EXAMPLE FILE: bakeryAlg




Proof of Correctness of Algorithm 6 (The Bakery Algorithm), 
Chapter 6, Silberschatz & Galvin
CS 3750 -- OS I -- (John Sarraille)

The Bakery Algorithm is Due to Lamport (1974).

The common data structures are:

var choosing : array [0..n-1] of boolean ;
      number : array [0..n-1] of integer ;

All data structures are initialized to false and 0, respectively.  For 
convenience, we define the following notation:

@  (a,b) < (c,d) if a < c or if a = c and b < d.

@  max( a0, ..., an-1) is a number k such that k >= ai for i = 0, ..., n-1.

The program of process Pi is:

repeat
  choosing[i] = true ;
  number[i] = max(number[0], number[1], ..., number[n-1]) + 1 ;
  choosing[i] = false ;
  for j = 0 to n-1 
   do begin
         while choosing[j] do skip ;
         while number[j] <> 0 
               and ((number[j],j) < (number[i],i)) do skip ;
      end ;
  ... CS ...
  number[i] = 0 ;
  ... RS ...
until false 

Mutual Exclusion Proof:
 
Assume that two processes exist in the CS simultaneously.  Let Tk be the 
time that it first happens, with Pk arriving in the CS at Tk.  Let Ph be 
the other process, arriving in the CS for the last time before (or no 
later than) Th.  Consider the following times:

a.  Ph gets the number it enters with at Th
b.  Ph verifies that Pk is not choosing (the last time before Th)
c.  Ph finds that number[k] = 0, or that ((number[k],k) > (number[h],h)).

--------------------------------------------------------------
           ^               ^        ^        ^    ^
           a               b        c        Th   Tk
 

In order that Pk can enter the CS at Tk, it must verify first that 
number[h] = 0, or that ((number[h],h) > (number[k],k)).  Obviously, this 
cannot be done after a., because the number it would have to get would be 
larger than number[h].  (Note that number[h] does not change between a and 
Tk.

If Pk gets its number at around the same time as a., then since Ph waits 
for Pk to finish choosing (b) before comparing numbers (c), the outcome of 
that test will be "(number[h],h) > (number[k],k))", contrary to the fact 
that the outcome was "((number[k],k) > (number[h],h))".  So Pk can't do 
that either.

Pk also can't get the number at a time well before a., since that would 
also imply that the successful test in c. would have failed.