unit3 complete
TRANSCRIPT
-
8/8/2019 UNIT3 Complete
1/66
DEADLOCKS
UNIT III
-
8/8/2019 UNIT3 Complete
2/66
1/4/2011 MD ISMAIL MJCET EED 2
The Deadlock Problem
A set of blocked processes each holding a
resource and waiting to acquire a resource
held by another process in the set. Example
System has 2 tape drives.
P1 and P2 each hold one tape drive and each
needs another one.
Example
semaphoresA and B, initialized to 1
-
8/8/2019 UNIT3 Complete
3/66
1/4/2011 MD ISMAIL MJCET EED 3
Bridge Crossing Example
Traffic only in one direction.
Each section of a bridge can be viewed as a
resource.
If a deadlock occurs, it can be resolved if onecar backs up (preempt resources and rollback).
Several cars may have to be backed up if a
deadlock occurs.
Starvation is possible.
-
8/8/2019 UNIT3 Complete
4/66
1/4/2011 MD ISMAIL MJCET EED 4
System Model
Resource types R1, R2, . . ., RmCPU cycles, memory space, I/O devices
Each resource type Ri has Wi instances. Each process utilizes a resource as follows:
request
use
release
-
8/8/2019 UNIT3 Complete
5/66
1/4/2011 MD ISMAIL MJCET EED 5
Deadlock Characterization
Mutual exclusion: only one process at a timecan use a resource.
Hold and wait: a process holding at least oneresource is waiting to acquire additionalresources held by other processes.
No preemption: a resource can be releasedonly voluntarily by the process holding it, afterthat process has completed its task.
Circular wait: there exists a set {P0, P1, , P0}of waiting processes such that P0is waiting for a
resource that is held by P1, P1 is waiting for aresource that is held by
P2, , Pn1 is waiting for a resource that is heldbyPn, and P0 is waiting for a resource that is held
by P0.
Deadlock can arise if four conditions hold simultaneously.
-
8/8/2019 UNIT3 Complete
6/66
1/4/2011 MD ISMAIL MJCET EED 6
Resource-Allocation Graph
V is partitioned into two types:
P= {P1, P2, , Pn}, the set consisting ofall the processes in the system.
R= {R1, R2, , Rm}, the set consisting of
all resource types in the system. request edge directed edge P1p Rj
assignment edge directed edge Rjp P
i
A set of vertices V and a set of edges E.
-
8/8/2019 UNIT3 Complete
7/66
1/4/2011 MD ISMAIL MJCET EED 7
Resource-Allocation Graph
(Cont.)
Process
Resource Type with 4 instances
Pirequests instance ofRj
Pi is holding an instance ofRj
Pi
PiRj
Rj
-
8/8/2019 UNIT3 Complete
8/66
1/4/2011 MD ISMAIL MJCET EED 8
Example of a Resource Allocation
Graph
P1R1,P2 R3,R1 P2, R2 P2,R2
P1,R3 P3
NOTE : IF the graph contains no cyclesThen no process in the system is deadlock
-
8/8/2019 UNIT3 Complete
9/66
1/4/2011 MD ISMAIL MJCET EED 9
Resource Allocation Graph With A
Deadlock
P1 R1 P2 R3 P3 R2 P1
P2 R3 P3 R2 P2
Two cycles exist
P1,P2&P3 are Deadlocked
-
8/8/2019 UNIT3 Complete
10/66
1/4/2011 MD ISMAIL MJCET EED 10
Resource Allocation Graph With ACycle But No
Deadlock
P1 R1 P3 R2 P1
There is cycle but no
Deadlock
-
8/8/2019 UNIT3 Complete
11/66
1/4/2011 MD ISMAIL MJCET EED 11
Basic Facts
If graph contains no cycles no deadlock.
If graph contains a cycle if only one instance per resource type, then
deadlock.
if several instances per resource type, possibility
of deadlock.
-
8/8/2019 UNIT3 Complete
12/66
1/4/2011 MD ISMAIL MJCET EED 12
Methods forHandling
Deadlocks
Ensure that the system will neverenter a
deadlock state.
Allow the system to enter a deadlock state
and then recover.
Ignore the problem and pretend thatdeadlocks never occur in the system; used by
most operating systems, including UNIX.
-
8/8/2019 UNIT3 Complete
13/66
1/4/2011 MD ISMAIL MJCET EED 13
Deadlock Prevention
Mutual Exclusion not required for sharable
resources; must hold for nonsharable
resources.
Hold and Wait must guarantee that whenever
a process requests a resource, it does not hold
any other resources.
Require process to request and be allocatedall its resources before it begins execution,
or allow process to request resources only
when the process has none.
Low resource utilization; starvation possible.
Restrain the ways request can be made.
-
8/8/2019 UNIT3 Complete
14/66
1/4/2011 MD ISMAIL MJCET EED 14
Deadlock Prevention (Cont.)
No Preemption If a process that is holding some resources requests
another resource that cannot be immediately
allocated to it, then all resources currently being held
are released.
Preempted resources are added to the list of
resources for which the process is waiting.
Process will be restarted only when it can regain its
old resources, as well as the new ones that it is
requesting.
Circular Wait impose a total ordering of all resource
types, and require that each process requests resources
in an increasing order of enumeration.
-
8/8/2019 UNIT3 Complete
15/66
1/4/2011 MD ISMAIL MJCET EED 15
Deadlock Avoidance
Simplest and most useful model requires that
each process declare the maximum numberof
resources of each type that it may need.
The deadlock-avoidance algorithm dynamically
examines the resource-allocation state to
ensure that there can never be a circular-wait
condition.
Resource-allocation state is defined by the
number of available and allocated resources,
and the maximum demands of the processes.
Requires that the system has some additional a priori informationavailable.
-
8/8/2019 UNIT3 Complete
16/66
1/4/2011 MD ISMAIL MJCET EED 16
Safe State
When a process requests an available
resource, system must decide if immediateallocation leaves the system in a safe state.
System is in safe state if there exists a safesequence of all processes.
Sequence is safe if for each Pi,the resources that Pican still request can besatisfied by currently available resources +resources held by all the P
j, with j
-
8/8/2019 UNIT3 Complete
17/66
1/4/2011 MD ISMAIL MJCET EED 17
Safe, Unsafe , Deadlock State
-
8/8/2019 UNIT3 Complete
18/66
1/4/2011 MD ISMAIL MJCET EED 18
Basic Facts
If a system is in safe state no deadlocks.
If a system is in unsafe state possibility ofdeadlock.
Avoidance ensure that a system will never
enter an unsafe state.
-
8/8/2019 UNIT3 Complete
19/66
1/4/2011 MD ISMAIL MJCET EED 19
Resource-Allocation Graph
Algorithm
Claim edge Pip Rj indicated
that process Pj may request
resource Rj; represented by a
dashed line.
Claim edge converts to request
edge when a process requests
a resource.
When a resource is releasedby a process, assignment edge
reconverts to a claim edge.
Resources must be claimed a
prioriin the system.
Resource-Allocation Graph
ForDeadlockAvoidance
Assignment
edge
Request
edge
Claim
edge
-
8/8/2019 UNIT3 Complete
20/66
1/4/2011 MD ISMAIL MJCET EED 20
Unsafe State In Resource-Allocation
Graph
In the above fig suppose that
process p2 requests R2
,although R2 is currently
free,we cannot allocate it to
P2,since this action will createa cycle in the graph.
A cycle indicates that the
system is in an unsafe state. If
P1 requests R2,and P2requests R1,then a dead lock
will occur
-
8/8/2019 UNIT3 Complete
21/66
1/4/2011 MD ISMAIL MJCET EED 21
Bankers Algorithm
Multiple instances.
Each process must a priori claim maximum
use.
When a process requests a resource it may
have to wait.
When a process gets all its resources it must
return them in a finite amount of time.
-
8/8/2019 UNIT3 Complete
22/66
1/4/2011 MD ISMAIL MJCET EED 22
Data Structures for the Bankers
Algorithm
Available: Vector of length m. If available [j] =k,
there are k instances of resource type Rjavailable.
Max: n x m matrix. IfMax[i,j] =k, then process
Pimay request at most kinstances of resource
type Rj.
Allocation: nx m matrix. IfAllocation[i,j] =k
then Pi is currently allocated k instances ofRj.
Need: n x m matrix. IfNeed[i,j] = k, then Pimayneed kmore instances ofRjto complete its
task.
Need[i,j]=Max[i,j] Allocation [i,j].
Let n = number of processes, and m = number of resources types.
-
8/8/2019 UNIT3 Complete
23/66
1/4/2011 MD ISMAIL MJCET EED 23
SafetyAlgorithm
1. Let Workand Finish be vectors of length m andn, respectively. Initialize:
Work=Available
Finish [i] = false fori- 1,3, , n.
2. Find and isuch that both:
(a) Finish [i] =false
(b) NeedieWork
If no such iexists, go to step 4.
3. Work=Work+AllocationiFinish[i] = truego to step 2.
4. IfFinish [i] == true for all i, then the system is ina safe state.
This algorithm is used to find whether the system is safe or not
-
8/8/2019 UNIT3 Complete
24/66
1/4/2011 MD ISMAIL MJCET EED 24
Resource-Request Algorithm for
Process Pi
Request= request vector for processPi. IfRequesti
[j] = kthen processPi wants kinstances of resourcetype Rj.1. IfRequesti e Needi go to step 2. Otherwise, raise
error condition, since process has exceeded itsmaximum claim.
2. IfRequesti e Available, go to step 3. OtherwisePi must wait, since resources are not available.
3. Pretend to allocate requested resources to Piby
modifying the state as follows:Available = Available = Requesti;
Allocationi = Allocationi + Requesti;
Needi = Needi Requesti If safe the resources are allocated to Pi If unsafe Pi must wait, and the old resource-
allocation state is restored
-
8/8/2019 UNIT3 Complete
25/66
1/4/2011 MD ISMAIL MJCET EED 25
Example ofBankers Algorithm
5 processes P0through P4; 3 resource typesA (10 instances), B (5instances, and C(7
instances).
Snapshot at time T0:
Allocation Max Available
A B C A B C A B C
P0 010 753 332
P1 200 322P2 302 902
P3 211 222
P4 002 433
-
8/8/2019 UNIT3 Complete
26/66
1/4/2011 MD ISMAIL MJCET EED 26
Example (Cont.) The content of the matrix. Need is defined to be
Max Allocation.
Need
A B C
P0 743
P1 122
P2 600
P3 011
P4 431
The system is in a safe state since the sequence
< P1, P3, P4, P2, P0> satisfies safety criteria.
-
8/8/2019 UNIT3 Complete
27/66
1/4/2011 MD ISMAIL MJCET EED 27
Example P1Request (1,0,2) (Cont.)
Check that Request e Available (that is, (1,0,2) e
(3,3,2) true.
Allocation Need Available
A B C A B C A B C
P0 010 743 230
P1 302 020
P2 301 600
P3 211 011
P4 002 431
Executing safety algorithm shows that sequence
satisfies safety requirement. request for (3,3,0) by P4 Cannot be granted,since the resources are
not available
request for (0,2,0) by P0Cannotbe granted,even though the
resources are available, since the resulting state is unsafe
-
8/8/2019 UNIT3 Complete
28/66
1/4/2011 MD ISMAIL MJCET EED 28
Deadlock Detection
Allow system to enter deadlock state
Detection algorithm
Recovery scheme
-
8/8/2019 UNIT3 Complete
29/66
1/4/2011 MD ISMAIL MJCET EED 29
ng e ns ance o ac
Resource Type
Maintain wait-forgraph
Nodes are processes.
Pip
PjifPi is waiting forPj.
Periodically invoke an algorithm that
searches for a cycle in the graph.
An algorithm to detect a cycle in a graph
requires an order ofn2 operations, where n is
the number of vertices in the graph.
-
8/8/2019 UNIT3 Complete
30/66
1/4/2011 MD ISMAIL MJCET EED 30
Resource-Allocation Graph and Wait-
for Graph
Resource-Allocation Graph Corresponding wait-for graph
-
8/8/2019 UNIT3 Complete
31/66
1/4/2011 MD ISMAIL MJCET EED 31
Several Instances of a
Resource Type
Available: A vector of length m indicates the
number of available resources of each type.
Allocation: An n x m matrix defines the numberof resources of each type currently allocated to
each process.
Request: An n x m matrix indicates the current
request of each process. IfRequest[ij] =k,then process Pi is requesting kmore instances
of resource type. Rj.
-
8/8/2019 UNIT3 Complete
32/66
1/4/2011 MD ISMAIL MJCET EED 32
Detection Algorithm
1.Let Workand Finish be vectors of length m
and n, respectively Initialize:
(a) Work=Available
(b) Fori=1,2, , n, ifAllocationi{ 0, then
Finish[i] = false;otherwise, Finish[i] =true.
2.Find an indexisuch that both:
(a) Finish[i] ==false(b)RequestieWork
If no such iexists, go to step 4.
-
8/8/2019 UNIT3 Complete
33/66
1/4/2011 MD ISMAIL MJCET EED 33
Detection Algorithm (Cont.)
3. Work=Work+AllocationiFinish[i] =truego to step 2.
4. IfFinish[i] == false, for some i, 1e ie n, then thesystem is in deadlock state. Moreover, ifFinish[i] ==false, then Pi is deadlocked.
Algorithm requires an order of O(m x n2)
operations to detect whether the systemis in deadlocked state.
-
8/8/2019 UNIT3 Complete
34/66
1/4/2011 MD ISMAIL MJCET EED 34
Example ofDetection
Algorithm Five processes P0 through P4; three resource types
A (7 instances), B (2 instances), and C(6 instances).
Snapshot at time T0:
Allocation Request Available
A B C A B C A B C
P0 010 000 000
P1 200 202
P2 303 000
P3 211 100P4 002 002
Sequence will result in Finish[i] =
true for all i.
-
8/8/2019 UNIT3 Complete
35/66
1/4/2011 MD ISMAIL MJCET EED 35
Example (Cont.)
P2 requests an additional instance of type C.Request
A B C
P0 000
P1 201
P2 001
P3 100
P4 002
State of system?
Can reclaim resources held by process P0, butinsufficient resources to fulfill other processes;
requests.
Deadlock exists, consisting of processes P1, P2, P3,
and P4.
-
8/8/2019 UNIT3 Complete
36/66
1/4/2011 MD ISMAIL MJCET EED 36
-
8/8/2019 UNIT3 Complete
37/66
1/4/2011 MD ISMAIL MJCET EED 37
Safe sequence: Safe sequence is calculated as follows:
1) Need of each process is compared with available. If needi < = availablej, then
the resources are allocated to that process and process will release resource.
2) If need is greater than available, next process need is taken for comparison.
3) In the above example, need of process PI is (7, 4, 3) and available is (3, 3, 2).
Need > = Available ie False
So system will move for next process.
4) Need for process P2 is (1, 2, 2) and available (3, 3, 2), soNeed < = Available (Work)
(1, 2, 2) < = (3, 3, 2) = True
Then Finish [i] = True
Request ofP2 is granted and processes P2 is release the resource to thesystem.
Work: =Work + Allocation
Work: = (3, 3, 2) + (2, 0, 0) = (5, 3, 2)
This procedure is continued for all processes.
-
8/8/2019 UNIT3 Complete
38/66
1/4/2011 MD ISMAIL MJCET EED 38
-
8/8/2019 UNIT3 Complete
39/66
1/4/2011 MD ISMAIL MJCET EED 39
-
8/8/2019 UNIT3 Complete
40/66
1/4/2011 MD ISMAIL MJCET EED 40
-
8/8/2019 UNIT3 Complete
41/66
1/4/2011 MD ISMAIL MJCET EED 41
-
8/8/2019 UNIT3 Complete
42/66
1/4/2011 MD ISMAIL MJCET EED 42
i) Is the current allocation in a safe state?
ii) can the request made by process P1(1,1,0)be granted?
R f D dl k P
-
8/8/2019 UNIT3 Complete
43/66
1/4/2011 MD ISMAIL MJCET EED 43
Recovery from Deadlock: Process
Termination
Abort all deadlocked processes.
Abort one process at a time until the deadlock cycle iseliminated.In which order should we choose to abort?
Priority of the process.
How long process has computed, and how muchlonger to completion.
Resources the process has used. Resources process needs to complete.
How many processes will need to be terminated.
Is process interactive or batch?
-
8/8/2019 UNIT3 Complete
44/66
1/4/2011 MD ISMAIL MJCET EED 44
Recovery from Deadlock: Resource
Preemption
Selecting a victim minimize cost.
Rollback return to some safe state, restartprocess for that state.
Starvation same process may always be
picked as victim, include number of rollbackin cost factor.
-
8/8/2019 UNIT3 Complete
45/66
1/4/2011 MD ISMAIL MJCET EED 45
Combined Approach to Deadlock
Handling
Combine the three basic approaches prevention
avoidance
detectionallowing the use of the optimal approach for
each of resources in the system.
Partition resources into hierarchically ordered
classes.
Use most appropriate technique for handling
deadlocks within each class.
-
8/8/2019 UNIT3 Complete
46/66
1/4/2011 MD ISMAIL MJCET EED 46
Protection
Goals ofProtection
Domain ofProtection
Access Matrix Implementation ofAccess Matrix
-
8/8/2019 UNIT3 Complete
47/66
1/4/2011 MD ISMAIL MJCET EED 47
Protection
Operating system consists of a collection ofobjects, hardware or software
Each object has a unique name and can be
accessed through a well-defined set of
operations.
Protection problem - ensure that each objectis accessed correctly and only by thoseprocesses that are allowed to do so.
-
8/8/2019 UNIT3 Complete
48/66
1/4/2011 MD ISMAIL MJCET EED 48
Domain Structure
Access-right =
where rights-setis a subset of all valid
operations that can be performed on the
object.
Domain = set of access-rights
-
8/8/2019 UNIT3 Complete
49/66
1/4/2011 MD ISMAIL MJCET EED 49
Access Matrix
View protection as a matrix (access matrix)
Rows represent domains
Columns represent objects
Access(i, j) is the set of operations that a
process executing in Domaini can invoke on
Objectj
-
8/8/2019 UNIT3 Complete
50/66
1/4/2011 MD ISMAIL MJCET EED 50
Access Matrix
FigureA
-
8/8/2019 UNIT3 Complete
51/66
1/4/2011 MD ISMAIL MJCET EED 51
Use ofAccess Matrix If a process in Domain Di tries to do op on
object Oj, then op must be in the access
matrix.
Can be expanded to dynamic protection.
Operations to add, delete access rights.
Special access rights:
owner of Oi
copy op from Oi to Oj
control Dican modifyDj access rights
transfer switch from domain Di to Dj
-
8/8/2019 UNIT3 Complete
52/66
1/4/2011 MD ISMAIL MJCET EED 52
Use ofAccess Matrix (Cont.)
Access matrix design separates mechanism
from policy.
Mechanism
Operating system provides access-matrix + rules.
If ensures that the matrix is only manipulated by
authorized agents and that rules are strictly enforced.
Policy
User dictates policy.
Who can access what object and in what mode.
-
8/8/2019 UNIT3 Complete
53/66
1/4/2011 MD ISMAIL MJCET EED 53
Implementation ofAccess Matrix
Each column =Access-control list for
one objectDefines who can perform what
operation.
Domain 1=Read, Write
Domain 2=Read
Domain 3=Read
Each Row =Capability List (like a key)
Fore each domain, what operationsallowed on what objects.
Object 1 Read
Object 4 Read,Write, Execute
Object 5 Read,Write, Delete, Copy
f
-
8/8/2019 UNIT3 Complete
54/66
1/4/2011 MD ISMAIL MJCET EED 54
Access Matrix of Figure A With Domains
as Objects
Figure B
-
8/8/2019 UNIT3 Complete
55/66
-
8/8/2019 UNIT3 Complete
56/66
1/4/2011 MD ISMAIL MJCET EED 56
Access Matrix With Owner
Rights
-
8/8/2019 UNIT3 Complete
57/66
1/4/2011 MD ISMAIL MJCET EED 57
Security
The Security Problem
Authentication
Program Threats System Threats
Encryption
-
8/8/2019 UNIT3 Complete
58/66
1/4/2011 MD ISMAIL MJCET EED 58
The Security Problem
Security must consider external environment
of the system, and protect it from:
unauthorized access.
malicious modification or destruction
accidental introduction of inconsistency.
Easier to protect against accidental thanmalicious misuse.
-
8/8/2019 UNIT3 Complete
59/66
1/4/2011 MD ISMAIL MJCET EED 59
Authentication User identity most often established through
passwords, can be considered a special caseof either keys or capabilities.
Passwords must be kept secret. Frequent change of passwords.
Use of non-guessable passwords.
Log all invalid access attempts.
Passwords may also either be encrypted or
allowed to be used only once.
-
8/8/2019 UNIT3 Complete
60/66
1/4/2011 MD ISMAIL MJCET EED 60
Program Threats Trojan Horse
Code segment that misuses its environment. Exploits mechanisms for allowing programs
written by users to be executed by other users.
Trap Door Specific user identifier or password that
circumvents normal security procedures.
Could be included in a compiler.
Stack and BufferOverflow Exploits a bug in a program (overflow either the
stack or memory buffers.)
-
8/8/2019 UNIT3 Complete
61/66
1/4/2011 MD ISMAIL MJCET EED 61
System Threats Worms use spawn mechanism; standalone program
Internet worm Exploited UNIX networking features (remote access) and
bugs in fingerand sendmailprograms.
Grappling hook program uploaded main worm program.
Viruses fragment of code embedded in alegitimate program.
Mainly effect microcomputer systems.
Downloading viral programs from public bulletin boards or
exchanging floppy disks containing an infection. Safe computing.
Denial of Service
Overload the targeted computer preventing it from doing
any useful work.
-
8/8/2019 UNIT3 Complete
62/66
1/4/2011 MD ISMAIL MJCET EED 62
Threat Monitoring
Check for suspicious patterns of activity i.e., several incorrect password attempts may
signal password guessing.
Audit log records the time, user, and type of
all accesses to an object; useful for recovery
from a violation and developing better
security measures.
Scan the system periodically for securityholes; done when the computer is relatively
unused.
-
8/8/2019 UNIT3 Complete
63/66
1/4/2011 MD ISMAIL MJCET EED 63
Threat Monitoring (Cont.)
Check for:
Short or easy-to-guess passwords
Unauthorized set-uid programs
Unauthorized programs in system directories
Unexpected long-running processes Improper directory protections
Improper protections on system data files
Dangerous entries in the program search path
(Trojan horse)
Changes to system programs: monitor checksum
values
Encryption
-
8/8/2019 UNIT3 Complete
64/66
1/4/2011 MD ISMAIL MJCET EED 64
Encryption
Encrypt clear text into cipher text.
Properties of good encryption technique: Relatively simple for authorized users to incrypt and
decrypt data.
Encryption scheme depends not on the secrecy of the
algorithm but on a parameter of the algorithm calledthe encryption key.
Extremely difficult for an intruder to determine the
encryption key.
Data Encryption Standardsubstitutes charactersand rearranges their order on the basis of an encryption
key provided to authorized users via a secure
mechanism. Scheme only as secure as the mechanism.
Encryption (Cont )
-
8/8/2019 UNIT3 Complete
65/66
1/4/2011 MD ISMAIL MJCET EED 65
Encryption (Cont.) Public-key encryption based on each user
having two keys:
public key published key used to encrypt data.
private key key known only to individual user
used to decrypt data.
Must be an encryption scheme that can bemade public without making it easy to figure
out the decryption scheme.
Efficient algorithm for testing whether or not a
number is prime.
No efficient algorithm is know for finding the
prime factors of a number.
Encryption Example SSL
-
8/8/2019 UNIT3 Complete
66/66
1/4/2011 MD ISMAIL MJCET EED 66
Encryption Example - SSL
SSL Secure Socket Layer
Cryptographic protocol that limits two
computers to only exchange messages with
each other.
Used between web servers and browsers for secure
communication (credit card numbers)
The server is verified with a certificate.
Communication between each computers uses
symmetric key cryptography.