Chapter Six -- Process Synchronization -- Lecture Ideas

• Background
  
  
  • The example in section 6.1 shows that when two processes attempt to write to the same location in memory concurrently the outcome can be incorrect, even if each individual program is "error free."
    
    
  • The example of the shared counter is not very significant by itself. However the same kind of problem must be solved repeatedly by operating systems programmers: "... different parts of the system manipulate resources and we want the changes not to interfere with one another."
    
    
  • Usually programmers take an approach to the problem like this: write each individual process so it is "correct" by itself, and synchronize the processes so that each one operates with exclusive access to the data at the "critical" times when a potential for error exists.
    
    
• Section 6.2 -- The Critical-Section Problem
  
  
  • Suppose that a set {P₁, P₂, ..., P_n} of two or more processes share a datum D.
    
    Let the text sections (programs) of {P₁, P₂, ... , P_n} be {T₁, T₂, ... , T_n}
    
    
  • A programmer can designate certain sections of the T_i to be critical sections. The property that defines a critical section is this: "when one process is executing in its critical section, no other process is allowed to execute concurrently in its critical section."
    
    
  • A typical example would be to find sections of the T_i that write to D, and designate those sections of code as critical sections. (for example, the producer instruction that writes to the shared counter). If process X attempts to read D while process Y is writing to it, that can cause errors too. D could be in a transitional, inconsistent state. Therefore if any process might write D, normally all sections of code that access D (either to read or write) have to be designated as critical sections.
    
    
  • You have to keep in mind that the need for critical sections stems from the nature of the architecture of the computer. For example, it may conceivably be safe for a process to read a simple shared variable like a character or integer, even though another process might try to write the variable concurrently. If the hardware implements the operations used on the datum so that processes get exclusive access, then the operations are safe. In that case, they don't need to be protected with critical sections.
    
    
  • When we protect a datum D with critical sections, in all the T_i we place entry code before each critical section and exit code after each critical section.
    
    
  • A process executes the entry code to acquire the exclusive right to execute a critical section of code.
    
    
  • A process executes the exit code to release the exclusive right to execute a critical section of code.
    
    
  • So for example we would change the code of the producer and consumer like this:

    
    --------------------------------
    (producer code)
    
    while (1)
    {
      nextProduced=makeItem();
       /* while buffer full */
      while (counter==BUFFER_SIZE) 
        ; /* do nothing */
      buffer[in]=nextProduced;
      in=(in+1)%BUFFER_SIZE;  
      ENTRY SECTION OF PRODUCER CODE;
      counter++; 
      EXIT SECTION OF PRODUCER CODE;
    }
    
    --------------------------------
    (consumer code)
    
    while (1)
    {
        /* while buffer empty */
      while (counter==0) 
        ; /* do nothing */
      nextConsumed=buffer[out];
      out=(out+1)%BUFFER_SIZE; 
      ENTRY SECTION OF CONSUMER CODE;
      counter--; 
      EXIT SECTION OF CONSUMER CODE;
      consume(nextConsumed);
    }
    
    

  • If the entry and exit code operate correctly then the producer cannot begin to change the counter while the consumer is in the act of changing the counter, and vice-versa. It is impossible for these portions of the producer and consumer to be interleaved, and so it is impossible for the counter to receive an incorrect value.
    
    
  • The "trick" is to design the entry and exit code so that it works the way it's supposed to work.
    
    
  • We want the entry and exit code to enforce exclusive access, but that's not really enough. The protocol implemented by the entry and exit code should be "fair" to the set of processes, and should allow them to operate as efficiently as possible.
    
    
  • The entry and exit code we create are called a solution to the critical section problem. A solution to the critical section problem must satisfy these requirements:
    
    
    1. Mutual Exclusion: If process Pi is executing in its critical section, then no other processes can be executing [concurrently] in their critical sections.
       
       
    2. Progress: If no process is executing in its critical section and some processes wish to enter their critical sections, then only those processes that are not executing in their remainder section [in other words, only processes executing entry code or exit code] can participate in the decision on which process will enter its critical section next, and this selection cannot be postponed indefinitely.
       
       
    3. Bounded Waiting: There exists a bound (a priori) on the number of times that other processes are allowed to enter their critical sections after a process has made a request to enter its critical section and before that request is granted. [In other words, individual processes do not experience indefinite postponement waiting to enter their critical sections.]
       
       
  • Edsger Dijkstra did much of the early work on the critical section problem. Dijkstra died in 2002. Dijkstra made many important contributions to computer science. You can read about Dijkstra here:
    
    
    1. University of Texas CS Department Obituary of Dijkstra
       
       
    2. NY Times Obituary of Dijkstra
       
       
    3. University of Texas Press Release on Dijkstra (with links).
       
       
• Two-Process Solutions
  
  
  • We start out with a simplification: there are two processes P0 and P1.
    
    
  • Algorithm 1: What if we try to solve the problem this way?

    
    (additional) shared variable turn = 0;
    --------------------------------
    (P0 code)
    
    do
    {
      while (turn != 0) 
        /* do nothing */; 
      critical section of P0 ; 
      turn = 1 ; 
      remainder section of P0
    } while (1) ;
    
    --------------------------------
    (P1 code)
    
    do
    {
      while (turn != 1) 
        /* do nothing */ ; 
      critical section of P1 ; 
      turn = 0 ; 
      remainder section of P1 ;
    } while (1) ;
    
    

  • Algorithm 1 satisfies the mutual exclusion and bounded waiting requirements, but violates the progress requirement.
    
    
  • Algorithm 2: What if we try to solve the problem this way?

    
    shared boolean flag[2]={false, false};
    -------------------------------
    (P0 code)
    
    do
    { 
      flag[0] = true ;
      while (flag[1]) 
        /* do nothing */ ; 
      critical section of P0 ; 
      flag[0]=false ; 
      remainder section of P0
    } while (1) ;
    
    --------------------------------
    (P1 code)
    
    do
    { 
      flag[1] = true ;
      while (flag[0]) 
        /* do nothing */ ; 
      critical section of P1 ; 
      flag[1]=false ; 
      remainder section of P1 ;
    } while (1) ;
    
    

  • Algorithm 2 does not satisfy the progress requirement. If we interchange the first two lines of the code of each process, it solves the progress problem, but destroys the mutual exclusion requirement.
    
    
  • Algorithm 3 (Peterson's algorithm): What if we try to solve the problem this way?

    
    shared boolean flag[2]={false, false};
    shared int turn = 0 ;
    --------------------------------
    (P0 code)
    
    do
    { 
      flag[0] = true ;
      turn = 1 ;
      while (flag[1] && turn == 1) 
        /* do nothing */ ; 
      critical section of P0 ; 
      flag[0]=false ; 
      remainder section of P0
    } while (1) ;
    
    --------------------------------
    (P1 code)
    
    do
    {
      flag[1] = true ;
      turn = 0 ;
      while (flag[0] && turn == 0) 
        /* do nothing */ ; 
      critical section of P1 ; 
      flag[1]=false ; 
      remainder section of P1 ;
    } while (1) ;
    
    

  • Peterson's algorithm actually works.
    
    
    • If the processes set their flags at about the same time, then only one of them will win the race to set the value of turn. The loser will set the value of turn that allows the winner to drop out of the inner while-loop and enter its critical section (CS).
      
      
    • If P1 is in its remainder section and P0 tries to get into its CS, it will not be delayed because flag[1] will be false.
      
      
    • If P1 then tries to enter its CS while P0 is in its CS then P1 will be delayed because flag[0] will be true and turn will be zero.
      
      
    • Later when P0 leaves its CS it will set flag[0] to false. This will allow P1 to drop out of the inner while-loop and enter its CS.
      
      
    • Under these circumstances P0 cannot enter its CS again before P1 enters its CS. If P0 moves into its entry code immediately after exiting its CS, then P0 will be delayed in its inner while-loop because flag[1] will be true and turn will be 1.
      
      
    
    
    
• Multiple-Process Solutions
  
  
  • Lamport's bakery algorithm is a correct solution to the n-process critical section problem. The bakery algorithm goes like this:

    
    shared boolean choosing[n] = {false, ..., false} ;
    shared int num[n] = {0, ..., 0};
    --------------------------------
    (Pi code -- Pi executes "Customer(i)")
    
    void Customer (int me)
    {
      do
      {  
           /* entry code */
        choosing[me]=true ;
        num[me]=1+max(num[0],...,num[n-1]);
        choosing[me]=false ;
        for (him=0;him<n;him++)
          {
            while (choosing[him])  /* do nothing */ ;
            while ( num[him]!=0 
                     && ( (num[him],him) < (num[me],me) ) 
              /* do nothing */ ;
          } 
        criticalSection(me) ; 
           /* exit code */
        num[me]=0 ; 
        remainderSection(me) ;
      } while (1) ;
    }
    

  • A process P executing "Customer" picks the "next highest" number. Note however that we don't guarantee that different processes always pick different numbers. (Basically we'd have to solve another critical section problem to be able to guarantee that.)
    
    
  • After choosing its number, process P examines all the other processes (actually including itself too). P waits for each process Q to finish choosing. P then waits until either Q gets the value 0 for its number or until P's number is smaller than Q's number. (Throughout this discussion it must be remembered that a tie between the numbers is broken by comparing the id numbers of P and Q -- low number wins.)
    
    
  • After P does all that waiting, it is P's turn, and P enters its critical section.
    
    
  • P then sets its number to 0 to indicate it is no longer inside its critical section (and also to indicate it is not currently interested in re-entering its critical section). This allows the process with the next highest number (if any) to enter its critical section.
    
    
  • If a process is executing in its critical section and other processes come along later and try to enter their critical sections then they will be delayed -- all those processes that came along later will have higher numbers than the process executing its critical section.
    
    
  • If no processes are executing in their critical sections and two or more processes then attempt to enter their critical sections concurrently, the "lowest" process will be allowed to enter its critical section and the rest will be "higher" and they will be delayed in one of the while-loops within the for-loop.
    
    
  • The bakery algorithm works, but you should try to think of ways that it might fail, because it will help you to understand it better. Many people have had a difficult time coming to a complete understanding of such algorithms -- including the people who designed them!
    
    
  • As an example, think about the algorithm that would result if we removed this line:

    while (choosing[him])  /* do nothing */ ;
    

    If we removed the line, would we get another algorithm that is simpler, but just as correct? It may not be obvious, but with that change the algorithm would no longer satisfy the mutual exclusion requirement. Think about what could happen if P0 and P1 both choose numbers concurrently, and then if P1 started executing very quickly relative to P0.
    
    
• Synchronization Hardware
  
  
• Peterson's algorithm and Lamport's bakery algorithm work correctly. They are considered "software solutions" because the only dependency they have on the hardware is that simple load and store instructions are atomic. However, they have drawbacks. These algorithms are rather complex and difficult to understand. Besides, they do wasteful "busy waiting."
  
  
• Let's try to develop something that has fewer disadvantages. One thing to notice is that we can get simpler solution to the critical section problem if we have a "fancy" instruction implemented by the computer's hardware. Our text gives the examples of what can be done with an atomic test-and-set instruction or an atomic swap instruction.
  
  DEFINITION OF THE TestAndSet INSTRUCTION
  This must be implemented as an atomic operation.

  
  boolean TestAndSet(boolean &target)
  {
    boolean rv=target; /* make copy */
    target=true; /* set */
    return rv ; /* return copy */
  }
  

  Code as simple as this:

  ---------------------
  shared boolean locked=false;
  ---------------------
  do
  {
    while (TestAndSet(locked)) 
      /* do nothing */ ;
    criticalSection(me) ;
    locked=false ;
    remainderSection(me) ;
  } while(1) ;
  ---------------------
  

  implements mutual exclusion for a a set of n processes. (Each process P_i executes the code above with me == i.)
  
  We can satisfy all requirements for a solution to the critical section problem with code like this:

  ---------------------
  shared boolean waiting[n]={false,...,false};
  shared boolean locked=false;
  ---------------------
  
  void SolveCS(int me)
  {
    local boolean wasLocked ;
    local int you;
    do
    {
      waiting[me]=true;
      wasLocked=true;
      while( waiting[me] && wasLocked )
        wasLocked = TestAndSet(locked) ;
      waiting[me]=false;
  
      criticalSection(me) ;
  
      you=(me+1)%n ;
      while ( (you!=me) && (!waiting[you]) )
         you = (you+1)%n;
      if   (you==me) locked=false
      else waiting[you]=false ;
      
      remainderSection(me) ;
      
    } while(1) ;
  }
  ---------------------
  

  The code above is not shorter than the bakery algorithm, but it is easier to understand.
  
  
• Semaphores
  
  
• Usage
  
  
• Implementation
  
  With a queuing semaphore we can create a simple solution to a critical section problem - one that does not require busy waiting.
  
  The queuing semaphore is a special data structure. The data part consists of an integer value and a list. It might be represented this way:

  
  typedef struct
  {
    int value ;
    struct process *L ;
  } semaphore ;
  

  The semaphore data stucture requires two operations, wait() and signal(), which must be implemented atomically. The following pseudo code describes what the operations do, but does not give any clue about how to implement the operations atomically:

  
  void wait(semaphore S)
  {
    S.value--;
    if (S.value<0)
    {
      add this process to S.L;
      block() ;
    }
  }
  
  void signal(semaphore S)
  {
    S.value++;
    if (S.value<=0)
    {
      remove a process P from S.L;
      wakeup(P);
    }
  }

  One can implement block() and wakeup(P) as system calls. A call to block() would put the calling process to sleep. The OS would get control of the CPU and put the process that called block() into a special sleep queue. The sleep queue is a data structure that the OS maintains. A process is not runnable while in the sleep queue. A call to wakeup(P) would cause the OS to get control of the CPU and to remove P from the sleep queue and return it to the ready queue.
  
  On a uniprocessor, one can implement wait() and signal() (without any busy waiting) as system calls. The OS can guarantee the atomic execution of wait() and signal() if it does two things while executing the code of wait() or signal():
  
  
  • refuse to relinquish the CPU, and
  • mask interrupts
    
    
  Under those circumstances nothing can "sneak in" and run in the CPU until after the wait() or signal() has completed.
  
  Unfortunately the method described above is hard to generalize to a multiprocessor platform. We would have to guarantee that no code running on any of the other CPU's would do anything to "conflict" with the critical section of code running the wait() or the signal().
  
  However on a multiprocessor, we could implement wait() and signal() using one of the software solutions we examined earlier in the chapter. For example, wait() could be implemented like this:

  
  typedef struct
  {
    boolean waiting[n] ;
    boolean lock ;
    int value ;
    struct process *L ;
  } semaphore ;
  
  void wait(semaphore S, int me)
  {
    boolean willBlock=false ;
    int wasLocked ;
  
       /* Entry Code for making wait() atomic */
    S.waiting[me]=true;
    wasLocked=true;
    while(S.waiting[me] && wasLocked) wasLocked=TestAndSet(S.lock);
    S.waiting[me]=false;
  
    S.value--;
    if (S.value<0)
    {
      add this process to S.L;
      willBlock=true ;
    }
  
       /* Exit Code for making wait() atomic */
    int you=(me+1)%n ;
    while ( (you != me) && !S.waiting[you] ) you=(you+1)%n ;
    if (you==me) 
    {
      if (willBlock) block(S.lock,false); 
      else S.lock=false ;
    }
    else 
    {
      if (willBlock) block(S.waiting[you],false); 
      else S.waiting[you]=false ;
    }
  }

  Note that the code above employs a modified version of the block() system call. The meaning of block(x,v) is "block the process making this call and then set the variable x equal to the value v."
  
  Why do we have to change the form of block()?
  
  Basically it is due to a problem that comes up if a process P executing a wait() needs to block. In that case P needs to block and perform the exit code. Unfortunately no matter what order P tries to perform these actions, it will do something wrong.
  
  If P blocks it can't do anything next, so it can't execute the exit code. Consider that if P does not set one of the flags to false -- S.lock or S.waiting[you] -- then none of the other processes using the semaphore will be able to perform a signal() or a wait(). All progress of the group of processes will stop. In particular, no process will ever wake P up.
  
  On the other hand it is not acceptable for P to set one of the flags to false first and then block. The problem is that another process Q might execute a signal() and a wakeup(P) before P is able to block.
  
  Therefore, depending on exactly how wakeup() works on the system, P could "miss" its wakeup. P might wake up later when some other process executes a signal(), or it might never wake up. Either way, a lost wakeup can cause processes to malfunction.
  
  The solution we employ here is to take the responsibility away from the process P and place it with the OS. The OS sets the flag to false after blocking P.
  
  Note that the solution we posed for the multiprocessor does require some busy waiting. However generally the amount of time spent doing this busy waiting will be negligible. There are only a few instructions involved in the wait and signal code, and processes do their busy waiting only when waiting to perform those short sequences of instructions.
  
  Contrast that with the case of such code as that below. Here some of the critical sections could be very long. There is the potential, for example, that one process will executes a very long time in its critical section and that several other processes busy wait the whole time.

  
  void SolveCS(int me)
  {
    local boolean wasLocked ;
    local int you;
    do
    {
      waiting[me]=true;
      wasLocked=true;
      while( waiting[me] && wasLocked )
        wasLocked = TestAndSet(lock) ;
      waiting[me]=false;
  
      criticalSection(me) ; /* could be very long */
  
      you=(me+1)%n ;
      while ( (you!=me) && (!waiting[you]) )
         you = (you+1)%n;
      if   (you==me) lock=false
      else waiting[you]=false ;
      
      remainderSection(me) ;
      
    } while(1) ;
  }

  In the version of the code below, implementing the wait and signal as described above for the multiprocessor case, the processes are blocked most of the time while waiting to enter their critical section. They only do busy waiting for a brief time while executing wait() and signal().
  
  As a result there is no significant busy waiting in this solution.

  
  ---------------------
  shared semaphore mutex ;
  ---------------------
  void SolveCS(int me)
  {
    do
    {
      wait (mutex) ;
      criticalSection(me) ; /* could be very long */
      signal (mutex) ;
      remainderSection(me) ;
    } while(1) ;
  }

• Deadlocks and Starvation
  
  

  
  ---------------------
  
    /* Declare two shared variables and separate semaphores to protect each
       variable. */
  
  shared int s_count, int q_count ;
  shared semaphore S, Q ;
  ---------------------
  P0:
  wait(S)
  wait(Q)
   /* P0 accesses s_count and q_count */
    ...
  
  signal(Q)
  signal(S)
  ---------------------
  P1
  wait(Q)
  wait(S)
    /* P1 accesses s_count and q_count */
    ...
  
  signal(S)
  signal(Q)
  ---------------------

  The code above can lead to deadlock -- a situation wherein each process is waiting for an event that will never happen.
  
  
• Classic Problems of Synchronization
  
  
• The Bounded-Buffer Problem
  
  See text for a solution that uses semaphores to count the empty and full buffers.
  
  How could we use a single semaphore to "repair" the proposed solution at the beginning of the chapter?
  
  
• The Readers-Writers Problem
  
  In this problem it is permissible for many processes to read the shared data concurrently. However we must insure that writers have exclusive access to the data.
  
  The code shown solves the "first readers/writers problem" -- it does make sure that writers have exclusive access. However writers can starve in this solution because there is nothing to prevent new readers from streaming in indefinitely while a writer is waiting.
  
  
• The Dining Philosophers Problem
  
  The method of handling the problem given in this section is not deadlock free. Consider resource-ordering as a way to perform deadlock prevention.
  
  A satisfactory solution to the problem would
  
  
  • make sure only one philosopher has possesion of any particular chopstick at any one time.
    
    
  • allow only philosophers who are vying for chopstick C or are in posession of C to participate in the decision as to who gets possesion of C next, and make sure this decision is not postponed indefinitely.
    
    
  • make sure there exists a bound on the number of times that other philosophers are allowed to eat after one philosopher P has begun to try to eat and before P is allowed to eat.
    
    
• Critical Regions
  
  The idea of the critical region improves on the idea of a semaphore by making it harder for the programmer to make a mistake. The idea is to create a programming language L in which variables to be shared by two or more processes are specifically declared to be shared variables with a programming language statement like this:

  counter: shared integer;

  The rules of language L would make it impossible for two processes running L programs to share memory unless they have declared the shared space with a special statement like the one above. Furthermore the rules of L would not allow a process to access a shared variable except within a region statement of the form:

  region counter when condition do counter++ 

  The meaning of the region statement above would be that no other process could access the counter variable while the statement above is executed by some particular process. The compiler would generate object code that would enforce the mutual exclusion. The compiler might make use of semaphores or some other kinds of synchronization tools.
  
  The main point is that the programmer would be placed at a higher level.
  
  Using a language such as L, the programmer in effect simply tells the compiler which variables are shared and which statements to execute using the shared data. The compiler, in effect, inserts entry and exit code around the critical sections of the program where shared data is accessed.
  
  When a programmer has to write and place entry and exit code, there is a possibility of error. The use of a language such as "L" automates much of the task so there is less chance of error. (However it is still possible to make errors using these higher level tools.)
  
  
• Monitors
  
  The monitor is another high level synchronization tool. Monitors are distinctly different from the "region construct" of the previous section. However "monitors" and "regions" are similar in that they have the effect of automating some of the error-prone coding tasks of the programmer.
  
  Students who have used an object-oriented language will see that monitors are basically objects that are "rigged" so that only one process at a time can access the object. (The monitor concept dates back over 30 years [1973, Brinch-Hansen]. The idea of object-oriented computing goes back even further [Simula 67, 1967, Dahl & Nygaard] ).
  
  The programmer writes code for the monitor. The programmer also writes the "client code" that uses the monitor. The compiler takes care of, in effect, generating the entry code and exit code that guards the monitor so that only one process at a time can execute monitor code.
  
  We can examine how the authors of our text employ a monitor and some client code to create a partial solution to the dining philosophers problem. (Mutual exclusion is assured, and deadlock is impossible, but starvation can occur. What is deadlock? What is starvation? What, if any, is the relation between the two?)
  
  
• Synchronization
  
  
• Synchronization in Solaris 2
  
  For synchronizing concurrent processes, Solaris 2 provides these tools:
  
  
  • adaptive mutexes
    • used to protect short code segments accessing shared data
    • will busy wait if the thread holding the lock is executing
    • will block otherwise
    • on a uni-processor the only option will be to block
      
      
  • condition variables and semaphores -- used to protect long code segments
    
    
  • reader-writer locks
    • protect long sections of code accessing data that is read frequently but not written frequently
    • allows multiple concurrent reads
    • relatively expensive to implement
      
      
  • turnstiles
    • a queue for threads blocked on a lock
    • design twist:
      • synchronization objects don't have turnstiles
      • threads "carry around" a turnstile
      • first thread that has to block on a lock "donates" its turnstile for the queuing on that lock. When the thread is awakened it will get another turnstile from a pool maintained by the OS.
    • organized so that when a high priority thread H blocks on a lock held by a low priority thread L, L "inherits" the priority of H until L releases the lock. This helps H get the lock as soon as possible.
      
      
  All the synchronization primitives listed above are available to user level threads. However, priority inheritance is implemented only for kernel level threads.
  
  
• Synchronization in Windows 2000
  
  
  • Windows 2000 is a multithreaded kernel that supports real-time processing and multiprocessing.
    
    
  • On a uni-processor, it will use masking of interrupts to insure exclusive access to global data.
    
    
  • On a multiprocessor, it uses spinlocks to guard short sections of code accessing global data. The OS ensures that a thread holding a spinlock will not be preempted.
    
    
  • Threads outside the kernel can use dispatcher objects to synchronize.
    • synchronization can take the form of mutex, semaphore, or event.
    • Events are used much like conditions -- to wait for a desired condition to occur.
      
      
• Atomic Transactions
  
  
• System Model
  
  
  • The solutions we have worked out so far do not take into account the possibility that the process may fail spontaneously while executing in its critical section -- for example due to a system crash or hardware failure.
    
    
• Log-Based Recovery
  
  
  • How can we insure that critical sections are executed atomically when there is non-zero probability that processes will abort without warning?
    
    
    • With write ahead logging and stable storage we can operate with very high confidence that "all transactions will be atomic" -- e.g. all critical sections will be executed atomically.
      
      
    • For each write operation to a data field the system logs, on stable storage, the unique ID of the operation, unique ID of the data field, old value of the data field, and new value of the data field to be written.
      
      
    • A process writes the log entry before attempting the actual change to the data.
      
      
    • In effect the log entry is of the form "Transaction T intends to change cell C from value X to value Y."
      
      
    • A process writes a <Ti starts> entry to the log when it first enters the code of the transaction.
      
      
    • It writes a <Ti commits> record after it has completed the transaction successfully.
      
      
    • If a transaction Ti aborts and there is a <Ti starts> entry in the log with no matching <Ti commits> record then in a recovery phase the OS can undo what Ti did after Ti wrote the <Ti starts> record. The OS just looks at the log and changes all the values of the data fields back to what they were. (The OS has to be careful in the manner it does this because another failure could occur in the midst of the recovery.)
      
      
    • When the OS undoes an aborted transaction, that preserves atomicity.
      
      
    • Similarly a transaction that fails after writing a <Ti commits> may be redone after the failure.
      
      
• Checkpoints
  
  
  • A process may flush all log records and data changes to stable storage, and then write a <checkpoint> record to the log.
    
    
  • The <checkpoint> can speed recovery because the OS knows that if a <Ti commits> appears before a <checkpoint>, the OS does not need to redo Ti.
    
    
• Concurrent Atomic Translations
  
  
• Serializability
  
  
  • An operation Oi of transaction Ti conflicts with operation Oj of Tj if both Oi and Oj access the same data item and at least one of the two does a write to the item.
    
    
  • If one schedule can be transformed into another just by swapping operations that don't conflict, then the two schedules are equivalent -- they have the same effect on the data.
    
    
• Locking Protocol
  
  
  • When we want to insure atomicity of some transaction, we may not have to treat the whole section as a single critical section to be protected by a single lock or semaphore.
    
    
  • It is enough to insure serializability -- to insure that when two transactions execute concurrently the effect on the data is the same as if one transaction was carried out completely first and then the other.
    
    
  • If we use a lock for each data item and require transactions to follow a locking protocol, we can ensure serializability.
    
    
  • The so-called two-phase locking protocol may be used.
    
    
    • The transaction may obtain but not release locks during the growing phase.
      
      
    • The transaction may release locks but not obtain any new locks during the shrinking phase.
      
      
    • The two-phase locking protocol ensures conflict serializability but does not ensure freedom from deadlock.
      
      
    • There are conflict-serializable schedules that cannot be obtained through two-phase locking.
      
      
• Timestamp-Based Protocols
  
  
  • We can give each transaction Ti a unique "timestamp" and require that when TS(Ti) < TS(Tj) the system must "ensure that the produced schedule is equivalent to a serial schedule in which Ti is executed before Tj.
    
    
  • The timestamps are "birthdates" and "older" transactions are supposed to (at least in effect) "go first."
    
    
  • We keep track of the youngest transaction that has done a write or read on every data item Q.
    
    
  • If Ti is about to read data item Q and Ti is older than the youngest writer of Q (YW(Q)) then Ti is rolled back and it has to be run again (with a new timestamp).
    
    
  • If Ti is about to read data item Q and Ti is younger than the YW(Q) then Ti performs the read and the age of Ti is compared with the youngest reader of Q (YR(Q)). If Ti is younger then the YR(Q) is updated.
    
    
  • If Ti is about to write data item Q and Ti is older than YR (Q) then Ti is rolled back and it has to be run again (with a new timestamp).
    
    
  • Else if Ti is about to write data item Q and Ti is older than YW(Q) then Ti is attempting to write an obsolete value and Ti is rolled back and it has to be run again (with a new timestamp).
    
    
  • Else the write operation is carried out.
    
    
  • Some schedules that can be produced by this timestamp-based protocol cannot be produced by two-phase locking, and vice versa.
    
    
  • This timestamp-based protocol insures that conflicting operations are executed in time-stamp order. Therefore the protocol ensures conflict serializability.
    
    
  • The protocol never results in a wait. Processes either go ahead with their actions or are rolled back. Therefore deadlock cannot occur.
    
    
  • Since there is no guarantee that a process that has been rolled back will not be rolled back again, there is no guarantee that processes will not starve.