# Peterson's lock: A derivation

- Combines ideas from Like-to and Selfless locks
- Two variables:
  - $\ \square \ in_i$ : thread  $T_i$  is executing in CS, or trying to do so
  - $utrn: id of thread allowed to enter CS under contention (<math>turn = i \Leftrightarrow victim = 1 i$ )

28

# Establishing mutual exclusion Claim: If the following invariant holds when $T_i$ is in CS, so does mutual exclusion $in_i \wedge (\neg in_j \vee (in_j \wedge turn = i))$ $in_i$ wants to enter CS $in_j$ does not desire to enter CS $in_j$ wants to enter CS, but it is $in_i$ 's turn

# Establishing mutual exclusion

Claim: If the following invariant holds when T<sub>i</sub> is in CS, so does mutual exclusion

$$in_i \wedge (\neg in_j \vee (in_j \wedge turn = i))$$
  $\uparrow$   $\uparrow$   $\downarrow$   $in_j$  wants to enter CS  $in_j$  does not desire to enter CS but it is  $in_i$ 's turn

- Why?
  - $\hfill\Box$  If we instantiate the invariant for both  $T_1$  and  $T_2...$
  - □ ...and take the conjunction of the two invariants (i.e., assume both threads in CS)...
  - $\ \square$  ...it boils down to  $(turn=0 \land turn=1)=false$

### Towards a solution

The problem then reduces to establishing the following:

$$in_i \wedge (\neg in_j \vee (in_j \wedge turn = i)) = in_i \wedge (\neg in_j \vee turn = i)$$

How can we do that?

30

# Towards a solution The problem then boils down to establishing the following: $in_i \wedge (\neg in_j \vee (in_j \wedge turn = i)) = in_i \wedge (\neg in_j \vee turn = i)$ How can we do that? $lock.acquire() : in_i := true \\ \text{while } (in_j \wedge turn \neq i);$ If we can get past this loop, $(\neg in_j \vee turn \neq i)$ must hold!

```
Establishing the invariant
  Thread To
                                               Thread T<sub>1</sub>
while(!terminate) {
                                            while(!terminate) {
                                              in_1 := true
  in_0 := true
                                              \{in_1\}
                                              while (in_0 \wedge turn \neq 1);
  while (in_1 \wedge turn \neq 0);
  \{in_0 \wedge (\neg in_1 \vee turn = 0)\}
                                              \{in_1 \wedge (\neg in_0 \vee turn = 1)\}
  CS_0
                                               CS_1
                                               in_1 := false
  in_0 := false
                                               NCS_1
   NCS_0
```

# Establishing the invariant

 $\odot$  Add assignment to turn to establish second disjunct

```
\begin{array}{lll} \textbf{Thread} \ \textbf{T_0} & \textbf{Thread} \ \textbf{T_1} \\ \textbf{while}(!\mathsf{terminate}) \ \{ & in_0 := true \\ \{in_0\} & \{in_1\} \\ & turn := 0 \\ \textbf{while} \ (in_1 \land turn \neq 0); & \text{while} \ (in_0 \land turn \neq 1); \\ \{in_0 \land (\neg in_1 \lor turn = 0)\} & \{in_1 \land (\neg in_0 \lor turn = 1)\} \\ CS_0 & CS_1 \\ & \cdots \\ & in_0 := false \\ & NCS_0 \\ \} & \\ \\ NCS_0 & NCS_1 \\ \end{array}
```

# Establishing the invariant

lacktriangle Add assignment to turn to establish second disjunct

```
Thread To
                                                    Thread Ti
while(!terminate) {
                                                 while(!terminate) {
                                                   in_1 := true
  in_0 := true
  \{in_0\}
                                                   \{in_1\}
                                                   turn := 0
  turn := 1
                                                   while (in_0 \wedge turn \neq 1);
  while (in_1 \wedge turn \neq 0);
  \{in_0 \wedge (\neg in_1 \vee turn = 0)\}
                                                   \{in_1 \wedge (\neg in_0 \vee turn = 1)\}
  CS_0
                                                    CS_1
                                                    in_1 := false
  in_0 := false
                                                    NCS_1
   NCS_0
```

# Are we there yet? Thread To Thread T1 Tis powhile(!terminate) {

```
\begin{array}{lll} \text{while}(!\text{terminate}) \ \{ & in_0 := true \\ & in_0 \} \\ & turn := 1 \\ & \text{while} \ (in_1 \wedge turn \neq 0); \\ & \{i \text{lin} \wedge (\neg in_0 \vee turn \neq 1); \\ \{i \text{lin} \wedge (\neg in_0 \vee turn \neq 1)\} \\ & CS_0 \\ & \cdots \\ & in_0 := false \\ & NCS_0 \\ \} \end{array}
```

```
...and we are gold!
     Thread To
                                                      Thread T<sub>1</sub>
  while(!terminate) {
                                                   while(!terminate) {
                                                     in_1 := true
     in_0 := true
                                                     \{in_1\}
\alpha_0 \ turn := 1
                                                \alpha_1 turn := 0
                                                      while (in_0 \wedge turn \neq 1);
     while (in_1 \wedge turn \neq 0);
   \{in_0 \wedge (\neg in_1 \vee turn = 0 \vee at(\alpha_1))\}\
                                                   \{in_1 \wedge (\neg in_0 \vee turn = 1 \vee at(\alpha_0))\}\
     CS_0
                                                      CS_1
                                                      in_1 := false
     in_0 := false
                                                      NCS_1
     NCS_0
```

# Peterson: Safety

```
Thread To
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Thread Ti
                                                        while(!terminate) {
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            while(!terminate) {
                                                                               in_0 := true
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    in_1 := true
                                                                             \{in_0\}
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    \{in_1\}
                                             \alpha_0 \ turn = 1
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               \alpha_1 turn = 0
                                                                               while (in_1 \wedge turn \neq 0);
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      while (in_0 \wedge turn \neq 1)
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      \{in_1 \wedge (\neg in_0 \vee turn = 1 \vee at(\alpha_0))\}\
                                                                                            CS_0
                                                                                        in_0 = false If both in the critical isection, then:
in_0 \wedge (\neg in_1 \vee turn = 0 \vee at(\alpha_1)) \wedge in_1 \wedge (\neg in_0 \vee turn = 1 \vee at(\alpha_0)) \wedge \neg at(\alpha_0) \wedge \neg at(\alpha_1) = 1 \vee at(\alpha_0) \wedge \neg at(\alpha_0
                                                                                                                                                                                                                                                                                                                =(turn=0) \wedge (turn=1) = false
```

## Peterson: Non-blocking

```
while(!terminate) {
                                                               while(!terminate) {
   \{R_1: \neg in_0 \land (turn = 1 \lor turn = 0)\}
                                                                 \{S_1: \neg in_1 \land (turn = 1 \lor turn = 0)\}
    in_0 = true
                                                                  in_1 := true
                                                              \alpha_1 \ turn := 0
\alpha_0 turn = 1
    \{R_2\}
                                                                  \{S_2\}
                                                       T_1's PC while (in_0 \wedge turn \neq 1);
    while (in_1 \wedge turn \neq 0):
    \{R_3: in_0 \wedge (\neg in_1 \vee turn = 0 \vee at(\alpha_1))\}
                                                                  \{S_3: in_1 \wedge (\neg in_0 \vee turn = 1 \vee at(\alpha_0))\}
    CS_0
    \{R_3\}
                                                                  \{S_3\}
    in_0 = false
                                                                   in_1 = false
    \{R_1\}
                                                                   \{S_1\}
                                                                  NCS_1
              Blocking Scenario: To before NCSo, To stuck at while loop
             R_1 \wedge S_2 \wedge in_0 \wedge (turn = 0) = \neg in_0 \wedge in_1 \wedge in_0 \wedge (turn = 0) = false
```

### Peterson: Deadlock-free while(!terminate) { while(!terminate) { $\{R_1: \neg in_0 \land (turn = 1 \lor turn = 0)\}$ $\{S_1: \neg in_1 \land (turn = 1 \lor turn = 0)\}$ $in_1 := true$ $\{R_2: in_0 \wedge (turn = 1 \vee turn = 0)\}$ $\{S_2: in_1 \wedge (turn = 1 \vee turn = 0)\}$ $\alpha_0 \ turn = 1$ $\alpha_1 \ turn := 0$ $\{R_2\}$ $\{S_2\}$ To's PC while $(in_1 \wedge turn \neq 0)$ ; $T_1$ 's PC while $(in_0 \wedge turn \neq 1)$ ; $\{R_3: in_0 \wedge (\neg in_1 \vee turn = 0 \vee at(\alpha_1))\}$ $CS_0$ $\{R_3\}$ $\{S_3\}$ $in_1 = false$ $in_0 = false$ $\{R_1\}$ $\{S_1\}$ $NCS_0$ $NCS_1$ Blocking Scenario: To and To at the while loop, before entering critical section $R_2 \wedge S_2 \wedge in_1 \wedge (turn = 1) \wedge in_0 \wedge (turn = 0) \Rightarrow (turn = 0) \wedge (turn = 1) = false$



# Taking Stock - II Our current solutions implement spinlocks threads busy-wait while waiting for lock to be released wastes cycle can lead to priority inversion THOU SHALT NOT BUSY WAIT







```
lock.acquire() { disable interrupts}
lock.release() { enable interrupts}
```

- Simple, but flawed
  - □ thread may never give up CPU!
  - even if it does, it could it take too long to respond to an interrupt

44

```
Disabling Interrupts:
                                                        processors
on
               A Refinement
  Use a variable to implement the lock; enforce
     mutual exclusion only on the operations that test
     and set that variable
class lock { int value := FREE }
lock.acquire() {
                                             lock.release() {
  Disable interrupts;
                                               Disable interrupts;
  while (value == BUSY) {
                                              value := FREE;
                                              Enable interrupts;
    Enable interrupts;
    Disable interrupts;
                                    BUSY
                         SHALT
                                   WAIT
                          NOT
 value := BUSY;
  Enable interrupts;
```







```
Disabling Interrupts:
                                                              processors
  on
               No Busy-Waiting
     Keep a queue of threads waiting for the lock
  class lock { int value := FREE }
                                                NO!
lock.acquire() {
 Disable interrupts;
 if (value == BUSY) {
                                      Suppose T2 concurrently
    Enable interrupts?
                                          calls lock.release
    Put on queue of threads
     waiting for lock;
                                    □ T<sub>2</sub> could check the queue before
                                      T<sub>1</sub> is placed on the queue
                                    \Box T<sub>1</sub> would be waiting on the
                                       queue even if lock is free
```







# Atomic Read/Modify/Write

- On a multiprocessor, disabling interrupts does not ensure atomicity
  - other CPUs could still enter the critical section
  - □ costly to disable interrupts on all CPUs
- Hardware provides special machine instructions
  - □ Test-and-Set (TAS)
    - TAS reads value of a memory location, writes back 1 in its place
  - □ Compare-and-Swap (CAS)
    - CAS compares contents of a memory location with a given value; if they are the same, set the memory location to a new given value
  - □ Load link/Store Conditional (LL/SC)
    - LL reads value of a memory location; SC writes a new value to that location only if it has not been updated since LL

53

# Hey! What's wrong with this?

```
lock value := 0
lock.acquire() {while (value = 1);}
lock.release() value := 0;
```

These new hardware-supported instructions can change atomically the variable that implements the lock

### TAS Locks

Simple, but flawed

```
lock value := 0
lock.acquire() { while (TAS(value) = 1); }
lock.release() { value := 0; }
```



well, certainly not for time needed to complete an arbitrarily long CS!

## TAS Locks: Try 2

### Going meta!

Use TAS (on a second variable guard) to build a new "secondary CS" where the variable value that stores status of the lock associated with the original ("primary") CS can be atomically read and set.

### Why bother?

□ Instead on spinning on TAS for the unknown length of the primary CS, we are now spinning at worst for the known, short length of the secondary CS!

# TAS Locks: Try 2

```
lock.acquire() {
  while (TAS(guard)) ;
  if (value == BUSY) {
    Put on queue of threads
    waiting for lock;
    Set guard to 0;
    Go to sleep;
  } else {
    value := BUSY;
    guard := 0
  }
}
```

```
lock.release() {
  while (TAS(guard)) ;
  if anyone on wait queue {
    Take a waiting thread off lock's
    wait queue and put it at the
    front of ready queue;
  } else {
    value := FREE;
  }
  guard := 0
}
```

56

57