avoiding file deadlock in computer networks. ... Such a multiple computer system, or a computer network ... +Consultant to Advanced Development Laboratory,.
AVOIDING DEADLOCKIN DISTRIBUTED DATA BASES* W. W. Chu+and G. Ohlmacher University of California, Los Angeles Key Words and Phrases: computer networks, deadlock, distributed data base, f i l e , process sets
automatically restart offending processes) are required. I t is possible to combine these mechanisms so that certain resources are serviced by a detection mechanism while other resources are serviced by a prevention mechanism.
ABSTRACT Deadlock prevention mechanisms and a deadlock protection mechanism f o r distributed data base systems are presented. The notion of process sets used in preventing deadlock is introduced. Examples are given to i l l u s t r a t e these methods for avoiding f i l e deadlock in computer networks. I.
This paper examines a means of implementing two deadlock prevention mechanisms and a deadlock detection mechanism on a computer network. In addition, the notion of using process sets is introduced to improve the efficiency of one of the deadlock prevention mechanisms.
INTRODUCTION
When a deadlock occurs, i f a job is aborted, the resulting p a r t i a l l y completed process often represents a serious inconvenience to the user, who in many cases, must reconstruct p a r t i a l l y altered f i l e s . For this reason, deadlock is an important consideration in the design of operating systems, even though in practice i t seldom occurs. As a result, many studies of deadlock protection schemes have been reported [ I - 9 ] , but the emphasis in these studies has been on centralized data base systems. In order to increase the capabilities of computer systems, remotely located computers are connected via communication links. Such a multiple computer system, or a computer network, enables the sharing of resources, such as hardware, software, and data bases. However, the e f f i c i e n t sharing of data bases creates many problems, such as f i l e allocation [lO], deadloc~etc. In these distributed data bases, the deadlock problem is complicated by the necessity of coordinating several computers without impeding their progress.
II.
ACCESSCONTROLMETHODS
In many cases, such as program l i b r a r i e s , i t is necessary for two or more processes to have simultaneous access to the same f i l e . However, a process which modifies a f i l e cannot share access to that f i l e with any other process at the same time. In order to provide users with this f l e x i b i l i t y , a system must provide two methods of access to every f i l e , either shared or exclusive. The user specifies the desire--6a--m-~thod of access when the f i l e is requested. Using this procedure i f no process has been granted exclusive access to a f i l e , then a request for shared access to that f i l e by any process can be granted. In the same manner, i f no process has been granted either shared or exclusive access to a f i l e , then a request for exclusive access to that f i l e by any process can be granted. This procedure provides multiple readers o r one w r i t e r with access to a specific f i l e . I f i t is possible for the system to conveniently generate a copy of a f i l e when a process requires exclusive access to a f i l e , the copy may be used for modifications while the original is maintained as a back up until the process terminates. In addition, access to the original can be granted to any process requesting shared access to that f i l e . Consequently, shared access to a f i l e can always be granted and requests for such access need no longer be considered by the deadlock protection mechanism. This procedure allows the system to provide multiple readers and one w r i t e r , with simultaneous access to a specif~file.
A deadlock exists whenever two or more processes, which are vying for the same resources, reach an impasse. When the resources required by any process can be obtained prior to starting i t , deadlocks can be prevented. A deadlock prevention mechanism examines the resource requirements of all processes and allows a process to proceed only when a deadlock cannot occur. I f not prevented, deadlocks can be detected and resolved by.eliminating an offending process from contention. When dynamic resource allocation is implemented, deadlock detection mechanisms (which eliminate and *This research was supported in part by the U.S. Office of Naval Research, Mathematical and Information Sciences Division, Contract No. NOOO14-69-A0200-4027, NR 048-129 and in part by the National Science Foundation, Grant No. GJ33007X. +Consultant to Advanced Development Laboratory, Xerox Palo Alto Research Center.
Since most systems allocate f i l e s to a sinqle continuous area of mass storage, i t is usually inconvenient for a system to generate a copy of a f i l e . However, for systems whose f i l e s reside on paged memory, i t is possible for the system to create a copy of the f i l e simply by making a copy of
156
the usage rate and the length of each f i l e transaction for the processes at that node, and the f i l e storage size of the node. The nodes that have higher utilization and higher f i l e storage capabili t y should be granted a lower numbered node.
the page table [9] as shown in Figure 1. When a data base has multiple copies of a f i l e , for shared access of a f i l e , access to any one of its copies can be granted to the requesting process; for exclusive access of a f i l e , all of i t s copies must be granted to the requesting process. With such a "lock" scheme for the exclusive access, the deadlock mechanisms are not affected by the number of copies of a f i l e . PAGE TABLE
MASSMEMORY
3.1
Deadlock prevention mechanisms require the user to specify the files that a process requires prior to the initiation of that process. These requests are usually made through the job control language of the system. The information is used by the system to prevent a deadlock from occurring.
PAGETABLE (OR IG I NAL)
(DUPLICATE COPY)
One means of preventing deadlock is for the system to obtain control of all the files requested by a process before initiating the process. One process at a time, the system collects the request for files and examines each one to determine i f access to the f i l e can be granted as outlined in the previous section. I f all requests can be granted, the process is given access to the files and is initiated. Otherwise, the process is delayed until all processes which have access to requested files terminate While the process is delayed, the requested files are available to other processes I l l .
/////// ~////// AVAILABLE~ PAGE FRAMES
a) Page tables after access has been granted. PAGE T A B L E (MODIFIED COPY)
b)
M A S S MEMORY
A Simple Prevention Mechanism
PAGETABLE (ORIGINAL)
In a distributed data base, the system examines the requests for files to determine i f all the requests are for local files. I f they are, the requests are processed as outlined above. Otherwise, the requests for files are passed from node to node in the preassigned order starting with the f i r s t node. Each node examines the requests for files located at that node as outlined above. As soon as all the requests for files have been granted, the node at which the requesting process resides is so informed and the process is allowed to proceed.
Page table after modifications. Figure l
The simplicity of this mechanism enables easy implementation and requires low system overhead. In addition, interactive users can avoid waiting by simply terminating a delayed process, since such a process has not been initiated. Clearly, using this simple deadlock prevention mechanism intercomputer communication is required only when remote files are requested.
Access Control Method for Deadlock Protection in a Paging Memory System III.
DEADLOCKPREVENTION MECHANISMS
One way to implement deadlock prevention on a computer network is to assign a node (computer) as a monitoring node, which examines the f i l e requirements of all processes and allows a process to proceed when a deadlock cannot occur. This is rather inefficient since the monitoring node has to communicate with each node to examine the f i l e requirements before the process can be allowed to start, and the entire network can consider only one process at a time. A more efficient way to implement deadlock prevention is to assign a fixed examining path in the network by assigning every node in the network a number. Then the examiningpath is determined uniquely by the node numbers as shown in Figure 2. Whenrequests for files are passed around the network according to this path, since the path is unique, each node can consider the requests for files independent of the other nodes. This improves the efficiency of the deadlock prevention mechanism.
3.2
Process Set Prevention Mechanism
An alternative means of preventing deadlock is to allow the process to proceed unless granting access to a f i l e i t requires may lead to a deadlock. The system collects the requests for files and initiates the process without giving i t access to the requested f i l e s . The process proceeds until access to a f i l e is required; for example, an attempt to referencea f i l e would imply that a process required access to that f i l e . Whenaccess to a f i l e is required, the process is allowed to proceed i f all of the processes can be completed (a process can be completed i f access to all the files that i t has requested can be granted, as outlined in the previous section). I f a process can be completed, then the files i t has access to are considered available with respect to the remaining processes. I f access to the f i l e cannot be granted, the process is delayed until some other process either terminates or releases that f i l e [3].
Since the lower numbered nodes have better access to the deadlock prevention mechanism than higher numbered nodes, one way to assign the node numbers is to examine the f i l e utilization; that is,
157
In order to more e f f i c i e n t l y determine i f access to a f i l e can be granted, processes having requests for the same f i l e ( s ) can be grouped into process sets. A system may have any number of process set~ the c r i t e r i a being, i f a process requests exclusive access to a f i l e , then that process and all other processes which have requested access (exclusive or shared) to that f i l e are members of the same process set. Further, each process belongs to one and only one process set.
the corresponding process set. The request is then examined according to the process set deadlock prevention mechanism. When a system receives a process, i t forms the new process set and examines the requests for f i l e s to determine i f any of the requests are from remote f i l e s . I f any are, the process set is passed from node to node starting with the f i r s t node and forms a process set at each node when necessary until all the f i l e s requested by the new process have been found. I f all the requests are for local f i l e s , the same procedure is followed except that the'new process set is started at the node that receives the process instead of the f i r s t node.
Let us denote F, P, and {P} as f i l e , process and process set respectively. We then have the following properties: l~ I f eFi E ( P } I ' then eFi ~ (P~ & sFi ~ { P ~ , for I = J. 2) I f Pi ( {P}I, .then Pi ~ {P}J, for I ~ J where Fi = i t h f i i e , i = l , 2 . . . . . m, P~ = i th process, i = I , 2 . . . . . n, {~}I = Ith process set, I = I , 2,. . . . . N, N~n e = exclusive access s = shared access
When this mechanism is used, processes are allowed to proceed until access to a f i l e is required, subsequently f i l e s are used more e f f i c i e n t l y , especia l l y when they are frequently referenced. In addition, several processes could request control of, modify, and release control of a f i l e concurrently without terminating. On the other hand, this mechanism is not easily implemented and requires considerable system overhead when continua l l y forced to reexamine processes to determine i f requests for control of f i l e s can be allowed.
Such a group of process sets can be formed as follows: Whenever a new process arrives all the process sets that have possession of f i l e ( s ) that are requested by the new process are combined and the new process is added to the resulting process set. (Of course, i f no process sets possess a f i l e that is requested by the new process, then the new process forms a process set by i t s e l f ) . The rules f o r combining process sets are: I f shared access to a f i l e is requested by the new process, the process set containing one or more processes which have requested exclusive access to that f i l e is combined with the new process. I f exclusive access to a f i l e is requested by the new process, all the process sets containing one or more processes which have requested access (exclusive or shared) to that f i l e are combined, and the new process is added to the resulting process set. When a process terminates, the remaining members of the process set may be reexamined with respect to each other b) the same mechanism to reform their process set or sets.
As an example, consider three processes with the following requirements for f i l e s : Process l : Requires shared access to f i l e A and exclusive access to f i l e s B and C. Process 2: Requires shared access to f i l e s B and C. Process 3: Requires shared access to f i l e A, and exclusive access to f i l e D. Further, l e t the processes and f i l e s be distributed on the network in Figure 2 as follows: Process l : Node 4 File A: Node l Process 2: Node 3 File B: Node 2 Process 3: Node l File C: Node 3 File D: Node 5 When using simple deadlock prevention mechanism as described in section 3.1 the request for f i l e s of each process are passed around the network according to the preassigned order and yield the following l i s t of processes and f i l e requirements. Then according to the prevention mechanism we grant process l access to f i l e s A, B, and C, (which are underlined) and process 3 access to f i l e s A and D ~hich are underlined), but would delay process 2 by holding i t s request for f i l e B at Node 2 until process 1 terminates.
The advantage of establishing process sets is that once a process has been allocated to a set, the progress of that process is independent of all processes in other process sets. Further, in contrast with the simple deadlock prevention mechanism, a process in a process set does not require complete control of all i t s f i l e s . The use of process sets for deadlock prevention considerably reduces the amount of computation required to determine whether or not all the processes can be completed.
~ Process I . Process 2. Process 3.
In order to simplify control of the processes, when implementing this mechanism on a d i s t r i buted data base, the process sets are allocated to certain nodes. For convenience, the process set is allocated to the highest node at which a f i l e requested in the process set is located.
sA, eB, eC~ s-~', ~ - - ) sA, eD
s = shared e = exclusive d = delayed
The process set deadlock prevention described in this section w i l l form two process sets: ~ Process set I: ~Process I. sA, Process 2. sB,
mechanism, as the following ) eB, eC sC
Process set 2: (Process 3. sA, eD) Process set 1 is located at node ~ since file C is located at node3 and node 3 is the highest node at which a file requested in process set I is located. Similarly, process set 2 is located at node 5 because of file D.
Since a process set may contain processes and f i l e s from several nodes, the process set which contains a certain process may not reside at the same node as that process. Consequently, when a process requires access to a f i l e , a request for that f i l e must be transmitted to the node having
158
the appointed node information concerning the in(at(on and termination of each process and all requests for and releases of f i l e s . I f a request for a f i l e can be granted, the process is allowed to proceed without waiting for the deadlock detection mechanism. For the purpose of improving r e l i a b i l i t y , a second node may be appointed to monitor requests for f i l e s .
PROCESS SET 2
PROCESS SET I
This mechanism can be easily implemented and has an advantage in that the user is not required to know in advance which f i l e s a process requires. On the other hand, even though actual deadlocks are infrequent, when they do occur, considerable system overhead must be accounted for. For example, an interactive user who is restarted must resupply all the information he had given the process, since the original information has lost i t s i n t e g r i t y . Finally, while this mechanism requires considerable inter-computer communication, even when local f i l e s are being used, processes are never delayed by this communication, since a process whose request for a f i l e can be granted may proceed without waiting for the detection mechanism.
{c) Figure 2. Deadlock Prevention in a Distributed Data Base I f process l requests control of f i l e s A and B and process 2 requests control of f i l e C, then process set l becomes Process I. sA, eB, eCl d Process 2. s--if, s--C J where process 2 is delayed because i f process 2 were granted control of f i l e C and then requested f i l e B and process l requested f i l e C, a deadlock would result.
As an example, consider two processes which make the following series of requests for f i l e s : Request I . Process l : A ~ : null pointer Request 2. Process l : B Request 3. Process 2: C Request 4. Process 2: B Request 5: Process l : C Then the process and f i l e l i s t s whould be formed
Finally, i f process l later releases control of f i l e B, process set l becomes (Process I. sA, eB, eCl ~Process 2. ~ , sC Process 2 is no l o n g , delayed since process 2 can be granted access to f i l e B. Since process sets are independent of each othor process set 2 which consists of process 3 was not involved in the preceding deadlock determinations. This greatly simplifies and improves the efficiency of the deadlock prevention mechanism. IV.
as follows: I. [~'~"[~
DEADLOCKDETECTION MECHANISM
A deadlock detection mechanism allows the user to request access to f i l e s at any time. The system monitors these requests by maintaining two l i s t s , a l i s t of processes and a l i s t of requested f i l e s as in Figure 3. Each element of the l i s t s has a pointer which is used by the system to determine i f a deadlock has occurred. When the system receives a request for access to a f i l e , i f the request can be granted, the pointer of the corresponding f i l e is set to point to that process and the process is allowed to proceed. Otherwise, the pointer of the process is set to point to the requested f i l e and the f i l e and process l i s t s are traversed until either an open process pointer is found in which case the requesting process is delayed, or the l i s t s return to the requesting process in which case a deadlock exists [8]. When a deadlock is detected, the system returns one of the processes involved in its i n i t i a l state, releasing and restoring the f i l e s i t controls. Since the f i l e s must be restored, a copy of each f i l e or its original page table as outlined e a r l i er must be available. The removed process is restarted at a later time [9].
.
B
Figure 3. Deadlock Detection in a Distributed Data Base The deadlock in request 5 is found when the loop PI-C-P2-B-PI is detected by the mechanism. One of the processes is then returned to its i n i t i a l state. V.
CONCLUSION
Three methods of protecting the user from deadlocks in a distributed data base have been presented: a simple deadlock prevention mechanism, a prevention mechanism using process sets, and a detection mechanism. The operation of the simple prevention mechanism is straightforward and uncomplicated, and i t does not require the keeping of l i s t s or groups; thus this mechanism is easily implemented and requires less system overhead than the other mechanisms. In addition, since messages are sent to the other nodes of the network only to establish the location and a v a i l a b i l i t y of f i l e s , such communications are never required to handle processes using only
The implementation of the deadlock detection mechanism in a distributed data base is accomplished by appointing one node of the network to monitor requests for f i l e s and detect deadlocks. The appointed node maintains the process and f i l e l i s t s , and every node is required to transmit to
159
local files. Since the simple prevention mechanism is the only deadlock protection mechanism to exh i b i t both of these characteristics, i t is clearly superior for most applications. However, since the process set prevention mechanism provides more e f f i c i e n t u t i l i z a t i o n of f i l e s , and the detection mechanism provides the user with greater f l e x i b i l i t y in that the user may request access to f i l e s at any time, in certain instances these mechanisms are preferable. REFERENCES [l]
Havender, J. W. "Avoiding Deadlock in Multitasking Systems," IBM Systems Journal, 7(2)74-84, 1968.
[2]
Murphy, J. E. "Resource Allocation with Interlock Detection in a Multi-Task System," Proceedings of the 1968 Fall Joint Computer Conference, pp. I169-I176.
[3] Habermann, A. N. "Prevention of System
Deadlocks," Communications of the ACM, 12(7): 373-377, 385, July 1969.
[4]
Berstein, A. J. and A. Shoshani. "Synchronization in a Parallel Access Data Base," Communications of the ACM, 12(II):604-607, November 1969.
Is]
Coffman, E. G., J r . , M. J. Elphick, and A. Shoshani. "System Deadlocks," Computin9 Surveys, 3(2):67-78, June 1971.
[6]
Collmeyer, Arthur J. "Database Management in a Multi-Access Environment," Computer, 4(6):36-46, November/December 1971.
[7] Shemer, J. E., and A. J. Collmeyer.
"Database Sharing: A Study of Interference, Roadblock, and Deadlock," Proceedings of the 1972 ACM-SIGFIDETWorkshop, 1972.
[8]
Holt, Richard C. "Some Deadlock Properties of Computer Systems," Computing Surveys, 4(3):179-196, September 1972.
[9]
King, P. F. and A. J. Collmeyer. "Database Sharing - An Efficient Mechanism for Supporting Concurrent Processes," Proceedings of the 1973 National Computer Conference and Exposition, June 1973, Vol. 42, pp. ~71- J ~75~
[IO] Chu. W. W. "Optimal File Allocation in a
Multiple Computer System," IEEE Transactions on Computers, C-18(I0):885-889, October 1969.
ACKNOWLEDGMENT The authors wish to thank Drs. J. E. Shemer and A. J. Collmeyer of Xerox Corporation for t h e i r helpful discussions during the writing of this paper.
160
