Mutual Exclusion with Partial Synchrony Chapter 24 Distributed Algorithms by Nancy Lynch Melanie Agnew
Outline 24.1 The problem 24.2 A Single-Register Algorithm 24.3 Resilience to Timing Failures 24.4 Impossibility Results 24.4.1 A Lower Bound on the Time 24.4.2 Impossibility Result for Eventual Time Bounds
Mutual Exclusion Architecture
The Problem The shared memory system is a single MMT automation B = (A, b) A: underlying I/O automation with n processes, one per port b: boundmap assigning a lower bound of l1 and an upperbound of l2 where 0 < l1≤ l2 < ∞. Timing uncertainty = L = l1/l2. The user (Ui) is an MMT automata of the form (Ai, bi) which presrves well-formedness Ai: an I/O automation with finitely many tasks bi : an arbitrary boundmap The single task of process i is only enabled when Ui is in the trying or exit region The single task of process i is always enabled when Ui is in the trying or exit region
Correctness Conditions Well-formedness: In any timed execution of the combined system, and for any i, the subsequence describing the interaction between Ui and B = (A,b) is well-formed for i. Mutual exclusion: There is no reachable system state in which more than one user is in the critical region C. Progress: At any point in an admissible timed execution 1. If at least one user is in T and no user is in C, then at some later point some user enters C. 2. If at least one user is in E, then at some later point some user enters R.
A Single-Register Algorithm FischerME (incorrect) Each process i that wanting the critical resource should: Repeatedly test turn until it equals 0. Set turn = i Check that turn = i if turn=i proceed to critical region else return to step 1 p3 p2 p1 turn p4
turn FischerME p2 test turn = 0 p1 test turn = 0 set turn = 1 check turn = 2 crit p1 test turn = 0 set turn = 1 check turn = 1 crit
FischerME (modified) To fix FischerME: Add a timing restriction: any process i that sets turn := i should delay its check of turn for longer than time l2. Assume a1 and a2 are two positive reals with l2 < a1 ≤ a2. Now main has bounds [l1, l2] and check has bounds [a1, a2]. Insert k-1 delay steps before any check where kl1 > l2 and put all the actions of process i in one task with bounds [l1, l2]. This new algorithm “behaves like” the original FischerME with a1 = kl1 and a2 = kl2.
FischerME Theorem 24.1 The FisherME algorithm with l2 < a1 solves the mutual exclusion problem. Transform the system to a GTA and add states components: first(checki) first time the next checki action might occur last(maini) last time the next action in maini might occur Assertion 24.2.1 In any reachable state, there do not exist i and j, i ≠ j, such that pci = pcj = crit.
Assertion 24.2.2 In any reachable state, if pci = check, turn = i, and pcj = set, then first(checki) > last(mainj). consider (s, π, s’) pj pcj = set turn = i pi pci = check π = seti s’.first(checki) = now + a1 if s’.pcj = set, then s’.last(mainj) ≤ s.now + l2 s.turn = 0 π = testj s’turn = 0
Assertion 24.2.3 In any reachable state, if pci Є {leave-try, crit, reset}, then turn = i and, for all j, pcj ≠ set. s.pci Є {leave-try, crit, reset} s.turn = i π = checki π = setj s’.turn = i s’.pci Є {leave-try, crit, reset} s’.pcj = set s.pci Є {leave-try, crit, reset} π = resetj s.turn = 0 s’.pci Є {leave-try, crit, reset} s’.pci Є {leave-try, crit, reset} π = testj s’.pci Є {leave-try, crit, reset}
Assertion 24.2.4 In any reachable state, if turn = i, then pci Є {check, leave-try, crit, reset}. Time Complexity: Theorem 24.2 In any timed execution of the FischerME algorithm, 1. The time from any point when some process i is in the trying region until some process is in the critical region is at most 2a2 + 5l2. Using k-1 delay steps the time bound is: 2kl2 + 5l2. Choosing k as small as possible (k = L + 1, L = l2 /l1) the time bound becomes: 2Ll2 + O(l2). 2. The time from any point when any process i is in the exit region until process i is in the remainder region is at most 2l2.
Resilience to Timing Failures Replace the critical region of FischerME by the trying, critical and exit regions of a second algorithm S (which guarantees mutual exclusion of critical region regardless of timing). From theorem 10.33 S would require n shared resources. Instead use a weaker progress condition: In any admissible timed execution in which there is never more than one user outside of R at once: 1. If Ui is in T, then at some later point it enters C. 2. If Ui is in E then at some later point it enters R.
S pi set x:=i x: a process index check y=0 set y:=1 y Є {0,1} **remainder region** tryi M: x:=i if y ≠ 0 then goto M y:= 1 if x ≠ i then goto M criti **critical region** exiti y:= 0 remi pi set x:=i x: a process index check y=0 set y:=1 y Є {0,1} check x=i crit set y:=0
S pi pi pj pj set x:=1 set x:=1 set x:=2 set x:=2 check y=0 check y=0 set y=1 set y=1 set y=1 set y=1 check x ≠1 check x ≠1 check x=2 set x:=1 crit check x ≠ 2 check y ≠ 0 set y:=0
Theorem 24.3 Asynchronous shared memory algorithm S guarantees the well-formedness, mutual exclusion and 1-concurrent-progress conditions. Theorem 24.4 The FischerS algorithm, regarded as an asynchronous algorithm, guarantees the well-formedness and mutual exclusion conditions Theorem 24.5 The FischerS algorithm, regarded as a partially synchronous algorithm solves the mutual exclusion problem, that is, it guarantees well-formedness, mutual exclusion and progress
Process i **remainder region** tryi L: if turn ≠ 0 then goto L turn:= i if turn ≠ i then goto L M: x:= i if y ≠ 0 then goto M y:= 1 if x ≠ i then goto M criti **critical region** exiti y:= 0 turn:= 0 remi Suppose at least one user is in T and no user is in C: At a subsequent point some process is in the S trying region. Then, using the 1-concurrent-progress condition for S eventually some process enters C. Suppose no process ever reaches the S trying region: Then, the 1-concurrent-progress condition implies that eventually the S exit region is empty. Thus the FischerME exit region is empty. The progress condition for FischerME implies that some process enters the FischerME critical region, which implies that some process enters the S critical region which is a contradiction.
Impossibility Results Lower Bound on Time: The worst case for trying region progress: 2Ll2+O(l2) can be improved to Ll2+O(l2) Theorem 24.6 There is no algorithm in the partially synchronous read/write shared memory model that solves the mutual exclusion problem for two processes using only one read/write shared variable, and that has an upper bound of Ll2 on the time for progress in the trying region.
A: algorithm that solves mutual exclusion for two process with one shared variable x α1: execution in which p1 runs alone with time l2 between steps p1 must reach C by time L l2 in α1 and must write to x before entering C. α2: prefix of α1 just before the first write to x. α5: prefix in which p2 reaches C by time l2. continue with α1 α2 α5 both p1 and p2 enter the critical section x = 0 p1 overwrites x
Impossibility Result for Eventual Time Bounds Theorem 24.7 There is no asynchronous algorithm A for n ≥ 2 processes that does all of the following: 1. Guarantees well-formedness and mutual exclusion when run asynchronously 2. Guarantees progress when run in such a way that each process's step bounds are eventually in the range [l1, l2] 3. Uses fewer than n shared read/write registers.