and Condition Variables
- Goals for Today
- High-Level Picture
- Too Much Milk: Solution #4
- How to implement Locks?
- Naïve use of Interrupt Enable/Disable
- Better Implementation of Locks by Disabling Interrupts
- New Lock Implementation: Discussion
- Interrupt re-enable in going to sleep
- How to Re-enable After Sleep()?
- Interrupt disable and enable across context switches
- Atomic Read-Modify-Write instructions
- Implementing Locks with test&set
- Problem: Busy-Waiting for Lock
- Better Locks using test&set
- Higher-level Primitives than Locks
- Semaphores
- Producer-consumer with a bounded buffer
- Motivation for Monitors and Condition Variables
- Monitor with Condition Variables
- Summary
- Lecture 8: Readers/Writers; Language Support for Synchronization
- Goals for Today
- Simple Monitor Example (version 1)
- Condition Variables
- Complete Monitor Example (with condition variable)
- Mesa vs. Hoare monitors
- Using of Compare&Swap for queues
- Readers/Writers Problem
- Can we construct Monitors from Semaphores?
- Construction of Monitors from Semaphores (con’t)
- Monitor Conclusion
- Language support for synchronization
- Summary
- Lecture 9 : Resource Contention and Deadlock
- Lecture 10 : Deadlock (cont’d) / Thread Scheduling
...menuend
- Concurrency examples
- Need for synchronization
- Examples of valid synchronization
- Advantages of threaded version:
- Can share file caches kept in memory, results of CGI scripts, other things
- Threads are much cheaper to create than processes, so this has a lower per-request overhead
- What if too many requests come in at once?
- you got more overhead than real computation. You got a million threads going simultaneously the only thing you're doing is swithing all the time.
- Problem with previous version: Unbounded Threads
- When web-site becomes too popular – throughput sinks
- Instead, allocate a bounded “pool” of threads, representing the maximum level of multiprogramming
master() {
allocThreads(slave,queue);
while(TRUE) {
con=AcceptCon();
Enqueue(queue,con);
wakeUp(queue);
}
}
slave(queue) {
while(TRUE) {
con=Dequeue(queue);
if (con==null)
sleepOn(queue);
else
ServiceWebPage(con);
}
}
- every request that comes in get put in the queue
- and there is a finite number of threads here running
- they go and grab a request off the queue , do something , finish it, grab the next request
- Suppose we wanted to implement a server process to handle requests from an ATM network:
- How could we speed this up?
- More than one request being processed at once
- Event driven (overlap computation and I/O)
- Multiple threads (multi-proc, or overlap comp and I/O)
- Suppose we only had one CPU
- Still like to overlap I/O with computation
- Without threads, we would have to rewrite in event-driven style
- Example
BankServer() {
while(TRUE) {
event = WaitForNextEvent();
if (event == ATMRequest)
StartOnRequest();
else if (event == AcctAvail)
ContinueRequest();
else if (event == AcctStored)
FinishRequest();
}
}
- What if we missed a blocking I/O step?
- What if we have to split code into hundreds of pieces which could be blocking?
- This technique is used for graphical programming
- Threads yield overlapped I/O and computation without “deconstructing” code into non-blocking fragments
- One thread per request
- Requests proceeds to completion, blocking as required I/O
- Unfortunately, shared state can get corrupted:
Thread 1 Thread 2
load r1, acct->balance
load r1, acct->balance
add r1, amount2
store r1, acct->balance
add r1, amount1
store r1, acct->balance
- Most of the time, threads are working on separate data, so scheduling doesn’t matter
- However, What about (Initially, y = 12):
- What are the possible values of x? 13, 3 , or 5
Thread A Thread B
x = 1; y = 2;
x = y+1; y = y * 2;
- Or, what are the possible values of x below?
Thread A Thread B
x = 1; x = 2;
- X could be 1 or 2 (non-deterministic!)
- Could even be 3 for serial processors:
- Thread A writes 0001, B writes 0010.
- if we have a non-atomic load/store ( eg. bigger than a single word )
- To understand a concurrent program, we need to know what the underlying indivisible operations are!
- Atomic Operation: an operation that always runs to completion or not at all
- It is indivisible: it cannot be stopped in the middle and state cannot be modified by someone else in the middle
- Fundamental building block – if no atomic operations, then have no way for threads to work together
- On most machines, memory references and assignments (i.e. loads and stores) of words are atomic
- Consequently – weird example that produces “3” on previous slide can’t happen
- Many instructions are not atomic
- Double-precision floating point store often not atomic
- VAX and IBM 360 had an instruction to copy a whole array
- Threaded programs must work for all interleavings of thread instruction sequences
- Cooperating threads inherently non-deterministic and non-reproducible
- Really hard to debug unless carefully designed!
- Synchronization: using atomic operations to ensure cooperation between threads
- For now, only loads and stores are atomic
- We are going to show that its hard to build anything useful with only reads and writes
- Mutual Exclusion: ensuring that only one thread does a particular thing at a time
- One thread excludes the other while doing its task
- Critical Section: piece of code that only one thread can execute at once. Only one thread at a time will get into this section of code
- Critical section is the result of mutual exclusion
- Critical section and mutual exclusion are two ways of describing the same thing.
- Lock: prevents someone from doing something
- Lock before entering critical section and before accessing shared data
- Unlock when leaving, after accessing shared data
- Wait if locked
- Important idea: all synchronization involves waiting
- For example: fix the milk problem by putting a key on the refrigerator
- Lock it and take key if you are going to go buy milk
- Fixes too much: roommate angry if only wants OJ
- Of Course – We don’t know how to make a lock yet
- We are going to implement various higher-level synchronization primitives using atomic operations
- Everything is pretty painful if only atomic primitives are load and store
- Need to provide primitives useful at user-level
- Concurrent threads are a very useful abstraction
- Allow transparent overlapping of computation and I/O
- Allow use of parallel processing when available
- Concurrent threads introduce problems when accessing shared data
- Programs must be insensitive to arbitrary interleavings
- Without careful design, shared variables can become completely inconsistent
- Important concept: Atomic Operations
- An operation that runs to completion or not at all
- These are the primitives on which to construct various synchronization primitives
- Showed how to protect a critical section with only atomic load and store => pretty complex!
- Hardware Support for Synchronization
- Higher-level Synchronization Abstractions
- Semaphores, monitors, and condition variables
- Programming paradigms for concurrent programs
- The abstraction of threads is good:
- Maintains sequential execution model
- Allows simple parallelism to overlap I/O and computation
- Unfortunately, still too complicated to access state shared between threads
- Consider “too much milk” example
- Implementing a concurrent program with only loads and stores would be tricky and error-prone
- Today, we’ll implement higher-level operations on top of atomic operations provided by hardware
- Develop a “synchronization toolbox”
- Explore some common programming paradigms
- Suppose we have some sort of implementation of a lock (more in a moment).
- Lock.Acquire() - wait until lock is free, then grab
- Lock.Release() - Unlock, waking up anyone waitin
- These must be atomic operations – if two threads are waiting for the lock and both see it’s free, only one succeeds to grab the lock
- Then, our milk problem is easy:
milklock.Acquire();
if (nomilk)
buy milk;
milklock.Release();- Once again, section of code between Acquire() and Release() called a “Critical Section”
- Of course, you can make this even simpler: suppose you are out of ice cream instead of milk
- Skip the test since you always need more ice cream.
- Lock: prevents someone from doing something
- Lock before entering critical section and before accessing shared data
- Unlock when leaving, after accessing shared data
- Wait if locked
- Important idea: all synchronization involves waiting
- Should sleep if waiting for a long time
- Atomic Load/Store: get solution like Milk #3
- Looked at this last lecture
- Pretty complex and error prone
- Hardware Lock instruction
- Is this a good idea? No.
- What about putting a task to sleep?
- How do you handle the interface between the hardware and scheduler?
- Complexity?
- Done in the Intel 432
- Each feature makes hardware more complex and slow
- How can we build multi-instruction atomic operations?
- Recall: dispatcher gets control in two ways.
- Internal: Thread does something to relinquish the CPU
- External: Interrupts cause dispatcher to take CPU
- On a uniprocessor, can avoid context-switching by:
- Avoiding internal events (although virtual memory tricky)
- Preventing external events by disabling interrupts
- What about a multiprocessor ?
- It does not. because we only disabled interrupts on one core.
- Recall: dispatcher gets control in two ways.
- Consequently, naïve Implementation of locks:
LockAcquire { disable Ints; }LockRelease { enable Ints; }
- Problems with this approach:
- Can’t let user do this! Consider following:
LockAcquire(); While(TRUE) {;}- interrupts will never go off again , the OS will never grab the CPU back
- Real-Time system—no guarantees on timing!
- Critical Sections might be arbitrarily long
- What happens with I/O or other important events?
- “Reactor about to meltdown. Help?”
- Can’t let user do this! Consider following:
- Key idea: maintain a lock variable in memory and impose mutual exclusion only during operations on that variable
int value = FREE;
Acquire() {
disable interrupts;
if (value == BUSY) {
put thread on wait queue;
Go to sleep();
// Enable interrupts?
} else {
value = BUSY;
}
enable interrupts;
}
Release() {
disable interrupts;
if (anyone on wait queue) {
take thread off wait queue
Place on ready queue;
} else {
value = FREE;
}
enable interrupts;
}
- after going to sleep, who re-enable interrupts?
- It doesn't really work.
- Why do we need to disable interrupts at all?
- Avoid interruption between checking and setting lock value
- Otherwise two threads could think that they both have lock
- What about re-enabling ints when going to sleep?
- Before putting thread on the wait queue ?
- meanwhile at that point somebody else wakes up, releases the lock , comes back , and we put ourselves on the wait queue even though the lock is free now.
- Release can check the queue and not wake up thread
- After putting thread on the wait queue ?
- they wake me up from the wait queue by putting me on the ready queue and then I come back here and immediately go to sleep.
- Relase puts the thread on the ready queue, but the thread still thinks it needs to go to sleep
- Misses wakeup and still holds lock ( deadlock ! )
- Want to put it after sleep(). But how ?
- we need to bring the kernel in here to help us a little bit. What means that are going to sleep process has to also re-enable interrupts somehow.
- In Nachos, since ints are disabled when you call sleep:
- Responsibility of the next thread to re-enable ints
- When the sleeping thread wakes up, returns to acquire and re-enables interrupts
- An important point about structuring code:
- In Nachos code you will see lots of comments about assumptions made concerning when interrupts disabled
- This is an example of where modifications to and assumptions about program state can’t be localized within a small body of code
- In these cases it is possible for your program to eventually “acquire” bugs as people modify code
- Other cases where this will be a concern?
- What about exceptions that occur after lock is acquired? Who releases the lock?
mylock.acquire();
a = b / 0;
mylock.release()- many languages have ways of handling non-local exits. Basically situations where you get an exception kind of in the mille of the code and you can arrange so that no matter what way you exit this code , you always execute release code.
- Problems with previous solution:
- Can’t give lock implementation to users
- you can't give interrupt disable to the user.
- they will lock up the machine.
- Doesn’t work well on multiprocessor
- Disabling interrupts on all processors requires messages and would be very time consuming
- Can’t give lock implementation to users
- Alternative: atomic instruction sequences
- These instructions read a value from memory and write a new value atomically
- Hardware is responsible for implementing this correctly
- on both uniprocessors (not too hard)
- and multiprocessors (requires help from cache coherence protocol)
- that is enough to build locks.
- Unlike disabling interrupts, can be used on both uniprocessors and multiprocessors
test&set (&address) { /* most architectures */
result = M[address];
M[address] = 1;
return result;
}
swap (&address, register) { /* x86 */
temp = M[address];
M[address] = register;
register = temp;
}
compare&swap (&address, reg1, reg2) { /* 68000 */
if (reg1 == M[address]) {
M[address] = reg2;
return success;
} else {
return failure;
}
}
load-linked&store conditional(&address) {
/* R4000, alpha */
loop:
ll r1, M[address];
movi r2, 1; /* Can do arbitrary comp */
sc r2, M[address];
beqz r2, loop;
}
- those combinations are enough sufficiently that we can build locks out of them
- Another flawed, but simple solution:
int value = 0; // Free
Acquire() {
while (test&set(value)); // while busy
}
Release() {
value = 0;
}
- Simple explanation:
- If lock is free, test&set reads 0 and sets value=1, so lock is now busy. It returns 0 so while exits.
- If lock is busy, test&set reads 1 and sets value=1 (no change). It returns 1, so while loop continues
- When we set value = 0, someone else can get lock
- Busy-Waiting: thread consumes cycles while waiting
- Positives for this solution
- Machine can receive interrupts
- User code can use this lock
- Works on a multiprocessor
- Negatives
- This is very inefficient because the busy-waiting thread will consume cycles waiting
- Waiting thread may take cycles away from thread holding lock (no one wins!)
- Priority Inversion: If busy-waiting thread has higher priority than thread holding lock => no progress!
- Priority Inversion problem with original Martian rover
- For semaphores and monitors, waiting thread may wait for an arbitrary length of time!
- Thus even if busy-waiting was OK for locks, definitely not ok for other primitives
- Homework/exam solutions should not have busy-waiting!
- Can we build test&set locks without busy-waiting?
- Can’t entirely, but can minimize
- Idea: only busy-wait to atomically check lock value
- 有对象获取锁后,guard 会置为0,其他对象再次尝试获取锁时,如果锁没还有被释放,会sleep()
int guard = 0;
int value = FREE;
Acquire() {
// Short busy-wait time
while (test&set(guard));
if (value == BUSY) {
put thread on wait queue;
go to sleep() & guard = 0;
} else {
value = BUSY;
guard = 0;
}
}
Release() {
// Short busy-wait time
while (test&set(guard));
if anyone on wait queue {
take thread off wait queue
Place on ready queue;
} else {
value = FREE;
}
guard = 0;
}
- Note: sleep has to be sure to reset the guard variable
- Why can’t we do it just before or just after the sleep?
- Goal of last couple of lectures:
- What is the right abstraction for synchronizing threads that share memory?
- locks are kind of the lowest level primitive that we could ask for. and they don't really do a lot of things cleanly.
- Want as high a level primitive as possible
- What is the right abstraction for synchronizing threads that share memory?
- Good primitives and practices important!
- Since execution is not entirely sequential, really hard to find bugs, since they happen rarely
- UNIX is pretty stable now, but up until about mid-80s (10 years after started), systems running UNIX would crash every week or so – concurrency bugs
- Synchronization is a way of coordinating multiple concurrent activities that are using shared state
- This lecture and the next presents a couple of ways of structuring the sharing
- Semaphores are a kind of generalized lock
- First defined by Dijkstra in late 60s
- Main synchronization primitive used in original UNIX
- Semaphores are really named after the notion of kind of the stop lights that are on train tracks
- Definition: a Semaphore has a non-negative integer value and supports the following two operations:
- P(): an atomic operation that waits for semaphore to become positive, then decrements it by 1
- Think of this as the wait() operation
- V(): an atomic operation that increments the semaphore by 1, waking up a waiting P, if any
- This of this as the signal() operation
- Only time can set integer directly is at initialization time
- Note that P() stands for “proberen” (to test) and V() stands for “verhogen” (to increment) in Dutch
- P(): an atomic operation that waits for semaphore to become positive, then decrements it by 1
- Semaphores are like integers, except
- No negative values
- Only operations allowed are P and V – can’t read or write value, except to set it initially
- Operations must be atomic
- Two P’s together can’t decrement value below zero
- Similarly, thread going to sleep in P won’t miss wakeup from V – even if they both happen at same time
- Semaphore from railway analogy
- Here is a semaphore initialized to 2 for resource control:
- Mutual Exclusion (initial value = 1)
- Also called “Binary Semaphore”.
- Can be used for mutual exclusion:
- semaphore.P();
- // Critical section goes here
- semaphore.V();
- Mutex
- Scheduling Constraints (initial value = 0)
- Locks are fine for mutual exclusion, but what if you want a thread to wait for something?
- Example: suppose you had to implement ThreadJoin which must wait for thread to terminiate:
Initial value of semaphore = 0
ThreadJoin {
semaphore.P();
}
ThreadFinish {
semaphore.V();
}
- Problem Definition
- Producer puts things into a shared buffer
- Consumer takes them out
- Need synchronization to coordinate producer/consumer
- Don’t want producer and consumer to have to work in lockstep, so put a fixed-size buffer between them
- Need to synchronize access to this buffer
- Producer needs to wait if buffer is full
- Consumer needs to wait if buffer is empty
- Example 1: GCC compiler
- cpp | cc1 | cc2 | as | ld
- Example 2: Coke machine
- Producer can put limited number of cokes in machine
- Consumer can’t take cokes out if machine is empty
- Correctness Constraints:
- Consumer must wait for producer to fill buffers, if none full (scheduling constraint)
- Producer must wait for consumer to empty buffers, if all full (scheduling constraint)
- Only one thread can manipulate buffer queue at a time (mutual exclusion)
- Remember why we need mutual exclusion
- Because computers are stupid
- Imagine if in real life: the delivery person is filling the machine and somebody comes up and tries to stick their money into the machine
- General rule of thumb: Use a separate semaphore for each constraint
- Semaphore fullBuffers; // consumer’s constraint
- Semaphore emptyBuffers;// producer’s constraint
- Semaphore mutex; // mutual exclusion
Semaphore fullBuffer = 0; // Initially, no coke
Semaphore emptyBuffers = numBuffers;
// Initially, num empty slots
Semaphore mutex = 1; // No one using machine
Producer(item) {
emptyBuffers.P(); // Wait until space
mutex.P(); // Wait until buffer free
Enqueue(item);
mutex.V();
fullBuffers.V(); // Tell consumers there is more coke
}
Consumer() {
fullBuffers.P(); // Check if there’s a coke
mutex.P(); // Wait until machine free
item = Dequeue();
mutex.V();
emptyBuffers.V(); // tell producer need more
return item;
}
- Why asymmetry?
- Producer does: emptyBuffer.P(), fullBuffer.V()
- Consumer does: fullBuffer.P(), emptyBuffer.V()
- Is order of P’s important? Yes! can cause deadlock
- might sleep with lock
- Is order of V’s important? No.
- it might affect scheduling efficiency.
- What if we have 2 producers or 2 consumers?
- Do we need to change anything? No.It works.
- Semaphores are a huge step up; just think of trying to do the bounded buffer with only loads and stores
- Problem is that semaphores are dual purpose:
- They are used for both mutex and scheduling constraints
- Example: the fact that flipping of P’s in bounded buffer gives deadlock is not immediately obvious. How do you prove correctness to someone?
- Problem is that semaphores are dual purpose:
- Cleaner idea: Use locks for mutual exclusion and condition variables for scheduling constraints
- Definition: Monitor: a lock and zero or more condition variables for managing concurrent access to shared data
- Some languages like Java provide this natively
- Most others use actual locks and condition variables
- Monitor is a programming style or paradigm for building synchronization. It's a pattern.
Basically a monitor with condition variable looks kind of this. Our conditon variables each represent queues to have things sleep on it , and the lock is kind of like the entry queue.
The lock provides mutual exclusion to get in and deal with the condition variables . and the conditional variables are queues of threads waiting inside critical section.
- Lock: the lock provides mutual exclusion to shared data
- Always acquire before accessing shared data structure
- Always release after finishing with shared data
- Lock initially free
- Condition Variable: a queue of threads waiting for something inside a critical section
- Key idea: make it possible to go to sleep inside critical section by atomically releasing lock at time we go to sleep
- Contrast to semaphores: Can’t wait inside critical section
- lock 保护 sharedata, sharedata 控制访问限制
- Here is an (infinite) synchronized queue
Lock lock;
Condition dataready;
Queue queue;
AddToQueue(item) {
lock.Acquire(); // Get Lock
queue.enqueue(item); // Add item
dataready.signal(); // Signal any waiters
lock.Release(); // Release Lock
}
RemoveFromQueue() {
lock.Acquire(); // Get Lock
while (queue.isEmpty()) {
dataready.wait(&lock); // If nothing, sleep
}
item = queue.dequeue(); // Get next item
lock.Release(); // Release Lock
return(item);
}
- this is a very good single condition variable pattern for you guys to think about.
- notic how we go to sleep with the lock acquired we wake up and we think about this is when we wake up we have the lock still.
- Important concept: Atomic Operations
- An operation that runs to completion or not at all
- These are the primitives on which to construct various synchronization primitives
- Talked about hardware atomicity primitives:
- Disabling of Interrupts, test&set, swap, comp&swap, load-linked/store conditional
- Showed several constructions of Locks
- Must be very careful not to waste/tie up machine resources
- Shouldn’t disable interrupts for long
- Shouldn’t spin wait for long
- Key idea: Separate lock variable, use hardware mechanisms to protect modifications of that variable
- Must be very careful not to waste/tie up machine resources
- Talked about Semaphores, Monitors, and Condition Variables
- Higher level constructs that are harder to “screw up”
- Continue with Synchronization Abstractions
- Monitors and condition variables
- Readers-Writers problem and solutoin
- Language Support for Synchronization
Lock lock;
Queue queue;
AddToQueue(item) {
lock.Acquire(); // Lock shared data
queue.enqueue(item); // Add item
lock.Release(); // Release Lock
}
RemoveFromQueue() {
lock.Acquire(); // Lock shared data
item = queue.dequeue();// Get next item or null
lock.Release(); // Release Lock
return(item); // Might return null
}
- Not very interesting use of “Monitor”
- It only uses a lock with no condition variables
- Cannot put consumer to sleep if no work!
- How do we change the RemoveFromQueue() routine to wait until something is on the queue?
- Could do this by keeping a count of the number of things on the queue (with semaphores), but error prone
- Condition Variable: a queue of threads waiting for something inside a critical section
- Key idea: allow sleeping inside critical section by atomically releasing lock at time we go to sleep
- Contrast to semaphores: Can’t wait inside critical section
- semaphore will deadlock
- Operations:
- Wait(&lock): Atomically release lock and go to sleep. Re-acquire lock later, before returning
- Signal(): Wake up one waiter, if any
- Broadcast(): Wake up all waiters
- Rule: Must hold lock when doing condition variable ops!
- In Birrell paper, he says can perform signal() outside of lock – IGNORE HIM (this is only an optimization)
Lock lock;
Condition dataready;
Queue queue;
AddToQueue(item) {
lock.Acquire(); // Get Lock
queue.enqueue(item); // Add item
dataready.signal(); // Signal any waiters
lock.Release(); // Release Lock
}
RemoveFromQueue() {
lock.Acquire(); // Get Lock
while (queue.isEmpty()) {
dataready.wait(&lock); // If nothing, sleep
}
item = queue.dequeue(); // Get next item
lock.Release(); // Release Lock
return(item);
}
- wait() puts you to sleep and releases the lock
- and before you ever exit wait(), it re-aquire the lock
- that magic is inside of implementation of the condition variable
- Need to be careful about precise definition of signal and wait. Consider a piece of our dequeue code:
- why didn't we replace
whilewithif?
- why didn't we replace
while (queue.isEmpty()) {
dataready.wait(&lock); // If nothing, sleep
}
item = queue.dequeue(); // Get next item
- Answer: depends on the type of scheduling
- Hoare-style (most textbooks):
- Signaler gives lock, CPU to waiter; waiter runs immediately
- Waiter gives up lock, processor back to signaler when it exits critical section or if it waits again
- Mesa-style (Nachos, most real operating systems):
- better idea: what the Singaler does is rather than giving the lock to somebody immediately it just basically takes some of them walking up , puts them on the ready queue.
- Signaler keeps lock and processor
- Waiter placed on ready queue with no special priority
- Practically, need to check condition again after wait
- Hoare-style (most textbooks):
compare&swap (&address, reg1, reg2) { /* 68000 */
if (reg1 == M[address]) {
M[address] = reg2;
return success;
} else {
return failure;
}
}
- Here is an atomic add to linked-list function:
addToQueue(&object) {
do { // repeat until no conflict
ld r1, M[root] // Get ptr to current head
st r1, M[object] // Save link in new object
} until (compare&swap(&root,r1,object));
}
- 虚线的链接,是不停尝试的部分
- 确保没有其他人修改 root的情况下,插入 新节点
- Motivation: Consider a shared database
- Two classes of users:
- Readers – never modify database
- Writers – read and modify database
- Is using a single lock on the whole database sufficient?
- Like to have many readers at the same time
- Only one writer at a time
- Two classes of users:
- Correctness Constraints:
- Readers can access database when no writers
- Writers can access database when no readers or writers
- Only one thread manipulates state variables at a time
- Basic structure of a solution:
- Reader()
- Wait until no writers
- Access data base
- Check out – wake up a waiting writer
- Writer()
- Wait until no active readers or writers
- Access database
- Check out – wake up waiting readers or writer
- State variables (Protected by a lock called “lock”):
- int AR: Number of active readers; initially = 0
- int WR: Number of waiting readers; initially = 0
- int AW: Number of active writers; initially = 0
- int WW: Number of waiting writers; initially = 0
- Condition okToRead = NIL
- Conditioin okToWrite = NIL
- Reader()
Reader() {
// First check self into system
lock.Acquire();
while ((AW + WW) > 0) { // Is it safe to read?
WR++; // No. Writers exist
okToRead.wait(&lock); // Sleep on cond var
WR--; // No longer waiting
}
AR++; // Now we are active!
lock.release(); // question 1: why release the lock here ?
// Perform actual read-only access
AccessDatabase(ReadOnly);
// Now, check out of system
lock.Acquire();
AR--; // No longer active
if (AR == 0 && WW > 0) // No other active readers
okToWrite.signal(); // Wake up one writer
lock.Release();
}
whileis to ensure re-checking after waking up- PS. ++ , -- are not atomic
- qestion 1: someone else can read.
Writer() {
// First check self into system
lock.Acquire();
while ((AW + AR) > 0) { // Is it safe to write?
WW++; // No. Active users exist
okToWrite.wait(&lock); // Sleep on cond var
WW--; // No longer waiting
}
AW++; // Now we are active!
lock.release(); // question 1: why release the lock here ?
// Perform actual read/write access
AccessDatabase(ReadWrite);
// Now, check out of system
lock.Acquire();
AW--; // No longer active
if (WW > 0){ // Give priority to writers
okToWrite.signal(); // Wake up one writer
} else if (WR > 0) { // Otherwise, wake reader
// question 2: why broadcast() here instead of signal() ?
okToRead.broadcast(); // Wake all readers
}
lock.Release();
}
- question 1: make sure that the reader code can actually at least get in there and generaate waiting readers on the reader code
- that is a general rule if you can set up your monitors so that you're not holding the lock for a huge period of time but rather for kind of the minimum that's required.
- it's probably a bettern programming style
- question 2: we'd like every reader to be able to wake up.
- put all of them on to the ready queue
- but only one at a time because only one can wake up with the lock
- What if we erase the condition check in Reader exit?
if (AR == 0 && WW > 0)- that is, always call
okToWrite.signal();when exiting. - It still works.
- Further, what if we turn the signal() into broadcast()
- It works. But this is bad code because you're wasting time waking things up only to put them back to sleep again.
- Finally, what if we use only one condition variable (call it “okToContinue”) instead of two separate ones?
- Both readers and writers sleep on this variable
- Must use broadcast() instead of signal()
- Locking aspect is easy: Just use a mutex
- Can we implement condition variables this way?
Wait() { semaphore.P(); }Signal() { semaphore.V(); }- No. semaphores can’t wait inside critical section. It will dead lock
- Does this work better?
Wait(Lock lock) {
lock.Release();
semaphore.P();
lock.Acquire();
}
Signal() { semaphore.V(); }
- No! Condition vars have no histroy , semaphores have history:
- What if thread signals and no one is waiting ?
- you could have a loop that signals for a thousand times.
- What if thread later waits ?
- if I've done a whole bunch of signals and I do a wait. What happens ?
- Decrement and continue
- What if thread signals and no one is waiting ?
- Problem with previous try:
- P and V are commutative – result is the same no matter what order they occur
- Condition variables are NOT commutative
- Does this fix the problem?
Wait(Lock lock) {
lock.Release();
semaphore.P();
lock.Acquire();
}
Signal() {
if semaphore queue is not empty
semaphore.V();
}
- Does this fix the problem?
- Not legal to look at contents of semaphore queue
- There is a race condition – signaler can slip in after lock release and before waiter executes semaphore.P()
- It is actually possible to do this correctly
- Complex solution for Hoare scheduling in book
- Can you come up with simpler Mesa-scheduled solution?
- Yes you can. But you can't do it quite like this.
- Monitors represent the logic of the program
- Wait if necessary
- Signal when change something so any waiting threads can proceed
- Basic structure of monitor-based program:
- Languages with exceptions like C++
- Languages that support exceptions are problematic (easy to make a non-local exit without releasing lock)
- Consider
void Rtn() {
lock.acquire();
…
DoFoo();
…
lock.release();
}
void DoFoo() {
…
if (exception) throw errException;
…
}
- Notice that an exception in DoFoo() will exit without releasing the lock
- Must catch all exceptions in critical sections
- Catch exceptions, release lock, and re-throw exception:
void Rtn() {
lock.acquire();
try {
…
DoFoo();
…
} catch (…) { // catch exception
lock.release(); // release lock
throw; // re-throw the exception
}
lock.release();
}
void DoFoo() {
…
if (exception) throw errException;
…
}
Even Better: auto_ptr<T> facility. See C++ spec- Can deallocate/free lock regardless of exit method
- Java has explicit support for threads and thread synchronization
- Bank Account example:
class Account {
private int balance;
// object constructor
public Account (int initialBalance) {
balance = initialBalance; }
public synchronized int getBalance() {
return balance; }
public synchronized void deposit(int amount) {
balance += amount;
}
}
- Every object has an associated lock which gets automatically acquired and released on entry and exit from a synchronized method.
- Java also has synchronized statements:
synchronized (object) {
…
}
- Since every Java object has an associated lock, this type of statement acquires and releases the object’s lock on entry and exit of the body
- Works properly even with exceptions:
synchronized (object) {
…
DoFoo();
…
}
void DoFoo() {
throw errException;
}
- In addition to a lock, every object has a single condition variable associated with it
- How to wait inside a synchronization method of block:
- void wait(long timeout); // Wait for timeout
- void wait(long timeout, int nanoseconds); //variant
- void wait();
- How to signal in a synchronized method or block:
- void notify();
- void notifyAll();
- Condition variables can wait for a bounded length of time. This is useful for handling exception cases:
- How to wait inside a synchronization method of block:
t1 = time.now();
while (!ATMRequest()) {
wait (CHECKPERIOD);
t2 = time.new();
if (t2 – t1 > LONG_TIME) checkMachine();
}
- Not all Java VMs equivalent!
- Different scheduling policies, not necessarily preemptive!
- Semaphores: Like integers with restricted interface
- Two operations:
- P(): Wait if zero; decrement when becomes non-zero
- V(): Increment and wake a sleeping task (if exists)
- Can initialize value to any non-negative value
- Use separate semaphore for each constraint
- Two operations:
- Monitors: A lock plus one or more condition variables
- Always acquire lock before accessing shared data
- Use condition variables to wait inside critical section
- Three Operations: Wait(), Signal(), and Broadcast()
- Readers/Writers
- Readers can access database when no writers
- Writers can access database when no readers
- Only one thread manipulates state variables at a time
- Language support for synchronization:
- Java provides synchronized keyword and one condition- variable per object (with wait() and notify())
- Language Support for Synchronization
- Discussion of Deadlocks
- Conditions for its occurrence
- Solutions for breaking and avoiding deadlock
- Resources – passive entities needed by threads to do their work
- CPU time, disk space, memory
- Two types of resources:
- Preemptable – can take it away
- CPU, Embedded security chip
- Non-preemptable – must leave it with the thread
- Disk space, plotter, chunk of virtual address space
- Mutual exclusion – the right to enter a critical section
- Preemptable – can take it away
- Resources may require exclusive access or may be sharable
- Read-only files are typically sharable
- Printers are not sharable during time of printing
- One of the major tasks of an operating system is to manage resources
- Starvation vs. Deadlock
- Starvation: thread waits indefinitely
- Example, low-priority thread waiting for resources constantly in use by high-priority threads
- Deadlock: circular waiting for resources
- a very specific type of starvation in which you have a circular waiting for resources
- Thread A owns Res 1 and is waiting for Res 2
- Thread B owns Res 2 and is waiting for Res 1
- Deadlock => Starvation but not vice versa
- Starvation can end (but doesn’t have to)
- Deadlock can’t end without external intervention
- Starvation: thread waits indefinitely
- Deadlock not always deterministic – Example 2 mutexes:
Thread A Thread B
x.P(); y.P();
y.P(); x.P();
y.V(); x.V();
x.V(); y.V();
- Deadlock won’t always happen with this code
- Have to have exactly the right timing (“wrong” timing?)
- Deadlocks occur with multiple resources
- Means you can’t decompose the problem
- Can’t solve deadlock for each resource independently
- Example: System with 2 disk drives and two threads
- Each thread needs 2 disk drives to function
- Each thread gets one disk and waits for another one
- Each segment of road can be viewed as a resource
- Car must own the segment under them
- Must acquire segment that they are moving into
- For bridge: must acquire both halves
- Traffic only in one direction at a time
- Problem occurs when two cars in opposite directions on bridge: each acquires one segment and needs next
- If a deadlock occurs, it can be resolved if one car backs up (preempt resources and rollback)
- Several cars may have to be backed up
- Starvation is possible
- East-going traffic really fast => no one goes west
- Circular dependency (Deadlock!)
- Each train wants to turn right
- Blocked by other trains
- Similar problem to multiprocessor networks
- Fix? Imagine grid extends in all four directions
- Force ordering of channels (tracks)
- Protocol: Always go east-west first, then north-south
- Called “dimension ordering” (X then Y)
- Force ordering of channels (tracks)
- Five chopsticks/Five lawyers (really cheap restaurant)
- Free-for all: Lawyer will grab any one they can
- Need two chopsticks to eat
- What if all grab at same time?
- Deadlock!
- How to fix deadlock?
- Make one of them give up a chopstick (Hah!)
- Eventually everyone will get chance to eat
- How to prevent deadlock?
- Never let lawyer take last chopstick if no hungry lawyer has two chopsticks afterwards
- Mutual exclusion
- Only one thread at a time can use a resource
- Hold and wait
- Thread holding at least one resource is waiting to acquire additional resources held by other threads
- No preemption
- Resources are released only voluntarily by the thread holding the resource, after thread is finished with it
- Circular wait
- There exists a set {T₁, …, Tn} of waiting threads
- T₁ is waiting for a resource that is held by T₂
- T₂ is waiting for a resource that is held by T₃
- ...
- Tn is waiting for a resource that is held by T₁
- There exists a set {T₁, …, Tn} of waiting threads
- System Model
- A set of Threads T₁, T₂, . . ., Tn
- Resource types R₁, R₂, . . ., Rm
- CPU cycles, memory space, I/O devices
- Each resource type Rᵢ has Wᵢ instances
- Each thread utilizes a resource as follows:
- Request() / Use() / Release()
- Resource-Allocation Graph:
- V is partitioned into two types:
- T = { T₁, T₂, . . ., Tn } , the set threads in the system
- R = { R₁, R₂, . . ., Rm } , the set of resource types in system
- request edge – directed edge Tᵢ → Rⱼ
- assignment edge – directed edge Rⱼ → Tᵢ
- V is partitioned into two types:
- resources are represented by rectangles
- dots inside rectagles are the number of equivalent resources in the system.
- R₁ is one of them
- R₂ is 3 of them. When I say I need R₂ I don't really care which 1 I get.
- dots inside rectagles are the number of equivalent resources in the system.
- Recall:
- request edge – directed edge Tᵢ → Rⱼ
- assignment edge – directed edge Rⱼ → Tᵢ
- Allow system to enter deadlock and then recover
- Requires deadlock detection algorithm
- Some technique for forcibly preempting resources and/or terminating tasks
- Ensure that system will never enter a deadlock
- Need to monitor all lock acquisitions
- Selectively deny those that might lead to deadlock
- Ignore the problem and pretend that deadlocks never occur in the system
- Used by most operating systems, including UNIX
- Only one of each type of resource => look for loops
- More General Deadlock Detection Algorithm
- Let [X] represent an m-ary vector of non-negative integers (quantities of resources of each type):
[FreeResources]: Current free resources each type
[Request_x]: Current requests from thread X
[Alloc_x]: Current resources held by thread X
- See if tasks can eventually terminate on their own
[Avail] = [FreeResources]
Add all nodes to UNFINISHED
do {
done = true
Foreach node in UNFINISHED {
if ([Request_node] <= [Avail]) {
remove node from UNFINISHED
[Avail] = [Avail] + [Alloc_node]
done = false
}
}
} until(done)
- Nodes left in UNFINISHED => deadlocked
- Starvation vs. Deadlock
- Starvation: thread waits indefinitely
- Deadlock: circular waiting for resources
- Four conditions for deadlocks
- Mutual exclusion
- Hold and wait
- No preemption
- Circular wait
- Techniques for addressing Deadlock
- Allow system to enter deadlock and then recover
- Ensure that system will never enter a deadlock
- Ignore the problem and pretend that deadlocks never occur in the system
- Deadlock detection
- Attempts to assess whether waiting graph can ever
- make progress
- Next Time: Deadlock prevention
- Assess, for each allocation, whether it has the potential to lead to deadlock
- Banker’s algorithm gives one way to assess this
- Preventing Deadlock
- Scheduling Policy goals
- Policy Options
- Implementation Considerations
- Terminate thread, force it to give up resources
- In Bridge example, Godzilla picks up a car, hurls it into the river. Deadlock solved!
- Shoot a dining lawyer
- But, not always possible – killing a thread holding a mutex leaves world inconsistent
- Preempt resources without killing off thread
- Take away resources from thread temporarily
- Doesn’t always fit with semantics of computation
- for instance, a resource might be a lock in a critical section if we preempt that lock, suddenly there might be two threads in the critical section and then we've got bad computation. Because the whole point of the resource there in the case of lock was to make correct computation.
- Roll back actions of deadlocked threads
- Hit the rewind button on TiVo, pretend last few minutes never happened
- For bridge example, make one car roll backwards (may require others behind him)
- Common technique in databases (transactions)
- Of course, if you restart in exactly the same way, may reenter deadlock once again
- Many operating systems use other options
- Infinite resources
- Include enough resources so that no one ever runs out of resources. Doesn’t have to be infinite, just large
- Give illusion of infinite resources (e.g. virtual memory)
- Examples:
- Bay bridge with 12,000 lanes. Never wait!
- Infinite disk space (not realistic yet?)
- No Sharing of resources (totally independent threads)
- Not very realistic
- Don’t allow waiting
- How the phone company avoids deadlock
- Call to your Mom in Toledo, works its way through the phone lines, but if blocked get busy signal.
- Technique used in Ethernet/some multiprocessor nets
- Everyone speaks at once. On collision, back off and retry
- Inefficient, since have to keep retrying
- Consider: driving to San Francisco; when hit traffic jam, suddenly you’re transported back home and told to retry!
- How the phone company avoids deadlock
- Make all threads request everything they’ll need at the beginning.
- Problem: Predicting future is hard, tend to overestimate resources
- Example:
- If need 2 chopsticks, request both at same time
- Don’t leave home until we know no one is using any intersection between here and where you want to go; only one car on the Bay Bridge at a time
- Force all threads to request resources in a particular order preventing any cyclic use of resources
- Thus, preventing deadlock
- Example
- Make tasks request disk, then memory, then…
- Keep from deadlock on freeways around SF by requiring everyone to go clockwise
- Toward right idea:
- State maximum resource needs in advance
- 事先计算最多需要多少资源
- Allow particular thread to proceed if:
- (available resources - #requested) >= max remaining that might be needed by any thread
- 总保证剩下的资源 大于等于 最大需求
- why there is no deadlock if I follows this rules.
- for instance, there were 3 resources left, I took 2 of them , and there is only 1 left
- it doesn't necessarily have to be that nobody needs more than one
- all we need to make sure is that somebody can still finish and put enough back that everybody can finish.
- it is over conservative
- State maximum resource needs in advance
- Banker’s algorithm (less conservative):
- Allocate resources dynamically
- Evaluate each request and grant if some ordering of threads is still deadlock free afterward
- recalculate graph , take this graph , run it through the deadlock detection algorithm . Does it have a deadlock ? No. okey , you can have it.
- Technique: pretend each request is granted, then run deadlock detection algorithm, substituting ([Max_node]-[Alloc_node] ≤ [Avail]) for ([Request_node] ≤ [Avail]) Grant request if result is deadlock free (conservative!)
- Keeps system in a “SAFE” state, i.e. there exists a sequence {T₁, T₂, … Tn} with T₁ requesting all remaining resources, finishing, then T₂ requesting all remaining resources, etc..
- Evaluate each request and grant if some ordering of threads is still deadlock free afterward
- Algorithm allows the sum of maximum resource needs of all current threads to be greater than total resources
- Allocate resources dynamically
- Banker’s algorithm with dining lawyers
- “Safe” (won’t cause deadlock) if when try to grab chopstick either:
- Not last chopstick
- Is last chopstick but someone will have two afterwards
- What if k-handed lawyers? Don’t allow if:
- It’s the last one, no one would have k
- It’s 2nd to last, and no one would have k-1
- It’s 3rd to last, and no one would have k-2
- ...
- “Safe” (won’t cause deadlock) if when try to grab chopstick either:
- Four conditions required for deadlocks
- Mutual exclusion
- Only one thread at a time can use a resource
- Hold and wait
- Thread holding at least one resource is waiting to acquire additional resources held by other threads
- No preemption
- Resources are released only voluntarily by the threads
- Circular wait
- ∃ set { T1, …, Tn} of threads with a cyclic waiting pattern
- Mutual exclusion
- Deadlock detection
- Attempts to assess whether waiting graph can ever make progress
- Deadlock prevention
- Assess, for each allocation, whether it has the potential to lead to deadlock
- Banker’s algorithm gives one way to assess this