ucdavis, ecs150 spring 2006 04/21/2006ecs150, spring 20061 operating system ecs150 spring 2006 :...

04/21/2006 ecs150, spring 2006 1

UCDavis, ecs150Spring 2006

ecs150 Spring 2006:Operating SystemOperating System#3: Priority Inversion(paper)

Dr. S. Felix Wu

Computer Science Department

University of California, Davishttp://www.cs.ucdavis.edu/~wu/

[email protected]

04/21/2006 ecs150, spring 2006 2

UCDavis, ecs150Winter 2006 Priority SchedulingPriority Scheduling

A priority number (integer) is associated with each process

The CPU is allocated to the process with the highest priority (smallest integer highest priority).

– Preemptive

– Non-preemptive SJF is a priority scheduling scheme where

priority is the predicted next CPU burst time. FCFS is a priority scheduling scheme where

priority is the arrival time. Lottery scheduling is a probabilistic priority

scheduling scheme where the priority is the ticket number.

04/21/2006 ecs150, spring 2006 3

UCDavis, ecs150Winter 2006

““Fixed” PriorityFixed” Priority

What is it?– The process sticks with the origin assigned priority.

A good or bad idea?– Have we learned the lesson from HW#2?

What other possible policy?– Dynamic policy.

Problem Starvation – low priority processes may never execute.

Solution Aging – as time progresses increase the priority of the process.

04/21/2006 ecs150, spring 2006 4


1

0

0

1

0

1

::.

256 different priorities64 scheduling classes

RR

04/21/2006 ecs150, spring 2006 5


Real-Time SchedulingReal-Time Scheduling Hard real-time systems – required to complete a

critical task within a guaranteed amount of time.– Resource reservation- guarantees on time completion or

rejects process

Soft real-time computing – requires that critical processes receive priority over less fortunate ones.

04/21/2006 ecs150, spring 2006 6


Unexpected EffectsUnexpected Effectsbetween two OS control mechanismsbetween two OS control mechanisms

Real-time priority scheduling– Responsiveness: if a higher priority thread

appears, serve it asap. Mutual exclusion

– Integrity: if a higher priority thread wants to enter a critical section being hold by a lower priority thread, it has to wait for the lower priority thread to leave “the critical section”.

04/21/2006 ecs150, spring 2006 7


pthread_mutex_lock

pthread_mutex_unlock

1

0

0

1

0

1

::.

256 different priorities64 scheduling classes

RR

04/21/2006 ecs150, spring 2006 8


Real-Time ThreadsReal-Time Threads

Thread τ1 L L L Rx L

Thread τ2 L L ... L

Thread τ3 L L L Rx L ... L

L: local CPU burst R: resource required (Mutual Exclusion)

04/21/2006 ecs150, spring 2006 9


ExampleExample

Suppose that threads τ1 and τ3 share some data.

Access to the data is restricted using semaphore x:– each task executes the following code:

do local work (L) sem_wait(s) (P(x))

– access shared resource (R) sem_signal(s) (V(x)) do more local work (L)

04/21/2006 ecs150, spring 2006 10

UCDavis, ecs150Winter 2006 BlockingBlocking

τ2

τ3

t0 t+3 t+4

RL L L R

R L τ1

t+6

L L L

Blocked!

04/21/2006 ecs150, spring 2006 11

UCDavis, ecs150Winter 2006 The middle thread

τ2

τ3

t0 t+3

L L L R

τ1 L L L

Blocked!

t+2

04/21/2006 ecs150, spring 2006 12

UCDavis, ecs150Winter 2006 Unbounded Priority InversionUnbounded Priority Inversion

τ2

τ3

t0 t+3 t+253

RL L L R

R L τ1

t+254

L L L

...L L

Blocked!

t+2

04/21/2006 ecs150, spring 2006 13

UCDavis, ecs150Winter 2006 Unbounded Priority InversionUnbounded Priority Inversion

τ2-1

τ3

t0 t+3 t+2530

RL L L R

R L τ1

t+2 t+2540

L L L

L

Blocked!

τ2-2

τ2-n

L

L

04/21/2006 ecs150, spring 2006 14


The problem..The problem..

Do we have Priority Inversion in the FreeBSD kernel with XYZ scheduling policy?

As long as we have priority and mutual exclusion at the same time, we will have some form of priority inversion.

How to resolve it? trade-off?

04/21/2006 ecs150, spring 2006 15

UCDavis, ecs150Winter 2006 Priority InheritancePriority Inheritance

τ2

τ3

t0 t+3 t+4

L ... L

L L L R

R L τ1

t+2 t+6

L L L

R

Blocked!

dynamic 3 = 1

L ... L

04/21/2006 ecs150, spring 2006 16


Priority Inheritance ProtocolsPriority Inheritance Protocols

L. Sha, R. Rajkumar, J. Lehoczky, “Priority Inheritance Protocols: An Approach to Real-Time Synchronization”, IEEE Transactions on Computers, Vol. 39, No. 9, pp. 1175-1185, 1990

04/21/2006 ecs150, spring 2006 17


The MARS Pathfinder ProblemThe MARS Pathfinder Problem“But a few days into the mission, not long after Pathfinder started gathering meteorological data, the spacecraft began experiencing total system resets, each resulting in losses of data. The press reported these failures in terms such as "software glitches" and "the computer was trying to do too many things at once".” …

04/21/2006 ecs150, spring 2006 18


The MARS Pathfinder ProblemThe MARS Pathfinder Problem“VxWorks provides preemptive priority scheduling of threads. Tasks on the Pathfinder spacecraft were executed as threads with priorities that were assigned in the usual manner reflecting the relative urgency of these tasks.”“Pathfinder contained an "information bus", which you can think of as a shared memory area used for passing information between different components of the spacecraft. A bus management task ran frequently with high priority to move certain kinds of data in and out of the information bus. Access to the bus was synchronized with mutual exclusion locks (mutexes).”

04/21/2006 ecs150, spring 2006 19


“The meteorological data gathering task ran as an infrequent, low priority thread, and used the information bus to publish its data. When publishing its data, it would acquire a mutex, do writes to the bus, and release the mutex. If an interrupt caused the information bus thread to be scheduled while this mutex was held, and if the information bus thread then attempted to acquire this same mutex in order to retrieve published data, this would cause it to block on the mutex, waiting until the meteorological thread released the mutex before it could continue. The spacecraft also contained a communications task that ran with medium priority.”

High priority: retrieval of data from shared memoryMedium priority: communications taskLow priority: thread collecting meteorological data

04/21/2006 ecs150, spring 2006 20


“Most of the time this combination worked fine. However, very infrequently it was possible for an interrupt to occur that caused the (medium priority) communications task to be scheduled during the short interval while the (high priority) information bus thread was blocked waiting for the (low priority) meteorological data thread. In this case, the long-running communications task, having higher priority than the meteorological task, would prevent it from running, consequently preventing the blocked information bus task from running. After some time had passed, a watchdog timer would go off, notice that the data bus task had not been executed for some time, conclude that something had gone drastically wrong, and initiate a total system reset. This scenario is a classic case of priority inversion.”

04/21/2006 ecs150, spring 2006 21


Priority inheritance also solved the Mars Pathfinder problem: the VxWorks operating system used in the pathfinder implements a flag for the calls to mutex primitives. This flag allows priority inheritance to be set to “on”. When the software was shipped, it was set to “off”.

The problem on Mars was corrected by using the debugging facilities of VxWorks to change the flag to “on”, while the Pathfinder was already on the Mars [Jones, 1997].

The problem on Mars was corrected by using the debugging facilities of VxWorks to change the flag to “on”, while the Pathfinder was already on the Mars [Jones, 1997].

04/21/2006 ecs150, spring 2006 22


Basic Priority InheritanceBasic Priority Inheritance For each resource (semaphore), a list of blocked

threads must be stored in a priority queue. A thread τi uses its assigned priority, unless it is in

its critical section and blocks some higher priority threads, in which case, thread τi uses ( inherits ) the highest dynamic priority of all the threads it blocks.

Priority inheritance is transitive; that is, if thread τi

blocks τj and τj blocks τk , then τi can inherit the priority of τk.

04/21/2006 ecs150, spring 2006 23

UCDavis, ecs150Winter 2006 mutex priority inheritancemutex priority inheritance

pthread_mutex_lock


t t t

waiting queue

t

priority

04/21/2006 ecs150, spring 2006 24


pthread_mutex_lock


M1 t t t

waiting queue

t

priority

pthread_mutex_lock


M2 t t t

waiting queue

priority

04/21/2006 ecs150, spring 2006 25

UCDavis, ecs150Winter 2006 Transitive PriorityTransitive Priority

pthread_mutex_lock


M1 t t t

waiting queue

tpriority

pthread_mutex_lock


M2 t t

waiting queue

t

priority

04/21/2006 ecs150, spring 2006 26


Types of BlockingTypes of Blocking

Direct - thread τ1 and τ2 use a shared resource. If the low priority thread is in its critical section, then it directly blocks the high priority thread.

Indirect (push-through) - if a low priority thread inherits the priority of a high priority thread, a medium priority thread can be blocked while the low priority thread is in its critical section.

04/21/2006 ecs150, spring 2006 27


Properties of Priority Properties of Priority InheritanceInheritance

Under the basic priority inheritance protocol, if there are m semaphores that can block a thread J, then J can be blocked at most m times; i.e., on each semaphore at most once.

04/21/2006 ecs150, spring 2006 28


Any Problems with the basic Any Problems with the basic Priority Inheritance Protocol?Priority Inheritance Protocol?

???

04/21/2006 ecs150, spring 2006 29

UCDavis, ecs150Winter 2006 ProblemsProblems

The Basic Priority Inheritance Protocol has two problems:– Deadlock - two threads need to access a pair of

shared resources simultaneously. If the resources, say A and B, are accessed in opposite orders by each thread, then deadlock may occur.

– Blocking Chain - the blocking duration is bounded (by at most the sum of critical section times), but that may be substantial.

04/21/2006 ecs150, spring 2006 30


pthread_mutex_lock


M1 t t t

waiting queue

tpriority

pthread_mutex_lock


M2 t t t

waiting queue

priority

t

04/21/2006 ecs150, spring 2006 31


Blocking Chain ExampleBlocking Chain Example

Task 1 : L R2 L R3 L R4 L ... L Rn L, 2(n-1)

Task 2 : L R2 R2, 2(n-2)

Task 3 : L R3 R3, 2(n-3)

Task 4 : L R4 R4, 2(n-4) ... Task n-1 : L Rn-1 Rn-1, 2(n-(n-

1)) Task n : L Rn Rn, 2(n-n)

starting time

04/21/2006 ecs150, spring 2006 32


Blocking ChainBlocking Chain

τ2

τn

0

L Rn

τ1

Rn

Rn L

L R2 R2

Blocked!

L R2 L

Blocked!

04/21/2006 ecs150, spring 2006 33


Different Timing?Different Timing?

τ2

τn

0

L Rn

τ1

Rn

Rn L

L R2 R2

Blocked!

L R2 L

Blocked!

???

04/21/2006 ecs150, spring 2006 34


Different Timing??Different Timing??

Task 1 : L R2 L R3 L R4 L ... L Rn L, 2(n-1)

Task 2 : L R2 R2, 2(n-n)

Task 3 : L R3 R3, 2(n-(n-1))

Task 4 : L R4 R4, 2(n-(n-2)) ... Task n-1 : L Rn-1 Rn-1, 2(n-3)

Task n : L Rn Rn, 2(n-2)

starting time

How many times Task 1 will be blocked?

04/21/2006 ecs150, spring 2006 35


Priority Ceiling Protocols (PCP)Priority Ceiling Protocols (PCP) A higher priority thread can be blocked

at most once, in its life time, by one lower priority thread.

Deadlocks are prevented/avoided (?!). Transitive inheritance is prevented.

Are they really critical?

04/21/2006 ecs150, spring 2006 36


PCPPCP

How do we accomplish these goals intuitively?

04/21/2006 ecs150, spring 2006 37


Locking a MutexLocking a Mutex If the “mutex M” is available and “thread

T” needs it , should T lock it?

pthread_mutex_lock


tMutex??Mutex + Priority Inheritance??

04/21/2006 ecs150, spring 2006 38


Risk for Locking a MutexRisk for Locking a Mutex If the “mutex M” is available and “thread

T” needs it , should T lock it?

pthread_mutex_lock


t

tChecking before Locking it!!

We don’t know whether the high priority thread will occur in the next X seconds!

But, does it matter?

04/21/2006 ecs150, spring 2006 39


““Checking” What??Checking” What??

04/21/2006 ecs150, spring 2006 40


““Checking” What??Checking” What??

What is our goal?– High priority thread will be blocked at most

once.– We will allow blocking ONCE.

Idea of the check:– If we are the first Mutex, we lock it.– If we are not the first, we will not.

But, how to design/implement this idea?

04/21/2006 ecs150, spring 2006 41


PCPPCP The protocol uses the notion of a system-wide

mutex ceiling priority. Each thread has a static default priority

assigned. Each resource (mutex) has a static ceiling

priority defined to be the maximum static priority of any thread that uses it.

Each thread has a dynamic priority equal to the maximum of its own default priority and any priority it inherits due to blocking a higher priority thread.

04/21/2006 ecs150, spring 2006 42

UCDavis, ecs150Winter 2006 mutex priority ceilingmutex priority ceiling

pthread_mutex_lock


t t t

potential customers

PC

priority

A preventive action(could be unnecessary though)

04/21/2006 ecs150, spring 2006 43

UCDavis, ecs150Winter 2006 PCPPCP

At run-time, if a thread wants to lock a mutex, its priority must be strictly higher than the ceilings of all mutexes currently locked by other threads (unless it is the thread holding the lock on the mutex with the highest ceiling).

If this condition is not satisfied, then the thread is blocked.

When a thread is blocked on a mutex, the thread currently holding the waited mutex inherits the priority of the blocked thread.

04/21/2006 ecs150, spring 2006 44

UCDavis, ecs150Winter 2006 Priority CeilingPriority Ceiling

Should I get it?Should I get it?

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t2

???4 thread t4

2 thread t3

2

4

04/21/2006 ecs150, spring 2006 45

UCDavis, ecs150Winter 2006 Mutex/PIPMutex/PIP

Get it as long as it is available!Get it as long as it is available!

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t2

YES4 thread t4

1 thread t3

2

4

04/21/2006 ecs150, spring 2006 46


Not so FastNot so Fast

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t2

NO4 thread t4

1 thread t3

2

4

04/21/2006 ecs150, spring 2006 47


Not so FastNot so Fast

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t2

NO4 thread t4

2 thread t3

3

4

04/21/2006 ecs150, spring 2006 48


How about???How about???

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t2

??4 thread t4

2 thread t2

3

4

04/21/2006 ecs150, spring 2006 49

UCDavis, ecs150Winter 2006 PCP mutex blockingPCP mutex blocking

PC

PC

PC

PC

PC

PC

PC

PC

lockedunlocked

MaxPCvalue

thread t1

??thread t2

thread t3

04/21/2006 ecs150, spring 2006 50


Are we sure about the claim of Are we sure about the claim of PCP?PCP?

A higher priority thread can be blocked at most once, in its life time, by one lower priority thread.

Deadlocks are prevented/avoided.

Try to find a “Counter Example” to show that PCP’s claim is FALSE!!

04/21/2006 ecs150, spring 2006 51


4

3

2

1

0 2 4 6 8 10 12 14 16 18Executing

Executing with Q locked

Preempted

Executing with V locked

Blocked

Tasks

Ceiling-driven IndirectlyBlocked

04/21/2006 ecs150, spring 2006 52


4

3

2

1

0 2 4 6 8 10 12 14 16 18Executing


Preempted


Blocked

Priority Inversion


04/21/2006 ecs150, spring 2006 53


4

3

2

1

0 2 4 6 8 10 12 14 16 18Executing


Preempted


Blocked

Priority Inversion Area


04/21/2006 ecs150, spring 2006 54


1114

3

2

1

0 2 4 6 8 10 12 14 16 18

Process

1

Basic Priority Inheritance

04/21/2006 ecs150, spring 2006 55


22 124

3

2

1

0 2 4 6 8 10 12 14 16 18

Process

1

Priority Ceiling1 1

locked

04/21/2006 ecs150, spring 2006 56


22 224

3

2

1

0 2 4 6 8 10 12 14 16 18

Process

1

Priority Ceiling (1 delay)1 1

locked

04/21/2006 ecs150, spring 2006 57


Can we do better??Can we do better??

04/21/2006 ecs150, spring 2006 58


1111a

b

c

d

0 2 4 6 8 10 12 14 16 18

process

11

Priority Ceiling Emulation1 1

04/21/2006 ecs150, spring 2006 59

UCDavis, ecs150Winter 2006 Priority Ceiling EmulationPriority Ceiling Emulation

Each thread has a static (base) default priority assigned (perhaps by the deadline monotonic scheme).

Each resource has a static ceiling value defined, this is the maximum priority of the threads that use it.

A thread has a dynamic (active) priority that is the maximum of its own static priority and the ceiling values of any resources it has locked

As a consequence, a thread will only suffer a block at the very beginning of its execution

Once the thread starts actually executing, all the resources it needs must be free; if they were not, then some thread would have an equal or higher priority and the thread’s execution would be postponed

04/21/2006 ecs150, spring 2006 60

UCDavis, ecs150Winter 2006 Semaphore RequirementsSemaphore Requirements

Threads must lock and unlock semaphores in a “nested” or “pyramid” fashion:– Let P(S) = L(S) = lock(S) = sem_wait(S).

– Let V(S) = U(S) = unlock(S) = sem_signal(S).

– Example: P(s1);P(s2);P(s3);...;V(s3);V(s2);V(s1);

s1

s2

s3

04/21/2006 ecs150, spring 2006 61


J, Pri(J) = 1 I, Pri(I) = 120

J,80% I J I

I J J J I J J J J J J J I J J J J I J J

04/21/2006 ecs150, spring 2006 62


Lottery Ticket SharingLottery Ticket Sharing

If task I is blocked by task J, all I’s tickets will be used by J until the block is gone.

04/21/2006 ecs150, spring 2006 63


LT Sharing vs. PILT Sharing vs. PI

LTS: summation of tickets for ALL waiting processes.– With Lottery Tickets, we can ADD “priority

quantities” together. PI: the highest priority among ALL waiting

processes.– What is the semantic meaning of “adding”

priorities together?

04/21/2006 ecs150, spring 2006 64


4

3

2

1

0 2 4 6 8 10 12 14 16 18

priority

time

4

3

2

1

0 2 4 6 8 10 12 14 16 18

priority

time

04/21/2006 ecs150, spring 2006 65


4

3

2

1

0 2 4 6 8 10 12 14 16 18

priority

time

e e V Q e F

e e Q Q e F

e e e F

e V V V e F

ucdavis, ecs150 spring 2006 04/21/2006ecs150, spring 20061 operating system ecs150 spring 2006 :...

Documents