1. Silberschatz, Galvin and Gagne  2002 7.1 Operating System Concepts Chapter 7: Process Synchronization Background The Critical-Section Problem Synchronization Hardware Semaphores Classical Problems of Synchronization Critical Regions Monitors Synchronization in Solaris 2 & Windows 2000

2. Silberschatz, Galvin and Gagne  2002 7.2 Operating System Concepts Background Concurrent access to shared data may result in data inconsistency. Maintaining data consistency requires mechanisms to ensure the orderly execution of cooperating processes. Shared-memory solution to bounded-buffer problem (Chapter 4) allows at most n – 1 items in buffer at the same time. A solution, where all N buffers are used is not simple.  Suppose that we modify the producer-consumer code by adding a variable counter, initialized to 0 and incremented each time a new item is added to the buffer

3. Silberschatz, Galvin and Gagne  2002 7.3 Operating System Concepts Bounded-Buffer Shared data #define BUFFER_SIZE 10 typedef struct {... } item; item buffer[BUFFER_SIZE]; int in = 0; int out = 0; int counter = 0;

4. Silberschatz, Galvin and Gagne  2002 7.4 Operating System Concepts Bounded-Buffer Producer process item nextProduced; while (1) { while (counter == BUFFER_SIZE) ; /* do nothing */ buffer[in] = nextProduced; in = (in + 1) % BUFFER_SIZE; counter++; }

5. Silberschatz, Galvin and Gagne  2002 7.5 Operating System Concepts Bounded-Buffer Consumer process item nextConsumed; while (1) { while (counter == 0) ; /* do nothing */ nextConsumed = buffer[out]; out = (out + 1) % BUFFER_SIZE; counter--; }

6. Silberschatz, Galvin and Gagne  2002 7.6 Operating System Concepts Bounded Buffer The statements counter++; counter--; must be performed atomically. Atomic operation means an operation that completes in its entirety without interruption.

7. Silberschatz, Galvin and Gagne  2002 7.7 Operating System Concepts Bounded Buffer The statement “count++” may be implemented in machine language as: register1 = counter register1 = register1 + 1 counter = register1 The statement “count—” may be implemented as: register2 = counter register2 = register2 – 1 counter = register2

8. Silberschatz, Galvin and Gagne  2002 7.8 Operating System Concepts Bounded Buffer If both the producer and consumer attempt to update the buffer concurrently, the assembly language statements may get interleaved. Interleaving depends upon how the producer and consumer processes are scheduled.

9. Silberschatz, Galvin and Gagne  2002 7.9 Operating System Concepts Bounded Buffer Assume counter is initially 5. One interleaving of statements is: producer: register1 = counter (register1 = 5) producer: register1 = register1 + 1 (register1 = 6) consumer: register2 = counter (register2 = 5) consumer: register2 = register2 – 1 (register2 = 4) producer: counter = register1 (counter = 6) consumer: counter = register2 (counter = 4) The value of count may be either 4 or 6, where the correct result should be 5.

10. Silberschatz, Galvin and Gagne  2002 7.10 Operating System Concepts Race Condition Race condition: The situation where several processes access – and manipulate shared data concurrently. The final value of the shared data depends upon which process finishes last. To prevent race conditions, concurrent processes must be synchronized.

11. Silberschatz, Galvin and Gagne  2002 7.11 Operating System Concepts The Critical-Section Problem n processes all competing to use some shared data Each process has a code segment, called critical section, in which the shared data is accessed. Problem – ensure that when one process is executing in its critical section, no other process is allowed to execute in its critical section.

12. Silberschatz, Galvin and Gagne  2002 7.12 Operating System Concepts Solution to Critical-Section Problem 1.Mutual Exclusion. If process P i is executing in its critical section, then no other processes can be executing in their critical sections. 2.Progress. If no process is executing in its critical section and there exist some processes that wish to enter their critical section, then the selection of the processes that will enter the critical section next cannot be postponed indefinitely. 3.Bounded Waiting. A bound must exist on the number of times that other processes are allowed to enter their critical sections after a process has made a request to enter its critical section and before that request is granted. Assume that each process executes at a nonzero speed No assumption concerning relative speed of the n processes.

13. Silberschatz, Galvin and Gagne  2002 7.13 Operating System Concepts Initial Attempts to Solve Problem Only 2 processes, P 0 and P 1 General structure of process P i (other process P j ) do { entry section critical section exit section reminder section } while (1); Processes may share some common variables to synchronize their actions.

14. Silberschatz, Galvin and Gagne  2002 7.14 Operating System Concepts Algorithm 1 Shared variables:  int turn; initially turn = 0  turn - i  P i can enter its critical section Process P i do { while (turn != i) ; critical section turn = j; reminder section } while (1); Satisfies mutual exclusion, but not progress

15. Silberschatz, Galvin and Gagne  2002 7.15 Operating System Concepts Algorithm 2 Shared variables  boolean flag[2]; initially flag [0] = flag [1] = false.  flag [i] = true  P i ready to enter its critical section Process P i do { flag[i] := true; while (flag[j]) ; critical section flag [i] = false; remainder section } while (1); Satisfies mutual exclusion, but not progress requirement.

16. Silberschatz, Galvin and Gagne  2002 7.16 Operating System Concepts Algorithm 3 Combined shared variables of algorithms 1 and 2. Process P i do { flag [i]:= true; turn = j; while (flag [j] and turn = j) ; critical section flag [i] = false; remainder section } while (1); Meets all three requirements; solves the critical-section problem for two processes.

17. Silberschatz, Galvin and Gagne  2002 7.17 Operating System Concepts Bakery Algorithm Before entering its critical section, process receives a number. Holder of the smallest number enters the critical section. If processes P i and P j receive the same number, if i < j, then P i is served first; else P j is served first. The numbering scheme always generates numbers in increasing order of enumeration; i.e., 1,2,3,3,3,3,4,5... Critical section for n processes

18. Silberschatz, Galvin and Gagne  2002 7.18 Operating System Concepts Bakery Algorithm Notation <  lexicographical order (ticket #, process id #)  (a,b) < c,d) if a < c or if a = c and b < d  max (a 0,…, a n-1 ) is a number, k, such that k  a i for i - 0, …, n – 1 Shared data boolean choosing[n]; int number[n]; Data structures are initialized to false and 0 respectively

19. Silberschatz, Galvin and Gagne  2002 7.19 Operating System Concepts Bakery Algorithm do { choosing[i] = true; number[i] = max(number[0], number[1], …, number [n – 1])+1; choosing[i] = false; for (j = 0; j < n; j++) { while (choosing[j]) ; while ((number[j] != 0) && (number[j,j] < number[i,i])) ; } critical section number[i] = 0; remainder section } while (1);

20. Silberschatz, Galvin and Gagne  2002 7.20 Operating System Concepts Synchronization Hardware Interrupts could be disabled, but no feasible for MP, and what if interrupts were needed by something else in the meantime ? Hardware support can help simplify the previous software solutions For example, TAS (Test And Set) i.e. target (lock) is initialized to false, and TAS will set it to true, and return false If it was already true, it will set it to true, and return true Test and modify the content of a word atomically. boolean TestAndSet(boolean &target) { boolean rv = target; // save the original value target = true; // set to true return rv; // return original value }

21. Silberschatz, Galvin and Gagne  2002 7.21 Operating System Concepts Mutual Exclusion with Test-and-Set Shared data: boolean lock = false; Process P i do { while (TestAndSet(lock)) ; critical section lock = false; remainder section }

22. Silberschatz, Galvin and Gagne  2002 7.22 Operating System Concepts Synchronization Hardware Atomically swap two variables. void Swap(boolean &a, boolean &b) { boolean temp = a; a = b; b = temp; }

23. Silberschatz, Galvin and Gagne  2002 7.23 Operating System Concepts Mutual Exclusion with Swap Shared data (initialized to false): boolean lock; boolean waiting[n]; Process P i do { key = true; while (key == true) Swap(lock,key); critical section lock = false; remainder section }

24. Silberschatz, Galvin and Gagne  2002 7.24 Operating System Concepts Semaphores More easily extendable to generic scenarios Synchronization tool that does not require busy waiting (or at least as much) Semaphore S – integer variable can only be accessed via two indivisible (atomic) operations wait (S): // often called P(S) while S  0 do no-op; S--; signal (S): // often called V(s) S++; Note: As shown, these semaphores require busy waiting, therefore they are often called, spinlocks In MP systems, spinlocks could be valuable, since no the process does not have to context switch when waiting on a lock, (context switch can be expensive) so, if the waiting time is small in the spinlock, then might be a better scenario

25. Silberschatz, Galvin and Gagne  2002 7.25 Operating System Concepts Critical Section of n Processes Shared data: semaphore mutex; //initially mutex = 1 Process Pi: do { wait(mutex); // executed atomically somehow critical section signal(mutex); // executed atomically somehow remainder section } while (1);

26. Silberschatz, Galvin and Gagne  2002 7.26 Operating System Concepts Semaphore Implementation Define a semaphore as a record typedef struct { int value; // value of the semaphore struct process *L; // list of processes waiting on this semaphore } semaphore; Assume two simple operations:  block() suspends the process that invokes it. (places the process in a waiting queue associated with the semaphore)  This allows the CPU scheduler to switch in a process that could actually have work to do, rather than busy waiting for access to critical section  wakeup(P) resumes the execution of a blocked process P. (places process back in ready queue; however process might still wait for a while in the ready queue before being switched back in by the schedule … this all depends on the CPU scheduling algorithm)

27. Silberschatz, Galvin and Gagne  2002 7.27 Operating System Concepts Implementation Semaphore operations now defined as wait(S): S.value--; if (S.value < 0) { add this process to S.L; block(); } signal(S): S.value++; if (S.value <= 0) { remove a process P from S.L; wakeup(P); } Note that S.value could be negative if many processes are waiting on semaphore S, i.e. |S.value| == num waiting To ensure bounded waiting, add and remove processes to/from list in FIFO order In uniprocessor, could disable interrupts to provide atomicity for P and V, otherwise, we could use the software solutions to the critical section problem, where the critical sections consist of the P and V operations themselves.

28. Silberschatz, Galvin and Gagne  2002 7.28 Operating System Concepts Semaphore as a General Synchronization Tool Execute B in P j only after A executed in P i Use semaphore flag initialized to 0 Code: P i P j   Await(flag) signal(flag)B

29. Silberschatz, Galvin and Gagne  2002 7.29 Operating System Concepts Deadlock and Starvation Deadlock – two or more processes are waiting indefinitely for an event that can only be caused by one of the waiting processes. (dealt with in next chapter (Chap. 8)) Let S and Q be two semaphores initialized to 1 P 0 P 1 wait(S);wait(Q); wait(Q);wait(S);  signal(S);signal(Q); signal(Q)signal(S); Starvation – indefinite blocking. A process may never be removed from the semaphore queue in which it is suspended. (for example, if the queueing policy is LIFO instead of FIFO)

30. Silberschatz, Galvin and Gagne  2002 7.30 Operating System Concepts Two Types of Semaphores Counting semaphore – integer value can range over an unrestricted domain. Binary semaphore – integer value can only be 0 and 1; can be simpler to implement, depending on underlying hardware architecture Can implement a counting semaphore S using two binary semaphores.

31. Silberschatz, Galvin and Gagne  2002 7.31 Operating System Concepts Implementing S as a Binary Semaphore Data structures: binary-semaphore S1, S2; int C: Initialization: S1 = 1 S2 = 0 C = initial value of semaphore S

32. Silberschatz, Galvin and Gagne  2002 7.32 Operating System Concepts Implementing Counting Semaphore: S wait operation wait(S): { wait(S1); C--; if (C < 0) { signal(S1); wait(S2); } signal(S1); } signal operation signal(S): { wait(S1); C ++; if (C <= 0) signal(S2); else signal(S1); }

33. Silberschatz, Galvin and Gagne  2002 7.33 Operating System Concepts Classical Problems of Synchronization Bounded-Buffer Problem Readers and Writers Problem Dining-Philosophers Problem

34. Silberschatz, Galvin and Gagne  2002 7.34 Operating System Concepts Bounded-Buffer Problem Shared data semaphore full, empty, mutex; Initially: full = 0 // number of occupied spots in buffer empty = n // number of empty spots in buffer mutex = 1 // used to control access to buffer

35. Silberschatz, Galvin and Gagne  2002 7.35 Operating System Concepts Bounded-Buffer Problem Producer Process do { … produce an item in nextp … wait(empty); // wait till there is an empty spot wait(mutex); // mutual exclusion to critical section … add nextp to buffer … signal(mutex); // signal that you are out of critical section signal(full); // indicate that there is not another item in buf } while (1);

36. Silberschatz, Galvin and Gagne  2002 7.36 Operating System Concepts Bounded-Buffer Problem Consumer Process do { wait(full); // wait till there is at least one item in buf wait(mutex); // wait for mutual exclusion to critical section … remove an item from buffer to nextc … signal(mutex); // signal that you are out of critical section signal(empty); // signal that there is an additonal empty spot … consume the item in nextc … } while (1);

37. Silberschatz, Galvin and Gagne  2002 7.37 Operating System Concepts Readers-Writers Problem Two classes of processes, Readers and Writers Readers: do not modify shared data; Writers: can If all readers, no problem, mutual exclusion not needed If some readers and at least 1 writer, then needs access control What policy to use ? There are several variations. “First” readers-writers problem will be discussed here No reader will wait unless a writer is already accessing shared data i.e. no reader should wait on other readers when a writer is waiting CAN CAUSE WRITERS TO STARVE “Second” readers-writers problem preference given to writers once a writer is ready, no new readers may enter CAN CAUSE READERS TO STARVE Textbook only contains references to starvation-free solutions Let’s look more closely at the “first” version

38. Silberschatz, Galvin and Gagne  2002 7.38 Operating System Concepts Readers-Writers Problem Shared data int readcount; // to keep track of the number of readers in CS semaphore  mutex; // to provide mutual exclusion to the readcount variable  wrt; // to provide mutual exclusion for the writers Initialized as follows: mutex = 1 // at most 1 reader can modify readcount wrt = 1 // at most 1 writer can be in critical section readcount = 0 // no readers are initially in critical section

39. Silberschatz, Galvin and Gagne  2002 7.39 Operating System Concepts Readers-Writers Problem Writer Process wait(wrt); // wait for mutually exclusive access to CS … writing is performed … signal(wrt); // signal that this writer has left the CS

40. Silberschatz, Galvin and Gagne  2002 7.40 Operating System Concepts Readers-Writers Problem Reader Process wait(mutex); // wait for exclusive access to readcount readcount++; if (readcount == 1) // no other readers currently accessing wait(wrt); // wait in case writer is accessing signal(mutex); // signal that we’re done with readcount for the time being … reading is performed … wait(mutex); // again wait for exclusive access to readcount readcount--; if (readcount == 0) // if no other readers in CS, signal(wrt); // allow a potential waiting writer in signal(mutex): // signal that we’re done with readcount

41. Silberschatz, Galvin and Gagne  2002 7.41 Operating System Concepts Dining-Philosophers Problem Shared data semaphore chopstick[5]; Initially all values are 1

42. Silberschatz, Galvin and Gagne  2002 7.42 Operating System Concepts Dining-Philosophers Problem Philosopher i: do { wait(chopstick[i]) wait(chopstick[(i+1) % 5]) … eat … signal(chopstick[i]); signal(chopstick[(i+1) % 5]); … think … } while (1); What are some of the issues ?

43. Silberschatz, Galvin and Gagne  2002 7.43 Operating System Concepts Dining-Philosophers Issues Deadlock Starvation (deadlock-free does not necessarily imply starvation free) Possible ideas to control deadlock  allow at most 4 to sit at table at the same time  Allow philosopher to only pick up chopsticks if both are available at the same time (requires that they both be picked up in a critical section)  Asymmetric solution: odd philo. First pick up left chopstick, even philo. First pick up right chopstick

44. Silberschatz, Galvin and Gagne  2002 7.44 Operating System Concepts Problems with using semaphores directly Error-free system depends on programmer to correctly use the wait() and signal() operators on the given semaphore Wait() must be called before entering a critical section Signal() must be called afterward Suppose this were not followed  Mutal exclusion could be violated  Deadlock could occur (could occur even when you are using them correctly based on above definition) We need something higher level to help

45. Silberschatz, Galvin and Gagne  2002 7.45 Operating System Concepts Critical Regions Help guard against certain simple errors associated with the semaphore solution to the critical section problem (note does not eliminate the all synchronization errors; reduces their number) High-level synchronization construct A shared variable v of type T, is declared as: v: shared T Variable v accessed only inside statement region v when (B) do S where B is a boolean expression. While statement S is being executed, no other process can access variable v.

46. Silberschatz, Galvin and Gagne  2002 7.46 Operating System Concepts Critical Regions Regions referring to the same shared variable exclude each other in time. (mutual exclusion) When a process tries to execute the region statement, the Boolean expression B is evaluated. If B is true, statement S is executed. If it is false, the process is delayed until B becomes true and no other process is in the region associated with v.

47. Silberschatz, Galvin and Gagne  2002 7.47 Operating System Concepts Example – Bounded Buffer Shared data: struct buffer { int pool[n]; int count, in, out; }

48. Silberschatz, Galvin and Gagne  2002 7.48 Operating System Concepts Bounded Buffer Producer Process Producer process inserts nextp into the shared buffer region buffer when( count < n) { pool[in] = nextp; in:= (in+1) % n; count++; }

49. Silberschatz, Galvin and Gagne  2002 7.49 Operating System Concepts Bounded Buffer Consumer Process Consumer process removes an item from the shared buffer and puts it in nextc region buffer when (count > 0) { nextc = pool[out]; out = (out+1) % n; count--; }

50. Silberschatz, Galvin and Gagne  2002 7.50 Operating System Concepts Implementation region x when B do S Associate with the shared variable x, the following variables: semaphore mutex, first-delay, second-delay; int first-count, second-count; Mutually exclusive access to the critical section is provided by mutex. If a process cannot enter the critical section because the Boolean expression B is false, it initially waits on the first-delay semaphore; moved to the second-delay semaphore before it is allowed to reevaluate B.

51. Silberschatz, Galvin and Gagne  2002 7.51 Operating System Concepts Implementation Keep track of the number of processes waiting on first- delay and second-delay, with first-count and second- count respectively. The algorithm assumes a FIFO ordering in the queuing of processes for a semaphore. For an arbitrary queuing discipline, a more complicated implementation is required. A solution for the region construct is available on p. 214

52. Silberschatz, Galvin and Gagne  2002 7.52 Operating System Concepts Monitors High-level synchronization construct that allows the safe sharing of an abstract data type among concurrent processes. monitor monitor-name { shared variable declarations procedure body P1 (…) {... } procedure body P2 (…) {... } procedure body Pn (…) {... } { initialization code }

53. Silberschatz, Galvin and Gagne  2002 7.53 Operating System Concepts Monitors Moves the burden of providing mutual exclusion from the programmer to the compiler Helps reduce race conditions, deadlocks, and other unpredictable/irreproducible errors Processes may call monitor procedures whenever they want to, but they cannot directly access the monitor’s internal data structures from procedures outside monitor Important Property: Only 1 process can be “active” in a monitor at any instant Monitors are a programming language construct i.e. the compiler knows they are special and can handle calls to monitor procedures differently from other procedures Compiler arranges for mutual exclusion for monitor entries, typically through the use of binary semaphores However, alone, this is not enough

54. Silberschatz, Galvin and Gagne  2002 7.54 Operating System Concepts Condition Variables We need a way for processes to block when they cannot proceed To allow a process to wait within the monitor, a condition variable must be declared, as condition x, y; Condition variable can only be used with the operations wait and signal.  The operation x.wait(); means that the process invoking this operation is suspended until another process invokes x.signal();  The x.signal operation resumes exactly one suspended process. If no process is suspended, then the signal operation has no effect.

55. Silberschatz, Galvin and Gagne  2002 7.55 Operating System Concepts Schematic View of a Monitor

56. Silberschatz, Galvin and Gagne  2002 7.56 Operating System Concepts Monitor With Condition Variables

57. Silberschatz, Galvin and Gagne  2002 7.57 Operating System Concepts Dining Philosophers Example monitor dp { enum {thinking, hungry, eating} state[5]; condition self[5]; void pickup(int i) // try to pickup chopsticks void putdown(int i) // relinquish chopstick resources void test(int i) // determine if both chopsticks are free void init() { for (int i = 0; i < 5; i++) state[i] = thinking; }

58. Silberschatz, Galvin and Gagne  2002 7.58 Operating System Concepts Dining Philosophers void pickup(int i) { state[i] = hungry; test(i); // try to gain access to both resources if (state[i] != eating) // if unsuccessful self[i].wait(); // block } void putdown(int i) { state[i] = thinking; // test left and right neighbors to see if they were interested in eating test((i+4) % 5); test((i+1) % 5); }

59. Silberschatz, Galvin and Gagne  2002 7.59 Operating System Concepts Dining Philosophers void test(int i) { if ( (state[(I + 4) % 5] != eating) && // left not eating (state[i] == hungry) && // you’re hungry (state[(i + 1) % 5] != eating)) { // right not eating state[i] = eating; // start eating self[i].signal(); // signal that a waiting process may proceed }

60. Silberschatz, Galvin and Gagne  2002 7.60 Operating System Concepts Monitor Implementation Using Semaphores Variables semaphore mutex; // (initially = 1) semaphore next; // (initially = 0) int next-count = 0; Each external procedure F will be replaced by wait(mutex); … body of F; … if (next-count > 0) signal(next) else signal(mutex); Mutual exclusion within a monitor is ensured.

61. Silberschatz, Galvin and Gagne  2002 7.61 Operating System Concepts Monitor Implementation For each condition variable x, we have: semaphore x-sem; // (initially = 0) int x-count = 0; The operation x.wait can be implemented as: x-count++; if (next-count > 0) signal(next); else signal(mutex); wait(x-sem); x-count--;

62. Silberschatz, Galvin and Gagne  2002 7.62 Operating System Concepts Monitor Implementation The operation x.signal can be implemented as: if (x-count > 0) { next-count++; signal(x-sem); wait(next); next-count--; }

63. Silberschatz, Galvin and Gagne  2002 7.63 Operating System Concepts Dining Philo. Thus far, our solution:  ensures mutual exclusion  prevents deadlock  does not prevent starvation The issue is centered around process resumption order If several variables are suspended on condition x, and a process issues x.signal(), which process should be resumed next ? FCFS ordering is not adequate to prevent starvation

64. Silberschatz, Galvin and Gagne  2002 7.64 Operating System Concepts Monitor Implementation Conditional-wait construct: x.wait(c);  c – integer expression evaluated when the wait operation is executed.  value of c (a priority number) stored with the name of the process that is suspended.  when x.signal is executed, process with smallest associated priority number is resumed next. Check two conditions to establish correctness of system:  User processes must always make their calls on the monitor in a correct sequence.  Must ensure that an uncooperative process does not ignore the mutual-exclusion gateway provided by the monitor, and try to access the shared resource directly, without using the access protocols.

65. Silberschatz, Galvin and Gagne  2002 7.65 Operating System Concepts Solaris 2 Synchronization Implements a variety of locks to support multitasking, multithreading (including real-time threads), and multiprocessing. Uses adaptive mutexes for efficiency when protecting data from short code segments. Uses condition variables and readers-writers locks when longer sections of code need access to data. Uses turnstiles to order the list of threads waiting to acquire either an adaptive mutex or reader-writer lock.

66. Silberschatz, Galvin and Gagne  2002 7.66 Operating System Concepts Windows 2000 Synchronization Uses interrupt masks to protect access to global resources on uniprocessor systems. Uses spinlocks on multiprocessor systems. Also provides dispatcher objects which may act as wither mutexes and semaphores. Dispatcher objects may also provide events. An event acts much like a condition variable.