modeling and analysis of fischer's algorithm
TRANSCRIPT
Modeling and Analysis of Fischer’s Algorithm
Thomas Davies
Processes and Data,Department of Computer Science, Swansea University
Vino - July 2011
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Today’s Talk
1. Mutual Exclusion Algorithms (recap)
2. Fischer’s Algorithm
3. Modeling Fischer’s Algorithm
4. Analysis of Fischer’s Algorithm
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Mutual Exclusion Algorithms
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Mutual Exclusion
As previously observed, the idea of mutual exclusion is that twoprocesses which have critical sections cannot enter those sectionsat the same time.
CriticalSection
CriticalSection
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Mutual Exclusion Algorithms
The abstract behaviour of mutual exclusion algorithms describedas:
while true dobegin
remainder regiontrying regioncritical sectionexit region
end
Algorithms like this satisfy two properties:
I Mutual Exclusion
I Deadlock Freedom
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Mutual Exclusion Algorithms
The abstract behaviour of mutual exclusion algorithms describedas:
while true dobegin
remainder regiontrying regioncritical sectionexit region
end
Algorithms like this satisfy two properties:
I Mutual Exclusion
I Deadlock Freedom
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Mutual Exclusion Algorithms
The abstract behaviour of mutual exclusion algorithms describedas:
while true dobegin
remainder regiontrying regioncritical sectionexit region
end
Algorithms like this satisfy two properties:
I Mutual Exclusion
I Deadlock Freedom
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Asynchronous Mutual Exclusion
Known asynchronous mutual exclusion algorithms for n processesrequire O(n) read and write registers and O(n) operations in orderto access the critical section. (Lynch and Shavit 1992)
Question:Is it possible to achieve mutual exclusion in asynchronous systemsconsisting of n processes by using a smaller number of sharedregisters and/or fewer than O(n) operations to access the criticalsection?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Asynchronous Mutual Exclusion
Known asynchronous mutual exclusion algorithms for n processesrequire O(n) read and write registers and O(n) operations in orderto access the critical section. (Lynch and Shavit 1992)
Question:Is it possible to achieve mutual exclusion in asynchronous systemsconsisting of n processes by using a smaller number of sharedregisters and/or fewer than O(n) operations to access the criticalsection?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Asynchronous Mutual Exclusion (cont.)
Short answer:
No.
Long answer:
TheoremThere is no asynchronous algorithm providing mutual exclusionwith deadlock freedom for n ≥ 2 processes that uses fewer than nshared read and write registers. (Burns and Lynch)
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Asynchronous Mutual Exclusion (cont.)
Short answer:No.
Long answer:
TheoremThere is no asynchronous algorithm providing mutual exclusionwith deadlock freedom for n ≥ 2 processes that uses fewer than nshared read and write registers. (Burns and Lynch)
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Asynchronous Mutual Exclusion (cont.)
Short answer:No.
Long answer:
TheoremThere is no asynchronous algorithm providing mutual exclusionwith deadlock freedom for n ≥ 2 processes that uses fewer than nshared read and write registers. (Burns and Lynch)
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Fischer’s Algorithm
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Beating the theorem
Can the lower bound in the Theorem for deadlock-free mutualexclusion be overcome by considering computational models otherthan the one underlying the above-mentioned result of Burns andLynch?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Michael Fischer
The first researcher to accomplish this was Michael Fischer, whoovercame the lower bound by assuming timing constraints.
His algorithm uses one shared mulitwriter register ’id’ with initialvalue 0. Each process Pi , i ∈ {1, . . . , n} executes the followingalgorithm, where ’delay’ is a positive integer constant.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Fischer’s Algorithm
while true dobegin
noncritical section;L: if id 6= 0 then goto L;1: id := i;2: pause(delay);3: if id 6= i then goto L;critical section;id := 0;
end
pause(delay) makes the process wait for the amount of timespecified by the constant ’delay’.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Choosing the value of ’delay’
Fischer’s algorithm is real-time. Therefore it is important tooptimise the value of ’delay’. So what should it’s value be?
We could assume a positive integer upper bound c for the timebetween successive steps of the execution of a process while itattempts to access its critical section.
In Fischer’s algorithm, we choose a value larger than c , the longesttime that a process may take to perform a step while trying toenter its critical section.But why?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Choosing the value of ’delay’
Fischer’s algorithm is real-time. Therefore it is important tooptimise the value of ’delay’. So what should it’s value be?
We could assume a positive integer upper bound c for the timebetween successive steps of the execution of a process while itattempts to access its critical section.
In Fischer’s algorithm, we choose a value larger than c , the longesttime that a process may take to perform a step while trying toenter its critical section.But why?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Choosing the value of ’delay’
Fischer’s algorithm is real-time. Therefore it is important tooptimise the value of ’delay’. So what should it’s value be?
We could assume a positive integer upper bound c for the timebetween successive steps of the execution of a process while itattempts to access its critical section.
In Fischer’s algorithm, we choose a value larger than c , the longesttime that a process may take to perform a step while trying toenter its critical section.But why?
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Choosing the value of ’delay’ (cont.)
By the time that process i has reached line 3 in the pseudocodealgorithm (3: if id 6= i then goto L;), each process j that haspassed the test in line L (L: if id 6= 0 then goto L;) and mightwrite j in the variable id has already done so, since delay ¿ c and cis the longest time that such a step may take.
Therefore, whenever process i finds that id = i in line 3 then it cansafely enter its critical section because all the other processes areeither before line L or after line 1 with their index overwritten byprocess i , so they will fail the test at line 3.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
A Brief Reflection
Fischer’s algorithm is deadlock free and mutually exclusive for aslong as its timing assumptions are met. The timing behaviour ofthe algorithm is nearly optimal (Lynch and Shavit 1992, Theorem4.6.)
However...If the timing constraints are not met, then the algorithm can nolonger guarantee mutual exclusion!
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
A Brief Reflection
Fischer’s algorithm is deadlock free and mutually exclusive for aslong as its timing assumptions are met. The timing behaviour ofthe algorithm is nearly optimal (Lynch and Shavit 1992, Theorem4.6.)
However...
If the timing constraints are not met, then the algorithm can nolonger guarantee mutual exclusion!
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
A Brief Reflection
Fischer’s algorithm is deadlock free and mutually exclusive for aslong as its timing assumptions are met. The timing behaviour ofthe algorithm is nearly optimal (Lynch and Shavit 1992, Theorem4.6.)
However...If the timing constraints are not met, then the algorithm can nolonger guarantee mutual exclusion!
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Modeling Fischer’s Algorithm
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Modeling Fischer’s Algorithm
Fischer’s algorithm for n processes can be modeled as a network oftimed automata. Each of the n timed automata in the network isakin to one process running the algorithm.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Fischer’s Automaton
/tiny/tinyL
/tiny1, x ≤ c
/tiny2
/tinyCS
id = 0,x := 0
id := i ,x := 0
id = i ,x > c
id := 0not(id = 0),x > c
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Fischer’s Network
We model the algorithm for n processes as the network of timedautomata
A1|A2| . . . |An
States of this network consist of an n-tuple of locations (l1, . . . , ln),where ln is a location in the automaton Ai , i ∈ {1, . . . , n} and avaluation for the set of clocks {x1, . . . , xn}; xi standing for thelocal clock of automaton Ai .
But...
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Fischer’s Network
We model the algorithm for n processes as the network of timedautomata
A1|A2| . . . |An
States of this network consist of an n-tuple of locations (l1, . . . , ln),where ln is a location in the automaton Ai , i ∈ {1, . . . , n} and avaluation for the set of clocks {x1, . . . , xn}; xi standing for thelocal clock of automaton Ai .
But...
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Handling the shared variable
Due to the value of the shared variable ’id’ actively determiningwhich edges are enabled, the states of the network also need torecord the current value of this variable.
We write a state of the network A1|A2| . . . |An as so:
(l1, . . . , ln, x1 = c1, . . . , xn = cn, id = i),
where c1, . . . , cn are non-negative reals and i ∈ {1, . . . , n}.
The initial state of the network is
(L, . . . , L, x1 = 0, . . . , xn = 0, id = 0),
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Handling the shared variable
Due to the value of the shared variable ’id’ actively determiningwhich edges are enabled, the states of the network also need torecord the current value of this variable.
We write a state of the network A1|A2| . . . |An as so:
(l1, . . . , ln, x1 = c1, . . . , xn = cn, id = i),
where c1, . . . , cn are non-negative reals and i ∈ {1, . . . , n}.
The initial state of the network is
(L, . . . , L, x1 = 0, . . . , xn = 0, id = 0),
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Handling the shared variable
Due to the value of the shared variable ’id’ actively determiningwhich edges are enabled, the states of the network also need torecord the current value of this variable.
We write a state of the network A1|A2| . . . |An as so:
(l1, . . . , ln, x1 = c1, . . . , xn = cn, id = i),
where c1, . . . , cn are non-negative reals and i ∈ {1, . . . , n}.
The initial state of the network is
(L, . . . , L, x1 = 0, . . . , xn = 0, id = 0),
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Analysis of Fischer’s Algorithm
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Analysis of Fischer’s Algorithm
Now we have a model of the algorithm as a network of timedautomata, we must analyse the behaviour of the model in order toverify that it affords the mutual exclusion property.
We state the following invariant property:
No matter how the network evolves, at no point of its computationwill two different component automata each be in its location CSat the same time.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Using Hennessy-Milner logic with time
We can express invariance properties in Hennessy-Milner logic withtime.
We wish to express the following requirement:
Two different component automata cannot each be in its locationCS at the same time.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Using Hennessy-Milner logic with time (cont.)
We have the option of modifying the model by adding self-loopedges to location CS, labeling them with some observablesynchronisation action ini ! which is used to signal that Ai is in itscritical section.
This allows us to express mutual exclusion using the property
Inv
∧1≤i<j≤n
([ini !]ff ∨ [inj !]ff )
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Using Hennessy-Milner logic with time (cont.)
We have the option of modifying the model by adding self-loopedges to location CS, labeling them with some observablesynchronisation action ini ! which is used to signal that Ai is in itscritical section.
This allows us to express mutual exclusion using the property
Inv
∧1≤i<j≤n
([ini !]ff ∨ [inj !]ff )
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
UPPAAL Verification
We could potentially look to verify the correctness of the algorithmusing the verification tool UPPAAL, however the languagesupported by it does not allow us to write formulae such as we hadon the previous slide.
We can rewrite this formula as
MutexNow∧
1≤i<j≤n
(¬Ai .CS ∨ Aj .CS)
Which will allow us to express mutual exclusion using the property
Inv(MutexNow)
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
UPPAAL Verification
We could potentially look to verify the correctness of the algorithmusing the verification tool UPPAAL, however the languagesupported by it does not allow us to write formulae such as we hadon the previous slide.
We can rewrite this formula as
MutexNow∧
1≤i<j≤n
(¬Ai .CS ∨ Aj .CS)
Which will allow us to express mutual exclusion using the property
Inv(MutexNow)
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Summary - Part One
To summarise, we briefly recapped on mutual exclusion. We thenintroduced Fischer’s algorithm and modeled it using timedautomata.
We then went some way to verifying its correctness by giving theideas needed to formally verify the algorithm using UPPAAL.
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Summary - Part Two
I Introduction to CCS
I Behavioural equivalences
I Fixed points and bisimulation equivalence
I Hennessy-Milner logic
I Hennessy-Milner logic with recursive definitions
I Mutual exclusion
I CCS with time delays
I Timed automata
I Timed behavioural equivalences
I Hennessy-Milner logic with time
I Modeling and analysis of Fischer’s Algorithm
Thomas Davies Modeling and Analysis of Fischer’s Algorithm
Thank you!
Thomas Davies Modeling and Analysis of Fischer’s Algorithm