chapter 10: mutual exclusion
DESCRIPTION
Chapter 10: Mutual Exclusion. Distributed Algorithms Nancy A. Lynch Presented By: R. Whittlesey-Harris. Contents. Introduction Asynchronous Shared Memory Model Mutual Exclusion Problem Dijkstra’s Algorithm Stronger Conditions Lockout-Free ME Algorithms. Introduction. - PowerPoint PPT PresentationTRANSCRIPT
Chapter 10: Mutual Exclusion
Distributed AlgorithmsNancy A. Lynch
Presented By: R. Whittlesey-Harris
04/19/23 2
Contents Introduction Asynchronous Shared Memory Model Mutual Exclusion Problem Dijkstra’s Algorithm Stronger Conditions Lockout-Free ME Algorithms
04/19/23 3
Introduction Asynchronous algorithms differ from
synchronous algorithms in that they must handle uncertainty due to asynchrony and distribution
The Mutual Exclusion problem exists in both centralized and distributed OSs.
04/19/23 4
Introduction This chapter presents several
mutual exclusion algorithms for the read/write shared memory model
A Lower Bound is given for the number of read/write shared variables required to solve the problem
04/19/23 5
Introduction Upper and Lower bound results are
provided for the case of shared variables that are read-modify-write
04/19/23 6
Asynchronous Shared Memory Model The system has a collection of processes
(1..n) and shared variables Each process i is some form of state machine
with a set statei of states and a subset starti of statesi that indicate the start states
Process i has labeled actions which describe the activities for which it participates
• Actions are classified as, input, output, or internal• Internal actions are classified as
• Those that involve a single shared memory variable• Those that involve the local computation only
04/19/23 7
Asynchronous Shared Memory Model Add Figure 10.1
04/19/23 8
Asynchronous Shared Memory Model Since there are no messages in this
model, there are no message-generation functions
The system transition relation, trans, is a set of triples, (s, ,s’), where s and s’ are automaton states Combination of states for all processes and
values for all the shared variables, called “automaton states”
is the label of an input, output or internal action
04/19/23 9
Asynchronous Shared Memory Model
(s, , s’) trans • From automaton state s, it is possible to go to
automaton state s’ as a result of performing action The model allows for non-determinism
(for convenience) System is input-enabled
Input actions can always occur Controlled by an arbitrary external user
Output and internal steps may be enabled only in a subset of states Controlled by the system itself
04/19/23 10
Asynchronous Shared Memory Model Locality restrictions are placed on the set
of transitions For transitions that don’t involve shared
memory, the state of the process that performs the action is the only involved
For transitions that involve a process i, and a shared variable x, only the state of process i and the value of x are involved
Enabling of a shared memory action depends only on the process state and not the value of the shared variable accessed
04/19/23 11
Asynchronous Shared Memory Model
Resulting changes to the process state and the variable value may depend on the variable value
Shared variable steps are constrained to be either read or write Read step involves changing the process state
based on its previous state and the value in the variable read; however this variable does not change
Write step involves writing a designated value to a shared variable, overwriting what was there previous. It may also involve changing the process state
04/19/23 12
Asynchronous Shared Memory Model Processes take steps one at a time
in an arbitrary order Execution is formalized as an
alternating sequence, s0,1 ,s1, …., consisting of automaton states alternated with actions belonging to a particular process
May be finite or infinite
04/19/23 13
Asynchronous Shared Memory Model One exception to the arbitrariness in
the order of process steps exists It is not allowed for a process to stop
taking steps when it is supposed to be taking steps• When the process is in a state in which
some locally controlled action is enabled
04/19/23 14
Asynchronous Shared Memory Model
The fairness condition for this shared memory system is defined below, • For Process i, we assume one of the
following holds,• The entire execution is finite, and in the final
state no locally controlled action of process i is enabled
• The execution is infinite, and there are either infinitely many occurrences of locally controlled actions of I, ore else infinitely many places where no such action is enabled
04/19/23 15
Mutual Exclusion Problem Allocation of a single, indivisible, non-
shareable resource amongst n users, U1…Un
A user with access to the resource is modeled as being in the critical region, otherwise the user is in the remainder region
A user executes a trying protocol in order to gain access to its critical region
04/19/23 16
Mutual Exclusion Problem The exit protocol is executed after
the user is done with the resource The user moves in a cycle through
its remainder region (R) to its trying region (T) to its critical region (C) and then to its exit region (E) and then back again to (R) Figure 10.2 shows this cycle
04/19/23 17
Mutual Exclusion Problem Add Figure 10.2
04/19/23 18
Mutual Exclusion Problem Processes are numbered 1..n
corresponding to one user Ui
Inputs to process i are the tryi and exiti actions tryi models a request by user Ui for
access to a shared resource exiti models an announcement by user Ui
that it is done with the resource
04/19/23 19
Mutual Exclusion Problem Outputs of the process i are criti, and remi
Criti models the granting of the resource to Ui
Remi tells Ui that it can continue with the rest of its work
Try, crit, exit, and rem are the external actions of the system
The processes are responsible for performing the trying and exit protocols Each Process, i, acts as an agent on behalf of
user Ui
04/19/23 20
Mutual Exclusion Problem
Each user, Ui, 1 i n, is modeled as a state machine that communicates with its agent process using the tryi, criti, exiti, and remi actions
Figure 10.3 depicts the external interface (external signature)
04/19/23 21
Mutual Exclusion Problem Insert Figure 10.3
04/19/23 22
Mutual Exclusion Problem Assume that Ui obeys the cyclic region
protocol We define a sequence of tryi, criti, exiti and
remi action to be well-formed for user i if it is a prefix of the cyclically ordered sequence tryi, criti, exiti, remi, tryi,…
Ui is required to preserve the trace property (as defined in 8.5.4) defined by the set of sequences that are well-formed for user i
04/19/23 23
Mutual Exclusion Problem For executions that observe the cyclic order
of actions, we say that Ui is Initially in its remainder region in between any
remi event and the following tryi event In its trying region in between any tryi event and
the following criti event In its critical region in between any criti event and
the following exiti event• Ui should be thought of as being free to use the resource
at this time In its exit region in between any exiti event and
the following remi event
04/19/23 24
Mutual Exclusion Problem Add Figure 10.4
04/19/23 25
Mutual Exclusion Problem Let A be a shared memory system.
For A to solve the mutual exclusion problem, the combination of A and the users must satisfy the following conditions, Well-formedness: In any execution, and
for any I, the subsequence describing the interactions between Ui and A is well-formed for i
04/19/23 26
Mutual Exclusion Problem Mutual Exclusion: There is no reachable
system state (that is a combination of an automaton state for A and states for all the Ui) in which more than one user is in the critical region C
Progress: At any point in a fair execution1. (Progress for the trying region) If at least one user
is in T and no user is in C, then at some point some user enters C
2. (Progress for the exit region) If at least one user is in E, then at some later point some user enters R
04/19/23 27
Mutual Exclusion Problem Shared memory system A solves the
mutual exclusion problem provided that it solves the above for every collection of users
Progress condition assumes the system is far (all processes and users continue taking steps)
Fairness is not required for well-formedness and mutual exclusion Safety properties not liveness
04/19/23 28
Mutual Exclusion Problem Trace Properties (as defined in section
8.5.2) E.g., define trace property P, where sig(P)
has all the try, crit, exit, and rem actions as outputs and traces(P) is the set of sequences of these actions that satisfy the following conditions1. is well-formed for each i2. does not contain two crit events without an
intervening exit event
04/19/23 29
Mutual Exclusion Problem3. At any point in ,
(a) If some process’s last event is try and no process’s last event is crit, then there is a later crit event
(b) If some process’s last event is exit, then there is a later rem event
An equivalent restatement of the mutual exclusion problem is The requirement that all combinations B
of A with users, fairtraces(B) traces(P)
04/19/23 30
Mutual Exclusion Problem Shared Responsibility for progress
Responsibility does not rest only with the protocol (as given by the correctness conditions) but with the users as well• If user Ui gets the resource but never
returns it, the entire system grinds to a halt
04/19/23 31
Mutual Exclusion Problem Lockout
Progress as defined does not guarantee access to a shared resource
It is a “global” notion of progress• some user reaches its critical region
Restricting process activity A process within the shared memory system
can have a locally controlled action enabled only when its user is in the trying or exit regions
• A process can be actively engaged in executing the protocol only while it has active requests (each process is an agent for its user)
04/19/23 32
Mutual Exclusion Problem Read/write shared variables
Also known as registers In one step, a process can read or write a
single shared variable Two actions involving process i and register
x are1. (read) Process i reads register x and uses the
value read to modify the state of process i2. (write) Process i writes a value determined from
process i’s state to register x
04/19/23 33
Mutual Exclusion Problem Lemma 10.1
04/19/23 34
Mutual Exclusion Problem Proof:
Assume each user always returns the resource Let be a finite execution of B ending in s If process i is either in its trying or exit region
in state s and no locally controlled action of process i is enabled in s
• Then, no events involving i occur in any execution of B that extend
04/19/23 35
Mutual Exclusion Problem Let ’ be a fair execution of B that
extends in which no try events occur after the prefix • Repeated use of the progress assumption,
with the fact that users always return the resource, imply that process i must eventually perform either a criti or a remi action
• This contradicts the fact that ’ contains no further actions of i
04/19/23 36
Dijkstra’s Algorithm First mutual exclusion algorithm for
the asynchronous read/write shared memory model – developed in 1965
Algorithm called DijkstraME
04/19/23 37
Dijkstra’s Algorithm Add Algorithm
04/19/23 38
Dijkstra’s Algorithm Shared Variables
Multi-writer/multi-reader variable • turn {1..n} an integer
Single-writer/multi-read variable• flag(i), 1 i n – values from {0,1,2}• Writable by process i only, but readable by
all processes
04/19/23 39
Dijkstra’s Algorithm First Stage
Set flag = 1 Check turn repeatedly to see if turn=i If not & the current owner of turn is not
currently active, set turn=i and move to stage two
Second Stage Set flag = 2 Check that no other process is in stage 2 If no other process is in stage 2, get the critical
region, otherwise go to the first stage
04/19/23 40
Dijkstra’s Algorithm After leaving C, lower flag to 0
The state of each process should consist of the values of its local variables and some other information, including Temporary variables needed to remember
values just read from shared variables A program counter to say where the process is
in its code Temporary variables introduced by the flow of
control of the program (e.g., loop) A region designation, R ,T , C, or E
04/19/23 41
Dijkstra’s Algorithm Start state of each process should
consist of, Specified initial values for local
variables, Arbitrary values for temporary variables
and The program counter and region
designation indicating the remainder region
04/19/23 42
Dijkstra’s Algorithm Dijkstra’s algorithm has many
ambiguities which should be state explicitly in an automaton S.A. when a tryi action occurs, i’s
program counter should move to state L and i’s region designation should become T
04/19/23 43
Dijkstra’s Algorithm Dijkstra’s algorithm does not specify
which portions of the code comprise of indivisible steps (necessary for reasoning) Indivisible steps are,
• The try, crit, exit, and rem steps at the user interface,
• Writes and read to and from the shared variables, and
• Some local computations
04/19/23 44
Dijkstra’s Algorithm Note, the test for whether flag(turn)
= 0 does not require two separate reads since turn was just read and a local copy can be used
Dijkstra’s algorithm is rewritten to rid the code of the ambiguities
04/19/23 45
Dijkstra’s Algorithm Region designation R, T, C, and E are
encoded into the program counter• R corresponds to rem• T corresponds to set-flag-1, test-turn, test-
flag, set-turn, set-flag-2, check and leave-try
• C corresponds to crit; and• E corresponds to reset and leave-exit
Note that each code fragment is performed indivisibly
04/19/23 46
Dikstra’s Algorithm Add rewritten Algorithm
04/19/23 47
Dijkstra’s Algorithm Add rewritten algorithm
04/19/23 48
Dijkstra’s Algorithm Correctness Argument
Lemma 10.2: DijkstraME guarantees well-formedness for each user
Proof: Inspection of code shows that it preserves well-formedness for each user• By assumption, the users also preserve
well-formedness, theorem 8.11 implies that the system produces only well-formed sequences
04/19/23 49
Dijkstra’s Algorithm Lemma 10.3 DijkstraME satisfies mutual
exclusion Proof: Contradiction
• Assume that Ui and Uj, i j, are simultaneously in C in some reachable state
• Both processes i and j perform set-flag-2 steps before entering C
• Assume set-flag-2i comes first• Thus, flag(i) remains 2 until i leaves C which must be
after j enters C• Process j must test flag(i) and find it unequal to 2
before entering C, Contradiction
04/19/23 50
Dijkstra’s Algorithm Add Figure 10.5
04/19/23 51
Dijkstra’s Algorithm Lemma 10.4 DijkstraME guarantees progress Proof:
• Exit region: if in a fair execution, Ui is in E, then process i keeps taking steps. After at most 2 steps, process i will perform a remi action
• Trying region: Assume is a fair execution that reaches a point where there is at least one user in T and no user in C, and no user ever enter C
• Any process in E keeps taking steps and goes to R (leaving all processes in either T or R)
• Since there are only n processes in the system, at some point, no new processes enter T (no processes ever again change state)
04/19/23 52
Dijkstra’s Algorithm• Thus, has a suffix 1 in which there is a fixed
nonempty set of processes in T taking steps forever
• Call these processes contenders
• After at most a single step in 1, each contender i ensures that flag(i) 1 and remains 1 for the rest of 1
• Thus if turn is modified during 1 it is changed to a contender’s index
04/19/23 53
Dijkstra’s Algorithm Claim 10.5 In 1, turn eventually acquires a
contender’s index Proof: Assume the value of turn remains equal
to the index of a non-contender throughout 1
• If pci reaches test-turn (beginning of while loop) then i will set turn to i
• The only way i does not reach test-turn is if i succeeds in its checks of all other processes’s flags and proceeds to leave-try
• But, by assumption of 1, i does not reach C and therefore, check must fail taking i back to set-flag-1 where it proceeds to test-turn
04/19/23 54
Dijkstra’s Algorithm• In test-turn, i sets turn = i and since i is a
contender, this is a contradiction• Let 2 be a suffix of 1 in which the value of
turn is stabilized at some contender’s index, i
• Claim: In 2, any contender j i eventually ends up with its program counter looping forever in the while loop
• If it ever reaches check, since it does not reach C, it must eventually return to set-flag-1, but then will be stuck looping forever
• Turn = i j and flag(i) 0 throughout 2
04/19/23 55
Dijkstra’s Algorithm• Let 3 be a suffix of 2 in which all
contenders other than i loop forever between test-turn and test-flag
• All contenders other than i have there flag = 1 throughout 3
• In 3, process i has nothing to stand in the way of its reaching C
Add Figure 10.6
04/19/23 56
Dijkstra’s Algorithm Theorem 10.6 DijkstraME solves the
mutual exclusion problem Proof of Lemma 10.3
• Assertion 10.3.1: In any reachable system state |{i : pci = criti}| 1
• Prove as a consequences of assertions 10.3.2 and 10.3.3
• Assertion 10.3.2: In any reachable system state, if pci {leave-try, crit, reset}, then |Si| = n
• Assertion 10.3.3: In any reachable system state, there do not exist i and j, i j, such that i Sj and j Si
04/19/23 57
Dijkstra’s Algorithm• Assume, for contradiction, there are two distinct
processes, i and j, in some reachable system state, s.t. pci = pcj = crit
• By Assertion 10.3.2, |Si| = |Sj| = n
• Then j Si and i Sj which contradicts Assertion 10.3.3
• Assertion 10.3.2 is proved by induction• All processes are in R in the initial state• Inductive Step: 1. consider all the types of actions one at a time. 2. Only steps that could cause a violation are those
that cause pci to enter the set of listed values and those that reset Si to (checki, reseti)
04/19/23 58
Dijkstra’s Algorithm• For checki, the only the contradiction pci
{leave-try, crit, reset} is true after the step is if |Si| = n
• For reseti, the process leaves the indicated set of values after the step so the statement is true vacuously
• Assertion 10.3.3 is proved by three additional assertions,
• Assertion 10.3.4: In any reachable system state, if Si , then pci {check, leave-try, crit, reset}• Si in the initial system state
04/19/23 59
Dijkstra’s Algorithm• Inductive Step:1.Only events that can cause a violation of this
statement are events that cause Si to become unequal to and events that cause pci to leave the set of listed values {set-flag-2, checki, reseti}
• However, set-flag-2 sets pci = check
• When checki causes pci to leave the set of listed values it also sets Si =
• Thus all these events preserve the condition
04/19/23 60
Dijkstra’s Algorithm• Assertion 10.3.5: In any reachable system state, if pci
{check, leave-try, crit, reset}, then flag(i) = 2• Proved by induction on the length of an
execution as well• It follows that,• Assertion 10.3.6: In any reachable system state, if Si
, then flag(i) = 2• Assertion 10.3.3 is proved by induction on the length
of an execution.• All sets, Si = • Inductive Step:1. The only event that could cause a violation is one
that adds an element j to Si for some i and j, i j; check(j)i for some i and j, i j
04/19/23 61
Dijkstra’s Algorithm• Consider case where j gets added to Si as a result
of a check(j)i event; it must follow that flag(j) 2 when this event occurs
• However, Assertion 10.3.6 implies that Sj = , so i Sj
Running Time An upper bound on the time from any point in
an execution when some process is in T and no one is in C, until someone enters C
Assume that each step occurs at some point in real-time and that execution begins at real-time 0
04/19/23 62
Dijkstra’s Algorithm Impose an upper bound of l on the time
between successive steps of each process
Assume an upper bound of c on the maximum time that any user spends in the critical region
Theorem 10.7: In DijkstraME, suppose that at a particular time some user is in T and no user is in C. Then, within O(ln), some user enters C
04/19/23 63
Dijkstra’s Algorithm Proof: Suppose the lemma is false and
consider an execution in which at some point process i is in T and no process is in C for at least kln, (for some large constant k)1. Time elapsed from the starting point until there is
no process in either C or E is at most O(l)2. Additional time until process i performs a test-turni
is at most O(l n)• i can at worst spend this much time checking flags in
the second stage before returning to set-flag-1
04/19/23 64
Dijkstra’s Algorithm3. Additional time from when i does test-turni until the
value of turn is a contender index is at most O(l )• If at the time i does test-turni, turn already holds a
contender index, so suppose this is not the case• If turn = j and j is not a contender, within O(l) after
the test, i performs a test-flag(j)i. • If i finds flag(j) = 0 then i sets turn = i, which is
the index of the contender and we are done; • If it finds flag(j)i 0 then it follows that in between
the test-turni and test-flag(j)i, j entered the trying region and became a contender.
• If turn has not changed in the interim, turn is equal to the index of a contender (j) and we are done
• If turn has changed, then it must have been set to the index of a contender
04/19/23 65
Dijkstra’s Algorithm4. After an additional time O(l ), a point is
reached at which the value of turn has stabilized to the index of some contender; and no process advances again to set-turn or set-flag-2 (until time kl n)
5. By an additional time O(l n), all contenders other than j will have their program counters in {test-turn, test-flag}, otherwise they would reach C.
6. An additional time O(l n), j must succeed in entering C which contradicts the assumption that no process enters C within this amount of time.
04/19/23 66
Dijkstra’s Algorithm Add figure 10.7
04/19/23 67
Stronger Conditions DijkstraME does not guarantee the
critical region will be granted fairly to users It may grant a particular user access to
the critical region repeatedly while other users wait, trying forever• Called Lockout or starvation
04/19/23 68
Stronger Conditions To distinguish between the two
types of fairness discussed thus far, the follow are defined Low-level fairness - process execution
fairness High-level fairness - resource access
fairness High-level fairness may be less
critical in practice
04/19/23 69
Stronger Conditions DijkstraME’s multi-write/multi-read
variable, turn, is difficult and expensive to implement in many kinds of multiprocessor systems Single-write/multi-read and single-
write/single-read variables are easier to implement
04/19/23 70
Stronger Conditions Three notions of resource allocation
fairness are defined for an algorithm A, with users U1,…,Un
Lockout-freedom – The following hold for any low-level-fair execution,1. (Lockout-freedom for the trying region) If all users
always return the resource, then any user that reaches T eventually enters C
2. (Lockout-freedom for the exit region) Any user that reaches E eventually enters R
04/19/23 71
Stronger Conditions Time bound b – The following hold for any
low-level-fair execution with associated times,1. (Time bound b for the trying region) If each user
always returns the resource within time c of when it is granted, an the time between successive steps of each process in T or E is at most l, then any user that reaches T enters C within time b
2. (Time bound b for the exit region) If the time between successive steps of each process in T or E is at most l, then any user that reaches E enters R within time b
b is typically a function of l and c
04/19/23 72
Stronger Conditions Number of bypasses a – For any interval
of an execution starting when a process i has performed a locally controlled step in T, and throughout it’s remainder in T,• Any other user j, j i, can only enter C at
most a times
04/19/23 73
Stronger Conditions Implications among the fairness
conditions are, Theorem 10.8 – Let A be a mutual exclusion
algorithm, let U1,…,Un be a collection of users, and let B be the composition of A with U1,…,Un. If B has an infinite bypass bound and is lockout-free for the exit region, then B is lockout free.
• Proof: If i is in T in a low-level-fair execution of B where all users always return the resource, suppose for contradiction, i never enters C
04/19/23 74
Stronger Conditions• Lemma 10.1 implies that i must perform a
locally controlled action in T, if not done so already. Repeated use of the progress condition and assumption that users always return the resource implies that infinitely many total region changes occur. With this, some process other than i must enter C an infinite number of times while i remains in T, which violates the bypass bound.
04/19/23 75
Stronger Conditions Theorem 10.9, Let A be a ME
algorithm, let, let U1,…,Un be a collection of user, and let B be the composition of A with U1,…,Un. If B has any time bound b (for both the T and E regions), then B is lockout-free
04/19/23 76
Stronger Conditions Proof: If i is in T in a low-level-fair
execution of B where all users always return the resource:• Times are associated with the events in the
execution in any monotone non-decreasing, unbounded way, so that the times for the steps of each process is at most l and the times for all critical regions is at most c.
• i enters C in at most time b since the algorithm satisfies the time bound b, and thus i eventually enters C as needed.
04/19/23 77
Lockout-Free ME Algorithms Two-Process Algorithm: Peterson2P
i {0,1} ī = |1-i|, i.e, counting mod 2
Add Peterson2P algorithm (pg, 279)
04/19/23 78
Lockout-Free ME Algorithms Peterson2P algorithm
• i initially sets flag to 1 and proceeds to set turn to i
• i waits until either they other process flag is 0 (leaves the CS) or turn i (other process wants to compete for CS)
• Temporary variables, a region designator and a program counter are added to translate the program into a state machine
04/19/23 79
Lockout-Free ME Algorithms Add rewritten algorithm (pgs, 280-
281)
04/19/23 80
Lockout-Free ME Algorithms Lemma 10.10 Peterson2p satisfies
mutual exclusion• Proof:
• Assertion 10.5.1 In any reachable system state, if flag(i) = 0, then pci {leave-exit, rem, set-flag}
Show by induction using assertion 10.5.1• Assertion 10.5.2 In any reachable system state,
if pci {check-flag, check-turn, leave-try, crit, reset} then turn i
04/19/23 81
Lockout-Free ME Algorithms• Key events are,1. “Successful” check-flagi events, (those that cause
pci to reach leave-try); flag(ī) must be = 0 which implies by Assertion 10.5.1 that pci {check-flag, check-turn, leave-try, crit, reset}
2. “Successful” check-turni events; turn i
3. Set-turnī events, which cause pcī to take on the value check-flag; turn i
4. Set-turni events, which falsify the conclusion turn i; pci = check-flag
• If both i and ī are in C, then assertion 10.5.2 applied twice implies that both turn i and turn ī which is a contradiction
04/19/23 82
Lockout-Free ME Algorithms Lemma 10.11 Peterson2P guarantees
progress• Proof: Contradiction: is a low-level-fair execution
that reaches a point where at least one of the processes, i, is in T and neither process is in C and neither process ever enters C.1. If ī is in T sometime after , then both processes
must get stuck in their check loops which cannot happen since turn must stabilize to a value favorable to one of them
2. If ī is never in T after , then we see that flag(ī) eventually becomes and stays equal to 0, contradicting the assumption that i is stuck in its check loop
04/19/23 83
Lockout-Free ME Algorithms Lemma 10.12 Peterson2P is lockout-free
• Proof: Consider the trying region, show the stronger condition of two-bounded bypass and invoke Theorem 10.8
• Suppose at some point in the execution, , process i remains in T and process ī enters C three times
• The 2nd and 3rd times, ī sets turn = ī and then sees turn = i; it cannot see flag(i) = 0 since flag(i) remains at 1 (there are at least 2 occurrences of set-turni after because only i can set turn to i). But since set-turni is only performed once during one of i’s trying regions, this is a contradiction.
04/19/23 84
Lockout-Free ME Algorithms Theorem 10.13 Peterson2P solves the
mutual exclusion problem and guarantees lockout-freedom• Given from above
Complexity Analysis Let l be the upper bound on process
step time and c be the upper bound on critical section time
04/19/23 85
Lockout-Free ME Algorithms Theorem 10.14 In Peterson2P, the time from
when a particular process i enters T until it enters C is at most c + O(l)
• Proof Sketch:• Suppose the time bound does not hold• i is in T but does not enter C for at least c + kl after
that point• Within time at most 3l, process i performs check-
flagi and will not succeed in any of its checks, otherwise it will enter C within O(l).
• When check-flagi is performed, it must find flag(ī) = 1 since i would reach C otherwise within o(l).
• By assertion 10.5.1, pci {set-turn, check-flag, check-turn, leave-try, crit, reset}
04/19/23 86
Lockout-Free ME Algorithms• Either criti occurs within an additional time O(l), or
reseti occurs within additional time c+ O(l)• Based on the value of turn and where the
processes are in their code• The former case means that i would reach C too
early so the latter case is the only choice• i performs check-flagi again, within an additional O(l);
flag(ī) = 1 (ī has entered T) after the resetī.• Either turn has already taken the value ī or will do so
within additional time l • Within at most another O(l), process i finds favorable
conditions for it to enter C which contradicts the assumption that i does not enter C within this amount of time.
See Figure 10.8 for the events
04/19/23 87
Lockout-Free ME Algorithms An n-Process Algorithm
Use the idea of Peterson2P iteratively in a series of n-1 competitions at levels 1, 2, …,n-1 • The algorithm ensures at least one loser for
each competition• n processes may compete at level 1 but at most
n-1 processes can win• n-k processes can win at level k (in general)• Processes are 1..n
04/19/23 88
Lockout-Free ME Algorithms Add PetersonNP algorithm (pg 284)
04/19/23 89
Lockout-Free ME Algorithms Process i completes one competition
per level 1..n-1 Each level k has its own turn(k) At each level k, i sets turn(k) = i and
waits to see if either all the other processes’ flag variables are less than k or that turn(k) i (no other process is involved in the competition and no other process has reset the turn(k) variable)
04/19/23 90
Lockout-Free ME Algorithms Ambiguities need to be resolved to
translate the code into a state machine• Local variable level keeps track of which
competition the process is engaged in (or ready to engage in) and,
• S keeps track of processes that have been observed to have flag values smaller than k
Add rewritten PetersonNP algorithm (pgs 285-286)
04/19/23 91
Lockout-Free ME Algorithms We say, process i is a winner at level k
if either leveli > k for leveli = k and pci {leave-try, crit, reset}
We say process i is a competitor at level k if it is either a winner at level k or else leveli = k and pci {check-flag, check-turn}
04/19/23 92
Lockout-Free ME Algorithms Lemma 10.15 PetersonNP satisfies
mutual exclusion• Proof:
• Assertion 10.5.3 In any reachable system state of PetersonNP, the following are true:1. If process i is a competitor at level k, if pci =
check-flag and if any process j i in Si is a competitor at level k, then turn(k) i.
2. If process i is a winner at level k and if any other process is a competitor at level k, then turn(k) i.
Proof left as an exercise.
04/19/23 93
Lockout-Free ME Algorithms• Assertion 10.5.4 In any reachable system
state of PetersonNP, if there is a competitor at level k, then the value of turn(k) is the index of some competitor at level k.
• Proof left as an exercise
• Assertion 10.5.5 In any reachable system state of PetersonNP and for any k, 1 k n-1, there are at most n-k winners at level k
• Basis: k = 1• Inductive step: Assume the statement for k, 1
k n-2 and show it for k+1;
04/19/23 94
Lockout-Free ME Algorithms• Contradiction: if the statement is false for k+1, there
are strictly more than n-(k+1) winners at level k+1;• Let W be the set of winners• Every winner at level k+1 is also a winner at level
k, (# of winners at level k is at most n-k). Thus, W is also the set of winners at level k and |W| = n-k 2, Thus,
• Assertion 10.5.3 implies that the value of turn(k+1) cannot be the index of any of the processes in W and,
• Assertion 10.5.4 implies that the value of turn(k+1) is the index of some competitor at level k+1. But since every competitor at level K+1 is a winner at level k, and so is in W. Therefore a contradiction.
04/19/23 95
Lockout-Free ME Algorithms Theorem 10.16 In PetersonNP, the time from
when a particular process i enters T until it enters C is at most 2n-1 c + O(2nnl)
• Proof: Recurrence• Define T(0) to be the maximum time from when a
process enters T until it enters C.• Define T(k) to be the max time from when a process
becomes a winner at level k until it enters C; for k, 1 k n-1.
• Bound T(0)• We know T(n-1) l (by the code) since only one
step is needed to enter C after winning the final competition
• 1 k n-2
04/19/23 96
Lockout-Free ME Algorithms• If process i has won at level k if k 1, or has just
entered T if k = 0• Within time 2l, process i performs set-turni setting
turn(K+1) = i• Let be the set-turni event• Consider these two cases,1. If turn(k+1) gets set to a value other than i within
time T(k+1) + c + (2n + 2)l after , then i wins at level k+1 within an additional time nl. With additional time T(k+1), i enters C. The total time from until i enters C is at most 2T(k+1) + c + (3n+2)l.
2. Assume that turn(k+1) does not get set to any value other than i within time T(k+1) + c+ (2n+2)l after . No process can set its flag to k+1 within time T(k+1) + c + (2n + 2)l after .
04/19/23 97
Lockout-Free ME Algorithms• Let I be the set of processes j i for which
flag(j) k+1 when occurs. Then each process in I wins at level k+1 within time at most nl after (it finds turn(k+1) unequal to its index), then enters C within additional time T(k+1), then leaves C within additional time c and performs reset within additional time l. (within time nl +T(k+1)+c+l = T(k+1)+c+(n+1)l after , all processes in I set their flags to 0)
• Within time T(k+1)+c+(n+1)l after , all processes j i for which flag(j) k+1when occurs, set their flags to 0.
04/19/23 98
Lockout-Free ME Algorithms• For an additional time nl after than, no process
sets its flag to k+1. Which is significant time for process i to detect that all the flag variables are less than k+1 and to win at level k+1 (within T(k+1) + c+(2n+1)l) after and enters C within another T(k+1)
• So, total time from until i’s entrance into C is at most 2T(k+1)+c+(2n+1)l.
• The worst case time is at most 2l + max of the times in the two cases, 2t(k+1)+c+(3n+4)l.
• Solving for the recurrence for T(0):T(k) 2T(k+1)+c+(3n+4)l for 0 k n-2T(n-1) l
04/19/23 99
Lockout-Free ME Algorithms Theorem 10.17 PetersonNP solves the mutual
exclusion problem and is lockout freeseen from above
Tournament Algorithm Assume the number of processes, n, is a
power of 2 (starting at 0) Each process engages in a series of log n
competitions • Arranged in a complete n-leaf binary tournament
tree)• n leaves correspond left-to-right to the n processes
0,…,n-1
04/19/23 100
Lockout-Free ME Algorithms The following are defined for 0 i n-1 and 1
k log n• comp(i,k) – the level k competition of process i, is
the string consisting of high-order log n-k bits of the binary representation of i
• can be used as a name for the internal node that is the level k ancestor of i’s leaf
• Root is named by (empty string)• role(i,k) – the role of process i in the level k
competition of process i, is the (log n-k+1)st bit of the binary representation of i
• indicates whether i’s leaf is a descendant of the left or right child of the node for competition comp(i,k).
04/19/23 101
Lockout-Free ME Algorithms• opponents(i,k) – the opponents of process i
in the level k competition of process i, is the set of process indices with the same high-order log n-k bits as i and the opposite (log n-k+1)st bit
• the processes in opponents(i,k) are those whose leaves are descendants of the opposite child node comp(i,k) (of the child that is not an ancestor of i’s leaf).
04/19/23 102
Lockout-Free ME Algorithms Example 10.5.1 Tournament Tree
• comp(5,2) = 1, role(5,2) = 0, opponents(5,2) = {6,7}
04/19/23 103
Lockout-Free ME Algorithms Add Tournament Algorithm (pg 291)
04/19/23 104
Lockout-Free ME Algorithms For each competition, the process only
checks the flags of its components in that competition
Lemma 10.18 The Tournament algorithm satisfies mutual exclusion• Proof Sketch:
• Assertion 10.5.6 In any reachable system state of the Tournament algorithm, and for any k, 1 k log n, at most one process from any subtree rooted at level k is a winner at level k.
04/19/23 105
Lockout-Free ME Algorithms• Assertion 10.5.7 If process i is a winner at level k and
if any level-k opponent of i is a competitor at level k, then turn(comp(i,k)) role(i,k).
• Must be strengthened to include some information about what happens inside the waitfor loop after the process has discovered that some of its opponents have flag variables with the values that are strictly less than k.
Theorem 10.19 In The Tournament algorithm, the time from when a particular process I enters T until it enters C is at most (n-1)c+O(n2l).
04/19/23 106
Lockout-Free ME Algorithms• Proof:
• Define T(0) = max time from when a process enters T until it enters C.
• T(k) = max time from when a process wins at level k until it enters C, for k, 1 k log n.
• Bound T(0)• T(log n) l since only one step is needed to enter
C after winning the final competition• Bound T(k) in terms of T(k+1), 0 k log n-1
• If process i has just won at level k if k 1 or has just entered T if k = 0, let x denote comp(i,k+1).
• Within time 2l, process i sets the turn(x) variable to role(i,k+1). Let denote this event and consider two cases,
04/19/23 107
Lockout-Free ME Algorithms1. If turn(x) gets changed within time
T(k+1)+c+(2k+1+4)l after , then i wins at level k+1 within an additional time (2k+1)l. And within additional time T(k+1), i enters C. Total time from until i’s entrance to C is at most 2T(k+1)+c+(2k+1+2k+5)l.
2. If turn(x) does not get changed within the time T(k+1)+c+(2k+1+4)l after . Then no level k+1 opponent of i can set its flag to k+1 within time T(k+1)+c+(2k+1+3)l after . If j is a level k+1 opponent of i for which flag(j) k+1 when occurs, then within time (2k+1)l + T(k+1)+c+l = T(k+1)+c+(2k+2)l after , process j sets its flag to 0.
04/19/23 108
Lockout-Free ME Algorithms• Within time T(k+1)+c+(2k+2)l after , all level
k+1 opponents j of i for which flag(j) k+1 when occurs, set their flags to 0.
• For an additional time (2k+1)l after that, no process sets its flag to k+1 which is sufficient time for process i to detect that all its level k+1 opponents’ flag variables are less than k+1 and to win.
• Wins within T(k+1)+c+(2k+1+3)l after .• Within another T(k+1), i enters C.• Total time from until i’s entrance in C is at most
2T(k+1)+c+(2k+1+2k+7)l • The worst case time is at most 2l plus the max of
the times in the two cases
04/19/23 109
Lockout-Free ME Algorithms• Solve the recurrence for T(0)
T(k) 2T(k+1)+c+(2k+1+2k+7)l, for 0k log n-1
T(log n) l
See Recurrence Solution page 293 Theorem 10.20 The Tournament
algorithm solves the mutual exclusion problem and is lockout-free• From above
04/19/23 110
Lockout-Free ME Algorithms Bounded Bypass
• The Tournament algorithm does not guarantee any bound on the number of bypasses.
• Consider an execution in which process 0 enters the tournament at its leaf and takes steps with intervening times exactly equal to the assumed upper bound l.
• Process n-1 enters the tournament at its leaf going much faster.
• Process n-1 can reach the top and win and can repeat this arbitrarily many times before process 0 even wins at level 1.
• Since we have not assumed any lower bound on process step times
• No process is locked out for very long.