From: miller@hamnavoe.demon.co.uk
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Kernel question: i386 test-and-set problem
Date: Thu, 3 Aug 2000 10:56:36 +0100 [thread overview]
Message-ID: <E13KHic-000L8t-0B@finch-post-11.mail.demon.net> (raw)
> Things calling sleep/wakeup can and do perform such
> synchronization.
> ...
> Unfortunately, postnote is an asyncronous event often
> initiated by someone that's trying to stop something.
> It doesn't know about this external synchronization.
Thank you for patiently re-explaining -- now I see my mistake.
I misunderstood your scenario which showed the flaw in my
suggested algorithm: I thought it was the lock(r) in wakeup()
which might use an invalid r, but -- as you have shown --
there are higher level locks elsewhere in the kernel which
prevent any race between wakeup(r) and sleep(r)..free(r),
in both your version and mine. It's the lock(r) in my version
of postnote() which might go wrong, because of a race between
postnote() and wakeup(r)..free(r). Sorry for not reading
your posting carefully enough.
My sketched "proof" didn't take this race into account because
I hadn't realised that a Rendez could be deallocated. I think
it's not difficult to remedy, though.
You said "We don't know that p->r really points to a valid
Rendzvous structure", but in fact that's just what I want to
be able to guarantee, in order to make asynchronous postnote(p)
safe. Let's stipulate another invariant IPV(p) for each Proc p:
"if p->r is nonzero, then it points to a valid Rendez which
will not be deallocated without first setting p->r to zero".
To maintain this, after p sleeps on r there must be an assignment
of p->r=0 under control of p->rlock before r can be deallocated --
the lock is now necessary to prevent a race with another
process which is looking at p->r (e.g. in postnote).
I think we can do this in my wakeup() without lock ordering
problems, as follows:
wakeup(r): {wakeup condition is satisfied}
lock(r)
p = r->p
r->p = 0
unlock(r)
if p != 0
lock(p->rlock)
p->r = 0
ready(p)
unlock(p->rlock)
Strictly speaking this makes my original invariant IR(r)
invalid between the two locked sections; but we can redefine
S(p,r) to mean "Proc p is sleeping or committed to sleeping
on Rendez r, and no other proc is committed to waking p"
and I think everything then still works.
-- Richard
next reply other threads:[~2000-08-03 9:56 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2000-08-03 9:56 miller [this message]
-- strict thread matches above, loose matches on Subject: below --
2000-08-02 16:24 presotto
2000-08-02 15:43 jmk
2000-08-02 14:51 miller
2000-08-02 13:20 presotto
2000-08-02 8:32 miller
2000-07-31 17:26 presotto
2000-07-23 14:41 miller
2000-07-21 13:15 presotto
2000-07-21 9:10 miller
2000-07-20 17:09 presotto
2000-07-20 13:54 miller
2000-07-20 2:03 jmk
2000-07-10 16:21 miller
2000-07-10 12:40 Russ Cox
2000-07-11 8:51 ` Jakub Jermar
2000-07-10 9:57 Jakub Jermar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E13KHic-000L8t-0B@finch-post-11.mail.demon.net \
--to=miller@hamnavoe.demon.co.uk \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).