10/29/2019 Critical sections 1 2 global wait(s) wait(s) memory - - PDF document

SLIDE 1

10/29/2019

Problems caused by mutual exclusion

2

Critical sections

2 1

global memory buffer write read

x = 3; y = 5; a = x+1; b = y+2; c = x+y; int x; int y; wait(s) signal(s) wait(s) signal(s)

critical section critical section

3

Using semaphores

• Make critical sections as short as possible.

task reader() { int i; // these are local variables float d, v[DIM]; ... wait(s); d = sqrt(x*x + y*y); for (i=0; i++; i<DIM) { v[i] = i*(x + y); if (v[i] < x*y) v[i] = x + y; } signal(s); ... } int x, y; // these are global shared variables mutex s; // this is the semaphore to protect them

critical section length Can we shorten this critical section?

4

Using semaphores

A possibility is to copy global variables into local variables:

task reader() { int i; // these are local variables float d, v[DIM]; float a, b; // two new local variables ... wait(s); // copy global vars a = x; b = y; // to local vars signal(s); d = sqrt(a*a + b*b); // make computation for (i=0; i++; i<DIM) { // using local vars v[i] = i*(a + b); if (v[i] < a*b) v[i\] = a + b; } wait(s); // copy local vars x = a; y = b; // to global vars signal(s); ... }

critical section length critical section length

5

Using semaphores

• Make critical sections as short as possible.
• Try to avoid nested critical sections.

... wait(s); results = x + y; while (result > 0) { v[i] = i*(x + y); if (v[i] < x*y) results = results - y; else signal(s); } }

This code is very UNSAFE, since the signal could never be executed, and 1 could be blocked forever!

• Avoid making critical sections across loops or conditional

statements.

6

How long is blocking time?

CS1

1 2

CS2

P1 > P2

1 2



It seems that the maximum blocking time for 1 is equal to the length of the critical section (CS2) of 2, but …

SLIDE 2

10/29/2019

7

Schedule with no conflicts

1 priority 2 3

8

Conflict on a critical section

B priority 1 2 3

9

B

Conflict on a critical section

priority 1 2 3

10

Priority Inversion

Solution

Introduce a concurrency control protocol for accessing critical sections.

A high priority task is blocked by a lower priority task a for an unbounded interval of time

11

Protocol key aspects

Access Rule: Decides whether to block and when. Progress Rule: Decides how to execute inside a critical section. Release Rule: Decides how to

• rder

the pending requests of the blocked tasks. Other aspects Analysis: estimates the worst-case blocking times. Implementation: finds the simplest way to encode the protocol rules.

12

Rules for classical semaphores

Access Rule (Decides whether to block and when):

• Enter a critical section if the resource is free, block if the

resource is locked. Progress Rule (Decides how to execute in a critical section):

• Execute the critical section with the nominal priority.

Release Rule (Decides how to order pending requests):

• Wake up the blocked task in FIFO order.
• Wake up the blocked task with the highest priority.

The following rules are normally used for classical semaphores:

SLIDE 3

10/29/2019

13

Resource Access Protocols

• Classical semaphores (No protocol)
• Non Preemptive Protocol (NPP)
• Highest Locker Priority (HLP)
• Priority Inheritance Protocol (PIP)
• Priority Ceiling Protocol (PCP)
• Stack Resource Policy (SRP)

14

Assumption

Critical sections are correctly accessed by tasks:

wait(SA) signal(SA) signal(SB) wait(SB) wait(SA) signal(SA) signal(SB) wait(SB)

15

Non Preemptive Protocol

Access Rule: A task never blocks at the entrance of a critical section, but at its activation time. Progress Rule: Disable preemption when executing inside a critical section. Release Rule: At exit, enable preemption so that the resource is assigned to the pending task with the highest priority.

16

1

B priority

Conflict on a critical section

2 3 (using classical semaphores)

17

NPP: example

B priority

1 2 3

18

Each task i must be assigned two priorities:

• a nominal priority Pi (fixed) assigned by the application

developer;

• a dynamic priority pi (initialized to Pi) used to schedule the

task and affected by the protocol.

NPP: implementation notes

wait(s): pi = max(P1, …, Pn) signal(s): pi = Pi

Then, the protocol can be implemented by changing the behavior of the wait and signal primitives:

SLIDE 4

10/29/2019

19

NPP: pro & cons

ADVANTAGES: simplicity and efficiency.

• Semaphores queues are not needed, because tasks

never block on a wait(s).

• Each task can block at most on a single critical section.
• It prevents deadlocks and allows stack sharing.
• It is transparent to the programmer.

PROBLEMS:

• 1. Tasks may block even if they do not use resources.
• 2. Since tasks are blocked at activation, blocking could be

unnecessary (pessimistic assumption).

20

NPP: problem 1

B1 priority Priority assigned to i inside critical sections:

1 2 3

Long critical sections delay all high priority tasks:

B1 is useless: 1 cannot preempt, although it could!

pi = Pmax = max(P1, …, Pn)

B2

21

NPP: problem 2

A task could block even if not accessing a critical section: CS test

1

CS

2 1 2

1 blocks just in case ...

p2 Pmax P2

22

Highest Locker Priority

Access Rule: A task never blocks at the entrance of a critical section, but at its activation time. Progress Rule: Inside resource R, a task executes at the highest priority of the tasks that use R. Release Rule: At exit, the dynamic priority of the task is reset to its nominal priority Pi.

23

HLP: example

priority

1 2 3

2 is blocked, but 1 can preempt B2 Priority assigned to i inside a resource R:

pi(R) = max { Pj | j uses R }

P2 P3 p3

24

• Each task i is assigned a nominal priority Pi and a

dynamic priority pi.

• Each semaphore S is assigned a resource ceiling C(S):

HLP: implementation notes

wait(S): pi = C(S) signal(S): pi = Pi Then, the protocol can be implemented by changing the behavior of the wait and signal primitives:

C(S) = max { Pi | i uses S }

Note: HLP is also known as Immediate Priority Ceiling (IPC).

SLIDE 5

10/29/2019

25

HLP: pro & cons

PROBLEMS:

• Since tasks are blocked at activation, blocking could be

unnecessary (same pessimism as for NPP).

• It is not transparent to programmers (due to ceilings).

ADVANTAGES: simplicity and efficiency.

• Semaphores queues are not needed, because tasks

never block on a wait(s).

• Each task can block at most on a single critical section.
• It prevents deadlocks.
• It allows stack sharing.

26

Priority Inheritance Protocol

Access Rule: A task blocks at the entrance of a critical section if the resource is locked. Progress Rule: Inside resource R, a task executes with the highest priority of the tasks blocked on R. Release Rule: At exit, the dynamic priority of the task is reset to its nominal priority Pi.

27

PIP: example

push-through blocking direct blocking priority

1 2 3

3 inherits the priority of 1 P1 P3

28

PIP: types of blocking

 Direct blocking

A task blocks on a locked semaphore

 Indirect blocking (Push-through blocking)

A task blocks because a lower priority task inherited a higher priority.

BLOCKING: a delay caused by lower priority tasks

29

Inside a resource R the dynamic priority pi is set as

PIP: implementation notes

pi(R) = max { Ph | h blocked on R }

wait(s): if (s == 0) {

<suspend the calling task exe in the semaphore queue> <find the task k that is locking the semaphore s> pk = Pexe // priority inheritance <call the scheduler> }

else s = 0; signal(s): if (there are blocked tasks) {

<awake the highest priority task in the semaphore queue> pexe = Pexe <call the scheduler> }

else s = 1;

30

Identifying blocking resources

Under PIP, a task i can be blocked on a semaphore Sk only if:

• 1. Sk is directly shared between i and lower priority

tasks (direct blocking) OR

• 2. Sk is shared between tasks with priority lower

than i and tasks having priority higher than i (push-through blocking).

SLIDE 6

10/29/2019

31

Lemma 1: A task i can be blocked at most

• nce by a lower priority task.

If there are ni tasks with priority lower than i, then i can be blocked at most at most ni times, independently of the number of critical sections that can block i.

Identifying blocking resources

32

Lemma 2: A task i can be blocked at most

• nce on a semaphore Sk.

If there are mi distinct semaphores that can block a task i, then i can be blocked at most mi times, independently of the number of critical sections that can block i.

Identifying blocking resources

33

Bounding blocking times

A theorem follows from the previous lemmas: Theorem:

i can be blocked at most for

the duration of i = min(ni,mi) critical sections. ni = number of tasks with priority less than i mi = number of semaphores that can block i (either directly or indirectly).

34

Example 1

priority B C

1 2 3

A C D B A D

 1 can be blocked once by 2 (on A2 or C2) and

• nce by 3 (on B3 or D3)

 2 can be blocked once by 3 (on B3 or D3)  3 cannot be blocked

35

priority

1 2 3

A B B

P1

C D A C D

Example in which 2 is blocked on B3 by push-through

Example 1

36

Identifying blocking times

To derive a general analysis, we define the following notation: Zik longest (external) critical section used by i protected by semaphore Sk. ik worst-case duration of Zik i set of the longest critical sections used by i for each semaphore Sk: i = { Zik | Sk used by i } ij set of critical sections used by j that can block i i set of critical sections that can block i i maximum number of critical sections that can block i Bi worst-case blocking time for i

SLIDE 7

10/29/2019

37

Identifying blocking times

j i dir ij

    

C.S. of j that can block i for direct blocking:

} {

1 1 j h i h pt ij

    

 



C.S. of j that can block i for push-through blocking:

} {

1 j h i h pt ij dir ij ij

        





C.S. of j that can block i

ij n i j i

 

1  

 

C.S. that can block i

38

For the other protocols

)} ( ) ( | {

AND

i j j jk jk NPP ij

P P Z Z     

} {

1 j h i h PIP ij

    





ij n i j i

 

1  

 

C.S. that can block i

)} ) ( ( ) ( ) ( | {

AND AND

i k i j j jk jk HLP ij

P S C P P Z Z      

39

Identifying blocking time Bi

• 1. Identify the set ij for all lower priority tasks
• 2. Identify the set i
• 3. Compute i
• 4. Compute Bi as the highest sum of the i durations

ik of Zik  i

NOTE: The i critical sections selected from i

• must belong to different tasks (for Lemma 1);
• must refer to different semaphores (for Lemma 2);

Example 2

1

A B C D E IN OUT

2 3 4

Consider the following application:

40

Ci Ti 15 60 30 100 20 150 40 200

1 2 3 4 priority B C

1 2 3

A D E C A D B B A

4

E

3 4 5 3 6 11 5 10 8 12 14 10

(Ri)

Example 2

From the task code we can derive the following table: B C

1 2 3

A D E C A D B B A

4

E

3 4 5 3 6 11 5 10 8 12 14 10

41

Ci Ti A B C D E 15 60 3 4 5   30 100 6 11  5  20 150   10  8 40 200  12  14 10

1 2 3 4

Identification of 1

42

Ci Ti A B C D E 15 60 3 4 5   30 100 6 11  5  20 150   10  8 40 200  12  14 10

1 2 3 4

B1

1 = {A2, B2, C3, B4}

 1 can only experience direct blocking because it is the highest priority task.

SLIDE 8

10/29/2019

43

Ci Ti A B C D E 15 60 3 4 5   30 100 6 11  5  20 150   10  8 40 200  12  14 10

1 2 3 4

B2

1 = {A2, B2, C3, B4} 2 = {C3, B4, D4}

Identification of 2

 2 can be blocked directly by B4 and D4, and indirectly by C3 and B4.

44

Ci Ti A B C D E 15 60 3 4 5   30 100 6 11  5  20 150   10  8 40 200  12  14 10

1 2 3 4

B3

1 = {A2, B2, C3, B4} 2 = {C3, B4, D4} 3 = {B4, D4, E4}

Identification of 3

 3 can be blocked directly by E4 and indirectly by B4 and D4

45

Ci Ti A B C D E 15 60 3 4 5   30 100 6 11  5  20 150   10  8 40 200  12  14 10

1 2 3 4

B4

1 = {A2, B2, C3, B4} 2 = {C3, B4, D4} 3 = {B4, D4, E4}

Identification of 4

4 = {}

46

Ci Ti A B C D E i ni mi i 15 60 3 4 5   {A2, B2, C3, B4} 3 3 3 30 100 6 11  5  {C3, B4, D4} 2 3 2 20 150   10  8 {B4, D4, E4} 1 3 1 40 200  12  14 10 {}

1 2 3 4

Identification of i

number of semaphores that can block i (either directly or indirectly).

i = min(ni, mi)

number of tasks with priority less than i

47

Ci Ti A B C D E i i Bi 15 60 3 4 5   {A2, B2, C3, B4} 3 28 30 100 6 11  5  {C3, B4, D4} 2 24 20 150   10  8 {B4, D4, E4} 1 14 40 200  12  14 10 {}

1 2 3 4

Identification of Bi

NOTES  For 1, if we select B2, we cannot select B4, because each semaphore can block only once (Lemma 2).  For 2, we cannot select B4 and D4, because each task can block only once (Lemma 1).

48

PIP: pro & cons

ADVANTAGES:

• It removes the pessimisms of NPP and HLP (a task is

blocked only when really needed).

• It is transparent to the programmer.

PROBLEMS:

• More complex to implement (especially to support

nested critical sections).

• It is prone to chained blocking.
• It does not avoid deadlocks.

SLIDE 9

10/29/2019

49

PIP: Chained blocking

priority

B A B

A4

1 2 3

C A C

4

A, B, C C B A

B3 C2 NOTE:

1 can be blocked at most once

for each lower priority task.

50

Priority Ceiling Protocol

Access Rule: A task can access a resource only if it passes the PCP access test. Progress Rule: Inside resource R, a task executes with the highest priority of the tasks blocked on R. Release Rule: At exit, the dynamic priority of the task is reset to its nominal priority Pi. NOTE: PCP can be viewed as PIP + access test

51

Avoiding chained blocking

To avoid multiple blocking of 1 we must prevent 3 and 2 to enter their critical sections (even if they are free), because a low priority task (4) is holding a resource used by 1. priority

B A B

A4

1 2 3

C A C

4

B3 C2

52

Then a task i can enter a critical section only if its priority is higher than the maximum ceiling of the locked semaphores:

Resource Ceilings

To keep track of resource usage by high-priority tasks, each resource is assigned a resource ceiling:

C(sk) = max { Pi | i uses sk } Pi > max { C(sk) : sk locked by tasks  i }

PCP access test

53

A

sA C(sA) = P1

B

sB C(sB) = P1

priority

1 2 3

A B A B

t1

t1: 2 is blocked by the PCP, since P2 < C(sA)

PCP: example

ceiling blocking

54

Theorem 1

Under PCP, a task can block at most on a single critical section.

Theorem 2

PCP prevents chained blocking.

Theorem 3

PCP prevents deadlocks.

PCP: properties

SLIDE 10

10/29/2019

55

1 2 1 2

P1 > P2

A B B A

Typical deadlock

blocked blocked

It can only occur with nested critical sections:

56

1 2 1 2

P1 > P2

A B B A

PCP: deadlock avoidance

blocked by PCP

It can only occur with nested critical sections:

C(SA) = P1 C(SB) = P1

57

PCP: pro & cons

ADVANTAGES:

• It limits blocking to the length of a single critical section.
• It avoids deadlocks when using nested critical sections.

PROBLEMS:

• It is complex to implement (like PIP).
• It can create unnecessary blocking (it is pessimistic like

HLP).

• It is not transparent to the programmer: resource

ceilings must be specified in the source code.

58

Questions

• 2. Each task has a nominal priority (Pi) and a

dynamic priority (pi  Pi) changed by the protocol to prevent priority inversion. If i blocks because Pi  max {C(sk) : sk locked by tasks  i} can it be that pi > max {C(sk) : sk locked by tasks  i} ?

• 1. If a task uses several critical sections, can it be

blocked on the second one?

59

Analysis under shared resources

• 1. Select a scheduling algorithm to manage tasks

and a protocol for accessing shared resources.

• 2. Compute the maximum blocking time Bi for

each task.

• 3. Perform

the guarantee test including the blocking terms.

60

Analysis under RM

preemption by HP tasks

i

blocking by LP tasks

 

1 21

1 1

    



  /i i i i i k k k

i T B C T C i

SLIDE 11

10/29/2019

61

Hyperbolic Bound

preemption by HP tasks

i

blocking by LP tasks

2 1 1

1 1

                    



  i i i i k k k

T B C T C i

62

Response Time Analysis

k k i i k i i i

C T R B C R



 

  

1 1

Iterative solution:

k k s i i k i i s i

C T R B C R

) 1 ( 1 1 ) (   



  

i i i

B C R  

iterate while

) 1 ( 



s i s i

R R

63

Resource Sharing under EDF

The protocols analyzed so far have been originally developed for fixed priority scheduling schemes. However:

 NPP can also be used under EDF  PIP has been extended under EDF by Spuri (1997).  PCP has been extended under EDF by Chen-Lin (1990)  In 1990, Baker proposed a new access protocol, called Stack Resource Policy (SRP) that works both under fixed priorities and EDF.

64

Stack Resource Policy

This protocol satisfies the same PCP properties:

• it avoids unbounded priority inversion;
• it prevents deadlocks and chained blocking;
• each task can be blocked at most once.

In addition:

• It allows using multi-unit resources;
• it can be used under fixed and dynamic priorities;
• it allows tasks to share the same stack space.

65

Each resource Rk is characterized by:

• a maximum number of units Nk
• a current number of available units nk

Stack Resource Policy

RM: pi  1/Ti DM: pi  1/Di EDF: pi  1/di

Each task i is characterized by:

• A priority pi (static or dynamic), e.g.:
• A preemption level: i  1/Di
• A set of resource requirements:

Rk

i(Rk)

specifies how many units of Rk are used by i

66

i  1/Di

• Note that, under EDF, a task i can preempt k only if

i > k (that is, if Di < Dk)

• No preemption can occur if i  k (that is, if Di  Dk):

Preemption level

SLIDE 12

10/29/2019

67

Each resource Rk is assigned a dynamic ceiling equal to the highest preemption level of the tasks that may block on Rk: CR(nk) = max {0, i : n(Rk) < i(Rk)}

NOTE: CR(nk) increases only when a resource is locked CR(nk) decreases only when a resource is released

Resource ceiling

68

Lemma

If i > CR(nk) then there exist enough units of R

• 1. to satisfy the requirements of i
• 2. to satisfy the requirements of all tasks that

can make preemption on i

Ceiling property

CR(nk) = max {0, i : n(Rk) < i(Rk)}

69

Finally, a system ceiling is defined as:

s = max {CR(nk)}

A ready task i can preempt the executing task exe if and only if pi > pexe and i > s SRP preemption rule

Stack Resource Policy

70

NR 3 2 RA RB

A(3) B(1) A(1) B(2)

1 2 3 1 2 3

Di i 3 2 1 10 15 20 A B 3 1 1 2

Computing Resource Ceilings

71

NR 3 2 RA RB CR(3)

• RA

RB CR(2) CR(1) CR(0) 3 3 1 3 2

1 2 3

Di i 3 2 1 10 15 20 A B 3 1 1 2

Computing Resource Ceilings

72

1 2 3

s

3 2 1 NR CR(3) CR(2) CR(1) CR(0)

• RA

RB 3 3 1 3 2 3 2

B B B A A

A task blocks when attempting to preempt

A(3) B(1) A(1) B(2)

1 2 3

SRP: example

SLIDE 13

10/29/2019

73

1 2 3

p3

P3 P2 P1

B B A A

sA C(sA) = P1 sB C(sB) = P2

B B

P2

A task is blocked when accessing a resource

A(3) B(1) A(1) B(2)

1 2 3

PCP: example

74

Theorem 1

Under SRP, each task can be blocked at most on a single critical section.

1 2 3

B B B A A

Consider the following scenario where 1 blocks on two: This is not possible, because 2 could not preempt 3 because, at time t*, 2 < s

t*

SRP: properties

75

If i > s then i will never block once started.

Theorem 2

Since s = max{CR(nk)}, then there are enough resources to satisfy the requirements of i and those

• f all tasks that can preempt i .

Proof Question If a task can never block once started, can we get rid of the wait / signal primitives?

SRP: properties

76

SRP prevents deadlocks.

Theorem 3

From Theorem 2, if a task can never block once started, then no deadlock can occur. Proof

SRP: properties

77

1 2 1 2

A B B A

SRP: deadlock avoidance

blocked by SRP

1 > 2

s

2 1

78

Schedulability analysis under EDF

1

1 1

   



  i i i i k k k

T B C T C i

Bi can be computed as under PCP and refers to the length of longest critical section that can block i. A task set is schedulable if When Di = Ti

SLIDE 14

10/29/2019

79

When Di  Ti

L C T D T L L B

n k k k k k

    

1

) (

A task set is schedulable if U < 1 and L  D

D = { dk | dk  max (Dmax , min(H, L*)) } Schedulability analysis under EDF

U U D T L

n i i i i

   



1 ) (

1 *

H = lcm(T1, …, Tn) Dmax = max (D1, …, Dn)

where:

B(L) = max { jh | (Dj > L) and (Dh  L) }

80

Stack sharing

Each task normally uses a private stack for

• saving context (register values)
• managing functions
• storing local variables

stack

stack pointer

PUSH POP

81

stack

1 2

SP2 SP1

Why stack cannot be normally shared?

Suppose tasks share a resource: A

blocked big problems

Stack sharing

82

Why stack can be shared under SRP?

stack

1 2

SP2 SP1 SP2

Stack sharing

83

To really save stack size, we should use a small number of preemption levels.

100 tasks 10 Kb stack per task stack size = 1 Mb 10 preemption levels 10 tasks per group stack size = 100 Kb stack saving = 90 %

Saving stack memory

84

Comparison

Prot prio. pessim. i block. instant trans‐ parent dlock avoid. stack sharing impl . NPP any high 1

• n

arrival YES YES YES easy HLP fixed medium 1

• n

arrival NO YES YES easy PIP fixed low min (ni, mi)

• n

access YES NO NO hard PCP fixed low 1

• n

access NO YES NO hard SRP any medium 1

• n

arrival NO YES YES easy