Experience with Processes and Monitors in Mesa B. W. Lampson Xerox Palo Alto Research Center D. D....

Experience with Processes Experience with Processes and Monitors in Mesaand Monitors in Mesa

B. W. LampsonB. W. LampsonXerox Palo Alto Research CenterXerox Palo Alto Research Center

D. D. RedellD. D. RedellXerox Business SystemsXerox Business Systems

Communications of the ACM v.23, n.2, Feb.1980, pp. 105-117

sbwood 2005sbwood 2005 22

Design GoalsDesign Goals

Local concurrent programmingLocal concurrent programming Global resource sharingGlobal resource sharing Replacing interruptsReplacing interrupts


Concurrent Programming usingConcurrent Programming using

Monitors in MesaMonitors in Mesa Interactions with process creation and Interactions with process creation and

destructiondestruction How to define WAITHow to define WAIT Priority schedulingPriority scheduling Semantics of nested monitor callsSemantics of nested monitor calls Handling timeouts, aborts, and other Handling timeouts, aborts, and other

exceptionsexceptions Monitoring large numbers of small objectsMonitoring large numbers of small objects


Signaling in MonitorsSignaling in MonitorsJ. H. HowardJ. H. Howard

22ndnd Intl. Conf. of Software Engr, Oct.1976 Intl. Conf. of Software Engr, Oct.1976

SU signal & urgent wait SU signal & urgent wait Hoare’74Hoare’74 signaler to “urgent” queue & resumes after signaler to “urgent” queue & resumes after signaled process runssignaled process runs

SR signal & return SR signal & return Brinch Hansen’75Brinch Hansen’75 return from monitor immediately after signalingreturn from monitor immediately after signaling Concurrent PASCALConcurrent PASCAL

SW signal & wait SW signal & wait Howard’76Howard’76 signaled immediate accesssignaled immediate access signaler to monitor’s entry queuesignaler to monitor’s entry queue

SC signal & continueSC signal & continue signaler’s view of monitor state not corruptedsignaler’s view of monitor state not corrupted requires explicit recording of signals pendingrequires explicit recording of signals pending

Problems SU & SW: signalers might wait & restart unnecessarily

SR simplest but may be inadequate & SC complex


Excerpt of Tanenbaum’sExcerpt of Tanenbaum’s Example of Hoare SemanticExample of Hoare Semantic

Monitor ProducerConsumer Monitor ProducerConsumer

condition full, empty; integer count;condition full, empty; integer count;

procedure insert (item; integer);procedure insert (item; integer);

begin begin Modification for Mesa SemanticModification for Mesa Semantic if count = N then wait (full); while not count = N do wait (full)if count = N then wait (full); while not count = N do wait (full)

insert_item (item);insert_item (item);

count := count + 1;count := count + 1;

if count = 1 then signal (empty);if count = 1 then signal (empty);

end;end;

Signaling thread suspends on urgent

Signaled thread wakes & runs immediately

First thread regains possession of monitor when second completes

Signaling thread continues

Signaled thread rechecks condition because order not guaranteed

Avoid context switch

Hoare semantic Mesa semantic


StorageAllocator: MONITOR = BEGIN availableStorage: INTEGER: moreAvailable: CONDITION:

Allocate: ENTRY PROCEDURE [size: INTEGER RETURNS [p: POINTER] = BEGIN UNTIL availableStorage >= size DO WAIT moreAvailable ENDLOOP; p <- <remove chunk of size words & update availableStorage> END;

Free: ENTRY PROCEDURE [p: POINTER, Size: INTEGER] = BEGIN <put back chunk of size words & update availableStorage>; NOTIFY moreAvailable END;

Expand:PUBLIC PROCEDURE [pOld: POINTER, size: INTEGER] RETURNS [pNew: POINTER] = BEGIN pNew <- Allocate[size]; <copy contents from old block to new block>; Free[pOld] END;END.


Mutual exclusionMutual exclusion

Asynchronous processes must not Asynchronous processes must not Allocate and Free simultaneously Allocate and Free simultaneously →→ use use entryentry procedures procedures

Monitor lock not needed during copy Monitor lock not needed during copy in Expand in Expand →→ use use externalexternal procedure procedure

Structure the monitor computations Structure the monitor computations only when lock is already held only when lock is already held →→ use use internalinternal procedure procedure


Define WAITDefine WAIT

If caller If caller waitswaits in entry procedure, it in entry procedure, it releasesreleases the lock the lock

If If waitwait in internal procedure, the lock in internal procedure, the lock is is releasedreleased

If monitor calls procedure outside the If monitor calls procedure outside the monitor, the lock is monitor, the lock is notnot released released


InvariantInvariant Always trueAlways true, except when process is , except when process is

executing in the monitorexecuting in the monitor On entryOn entry, invariant assumed to hold, invariant assumed to hold Invariant established Invariant established before control leavesbefore control leaves

monitormonitor Monitor procedure must establish invariant Monitor procedure must establish invariant

before WAITbefore WAIT Consider Consider exception handlerexception handler called from called from

entry procedureentry procedure


Causes ofCauses ofPair-wise DeadlockPair-wise Deadlock

2 processes WAIT in a single 2 processes WAIT in a single monitormonitor

Cyclic calling between 2 monitors Cyclic calling between 2 monitors →→ impose a partial order impose a partial order

Two level data abstractionTwo level data abstraction


Two level data abstractionTwo level data abstractionExample: Monitor M calls N and waits for C Example: Monitor M calls N and waits for C

requires process to enter N through M to set C requires process to enter N through M to set C → DEADLOCK→ DEADLOCK

Divide M into monitor M’ and interface O to call NDivide M into monitor M’ and interface O to call N


Monitored ObjectsMonitored Objects Collection of shared data objectsCollection of shared data objects Multiple instances of monitorMultiple instances of monitor Duplication of program linking and Duplication of program linking and

code swappingcode swapping Monitored recordMonitored record To access a file, pass as parameter To access a file, pass as parameter

to effectively create a separate to effectively create a separate monitor for each object (read-only, monitor for each object (read-only, no aliasing)no aliasing)


Abandon computationAbandon computation

UNWIND exception to allow clean-up by UNWIND exception to allow clean-up by any active procedureany active procedure

If procedure to be abandoned is an entry If procedure to be abandoned is an entry procedure, must restore invariant and procedure, must restore invariant and release lockrelease lock

Programmer provides handler or Programmer provides handler or experiences deadlockexperiences deadlock

Compare to Java exception handlingCompare to Java exception handling


Condition variablesCondition variables Process establishes a condition for which Process establishes a condition for which

another process waitsanother process waits NOTIFY is a hint that waiting process will NOTIFY is a hint that waiting process will

resume and reacquire the monitor lockresume and reacquire the monitor lock No guarantee about another process No guarantee about another process

intercedinginterceding Waiter must reevaluate when it resumesWaiter must reevaluate when it resumes

MesaMesa WHILE NOT <OK to proceed> DO WAIT c ENDLOOPWHILE NOT <OK to proceed> DO WAIT c ENDLOOP

Hoare Hoare IF NOT <OK to proceed>IF NOT <OK to proceed> THEN WAIT cTHEN WAIT c


Verification rulesVerification rules

Simpler and more localizedSimpler and more localized Invariant established before return from Invariant established before return from

entry procedure or a WAITentry procedure or a WAIT Invariant assumed at start of entry Invariant assumed at start of entry

procedure and just after a WAITprocedure and just after a WAIT Waiter explicitly testsWaiter explicitly tests Notify condition may be more general Notify condition may be more general

(low cost to wake a process)(low cost to wake a process)


NOTIFY alternativesNOTIFY alternatives Timeout with intervalTimeout with interval AbortAbort BroadcastBroadcast I/O device communicationI/O device communication

device cannot wait on monitor lock device cannot wait on monitor lock notify condition variable to wake notify condition variable to wake

interrupt handlerinterrupt handler


PrioritiesPriorities Ordering implied by assignment Ordering implied by assignment

of priorities can be subverted by of priorities can be subverted by monitorsmonitors

Associate with each monitor the Associate with each monitor the priority of the highest priority priority of the highest priority process that ever enters the process that ever enters the monitormonitor ((ModulaModula disables interrupts, but this disables interrupts, but this fails with page fault.)fails with page fault.)


Example of subverted priorityExample of subverted priorityProcess P1 enters monitor M, P2 preempts, P3 preemptsProcess P1 enters monitor M, P2 preempts, P3 preempts

P3 tries to enter monitor and waits for lockP3 tries to enter monitor and waits for lock

P1

P2

P3

M

enter

preempt P1

preempt P2

P2 runs again, effectively keeps P3 from running, undermining the priorities.


ProcessorProcessor

Process states (pcbProcess states (pcbss) in queues ) in queues sorted by prioritysorted by priority Ready queueReady queue

Monitor lock queueMonitor lock queue Condition variable queueCondition variable queue

Fault queueFault queue

Queue cell

process state process state process state

head tail

----


ImplementationImplementation

CompilerCompiler – flags errors – flags errors WAIT in external procedure WAIT in external procedure direct call from external to internal direct call from external to internal

procedure procedure

RuntimeRuntime – process creation and – process creation and destructiondestruction

MachineMachine – process scheduling – process scheduling and monitor entry/exitand monitor entry/exit


PerformancePerformance


Validation of Mesa SemanticValidation of Mesa Semantic

Operating systemOperating system Interrupt handling lack of mutual exclusionInterrupt handling lack of mutual exclusion Interaction of concurrency and exceptionInteraction of concurrency and exception

DatabaseDatabase Single monitor and single condition variableSingle monitor and single condition variable Array of representative statesArray of representative states

Network communicationNetwork communication Router monitorRouter monitor Network driver monitorNetwork driver monitor


Closing comparisonClosing comparison


ImplementationImplementation


QuestionsQuestions

Monitor – low level mechanismMonitor – low level mechanismStarvation addressed by high level Starvation addressed by high level

schedulingschedulingSimpler & localized verification rulesSimpler & localized verification rulesSignaled process checks specific conditionSignaled process checks specific conditionMore general condition for notifyMore general condition for notify

• Should signal be the last operation of aShould signal be the last operation of a monitor procedure?monitor procedure?• How is exception handling addressed?How is exception handling addressed?

Experience with Processes and Monitors in Mesa B. W. Lampson Xerox Palo Alto Research Center D. D....

Documents

Transcript of Experience with Processes and Monitors in Mesa B. W. Lampson Xerox Palo Alto Research Center D. D....