>
EXAMPLE FILE: bakeryAlg
Proof of Correctness of Algorithm 6 (The Bakery Algorithm),
Chapter 6, Silberschatz & Galvin
CS 3750 -- OS I -- (John Sarraille)
The Bakery Algorithm is Due to Lamport (1974).
The common data structures are:
var choosing : array [0..n-1] of boolean ;
number : array [0..n-1] of integer ;
All data structures are initialized to false and 0, respectively. For
convenience, we define the following notation:
@ (a,b) < (c,d) if a < c or if a = c and b < d.
@ max( a0, ..., an-1) is a number k such that k >= ai for i = 0, ..., n-1.
The program of process Pi is:
repeat
choosing[i] = true ;
number[i] = max(number[0], number[1], ..., number[n-1]) + 1 ;
choosing[i] = false ;
for j = 0 to n-1
do begin
while choosing[j] do skip ;
while number[j] <> 0
and ((number[j],j) < (number[i],i)) do skip ;
end ;
... CS ...
number[i] = 0 ;
... RS ...
until false
Mutual Exclusion Proof:
Assume that two processes exist in the CS simultaneously. Let Tk be the
time that it first happens, with Pk arriving in the CS at Tk. Let Ph be
the other process, arriving in the CS for the last time before (or no
later than) Th. Consider the following times:
a. Ph gets the number it enters with at Th
b. Ph verifies that Pk is not choosing (the last time before Th)
c. Ph finds that number[k] = 0, or that ((number[k],k) > (number[h],h)).
--------------------------------------------------------------
^ ^ ^ ^ ^
a b c Th Tk
In order that Pk can enter the CS at Tk, it must verify first that
number[h] = 0, or that ((number[h],h) > (number[k],k)). Obviously, this
cannot be done after a., because the number it would have to get would be
larger than number[h]. (Note that number[h] does not change between a and
Tk.
If Pk gets its number at around the same time as a., then since Ph waits
for Pk to finish choosing (b) before comparing numbers (c), the outcome of
that test will be "(number[h],h) > (number[k],k))", contrary to the fact
that the outcome was "((number[k],k) > (number[h],h))". So Pk can't do
that either.
Pk also can't get the number at a time well before a., since that would
also imply that the successful test in c. would have failed.