Mars Pathfinder Example
- In July 1997, Pathfinder’s computer reset itself several times during data collection and transmission from Mars.
One of its processes failed to complete by a deadline, triggering the reset.
- Priority Inversion Problem.
- A low priority process held a mutual exclusion semaphore on a shared data structure, but was preempted to let higher priority processes run.
- The higher priority process which failed to complete in time was blocked on this semaphore.
- Meanwhile a bunch of medium priority processes ran, until finally the deadline ran out. The low priority semaphore-holding process never got the chance to run again in that time to get to the point of releasing the semaphore
- Priority inheritance had not been enabled on semaphore.
Dealing with Deadlock
- It can be prevented by breaking one of the prerequisite conditions (review):
- Mutually exclusive use of resources
Example: Allowing shared access to read-only files (readers/writers problem from readers point of view)
- circular waiting
Example: Define an ordering on resources and acquire them in order (lower numbered fork first)
- hold and wait
- no pre-emption
- Let it happen, then detect it and recover
via externally-imposed preemption of resources
- Avoid dynamically by monitoring resource requests and denying some.
Banker’s Alg ...
Deadlock Theory
State of resource allocation captured in Resource Graph
- Bipartite graph model with a set P of vertices representing processes and a set R for resources.
- Directed edges
- Ri -> Pj means Ri alloc to Pj
- Pj -> Ri means Pj requests Ri
- Resource vertices contain units of the resource
State transitions by operations:
- Granting a request
- Making a new request if all outstanding requests satisfied
Deadlock defined on graph:
- Pi is blocked in state S if there is no operation Pi can perform
- Pi is deadlocked if it is blocked in all reachable states from S
- S is safe if no reachable state is a deadlock state (i.e., having some deadlocked process)
Cycle in graph is a necessary condition
No deadlock iff graph is completely reducible
- Intuition: Analyze graph, asking if deadlock is inevitable from this state by simulating most favorable state transitions.
Deadlock Detection Algorithm
Let U be the set of processes that have yet to be reduced. Initially U = P. Consider only reusable resources.
while (there exist unblocked processes in U)
{ Remove unblocked Pi from U;
Cancel Pi’s outstanding requests;
Release Pi’s allocated resources;
/* possibly unblocking other Pk in U */}
if ( U != l) signal deadlock;
Consumable Resources
- Not a fixed number of units, operations of producing and consuming (e.g. messages)
- Ordering matters on applying reductions
- Reducing by producer makes “enough” units, w
- Start with P2
- Start with P1
Deadlock Detection & Recovery
- Continuous monitoring and running this algorithm are expensive.
- What to do when a deadlock is detected?
- Abort deadlocked processes (will result in restarts).
- Preempt resources from selected processes, rolling back the victims to a previous state (undoing effects of work that has been done)
- Watch out for starvation.