Distributed Deadlock-Avoidance. IMDEA Software Institute, Spain

Size: px

Start display at page:

Download "Distributed Deadlock-Avoidance. IMDEA Software Institute, Spain"

Arline Floyd
5 years ago
Views:

1 Distributed Deadlock-voidance César Sánchez IMDE Software Institute, Spain DRV Workshop, ertinoro 19-May, 216

2 Distributed Deadlock-voidance little story about how static knowledge can help solve unsolvable problems César Sánchez IMDE Software Institute, Spain DRV Workshop, ertinoro 19-May, 216

3 Introduction Goal: Formalization of middleware services pp pp pp Middleware Middleware Event Channels Deadlock voidance OS 1 OS 2 OS 3

4 Deadlocks Deadlock is one of the classical problems in CS One (common) approach is the ostrich approach The other approaches are: detection, prevention and avoidance. centralized distributed detection OK OK prevention OK OK avoidance anker s impractical Efficient dynamic resource allocation can have a big practical impact.

5 Distributed Dinning Philosophers

6 Distributed Dinning Philosophers deadlock state

7 Distributed Dinning Philosophers Detection:

8 Distributed Dinning Philosophers Prevention: 3 2 1

9 Distributed Dinning Philosophers voidance:?

10 Distributed Dinning Philosophers Distributed voidance:???

11 Deadlock voidance Problem Space Centralized Distributed Unsolvable Unsolvable

12 Deadlock voidance Problem Space Centralized Distributed Unsolvable Unsolvable Max utilization

13 Deadlock voidance Problem Space Centralized Distributed Unsolvable Unsolvable Max utilization [Dijkstra 65] [Singhal 95]

14 Deadlock voidance Problem Space Centralized Distributed Unsolvable Unsolvable Max utilization [Dijkstra 65] [Singhal 95] [de lfaro+:5] FMS

15 Deadlock voidance Problem Space Centralized Distributed Unsolvable Unsolvable Max utilization [Dijkstra 65] [Singhal 95] [de lfaro+:5] FMS?

16 Distributed Real-Time and Embedded F C E D

17 Distributed Real-Time and Embedded n 1 F C E D

18 Distributed Real-Time and Embedded n 1 F n 2 C E D

19 Distributed Real-Time and Embedded n 1 n 3 F n 2 C E n 5 D

20 Distributed Real-Time and Embedded n 1 n 4 n 3 F n 2 C E n 5 D

21 Distributed Real-Time and Embedded n 1 n 4 n 3 F n 2 C E n 5 D Sequence of calls: n 1 C n 5 E n 2 n 3 n 1

22 Distributed Real-Time Embedded Systems Distributed Real-Time Embedded Systems: synchronous distributed system Limited Resources Wait-on-connection rbitrary number of processes spawned ll processes terminate Problem: deadlocks are possible if no controller is used

23 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

24 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

25 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

26 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

27 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

28 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

29 Example of Deadlock Two sites, with two resources each: and the call graph: n 1 n 2 m 1 m 2

30 Summary of Contributions Contribution #1 Efficient deadlock voidance can is possible provided call-graphs are know statically

31 Summary of Contributions Contribution #1 Efficient deadlock voidance can is possible provided call-graphs are know statically Contribution #2 Optimal annotations can be efficiently computed. If annotations are not followed anomalies can occurr.

32 Summary of Contributions Contribution #1 Efficient deadlock voidance can is possible provided call-graphs are know statically Contribution #2 Optimal annotations can be efficiently computed. If annotations are not followed anomalies can occurr. Contribution #3 Distributed Deadlock voidance with (individual) liveness guarantees can be efficiently achieved.

33 Model of Computation Remote procedure call (with Wait-On-Connection) synchronous messages ll to all communication Finite resources: T total number of threads F C E D

34 Model of Computation Remote procedure call (with Wait-On-Connection) synchronous messages ll to all communication Finite resources: T total number of threads F C E D We seek a deadlock avoidance solution with no extra communication

35 Distributed Deadlock voidance Solution Two parts: 1. Static: 2. Dynamic:

36 Distributed Deadlock voidance Solution Two parts: 1. Static: 1 n 1 C n 5 E n 2 n 3 n 1 2. Dynamic:

37 Distributed Deadlock voidance Solution Two parts: 1. Static: 1 n 1 C n 5 E n 2 n 3 n 1 2. Dynamic: when En do In n 1 () Out } entry section } method invocation } exit section

38 nnotations nnotations are computed statically n 1 n 2 m 1 m 2

39 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n same node. m whenever α(n) m for two calls in the

40 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n m whenever α(n) m for two calls in the same node. n 1 n 2 m 1 m 2

41 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n m whenever α(n) m for two calls in the same node. n 1 n 2 m 1 m 2 n depends on m if there is a path from n to m containing a dependency cycle is close path with a

42 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n m whenever α(n) m for two calls in the same node. n 1 n 2 m 1 m 2 DependencyCycle n depends on m if there is a path from n to m containing a dependency cycle is close path with a

43 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n m whenever α(n) m for two calls in the same node. 1 n 1 n 2 m 1 1 m 2 DependencyCycle n depends on m if there is a path from n to m containing a dependency cycle is close path with a

44 nnotations nnotations are computed statically n 1 n 2 m 1 m 2 Dependency edges n m whenever α(n) m for two calls in the same node. 1 n 1 n 2 m 1 m 2 DependencyCycle n depends on m if there is a path from n to m containing a dependency cycle is close path with a

45 asic Solution Deadlock voidance Protocol asic-p: n 1 α [ ] when α < t do t n 1 () t ++

46 asic Solution Deadlock voidance Protocol asic-p: n 1 α [ ] when α < t do t n 1 () t ++ Theorem: If α has no cyclic dependencies, then asic-p guarantees absence of deadlock.

47 asic Solution Deadlock voidance Protocol asic-p: n 1 α [ ] when α < t do t n 1 () t ++ Theorem: If α has no cyclic dependencies, then asic-p guarantees absence of deadlock. Lemma: The following is an invariant: The number of processes running methods with annotation i or higher is at most T i.

48 The nnotation Theorem Theorem: If α has no cyclic dependencies, then asic-p guarantees absence of deadlock. Lemma: The following is an invariant: The number of processes running methods with annotation i or higher is at most T i. annotation α Max num of procs T 1 T T 1 1

49 The nnotation Theorem Theorem: If α has no cyclic dependencies, then asic-p guarantees absence of deadlock. Lemma: The following is an invariant: The number of processes running methods with annotation i or higher is at most T i. Lemma: If a request n 1 is disabled, then α 2 there is an active process running with α 2 α. α n 2

50 nnotations Two immediate questions: 1. How to compute acyclic annotations 2. What if annotations are not acyclic?

51 nnotations Two immediate questions: 1. How to compute acyclic annotations Visit nodes following some reverse topological order. When visiting n, compute the set of nodes S previously visited and reachable following ( ). Set α(n) to 1 plus the largest node in S that resides in the same site. 2. What if annotations are not acyclic?

52 nnotations Two immediate questions: 1. How to compute acyclic annotations Visit nodes following some reverse topological order. When visiting n, compute the set of nodes S previously visited and reachable following ( ). Set α(n) to 1 plus the largest node in S that resides in the same site. 2. What if annotations are not acyclic? n 1 m 1 C C n 2 m 2 n 3 m 3 T = 1 T = 1 T C = 1

53 nnotations Two immediate questions: 1. How to compute acyclic annotations Visit nodes following some reverse topological order. When visiting n, compute the set of nodes S previously visited and reachable following ( ). Set α(n) to 1 plus the largest node in S that resides in the same site. 2. What if annotations are not acyclic? n 1 m 1 C C n 2 m 2 n 3 m 3 FCT: Given enough resources, a deadlock is reachable T = 1 T = 1 T C = 1

54 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = 2 t = 2 and the call graph: n 1 n 2 m 1 1 m 2

55 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = 2 t = 2 and the call graph: n 1 n 2 m 1 1 m 2

56 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = 2 and the call graph: n 1 n 2 m 1 1 m 2

57 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = 2 and the call graph: n 1 n 2 m 1 1 m 2

58 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = and the call graph: n 1 n 2 m 1 1 m 2

59 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = 1 and the call graph: n 1 n 2 m 1 1 m 2

60 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = 1 t = 1 and the call graph: n 1 n 2 m 1 1 m 2

61 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = 1 and the call graph: n 1 n 2 m 1 1 m 2

62 How about liveness? Consider two nodes, with two resource each (T = T = 2): t = t = and the call graph: n 1 n 2 m 1 1 m 2

63 Revisiting the Invariant Lemma: The following is an invariant: The number of processes running methods with annotation i or higher is at most T i. act, i T i for all notes and i where act,i : number of active processes in with annotation i act, i = k i act,i

64 Revisiting the Invariant Lemma: The following is an invariant: The number of processes running methods with annotation i or higher is at most T i. act, i T i for all notes and i where act,i : number of active processes in with annotation i act, i = k i act,i The weakest precondition on allowing a request for n i ϕ = k { act, k T k if k > i act, k + 1 T k if k i

65 The Protocol Live-P i To execute n : [ ] when ϕ do act,i ++ n() act,i Theorem (Deadlock voidance): If α is acyclic, then Live-P guarantees absence of deadlock. Theorem (Liveness): If α is acyclic, then Live-P guarantees that every waiting process is eventually enabled.

66 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = 2 t = 2 Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

67 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = 2 t = 2 Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

68 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = t = 2 Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

69 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = t = 2 Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

70 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = t = Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

71 Live-P provides liveness Consider two nodes, with two resource each (T = T = 2): t = t = 1 Live-P asic-p n 1 n 2 n 1 n 2 m 1 1 m 2 m 1 1 m 2 act, act, 1

72 Conclusions Distributed Deadlock voidance is possible without communication... provided call-graphs are known Using static annotations + runtime protocols If cycles are allowed (e.g. by uncontrolled resource allocation), then deadlocks are unavoidable, provided enough resources Individual liveness is also enforceable Future work: is deadlock avoidance enforceable for any amount of initial resources? can this be adapted to composable conveyor systems?

73 Conclusions Distributed Deadlock voidance is possible without communication... provided call-graphs are known Using static annotations + runtime protocols If cycles are allowed (e.g. by uncontrolled resource allocation), then deadlocks are unavoidable, provided enough resources Individual liveness is also enforceable Future work: is deadlock avoidance enforceable for any amount of initial resources? can this be adapted to composable conveyor systems?

74 Distributed Dinning Philosphers Distributed voidance:???

75 Distributed Dinning Philosphers Distributed voidance:?? SOLUTION:?

76 Distributed Dinning Philosphers Distributed voidance:? 3 2 1?? SOLUTION: For your first pick, do not the take last fork if going in increasing order. For your second pick, do as you wish.

77 Questions Thank you for your attention!

On Efficient Distributed Deadlock Avoidance for Real-Time and Embedded Systems

On Efficient Distributed Deadlock Avoidance for Real-Time and Embedded Systems César Sánchez 1 Henny B. Sipma 1 Zohar Manna 1 Venkita Subramonian 2 Christopher Gill 2 1 Stanford University 2 Washington