04/12/2006 ecs150 Spring 2006 1
ecs150 Spring 2006:Operating SystemOperating System#2: Scheduling and Mutual Exclusion(chapter 4)
Dr. S. Felix Wu
Computer Science Department
University of California, Davishttp://www.cs.ucdavis.edu/~wu/
04/12/2006 ecs150 Spring 2006 2
System calls (HW#1)System calls (HW#1)
int 80h *.s (not in /usr/src/sys/kern/*) *.c (not in /usr/src/sys/kern/*) sysent/sysvec function pointer lkmnosys()
04/12/2006 ecs150 Spring 2006 3
QEMUQEMU
Q: OS X (PowerPC, Tiger) QEMU good
Sathya Gnanasekaran– [email protected]
04/12/2006 ecs150 Spring 2006 5
Kernel and User SpaceKernel and User Space
Process FOOFOOMemoryspace for thisprocess
System call(or trap into the kernel)
program
System Call
conceptually
Kernel Resources(disk or IO devices)
Process FOOFOOin the Kernel
04/12/2006 ecs150 Spring 2006 6
States of a ProcessStates of a Process
Running, Blocked, and Ready
Running
Waiting Ready
04/12/2006 ecs150 Spring 2006 7
Running
Blocked Ready
Running
Blocked Ready
Running
Blocked Ready
Running
Blocked Ready
Scheduling &Context Switching
04/12/2006 ecs150 Spring 2006 8
Basic ConceptsBasic Concepts
Maximum CPU utilization obtained with multiprogramming
CPU–I/O Burst Cycle – Process execution consists of a cycle of CPU execution and I/O wait.
CPU burst distribution Processes classified as CPU bound or I/O
bound
04/12/2006 ecs150 Spring 2006 9
CPU SchedulerCPU Scheduler Selects from among the processes in memory that
are ready to execute, and allocates the CPU to one of them.
CPU scheduling decisions may take place when a process:
1.Switches from running to waiting state.
2.Switches from running to ready state.
3.Switches from waiting to ready.
4.Terminates. Scheduling under 1 and 4 is nonpreemptive. All other scheduling is preemptive.
04/12/2006 ecs150 Spring 2006 10
Preemptive vs.Preemptive vs.NonpreemptiveNonpreemptive
Preemptive:
Nonpreemptive:
Pros and Cons…..
04/12/2006 ecs150 Spring 2006 13
DispatcherDispatcher
Dispatcher module gives control of the CPU to the process selected by the short-term scheduler; this involves:– switching context– switching to user mode– jumping to the proper location in the user
program to restart that program Dispatch latency – time it takes for the dispatcher
to stop one process and start another running.
04/12/2006 ecs150 Spring 2006 14
Preemptive SchedulingPreemptive Scheduling
fixed time window timer/clock interrupt– scheduling decision– “bill” the process– context switching might or might not happen
Priority Fairness …
04/12/2006 ecs150 Spring 2006 15
Example: two schedulesExample: two schedules
100 msec slotwith around 5 mseccontext switchingoverhead….
Which one is better?And Why?
04/12/2006 ecs150 Spring 2006 16
Optimization CriteriaOptimization Criteria
Max CPU utilization Max throughput Min turnaround time Min waiting time Min response time
– but obviously, we have some trade-off…
04/12/2006 ecs150 Spring 2006 17
First-Come, First-Served (FCFS)First-Come, First-Served (FCFS)
Process Burst Time
P1 24
P2 3
P3 3
Suppose that the processes arrive in the order: P1 , P2 , P3
The Gantt Chart for the schedule is:
Waiting time for P1 = 0; P2 = 24; P3 = 27
Average waiting time: (0 + 24 + 27)/3 = 17
P1 P2 P3
24 27 300
04/12/2006 ecs150 Spring 2006 19
Shortest-Job-First (SJF)Shortest-Job-First (SJF) Associate with each process the length of its next CPU burst.
Use these lengths to schedule the process with the shortest time. Two schemes:
– nonpreemptive – once CPU given to the process it cannot be preempted until completes its CPU burst.
– preemptive – if a new process arrives with CPU burst length less than remaining time of current executing process, preempt. This scheme is know as the Shortest-Remaining-Time-First (SRTF).
SJF is optimal – gives minimum average waiting time for a given set of processes.
04/12/2006 ecs150 Spring 2006 20
Process Arrival Time Burst Time
P1 0.0 7
P2 2.0 4
P3 4.0 1
P4 5.0 4
SJF (non-preemptive)
Average waiting time = (0 + 6 + 3 + 7)/4 - 4
ExampleExample
P1 P3 P2
73 160
P4
8 12
04/12/2006 ecs150 Spring 2006 22
Determining Length of Next CPU Determining Length of Next CPU BurstBurst
Can only estimate the length. Can be done by using the length of previous CPU
bursts, using exponential averaging.
:Define 4.
10 , 3.
burst CPU next the for value predicted 2.
burst CPU of lenght actual 1.
1n
thn nt
.1 1 nnn t
04/12/2006 ecs150 Spring 2006 24
Priority SchedulingPriority Scheduling A priority number (integer) is associated with each
process The CPU is allocated to the process with the highest
priority (smallest integer highest priority).
– Preemptive
– Non-preemptive
SJF is a priority scheduling where priority is the predicted next CPU burst time.
FCFS is a priority scheduling where priority is the arrival time.
04/12/2006 ecs150 Spring 2006 25
““Fixed” PriorityFixed” Priority
What is it?– The process sticks with the origin assigned priority.
A good or bad idea? What other possible policy?
– Dynamic policy. Problem Starvation – low priority processes may never
execute. Solution Aging – as time progresses increase the priority of
the process.
– Hybrid policy.
04/12/2006 ecs150 Spring 2006 26
Round Robin (RR)Round Robin (RR) Each process gets a small unit of CPU time (time
quantum), usually 10-100 milliseconds. After this time has elapsed, the process is preempted and added to the end of the ready queue.
If there are n processes in the ready queue and the time quantum is q, then each process gets 1/n of the CPU time in chunks of at most q time units at once. No process waits more than (n-1)q time units.
Performance
– q large FIFO
– q small q must be large with respect to context switch, otherwise overhead is too high.
04/12/2006 ecs150 Spring 2006 27
Process Burst Time
P1 53
P2 17
P3 68
P4 24
The Gantt chart is:
Typically, higher average turnaround than SJF, but better response.
P1 P2 P3 P4 P1 P3 P4 P1 P3 P3
0 20 37 57 77 97 117 121 134 154 162
04/12/2006 ecs150 Spring 2006 29
Past CPU UsagePast CPU Usage
Round-Robin How many CPU cycles so far
– fairness How about #3?
04/12/2006 ecs150 Spring 2006 30
Past CPU UsagePast CPU Usage
Round-Robin How many CPU cycles so far
– fairness How many CPU cycles you have used
lately– aging factor: 4 cycles
04/12/2006 ecs150 Spring 2006 31
BSD SchedulingBSD Scheduling
For each tick (10 msec):– Pi
estcpu = Piestcpu + Tick(Pi)
For each decaying period (1 second):– Pi
estcpu = Piestcpu*(2*load)/(2*load+1)+Pi
nice load: # of processes in the ready queue
Example: 1 process in the queue– Pi
estcpu = Piestcpu*0.66 + Pi
nice
– in 4 seconds, (0.66)4 = 0.001296
04/12/2006 ecs150 Spring 2006 32
LinuxLinux
Linux provides two process scheduling algorithms– Time sharing for fairness
– Real-time, where priorities are more important than fairness
Linux allows only user-mode processes to be preempted– kernel mode processes may not be interrupted
Formula – a balance between software real-time and fairness
– Picredit = Pi
credit / 2 + Priorityi
04/12/2006 ecs150 Spring 2006 33
SchedulingScheduling
Fairness: Round-Robin Responsiveness: SJF Utilization: Aging, promoting System Calls. Fairness in Inter-process communication
04/12/2006 ecs150 Spring 2006 34
BSD SchedulingBSD Scheduling
For each tick (10 msec):– Pi
estcpu = Piestcpu + Tick(Pi)
For each decaying period (1 second):– Pi
estcpu = Piestcpu*(2*load)/(2*load+1)+Pi
nice load: # of processes in the ready queue
Example: 1 process in the queue– Pi
estcpu = Piestcpu*0.66 + Pi
nice
– in 4 seconds, (0.66)4 = 0.001296
04/12/2006 ecs150 Spring 2006 35
Lottery SchedulingLottery Scheduling(a dollar and a dream)(a dollar and a dream)
A process P(I) has L(I) lottery tickets. Totally, we have N tickets among all processes. P(I) has L(I)/N probability to get CPU cycles. Difference between Priority and Tickets:
– Priority: which process is more important? The importance is “infinitely” big!!
– Tickets: how much more important? Quantify the importance.
04/12/2006 ecs150 Spring 2006 36
J, Pri(J) = 1 I, Pri(I) = 120
J,80% I J I
I J J J I J J J J J J J I J J J J I J J
04/12/2006 ecs150 Spring 2006 37
Lottery SchedulingLottery Scheduling
At each scheduling decision point:– Ticket assignment:
For each ticket in each process, produce a unique random number (we can not have more than one process sharing the prize).
– Ticket drawing: Produce another random number until a winner is
identified.
04/12/2006 ecs150 Spring 2006 38
Efficient ImplementationEfficient Implementation
Maybe only the # of tickets matters…
One rand( ) could produce 32 random bits.
0-16
04/12/2006 ecs150 Spring 2006 40
static voidschedcpu(void *arg){ ... FOREACH_PROC_IN_SYSTEM(p) { FOREACH_KSEGRP_IN_PROC(p, kg) { awake = 0; FOREACH_KSE_IN_GROUP(kg, ke) { ... } /* end of kse loop */
kg->kg_estcpu = decay_cpu(loadfac, kg->kg_estcpu); resetpriority(kg); FOREACH_THREAD_IN_GROUP(kg, td) { if (td->td_priority >= PUSER) { sched_prio(td, kg->kg_user_pri); } } } /* end of ksegrp loop */ } /* end of process loop */}
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 41
static voidschedcpu(void *arg){ ... FOREACH_PROC_IN_SYSTEM(p) { mtx_lock_spin(&sched_lock); FOREACH_KSEGRP_IN_PROC(p, kg) { awake = 0; FOREACH_KSE_IN_GROUP(kg, ke) { ... ke->ke_sched->ske_cpticks = 0; } /* end of kse loop */ /*
* If there are ANY running threads in this KSEGRP, * then don't count it as sleeping. */
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 42
if (awake) { ... kg->kg_slptime = 0; } else { kg->kg_slptime++; } if (kg->kg_slptime > 1) continue; kg->kg_estcpu = decay_cpu(loadfac, kg->kg_estcpu); resetpriority(kg); FOREACH_THREAD_IN_GROUP(kg, td) { if (td->td_priority >= PUSER) { sched_prio(td, kg->kg_user_pri); } } } /* end of ksegrp loop */
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 43
static voidresetpriority(struct ksegrp *kg){ register unsigned int newpriority; struct thread *td;
if (kg->kg_pri_class == PRI_TIMESHARE) { newpriority = PUSER + kg->kg_estcpu / INVERSE_ESTCPU_WEIGHT + NICE_WEIGHT * (kg->kg_nice - PRIO_MIN); newpriority = min(max(newpriority, PRI_MIN_TIMESHARE), PRI_MAX_TIMESHARE); kg->kg_user_pri = newpriority; }
FOREACH_THREAD_IN_GROUP(kg, td) { maybe_resched(td); /* XXXKSE silly */ }}
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 45
voidsched_clock(struct kse *ke){
struct ksegrp *kg;struct thread *td;
mtx_assert(&sched_lock, MA_OWNED);kg = ke->ke_ksegrp;td = ke->ke_thread;
ke->ke_sched->ske_cpticks++;kg->kg_estcpu = ESTCPULIM(kg->kg_estcpu + 1);if ((kg->kg_estcpu % INVERSE_ESTCPU_WEIGHT) == 0) {
resetpriority(kg);if (td->td_priority >= PUSER)
td->td_priority = kg->kg_user_pri;}
}
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 46
struct kse *sched_choose(void){
struct kse *ke;
ke = runq_choose(&runq);
if (ke != NULL) {runq_remove(&runq, ke);ke->ke_state = KES_THREAD;
KASSERT((ke->ke_thread != NULL), ("runq_choose: No thread on KSE"));KASSERT((ke->ke_thread->td_kse != NULL), ("runq_choose: No KSE on thread"));KASSERT(ke->ke_proc->p_sflag & PS_INMEM, ("runq_choose: process swapped out"));
}return (ke);
}
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 47
#define loadfactor(loadav) (2 * (loadav))#define decay_cpu(loadfac, cpu) (((loadfac) * (cpu)) / ((loadfac) + FSCALE))
static fixpt_t ccpu = 0.95122942450071400909 * FSCALE; #define CCPU_SHIFT 11
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 48
/* * Compute a tenex style load average of a quantity on * 1, 5 and 15 minute intervals. * XXXKSE Needs complete rewrite when correct info is * available. * Completely Bogus.. * only works with 1:1 (but compiles ok now :-) */static voidloadav(void *arg){
}
/usr/src/sys/kern/kern_synch.c
04/12/2006 ecs150 Spring 2006 49
avg = &averunnable;sx_slock(&allproc_lock);nrun = 0;FOREACH_PROC_IN_SYSTEM(p) {
FOREACH_THREAD_IN_PROC(p, td) {switch (td->td_state) {case TDS_RUNQ:case TDS_RUNNING:
if ((p->p_flag & P_NOLOAD) != 0)goto nextproc;
nrun++; /* XXXKSE */default:
break;}
nextproc: continue;}
}sx_sunlock(&allproc_lock);for (i = 0; i < 3; i++)
avg->ldavg[i] = (cexp[i] * avg->ldavg[i] + nrun * FSCALE * (FSCALE - cexp[i])) >> FSHIFT;
/* * Schedule the next update to occur after 5 seconds, but add a * random variation to avoid synchronisation with processes that * run at regular intervals. */callout_reset(&loadav_callout, hz * 4 + (int)(random() % (hz * 2 + 1)), loadav, NULL);
/usr/src/sys/kern/kern_synch.c
04/12/2006 ecs150 Spring 2006 50
static voidschedcpu(void *arg){ ... FOREACH_PROC_IN_SYSTEM(p) { mtx_lock_spin(&sched_lock); FOREACH_KSEGRP_IN_PROC(p, kg) { awake = 0; FOREACH_KSE_IN_GROUP(kg, ke) { ... ke->ke_sched->ske_cpticks = 0; } /* end of kse loop */ /*
* If there are ANY running threads in this KSEGRP, * then don't count it as sleeping. */
/usr/src/sys/kern/sched_4bsd.c
04/12/2006 ecs150 Spring 2006 52
Mutual ExclusionMutual Exclusion Consistent access to the information. Critical sections. Race conditions.
04/12/2006 ecs150 Spring 2006 53
Critical SectionsCritical Sections No two processes may be simultaneously inside
their critical regions/sections– safety condition
No assumptions may be made about speeds or the number of CPUs
No process running outside of its critical region may block other processes
No process should have to wait forever to enter its critical region/section– liveness condition
04/12/2006 ecs150 Spring 2006 54
Race ConditionRace Condition
4
2
2
1
Withdraw $2 from X:
Read balance X;If X < 2 then exit;Write new X = X - 2;Release $2;
Withdraw $3 from X:
Read balance X;If X < 3 then exit;Write new X = X - 3;Release $3;
04/12/2006 ecs150 Spring 2006 55
How to Prevent?How to Prevent?
Disable Interrupts Busy Waiting and TSL Strict Alternation Protected Critical Sections
Hardware versus software solution….
04/12/2006 ecs150 Spring 2006 56
Let’s try some software solutions!!Let’s try some software solutions!!
Assuming we have only two processes. The solutions should be able to extend to
cover more general cases.
04/12/2006 ecs150 Spring 2006 57
Solution #1Solution #1Process 0 Process 1…. …..while (turn != 0); while (turn != 1);<critical section>; <critical section>;turn = 1; turn = 0;…. …...
What is the problem??
04/12/2006 ecs150 Spring 2006 58
ProblemProblemProcess 0 Process 1…. …..while (turn != 0);<critical section>;turn = 1;…. …...while (turn != 0);…...
while (turn != 1);<critical section>turn = 0;
…... <critical section>;turn = 1;
Maybe a very long period of time…
Blocked…
04/12/2006 ecs150 Spring 2006 59
Solution #2Solution #2
Process 0 Process 1…. …..while (flag[1] = = true); while (flag[0] = = true);flag[0] = true; flag[1] = true;<critical section>; <critical section>;flag[0] = false; flag[1] = false;…. …...
What is the problem??
04/12/2006 ecs150 Spring 2006 60
ProblemProblem
Process 0 Process 1flag[0] = false; flag[1] = false;…. …..while (flag[1] = = true);
while (flag[0] = = true);flag[0] = true;
flag[1] = true;<critical section>;
<critical section>;flag[1] = false;
flag[0] = false;
…. …...
NOTSAFE!!
04/12/2006 ecs150 Spring 2006 61
Solution #3Solution #3
Process 0 Process 1…. …..flag[0] = true; flag[1] = true; while (flag[1] = = true); while (flag[0] = = true);<critical section>; <critical section>;flag[0] = false; flag[1] = false;…. …...
What is the problem??
04/12/2006 ecs150 Spring 2006 62
ProblemProblem
Process 0 Process 1…. …..flag[0] = true;
flag[1] = true; while (flag[1] = = true);
while (flag[0] = = true);
…. …...
Nobody can progress!! (Liveness)
04/12/2006 ecs150 Spring 2006 63
Solution #4Solution #4
Process 0 Process 1…. …..flag[0] = true; flag[1] = true; while (flag[1] = = true) while (flag[0] = = true){ { flag[0] = false; flag[1] = false; <delay a while> <delay a while> flag[0] = true; flag[1] = true;} }<critical section>; <critical section>;flag[0] = false; flag[1] = false;…. …...
04/12/2006 ecs150 Spring 2006 64
ideaideaProcess 0 Process 1….
…..flag[0] = true; flag[1] = true; while (flag[1] = = true && f2 = = true) while (flag[0] = = true && f2 == false){ { flag[0] = false; /*mnbn */ flag[1] = false; /*mnbn*/ flag[2] = ~flag[2]; flag[2] = ~flag[2]; flag[0] = true; /*mnbn */ flag[1] = true; /*mnbn */} }<critical section>; <critical section>;flag[0] = false; flag[1] = false;…. …...
04/12/2006 ecs150 Spring 2006 65
ProblemsProblems
Delay for how long? A different problem: Starvation with a small
but non-zero probability.
04/12/2006 ecs150 Spring 2006 66
Dekker’s AlgorithmDekker’s AlgorithmProcess 0 Process 1…. …..flag[0] = true; flag[1] = true; while (flag[1] = = true) while (flag[0] = = true){ { if (turn = = 1) if (turn = = 0) { {
flag[0] = false; flag[1] = false;while (turn = = 1); while (turn = = 0);flag[0] = true; flag[1] = true;
} }} }<critical section>; <critical section>;turn = 1; turn = 0;flag[0] = false; flag[1] = false;…. …...
04/12/2006 ecs150 Spring 2006 67
Dekker’sDekker’s
Three shared variables to solve the problem:– flag[0], flag[1], and turn
04/12/2006 ecs150 Spring 2006 68
Peterson’s AlgorithmPeterson’s Algorithm
Process 0 Process 1…. …..flag[0] = true; flag[1] = true; turn = 0; turn = 1;while (flag[1] && (turn = = 1)); while (flag[0] && (turn = = 0));<critical section>; <critical section>;flag[0] = false; flag[1] = false;…. …...
Comparing Dekker’s with Peterson’s!!
04/12/2006 ecs150 Spring 2006 69
Hardware: TSL/TSIHardware: TSL/TSI
Test and Set Lock:– tsl register, mem_location
register <== @(mem_location) mem_location <== 1
Enter_region:tsl register, lockcmp register, #0jne Enter_regionret
04/12/2006 ecs150 Spring 2006 70
TSITSI Test and Set
booleantestset (int *I){
if ((*I) = = 0){
(*I) = 1;return true;
}else
return false;}
Please writea small program!!
04/12/2006 ecs150 Spring 2006 71
int lockForBP = 0;
while(testset(&lockForBP) = = FALSE);<critical section>lockForBP = 0;
04/12/2006 ecs150 Spring 2006 72
static int I = 0; /* global variable */
……while (!testset(&I));<critical section>I = 0;
04/12/2006 ecs150 Spring 2006 75
SemaphoresSemaphores
A “non-busy-waiting” approach. General and Binary Semaphore.
Waiting Queuefor resources
I can only holdN (n=4) units ofresources
not reallynot reallya queue!!!a queue!!!
04/12/2006 ecs150 Spring 2006 76
Binary SemaphoreBinary SemaphorewaitB(s):if (s.value == 1)
s.value = 0;else
place the process in s.queue;block the process;
signalB(s):if (s.queue is empty)
s.value = 1;else
remove P from s.queue;place P in the ready queue;
04/12/2006 ecs150 Spring 2006 77
General SemaphoreGeneral SemaphorewaitG(s):s.count --;if (s.count < 0)
place P in s.queue;block this process;
signalG(s):s.count ++;if (s.count <= 0)
remove P from s.queue;place P in the ready queue;
04/12/2006 ecs150 Spring 2006 78
Binary SemaphoreBinary Semaphore
1. How to do Mutual Exclusion with Semaphores?2. How to implement Semaphores in Software?
04/12/2006 ecs150 Spring 2006 80
ME using SemaphoreME using Semaphore….waitB(semA)<enter critical section>signalB(semA)…..
Waiting Queuefor resources
I can only holdN (n=1) units ofresources
not reallynot reallya queue!!!a queue!!!
04/12/2006 ecs150 Spring 2006 82
MutexesMutexes
A Mutex (Mutual Exclusion) is a data element that allows multiple threads to synchronize their access to shared resources
Like a binary semaphore, a mutex has two states, locked and unlocked
Only one thread can lock a mutex Once a mutex is locked, other threads will block
when they try to lock the same mutex, until the locking mutex unlocks the mutex, at which point one of the waiting thread’s lock will succeed, and the process begins again
04/12/2006 ecs150 Spring 2006 84
Mutex vs. CondMutex vs. Cond
mutex_lock
mutex_unlock
cond_wait
cond_signal
04/12/2006 ecs150 Spring 2006 85
Pthread ImplementationPthread Implementation
in pthread_mutex_lock (mutex.c):SET_KERNEL_FLAG;semaphore implementation…CLEAR_KERNEL_FLAG;
in sighandler (signal.c):if (!is_in_kernel)
pthread_schedule_wrapper();…else
sigaddset(…);
04/12/2006 ecs150 Spring 2006 86
Real-Time ThreadsReal-Time Threads
Thread τ1 L L L R L
Thread τ2 L L ... L
Thread τ3 L L L R R L ... L
04/12/2006 ecs150 Spring 2006 87
ExampleExample
Suppose that threads τ1 and τ3 share some data.
Access to the data is restricted using semaphore s:– each task executes the following code:
do local work (L) sem_wait(s) (P(s))
– access shared resource (R) sem_signal(s) (V(s)) do more local work (L)
04/12/2006 ecs150 Spring 2006 88
Unbounded Priority InversionUnbounded Priority Inversion
τ2
τ3
t0 t+3 t+253
RL L L R
R L τ1
t+2 t+254
L L L
...L L
Blocked!
04/12/2006 ecs150 Spring 2006 89
Unbounded Priority InversionUnbounded Priority Inversion
τ2-1
τ3
t0 t+3 t+2530
RL L L R
R L τ1
t+2 t+2540
L L L
L
Blocked!
τ2-2
τ2-n
L
L
04/12/2006 ecs150 Spring 2006 90
Priority InheritancePriority Inheritance
τ2
τ3
t0 t+3 t+4
L ... L
L L L R
R L τ1
t+2 t+6
L L L
R
Blocked!
dynamic 3 = 1
L ... L
04/12/2006 ecs150 Spring 2006 91
Priority Inheritance Priority Inheritance ProtocolsProtocols
L. Sha, R. Rajkumar, J. Lehoczky, “Priority Inheritance Protocols: An Approach to Real-Time Synchronization”, IEEE Transactions on Computers, Vol. 39, No. 9, pp. 1175-1185, 1990
04/12/2006 ecs150 Spring 2006 92
The MARS Pathfinder ProblemThe MARS Pathfinder Problem“But a few days into the mission, not long after Pathfinder started gathering meteorological data, the spacecraft began experiencing total system resets, each resulting in losses of data. The press reported these failures in terms such as "software glitches" and "the computer was trying to do too many things at once".” …
04/12/2006 ecs150 Spring 2006 93
The MARS Pathfinder ProblemThe MARS Pathfinder Problem“VxWorks provides preemptive priority scheduling of threads. Tasks on the Pathfinder spacecraft were executed as threads with priorities that were assigned in the usual manner reflecting the relative urgency of these tasks.”“Pathfinder contained an "information bus", which you can think of as a shared memory area used for passing information between different components of the spacecraft. A bus management task ran frequently with high priority to move certain kinds of data in and out of the information bus. Access to the bus was synchronized with mutual exclusion locks (mutexes).”
04/12/2006 ecs150 Spring 2006 94
“The meteorological data gathering task ran as an infrequent, low priority thread, and used the information bus to publish its data. When publishing its data, it would acquire a mutex, do writes to the bus, and release the mutex. If an interrupt caused the information bus thread to be scheduled while this mutex was held, and if the information bus thread then attempted to acquire this same mutex in order to retrieve published data, this would cause it to block on the mutex, waiting until the meteorological thread released the mutex before it could continue. The spacecraft also contained a communications task that ran with medium priority.”
High priority: retrieval of data from shared memoryMedium priority: communications taskLow priority: thread collecting meteorological data
04/12/2006 ecs150 Spring 2006 95
“Most of the time this combination worked fine. However, very infrequently it was possible for an interrupt to occur that caused the (medium priority) communications task to be scheduled during the short interval while the (high priority) information bus thread was blocked waiting for the (low priority) meteorological data thread. In this case, the long-running communications task, having higher priority than the meteorological task, would prevent it from running, consequently preventing the blockedinformation bus task from running. After some time had passed, a watchdog timer would go off, notice that the data bus task had not been executed for some time, conclude that something had gone drastically wrong, and initiate a total system reset. This scenario is a classic case of priority inversion.”
04/12/2006 ecs150 Spring 2006 97
Priority inheritance also solved the Mars Pathfinder problem: the VxWorks operating system used in the pathfinder implements a flag for the calls to mutex primitives. This flag allows priority inheritance to be set to “on”. When the software was shipped, it was set to “off”.
The problem on Mars was corrected by using the debugging facilities of VxWorks to change the flag to “on”, while the Pathfinder was already on the Mars [Jones, 1997].
The problem on Mars was corrected by using the debugging facilities of VxWorks to change the flag to “on”, while the Pathfinder was already on the Mars [Jones, 1997].
04/12/2006 ecs150 Spring 2006 98
Basic Priority Inheritance Basic Priority Inheritance ProtocolProtocol
For each resource (semaphore), a list of blocked threads must be stored in a priority queue.
A thread τi uses its assigned priority, unless it is in its critical section and blocks some higher priority threads, in which case, thread τi uses ( inherits ) the highest dynamic priority of all the threads it blocks.
Priority inheritance is transitive; that is, if thread τi
blocks τj and τj blocks τk , then τi can inherit the priority of τk.
04/12/2006 ecs150 Spring 2006 99
mutex priority inheritancemutex priority inheritance
pthread_mutex_lock
pthread_mutex_unlock
t t t
waiting queue
t
priority
04/12/2006 ecs150 Spring 2006 100
pthread_mutex_lock
pthread_mutex_unlock
M1 t t t
waiting queue
t
priority
pthread_mutex_lock
pthread_mutex_unlock
M2 t t t
waiting queue
priority
04/12/2006 ecs150 Spring 2006 101
Transitive PriorityTransitive Priority
pthread_mutex_lock
pthread_mutex_unlock
M1 t t t
waiting queue
tpriority
pthread_mutex_lock
pthread_mutex_unlock
M2 t t
waiting queue
t
priority
04/12/2006 ecs150 Spring 2006 102
Types of BlockingTypes of Blocking
Direct - thread τ1 and τ2 use a shared resource. If the low priority thread is in its critical section, then it directly blocks the high priority thread.
Indirect (push-through) - if a low priority thread inherits the priority of a high priority thread, a medium priority thread can be blocked while the low priority thread is in its critical section.
04/12/2006 ecs150 Spring 2006 103
Properties of Priority Properties of Priority InheritanceInheritance
Under the basic priority inheritance protocol, if there are m semaphores that can block a thread J, then J can be blocked at most m times; i.e., on each semaphore at most once.
04/12/2006 ecs150 Spring 2006 104
Any Problems with the basic Any Problems with the basic Priority Inheritance Protocol?Priority Inheritance Protocol?
???
04/12/2006 ecs150 Spring 2006 105
ProblemsProblems
The Basic Priority Inheritance Protocol has two problems:– Deadlock - two threads need to access a pair of
shared resources simultaneously. If the resources, say A and B, are accessed in opposite orders by each thread, then deadlock may occur.
– Blocking Chain - the blocking duration is bounded (by at most the sum of critical section times), but that may be substantial.
04/12/2006 ecs150 Spring 2006 106
pthread_mutex_lock
pthread_mutex_unlock
M1 t t t
waiting queue
tpriority
pthread_mutex_lock
pthread_mutex_unlock
M2 t t t
waiting queue
priority
t
04/12/2006 ecs150 Spring 2006 107
Blocking Chain ExampleBlocking Chain Example
Task 1 : L R2 L R3 L R4 L ... L Rn L, 2(n-1)
Task 2 : L R2 R2, 2(n-2)
Task 3 : L R3 R3, 2(n-3)
Task 4 : L R4 R4, 2(n-4) ... Task n-1 : L Rn-1 Rn-1, 2(n-(n-
1)) Task n : L Rn Rn, 2(n-n)
starting time
04/12/2006 ecs150 Spring 2006 108
Blocking ChainBlocking Chain
τ2
τn
0
L Rn
τ1
Rn
Rn L
L R2 R2
Blocked!
L R2 L
Blocked!
04/12/2006 ecs150 Spring 2006 109
Priority Ceiling Protocols Priority Ceiling Protocols (PCP)(PCP)
A higher priority thread can be blocked at most once, in its life time, by one lower priority thread.
Deadlocks are prevented/avoided (?!). Transitive inheritance is prevented.
04/12/2006 ecs150 Spring 2006 110
Semaphore RequirementsSemaphore Requirements
Threads must lock and unlock semaphores in a “nested” or “pyramid” fashion:– Let P(S) = L(S) = lock(S) = sem_wait(S).
– Let V(S) = U(S) = unlock(S) = sem_signal(S).
– Example: P(s1);P(s2);P(s3);...;V(s3);V(s2);V(s1);
s1
s2
s3
04/12/2006 ecs150 Spring 2006 111
PCPPCP The protocol uses the notion of a system-wide
semaphore ceiling priority. Each thread has a static default priority
assigned. Each resource (semaphore) has a static ceiling
priority defined to be the maximum static priority of any thread that uses it.
Each thread has a dynamic priority equal to the maximum of its own default priority and any priority it inherits due to blocking a higher priority thread.
04/12/2006 ecs150 Spring 2006 112
mutex priority ceilingmutex priority ceiling
pthread_mutex_lock
pthread_mutex_unlock
t t t
potential customers
PC
priority
04/12/2006 ecs150 Spring 2006 113
PCPPCP
At run-time, if a thread wants to lock a semaphore, its priority must be strictly higher than the ceilings of all semaphores currently locked by other threads (unless it is the thread holding the lock on the semaphore with the highest ceiling).
If this condition is not satisfied, then the thread is blocked.
When a thread is blocked on a semaphore, the thread currently holding the waited semaphore inherits the priority of the blocked thread.
04/12/2006 ecs150 Spring 2006 114
PCP mutex blockingPCP mutex blocking
PC
PC
PC
PC
PC
PC
PC
PC
lockedunlocked
MaxPCvalue
thread t1
??thread t2
thread t3
04/12/2006 ecs150 Spring 2006 115
Are we sure about the Are we sure about the claim of PCP?claim of PCP?
A higher priority thread can be blocked at most once, in its life time, by one lower priority thread.
Deadlocks are prevented/avoided.
Try to find a “Counter Example” to show that PCP’s claim is FALSE!!
04/12/2006 ecs150 Spring 2006 116
a
b
c
d
0 2 4 6 8 10 12 14 16 18Executing
Executing with Q locked
Preempted
Executing with V locked
Blocked
04/12/2006 ecs150 Spring 2006 118
Priority Ceiling EmulationPriority Ceiling Emulation Each thread has a static (base) default priority assigned (perhaps
by the deadline monotonic scheme). Each resource has a static ceiling value defined, this is the
maximum priority of the threads that use it. A thread has a dynamic (active) priority that is the maximum
of its own static priority and the ceiling values of any resources it has locked
As a consequence, a thread will only suffer a block at the very beginning of its execution
Once the thread starts actually executing, all the resources it needs must be free; if they were not, then some thread would have an equal or higher priority and the thread’s execution would be postponed
04/12/2006 ecs150 Spring 2006 119
Priority Ceiling Emulation Priority Ceiling Emulation InheritanceInheritance
a
b
c
d
0 2 4 6 8 10 12 14 16 18
thread
04/12/2006 ecs150 Spring 2006 120
Priority Ceiling Priority Ceiling EmulationEmulation
package javax.realtime;public class PriorityCeilingEmulation extends MonitorControl{ // methods public static PriorityCeilingEmulation instance(int ceiling); public int getCeiling(); ...}
04/12/2006 ecs150 Spring 2006 121
NOTENOTE
Generally, the code used inside a synchronized method (or statement) should be kept as short as possible, as this will dictate the length of time a low priority schedulable object can block a high one
It is only possible to limit the block if the code doesn’t contain:
– unbounded loops,
– arbitrary-length blocking operations that hold the lock, for example an arbitrarily-length sleep request
04/12/2006 ecs150 Spring 2006 122
Ceiling ViolationsCeiling Violations
Whenever a schedulable object calls a synchronized method (statement) in an object which has the Priority-CeilingEmulation policy in force, the real-time virtual machine will check the active priority of the caller
If the priority is greater than the ceiling priority, the uncheck CeilingViolationException is thrown
04/12/2006 ecs150 Spring 2006 123
NotesNotes
A thread can lock a semaphore only if its dynamic (effective) priority is higher than the ceiling of any resource currently locked by another thread (system-wide max).
A thread’s dynamic priority can only increase if blocking will occur.
The main difference between basic priority inheritance and basic priority ceiling protocols is the basic priority inheritance protocol allows a thread to lock a resource whenever the resource is free, but the PCP protocols may not.
04/12/2006 ecs150 Spring 2006 124
Against Priority Inheritanceby Victor Yodaiken (July 10, 2002)
In this technical whitepaper, RTLinux originator Victor Yodaiken details what he perceives to be the disadvantages of dealing with the issue of priority inversion in real-time systems by means of a commonly used software technique known as priority inheritance. Priority inversion refers to the situation when a scheduled task must wait for a lower priority task to complete. …Priority inheritance is intended to allow "a task that is blocked waiting for a resource [to pass] its priority down to the owner. The low priority task is [thus] considered to be acting on behalf of the highest priority blocked task and inheritance prevents intermediate priority tasks from interfering," says Yodaiken. However, "priority inheritance is neither efficient nor reliable", the paper argues, and its "implementations are either incomplete (and unreliable) or surprisingly complex and intrusive."
04/12/2006 ecs150 Spring 2006 125
Priority Inheritance: The Real Storyby Doug Locke (July 16, 2002)
A recent whitepaper by Victor Yodaiken presents a sequence of highly technical arguments regarding the implementability and use of priority inheritance, followed by a set of conclusions. The technical arguments in the paper are not new, are generally correct, and have been widely discussed in the real-time research community for many years. However, the conclusions drawn in the paper are badly flawed.
04/12/2006 ecs150 Spring 2006 127
Priority InversionPriority Inversion
To illustrate an extreme example of priority inversion, consider the executions of four periodic threads: a, b, c and d; and two resources (synchronized objects) : Q and V
thread Priority Execution Sequence Release Time a 1 EQQQQE 0 b 2 EE 2 c 3 EVVE 2 d 4 EEQVE 4
Where E is executing for one time unit, Q is accessing resource Q for one time unit, V is is accessing resource V for one time unit
04/12/2006 ecs150 Spring 2006 128
ComparisonsComparisons
Basic Priority Inheritance Priority Ceiling Protocol Priority Ceiling Emulation
Top Related