Mutual Exclusion 1 Goals of the lecture Time domain vs - PowerPoint PPT Presentation

Mutual Exclusion 1 Goals of the lecture � Time domain vs Causalit y domain � Lamp o rt's Mutual Exclusion Algo rithm � F o rmal V eri�cation � Key Lemmas � Safet y � Liveness � F airness References: Lamp ort 79, Garg and T omlinson 94 � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 2 Time domain vs Causalit y domain � most p roblems require causalit y domain � accounts fo r va riable execution schedule � p roblems in causalit y domain easier � mutual exclusion � o rdering of messages � observing a global p rop ert y � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 3 Prop erties of the Mutual Exclusion Algo rithm � a �xed numb er of p ro cesses � a sha red resource called the critical section (CS). � T ask is to co o rdinate p ro cesses. � Requirements a re: Safet y: Tw o p ro cesses should not use the CS simultaneously . Liv eness: Every request fo r the CS is eventually granted. F airness: Requests must b e granted in the o rder they a re made. - Austin H H @ H H @ H H @ H H @ H H @ R @ H - New Y ork H H @ H @ H H @ H H @ H H @ H @ R j H - Boston � Vija c y K. Ga rg Distributed Systems Sp ring 96

; ; Mutual Exclusion 4 F o rmal Sp eci�cation Lamp o rt's algo rithm assumes that all channels a re FIF O s � t ^ s u ^ t v ) : ( v � u ) � r eq ( s ) = P has requested the critical section s:p � cs ( s ) = P has p ermission to enter the critical section in s s:p � Co op eration assumption: cs ( s ) ) ( 9 t : s � t : : r eq ( t )) � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 5 F o rmal Requirements s k t ) : ( cs ( s ) ^ cs ( t )) (Safet y) r eq ( s ) ) ( 9 t :: s � t ^ cs ( t )) (Liv eness) next cs ( s ) = min f t j s � t ^ cs ( t ) g r eq star t ( s ) = r eq ( s ) ^ : r eq ( s:pr ev ) r eq star t ( s ) = P made a request fo r the CS in state s . s:p ( r eq star t ( s ) ^ r eq star t ( t ) ^ s ! t ) ) next cs ( s ) ! next cs ( t ) (F airness) � next cs ( s ) and next cs ( t ) exist due to liveness. � next cs ( s ) and next cs ( t ) a re not concurrent due to safet y . � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 6 Info rmal Sp eci�cation of the Mutual Exclusion Algo rithm � request CS : send a timestamp ed message to all other p ro- cesses and add a timestamp ed request to the queue. � On receiving a request : the request and its timestamp is sto red in the queue and an ackno wledgment is returned. � T o release the CS : send a release message to all other p ro cesses. � On receiving a \release" : delete the co rresp onding re- quest from the queue. P d j r eq (21 ; 1) ; � � � 3 P d P d 1 2 j r eq (21 ; 1) ; ack (24 ; 2) ; ac k (25 ; 3) ; � � � j r eq (21 ; 1) ; � � � � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 7 Info rmal Sp eci�cation [Contd.] � can access CS if � it has a request in the queue with timestamp t , and � t is less than all other requests in the queue, and � it has received a message from every other p ro cess with timestamp greater than t . P d j r eq (21 ; 1) ; r eq (24 ; 2 ) � � � 3 P d P d 1 2 j r eq (21 ; 1) ; r eq (24 ; 2) ; ac k (25 ; 3) ; � � � j r eq (21 ; 1) ; r eq (24 ; 2) � � � � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 8 ; F o rmal Description � Lo cal va riables in each state s : s:q [1 ::n ] : integer initially 1 s:v : DDClo ck � T o request the critical section in t where s � t : 1 t:q [ t:p ] = s:v [ t:p ] fo r all j : j 6 = t:p : send \request" to P j � On receiving \request" in state t sent from state u ( u t ): t:q [ u:p ] = u:q [ u:p ] send ack to u:p � T o release the critical section in state t : t:q [ t:p ] = 1 fo r all j 6 = t:p , send \release" to P j � On receiving \release" sent from state u : t:q [ u:p ] = 1 � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 9 F o rmal Description [Contd.] State s has p ermission to access the critical section when � there is a request from P with timestamp less than all other re- s:p quests � and P has received a message from every other p ro cess with a s:p timestamp greater than the timestamp of its o wn request. F o rmal description of C S ( s ) � 8 j : j 6 = s:p : ( s:q [ s:p ] ; s:p ) < ( s:v [ j ] ; j ) ^ ( s:q [ s:p ] ; s:p ) < ( s:q [ j ] ; j ) : � Vija c y K. Ga rg Distributed Systems Sp ring 96

; Mutual Exclusion 10 Pro of of Co rrectness W e de�ne the p redicate 0 0 0 msg ( s; t ) � ( 9 u; t : u t ^ u � s ^ t � t ) That is, there exists a message which w as sent b y P b efo re s:p s and received b y P after t . t:p Lemma 1 Assume FIF O. 8 s; t : s:p 6 = t:p : s 6! t ^: msg ( s; t ) ) t:q [ s:p ] = s:q [ s:p ] : The follo wing Lemma is crucial in p roving the safet y p rop ert y . Lemma 2 8 s; t : s:p 6 = t:p : s 6! t ^ s:q [ s:p ] < t:v [ s:p ] ) t:q [ s:p ] = s:q [ s:p ] s - Q � 3 Q � � � Q Q � � Q Q � � Q Q � � Q Q � � Q Q Q � � s Q - t � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 11 Safet y Prop ert y Lemma 3 (Safet y) s:p 6 = t:p ^ s k t ) : ( cs ( s ) ^ cs ( t )) . Pro of: W e will sho w that ( s k t ) ^ cs ( s ) ^ cs ( t ) implies false. Case 1: t:v [ s:p ] < s:q [ s:p ] ^ s:v [ t:p ] < t:q [ t:p ] W e get the follo wing cycle. s:q [ s:p ] < f cs ( s ) ^ s:p 6 = t:p g s:v [ t:p ] t t t:v [ s:p ] s:v [ t:p ] s:v [ s:p ] t t t:v [ t:p ] < f this case g s:q [ t:p ] t t t:q [ s:p ] t:q [ t:p ] s:q [ s:p ] t t t:q [ t:p ] < f cs ( t ) ^ s:p 6 = t:p g t:v [ s:p ] < f this case g s:q [ s:p ] . � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 12 Safet y Prop ert y [Contd.] Case 2: s:q [ s:p ] < t:v [ s:p ] ^ t:q [ t:p ] < s:v [ t:p ] W e get the follo wing cycle. s:q [ s:p ] < f cs ( s ) ^ s:p 6 = t:p g s:v [ t:p ] t t t:v [ s:p ] s:q [ t:p ] s:v [ s:p ] t t t:v [ t:p ] = f t:q [ t:p ] < s:v [ t:p ] , t 6! s , Lemma 2 g s:q [ t:p ] t t t:q [ s:p ] t:q [ t:p ] s:q [ s:p ] t t t:q [ t:p ] < f cs ( t ) ^ s:p 6 = t:p g t:q [ s:p ] = f s:q [ s:p ] < t:v [ s:p ] , s 6! t , Lemma 2 g s:q [ s:p ] . � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 13 Safet y Prop ert y [Contd.] Case 3: s:q [ s:p ] < t:v [ s:p ] ^ s:v [ t:p ] < t:q [ t:p ] W e get the follo wing cycle. s:q [ s:p ] < f cs ( s ) ^ s:p 6 = t:p g s:v [ t:p ] t t t:v [ s:p ] s:v [ t:p ] s:v [ s:p ] t t t:v [ t:p ] < f this case g s:q [ t:p ] t t t:q [ s:p ] t:q [ t:p ] s:q [ s:p ] t t t:q [ t:p ] < f cs ( t ) ^ s:p 6 = t:p g t:q [ s:p ] = f s:q [ s:p ] < t:v [ s:p ] , s 6! t , Lemma 2 g s:q [ s:p ] . Case 4: Simila r to case 3. � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 14 Liveness Prop ert y Lemma 4 (Liv eness) r eq ( s ) ) 9 t : s � t ^ cs ( t ) Pro of: r eq ( s ) is equivalent to s:q [ s:p ] 6 = 1 . s:q [ s:p ] 6 = 1 implies that there exists s 2 P such that s:p 1 s :v [ s:p ] = s:q [ s:p ] ^ ev ent ( s ) = r eq uest . 1 1 W e sho w existence of the required t with the follo wing t w o claims: Claim 1: 9 t : 8 j 6 = s:p : t :v [ j ] > s:q [ s:p ] ^ s:q [ s:p ] = t :q [ s:p ] 1 1 1 Claim 2: 9 t : 8 j 6 = s:p : t :q [ j ] > s:q [ s:p ] ^ s:q [ s:p ] = t :q [ s:p ] 2 2 2 � Vija c y K. Ga rg Distributed Systems Sp ring 96

Mutual Exclusion 15 F airness Prop ert y Lemma 5 (F airness) ( r eq star t ( s ) ^ r eq star t ( t ) ^ s ! t ) ) ( next cs ( s ) ! next cs ( t )) Pro of: 0 Let s = next cs ( s ) b e state in which critical section is 00 acquired, and let s b e state which it is released. Let 0 t = next cs ( t ) . Let r b e the state in P which received the request message t:p sent from s . � Vija c y K. Ga rg Distributed Systems Sp ring 96