[PPT] - Mutual Exclusion 1 Goals of the lecture Time domain vs PowerPoint Presentation

SLIDE 1 Mutual Exclusion 1 Goals

f

the lecture

Time

domain vs Causalit y domain

Lamp
rt's

Mutual Exclusion Algo rithm

F
rmal

V erication

Key

Lemmas

Safet

y

Liveness
F

airness References: Lamp

rt

79, Garg and T

mlinson

94 c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 2 Mutual Exclusion 2 Time domain vs Causalit y domain

most

p roblems require causalit y domain

accounts

fo r va riable execution schedule

p

roblems in causalit y domain easier

mutual

exclusion

rdering
f

messages

bserving

a global p rop ert y c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 3 Mutual Exclusion 3 Prop erties

f

the Mutual Exclusion Algo rithm

a

xed numb er

f

p ro cesses

a

sha red resource called the critical section (CS).

T

ask is to co

rdinate

p ro cesses.

Requirements

a re: Safet y: Tw

p

ro cesses should not use the CS simultaneously . Liv eness: Every request fo r the CS is eventually granted. F airness: Requests must b e granted in the

rder

they a re made. @ @ @ @ @ @ R @ @ @ @ @ @ R

H

H H H H H H H H H H H H H H H H H H H H H j

Boston
Austin

New Y

rk

c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 4 Mutual Exclusion 4 F

rmal

Sp ecication Lamp

rt's

algo rithm assumes that all channels a re FIF O s

t

^ s ; u ^ t ; v ) :(v

u)
r

eq (s) = P s:p has requested the critical section

cs(s)

= P s:p has p ermission to enter the critical section in s

Co
p

eration assumption: cs(s) ) (9t : s

t

: :r eq (t)) c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 5 Mutual Exclusion 5 F

rmal

Requirements skt ) :(cs(s) ^ cs(t)) (Safet y) r eq (s) ) (9t :: s

t

^ cs(t)) (Liv eness) next cs(s) = minft j s

t

^ cs(t)g r eq star t(s) = r eq (s) ^ :r eq (s:pr ev ) r eq star t(s) = P s:p made a request fo r the CS in state s. (r eq star t(s)^r eq star t(t)^s ! t) ) next cs(s) ! next cs(t) (F airness)

next

cs(s) and next cs(t) exist due to liveness.

next

cs(s) and next cs(t) a re not concurrent due to safet y . c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 6 Mutual Exclusion 6 Info rmal Sp ecication

f

the Mutual Exclusion Algo rithm

request

CS: send a timestamp ed message to all

ther

p ro- cesses and add a timestamp ed request to the queue.

On

receiving a request: the request and its timestamp is sto red in the queue and an ackno wledgment is returned.

T
release

the CS: send a release message to all

ther

p ro cesses.

On

receiving a \release": delete the co rresp

nding

request from the queue. P 1 d jr eq (21; 1); ack (24; 2); ac k (25; 3);

P

2 d jr eq (21; 1);

P

3 d jr eq (21; 1);

c

Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 7 Mutual Exclusion 7 Info rmal Sp ecication [Contd.]

can

access CS if

it

has a request in the queue with timestamp t, and

t

is less than all

ther

requests in the queue, and

it

has received a message from every

ther

p ro cess with timestamp greater than t. P 1 d jr eq (21; 1); r eq (24; 2); ac k (25; 3);

P

2 d jr eq (21; 1); r eq (24; 2)

P

3 d jr eq (21; 1); r eq (24; 2 )

c

Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 8 Mutual Exclusion 8 F

rmal

Description

Lo

cal va riables in each state s: s:q [1::n] : integer initially 1 s:v : DDClo ck

T
request

the critical section in t where s

1

t: t:q [t:p] = s:v [t:p] fo r all j : j 6= t:p : send \request" to P j

On

receiving \request" in state t sent from state u (u ; t): t:q [u:p] = u:q [u:p] send ack to u:p

T
release

the critical section in state t: t:q [t:p] = 1 fo r all j 6= t:p, send \release" to P j

On

receiving \release" sent from state u: t:q [u:p] = 1 c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 9 Mutual Exclusion 9 F

rmal

Description [Contd.] State s has p ermission to access the critical section when

there

is a request from P s:p with timestamp less than all

ther

requests

and

P s:p has received a message from every

ther

p ro cess with a timestamp greater than the timestamp

f

its

wn

request. F

rmal

description

f

C S (s)

8

j : j 6= s:p : (s:q [s:p]; s:p) < (s:v [j ]; j ) ^ (s:q [s:p]; s:p) < (s:q [j ]; j ): c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 10 Mutual Exclusion 10 Pro

f
f

Co rrectness W e dene the p redicate msg (s; t)

(9u;

t : u ; t ^ u

s

^ t

t

) That is, there exists a message which w as sent b y P s:p b efo re s and received b y P t:p after t. Lemma 1 Assume FIF O. 8s; t : s:p 6= t:p : s 6! t^:msg (s; t) ) t:q [s:p] = s:q [s:p]: The follo wing Lemma is crucial in p roving the safet y p rop ert y . Lemma 2 8s; t : s:p 6= t:p : s 6! t ^ s:q [s:p] < t:v [s:p] ) t:q [s:p] = s:q [s:p]

Q

Q Q Q Q Q Q Q Q Q Q Q Q Q s

3
s

t c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 11 Mutual Exclusion 11 Safet y Prop ert y Lemma 3 (Safet y) s:p 6= t:p ^ skt ) :(cs(s) ^ cs(t)). Pro

f:

W e will sho w that (skt) ^ cs(s) ^ cs(t) implies false. Case 1: t:v [s:p] < s:q [s:p] ^ s:v [t:p] < t:q [t:p] W e get the follo wing cycle. s:q [s:p] < f cs(s) ^ s:p 6= t:p g s:v [t:p] < f this case g s:q [s:p] t s:q [t:p] t s:v [s:p] t s:v [t:p] t t t:q [t:p] t t:q [s:p] t t:v [t:p] t t:v [s:p] t:q [t:p] < f cs(t) ^ s:p 6= t:p g t:v [s:p] < f this case g s:q [s:p]. c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 12 Mutual Exclusion 12 Safet y Prop ert y [Contd.] Case 2: s:q [s:p] < t:v [s:p] ^ t:q [t:p] < s:v [t:p] W e get the follo wing cycle. s:q [s:p] < f cs(s) ^ s:p 6= t:p g s:q [t:p] = f t:q [t:p] < s:v [t:p], t 6! s, Lemma 2 g s:q [s:p] t s:q [t:p] t s:v [s:p] t s:v [t:p] t t t:q [t:p] t t:q [s:p] t t:v [t:p] t t:v [s:p] t:q [t:p] < f cs(t) ^ s:p 6= t:p g t:q [s:p] = f s:q [s:p] < t:v [s:p], s 6! t, Lemma 2 g s:q [s:p]. c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 13 Mutual Exclusion 13 Safet y Prop ert y [Contd.] Case 3: s:q [s:p] < t:v [s:p] ^ s:v [t:p] < t:q [t:p] W e get the follo wing cycle. s:q [s:p] < f cs(s) ^ s:p 6= t:p g s:v [t:p] < f this case g s:q [s:p] t s:q [t:p] t s:v [s:p] t s:v [t:p] t t t:q [t:p] t t:q [s:p] t t:v [t:p] t t:v [s:p] t:q [t:p] < f cs(t) ^ s:p 6= t:p g t:q [s:p] = f s:q [s:p] < t:v [s:p], s 6! t, Lemma 2 g s:q [s:p]. Case 4: Simila r to case 3. c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 14 Mutual Exclusion 14 Liveness Prop ert y Lemma 4 (Liv eness) r eq (s) ) 9t : s

t

^ cs(t) Pro

f:

r eq (s) is equivalent to s:q [s:p] 6= 1. s:q [s:p] 6= 1 implies that there exists s 1 2 P s:p such that s 1 :v [s:p] = s:q [s:p] ^ ev ent(s 1 ) = r eq uest. W e sho w existence

f

the required t with the follo wing t w

claims:

Claim 1: 9t 1 : 8j 6= s:p : t 1 :v [j ] > s:q [s:p] ^ s:q [s:p] = t 1 :q [s:p] Claim 2: 9t 2 : 8j 6= s:p : t 2 :q [j ] > s:q [s:p] ^ s:q [s:p] = t 2 :q [s:p] c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 15 Mutual Exclusion 15 F airness Prop ert y Lemma 5 (F airness) (r eq star t(s) ^ r eq star t(t) ^ s ! t) ) (next cs(s) ! next cs(t)) Pro

f:

Let s = next cs(s) b e state in which critical section is acquired, and let s 00 b e state which it is released. Let t = next cs(t). Let r b e the state in P t:p which received the request message sent from s. c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 16 Mutual Exclusion 16 F airness Prop ert y [Contd.] W e kno w the follo wing facts: 1: r

t,

due to FIF O channels. 2: t:v [t:p] = t:q [t:p], due to request event at t. 3: s:v [s:p] < t:v [t:p], since s ! t (D D 2). 4: s:q [s:p] = s:v [s:p], due to request event at s. 5: r :q [s:p] = s:q [s:p], due to receiving request at r . 6: r :q [s:p] < t:q [t:p], from 2; 3; 4; 5. 7: t:q [t:p] = t :q [t:p], b y defn

f

t . 8: t :q [t:p]

t

:q [s:p], since cs(t ). 9: r :q [s:p] < t :q [t:p]

t

:q [s:p], from 6; 7; 8. This means that q [s:p] must b e increased b et w een r and t . That can

nly

happ en when P t:p receives the release message sent from s 00 . Thus s 00 ! t . And since s ! s 00 , w e conclude s ! t . c Vija y K. Ga rg Distributed Systems Sp ring 96