MOD mesas1.pdf · mod. 155 mod. 198 mesa 1016 . mesa 907 mesa 1020 . mesa 1024
Experience with Processes and Monitors in Mesa
description
Transcript of Experience with Processes and Monitors in Mesa
Experience with Processes Experience with Processes and Monitors in Mesaand Monitors in Mesa
B. W. LampsonB. W. LampsonXerox Palo Alto Research CenterXerox Palo Alto Research Center
D. D. RedellD. D. RedellXerox Business SystemsXerox Business Systems
Communications of the ACM v.23, n.2, Feb.1980, pp. 105-117
sbwood 2005sbwood 2005 22
Design GoalsDesign Goals
Local concurrent programmingLocal concurrent programming Global resource sharingGlobal resource sharing Replacing interruptsReplacing interrupts
sbwood 2005sbwood 2005 33
Concurrent Programming usingConcurrent Programming using
Monitors in MesaMonitors in Mesa Interactions with process creation and Interactions with process creation and
destructiondestruction How to define WAITHow to define WAIT Priority schedulingPriority scheduling Semantics of nested monitor callsSemantics of nested monitor calls Handling timeouts, aborts, and other Handling timeouts, aborts, and other
exceptionsexceptions Monitoring large numbers of small objectsMonitoring large numbers of small objects
sbwood 2005sbwood 2005 44
Signaling in MonitorsSignaling in MonitorsJ. H. HowardJ. H. Howard
22ndnd Intl. Conf. of Software Engr, Oct.1976 Intl. Conf. of Software Engr, Oct.1976
SU signal & urgent wait SU signal & urgent wait Hoare’74Hoare’74 signaler to “urgent” queue & resumes after signaler to “urgent” queue & resumes after signaled process runssignaled process runs
SR signal & return SR signal & return Brinch Hansen’75Brinch Hansen’75 return from monitor immediately after signalingreturn from monitor immediately after signaling Concurrent PASCALConcurrent PASCAL
SW signal & wait SW signal & wait Howard’76Howard’76 signaled immediate accesssignaled immediate access signaler to monitor’s entry queuesignaler to monitor’s entry queue
SC signal & continueSC signal & continue signaler’s view of monitor state not corruptedsignaler’s view of monitor state not corrupted requires explicit recording of signals pendingrequires explicit recording of signals pending
Problems SU & SW: signalers might wait & restart unnecessarily
SR simplest but may be inadequate & SC complex
sbwood 2005sbwood 2005 55
Excerpt of Tanenbaum’sExcerpt of Tanenbaum’s Example of Hoare SemanticExample of Hoare Semantic
Monitor ProducerConsumer Monitor ProducerConsumer
condition full, empty; integer count;condition full, empty; integer count;
procedure insert (item; integer);procedure insert (item; integer);
begin begin Modification for Mesa SemanticModification for Mesa Semantic if count = N then wait (full); while not count = N do wait (full)if count = N then wait (full); while not count = N do wait (full)
insert_item (item);insert_item (item);
count := count + 1;count := count + 1;
if count = 1 then signal (empty);if count = 1 then signal (empty);
end;end;
Signaling thread suspends on urgent
Signaled thread wakes & runs immediately
First thread regains possession of monitor when second completes
Signaling thread continues
Signaled thread rechecks condition because order not guaranteed
Avoid context switch
Hoare semantic Mesa semantic
sbwood 2005sbwood 2005 66
StorageAllocator: MONITOR = BEGIN availableStorage: INTEGER: moreAvailable: CONDITION:
Allocate: ENTRY PROCEDURE [size: INTEGER RETURNS [p: POINTER] = BEGIN UNTIL availableStorage >= size DO WAIT moreAvailable ENDLOOP; p <- <remove chunk of size words & update availableStorage> END;
Free: ENTRY PROCEDURE [p: POINTER, Size: INTEGER] = BEGIN <put back chunk of size words & update availableStorage>; NOTIFY moreAvailable END;
Expand:PUBLIC PROCEDURE [pOld: POINTER, size: INTEGER] RETURNS [pNew: POINTER] = BEGIN pNew <- Allocate[size]; <copy contents from old block to new block>; Free[pOld] END;END.
sbwood 2005sbwood 2005 77
Mutual exclusionMutual exclusion
Asynchronous processes must not Asynchronous processes must not Allocate and Free simultaneously Allocate and Free simultaneously →→ use use entryentry procedures procedures
Monitor lock not needed during copy Monitor lock not needed during copy in Expand in Expand →→ use use externalexternal procedure procedure
Structure the monitor computations Structure the monitor computations only when lock is already held only when lock is already held →→ use use internalinternal procedure procedure
sbwood 2005sbwood 2005 88
Define WAITDefine WAIT
If caller If caller waitswaits in entry procedure, it in entry procedure, it releasesreleases the lock the lock
If If waitwait in internal procedure, the lock in internal procedure, the lock is is releasedreleased
If monitor calls procedure outside the If monitor calls procedure outside the monitor, the lock is monitor, the lock is notnot released released
sbwood 2005sbwood 2005 99
InvariantInvariant Always trueAlways true, except when process is , except when process is
executing in the monitorexecuting in the monitor On entryOn entry, invariant assumed to hold, invariant assumed to hold Invariant established Invariant established before control leavesbefore control leaves
monitormonitor Monitor procedure must establish invariant Monitor procedure must establish invariant
before WAITbefore WAIT Consider Consider exception handlerexception handler called from called from
entry procedureentry procedure
sbwood 2005sbwood 2005 1010
Causes ofCauses ofPair-wise DeadlockPair-wise Deadlock
2 processes WAIT in a single 2 processes WAIT in a single monitormonitor
Cyclic calling between 2 monitors Cyclic calling between 2 monitors →→ impose a partial order impose a partial order
Two level data abstractionTwo level data abstraction
sbwood 2005sbwood 2005 1111
Two level data abstractionTwo level data abstractionExample: Monitor M calls N and waits for C Example: Monitor M calls N and waits for C
requires process to enter N through M to set C requires process to enter N through M to set C → DEADLOCK→ DEADLOCK
Divide M into monitor M’ and interface O to call NDivide M into monitor M’ and interface O to call N
sbwood 2005sbwood 2005 1212
Monitored ObjectsMonitored Objects Collection of shared data objectsCollection of shared data objects Multiple instances of monitorMultiple instances of monitor Duplication of program linking and Duplication of program linking and
code swappingcode swapping Monitored recordMonitored record To access a file, pass as parameter To access a file, pass as parameter
to effectively create a separate to effectively create a separate monitor for each object (read-only, monitor for each object (read-only, no aliasing)no aliasing)
sbwood 2005sbwood 2005 1313
Abandon computationAbandon computation
UNWIND exception to allow clean-up by UNWIND exception to allow clean-up by any active procedureany active procedure
If procedure to be abandoned is an entry If procedure to be abandoned is an entry procedure, must restore invariant and procedure, must restore invariant and release lockrelease lock
Programmer provides handler or Programmer provides handler or experiences deadlockexperiences deadlock
Compare to Java exception handlingCompare to Java exception handling
sbwood 2005sbwood 2005 1414
Condition variablesCondition variables Process establishes a condition for which Process establishes a condition for which
another process waitsanother process waits NOTIFY is a hint that waiting process will NOTIFY is a hint that waiting process will
resume and reacquire the monitor lockresume and reacquire the monitor lock No guarantee about another process No guarantee about another process
intercedinginterceding Waiter must reevaluate when it resumesWaiter must reevaluate when it resumes
MesaMesa WHILE NOT <OK to proceed> DO WAIT c ENDLOOPWHILE NOT <OK to proceed> DO WAIT c ENDLOOP
Hoare Hoare IF NOT <OK to proceed>IF NOT <OK to proceed> THEN WAIT cTHEN WAIT c
sbwood 2005sbwood 2005 1515
Verification rulesVerification rules
Simpler and more localizedSimpler and more localized Invariant established before return from Invariant established before return from
entry procedure or a WAITentry procedure or a WAIT Invariant assumed at start of entry Invariant assumed at start of entry
procedure and just after a WAITprocedure and just after a WAIT Waiter explicitly testsWaiter explicitly tests Notify condition may be more general Notify condition may be more general
(low cost to wake a process)(low cost to wake a process)
sbwood 2005sbwood 2005 1616
NOTIFY alternativesNOTIFY alternatives Timeout with intervalTimeout with interval AbortAbort BroadcastBroadcast I/O device communicationI/O device communication
device cannot wait on monitor lock device cannot wait on monitor lock notify condition variable to wake notify condition variable to wake
interrupt handlerinterrupt handler
sbwood 2005sbwood 2005 1717
PrioritiesPriorities Ordering implied by assignment Ordering implied by assignment
of priorities can be subverted by of priorities can be subverted by monitorsmonitors
Associate with each monitor the Associate with each monitor the priority of the highest priority priority of the highest priority process that ever enters the process that ever enters the monitormonitor ((ModulaModula disables interrupts, but this disables interrupts, but this fails with page fault.)fails with page fault.)
sbwood 2005sbwood 2005 1818
Example of subverted priorityExample of subverted priorityProcess P1 enters monitor M, P2 preempts, P3 preemptsProcess P1 enters monitor M, P2 preempts, P3 preempts
P3 tries to enter monitor and waits for lockP3 tries to enter monitor and waits for lock
P1
P2
P3
M
enter
preempt P1
preempt P2
P2 runs again, effectively keeps P3 from running, undermining the priorities.
sbwood 2005sbwood 2005 1919
ProcessorProcessor
Process states (pcbProcess states (pcbss) in queues ) in queues sorted by prioritysorted by priority Ready queueReady queue
Monitor lock queueMonitor lock queue Condition variable queueCondition variable queue
Fault queueFault queue
Queue cell
process state process state process state
head tail
----
sbwood 2005sbwood 2005 2020
ImplementationImplementation
CompilerCompiler – flags errors – flags errors WAIT in external procedure WAIT in external procedure direct call from external to internal direct call from external to internal
procedure procedure
RuntimeRuntime – process creation and – process creation and destructiondestruction
MachineMachine – process scheduling – process scheduling and monitor entry/exitand monitor entry/exit
sbwood 2005sbwood 2005 2121
PerformancePerformance
sbwood 2005sbwood 2005 2222
Validation of Mesa SemanticValidation of Mesa Semantic
Operating systemOperating system Interrupt handling lack of mutual exclusionInterrupt handling lack of mutual exclusion Interaction of concurrency and exceptionInteraction of concurrency and exception
DatabaseDatabase Single monitor and single condition variableSingle monitor and single condition variable Array of representative statesArray of representative states
Network communicationNetwork communication Router monitorRouter monitor Network driver monitorNetwork driver monitor
sbwood 2005sbwood 2005 2323
Closing comparisonClosing comparison
sbwood 2005sbwood 2005 2424
ImplementationImplementation
sbwood 2005sbwood 2005 2525
QuestionsQuestions
Monitor – low level mechanismMonitor – low level mechanismStarvation addressed by high level Starvation addressed by high level
schedulingschedulingSimpler & localized verification rulesSimpler & localized verification rulesSignaled process checks specific conditionSignaled process checks specific conditionMore general condition for notifyMore general condition for notify
• Should signal be the last operation of aShould signal be the last operation of a monitor procedure?monitor procedure?• How is exception handling addressed?How is exception handling addressed?