- Email: [email protected]
Some aspects of computer deadlocks
Comput. & Elect. Engng Vol. 10, No. 2, pp. 99-107, 1983
0045-7906183 $3.00+ .00 © 1983 Pergamon Press Ltd.
Printed in Great Britain.
SOME ASPECTS OF COMPUTER
DEADLOCKS
INDERM. SoI and K. K. AGGARWAL Department of Electronics and Communication Engineering, Regional Engineering College, Kurukshetra, 132119, India
(Received[or publication 16 August 1982) Abstract--Modern multiprogramming systems are designed to support a high degree of parallelism by ensuring that as many system components as possible are operating concurrently. Deadlocks arise when members of a group of processes which hold resources are blocked indefinitely from access to resources held by other processes within the group. When no member of the group will relinquish control over its resources until after it has completed its current resource acquisition, deadlock is inevitable and can be broken only by the involvement of some external agency. In this paper we present a comprehensive study of the resource management problem in computer systems by critically reviewing the principles, techniques and tools involved in handling and avoiding deadlocks and by discussing the modelling techniques available for deadlock analysis. Toward the end we discuss the problem of on-line handling of deadlock in distributed computer networks.
INTRODUCTION
Deadlock is a constant threat in terminal oriented computer systems as such systems exhibit a high degree of resource and data sharing, a situation highly prone to deadlock occurrence. Deadlocks arise when members of a group of processes which hold resources are blocked indefinitely from access to resources held by other processes within the group. When no member of the group relinquishes control over its resources until after it has completed its current resource acquisition, deadlock is inevitable and can be broken only by the involvement of some external agency. The deadlock problem occurs in many different contexts, and analogies can be made to real-life situations, provided one interprets the process and resources involved appropriately. For deadlocks that may occur in computer operating systems, the term "system resource" broadly refers to storage media (e.g. primary memory, tapes, disks, and drums), system components (e.g. tape drives, disk drives, I10 channels, CPUS, readers and printers), and information (e.g. communication messages, data records, files, directories, programs, and system routines). Take the case of a small multiprogramming system with a single card reader and a printer, in which two user jobs share use of the printer and the card reader by means of request and release operations, as given in standard operating system texts[l]. Due to independent scheduling of the jobs, request and release operations can be interspersed in several different orders. Some of the sequences lead to a "deadly embrace", a deadlock where two jobs hold the printer and the card reader, respectively, and at the same time request the unit held by the other. More generally, a set of processes becomes deadlocked as a consequence of exclusive access and circular wait. The set of waiting processes is said to form a circular chain when each process holds at least one resource and makes a conflicting access request for some resource held by the next process in the chain. Necessary conditions which may give rise to such a circular wait are: (i) Exclusive control, i.e. processes request exclusive control of resources. (ii) Hold wait, i.e. processes hold resources allocated to them while waiting for additional ones. (iii) No preemption, i.e. a resource from a process cannot be preemptied without aborting the process. The basic strategies for handling deadlocks involve ensuring violation of at least one of these three necessary conditions for deadlock. In this paper we present a comprehensive study 99
100
I.M. SoI and K. K. AGGARWAL
of the resource/management problem in terminal-oriented computer systems by critically reviewing the principles, techniques, and tools involved in handling and avoiding deadlocks, and by discussing the modelling techniques available for deadlock analysis. Based on the on-line detection of deadlocks in distributed data bases, we propose a modified approach which can hopefully be used for on-line handling of deadlocks in distributed computer networks. DEADLOCK HANDLING TECHNIQUES 1. Basic techniques Broadly speaking, basic approaches to handle deadlock in computer systems fall into three categories: prevention, detection, and avoidance, as discussed below: (A) Prevention techniques Prevention is the process of constraining system users so that requests leading to deadlock never occur/22]. Deadlocks may be prevented in following several ways: (i) By outlawing concurrency is the simplest strategy, but is not consistent with current system design philosophies as it leads to very poor resource utilization. (ii) By acquiring all resources before processing starts works well for processes which perform a single burst of activity, (e.g. I/0 drivers) because the resource can be released immediately after each use. A disadvantage of this scheme is its inefficiency resulting from the fact that resources held may be idle for prolonged periods. The method becomes impractical for processes with fluctuating requirements and in a data-base environment, where it may be impossible for a data-driven process to specify and acquire all needed resources before execution begins. In short, this deadlock prevention technique discriminates heavily against data-driven processes where relationships in the data indicate future resources which are required for processing. (iii) By requiting a blocked process to release resources requested by an active process; e.g. blocking occurs when a process needs more main memory than is currently available, and thus the process is swapped to secondary storage by preempting its memory for use by an active process and is swapped back only when the entire, larger quantity of memory is available. Such a scheme using preemption to prevent deadlocks is prone to the danger of cyclic restart, in which two or more processes loop by continually blocking, aborting, and restarting each other. (iv) A set of approaches suggested by Havender[2] to eliminate the possibility of deadlocks includes strategies such as: (a) requesting all required resources at once; (b) pre-empting and re-requesting resources, in the case of a denial of incremental request for resources; and (c) a unique ordering of resources. Out of the above three strategies suggested by Havender[2], the last (i.e. a unique ordering of resources) is the most sophisticated form of prevention. A request for a specific resource is met only if all resources lower in rank, which are needed in the future, have also been allocated. By this means circular chains of blocked processes cannot occur since each process requests resources in the same orderly way. A major advantage of this scheme is the feasibility of enforcing resource ordering by compile-time checks. Restrictions on the allowable sequences of process requests force knowledgeable use of the ordering rule. A process may request and hold some units of a resource rather early in the processing stage, in which case a later incremental request for the same resource may be disallowed by the ordering rule; consequent recovery is possible only by pre-empting all the resources held by the process. As ordering the data resources (e.g. records, entities, or fields) is not possible in data-driven processes in fluctuating needs, so this scheme does not find its applicability in data-base systems. In heavily loaded systems, Havender's[2] prevention approaches provide very few safe resource allocations, and processes become blocked for long periods while holding valuable resources. (B) Detection techniques The assumption in these techniques is that all resource requests will be granted eventually. An algorithm, invoked periodically, examines current resource allocation and outstanding
Someaspectsof computerdeadlocks
101
requests to determine if any processes or resources are deadlocked. If a deadlock is discovered, the system must recover as gracefully as possible by preempting resources from affected processes until the deadlock is broken. Some of the drawbacks associated with detection methods are[22]: (a) Overhead arising out of the run-time cost of the algorithm as well as the potential losses inherent in pre-empting resources. (b) Since no action takes place until the actual occurrence of a deadlock, so resources may be held idle by blocked processes for long periods of time. (c) Detection principles may be difficult to use effectively due to unacceptable overhead in some situations, e.g., pre-emption of resources such as tape drives. However, detection strategies are still popular as deadlock handling schemes since the schemes have to be invoked intermittently and only essential pre-emptions need be performed. (C) Avoidance techniques In avoidance schemes, a resource request is granted only if at least one way remains for all processes to complete execution[17]. Two well known avoidance schemes are Banker's algorithm and maximum claims strategy. (i) Banker's algorithm [3]. Multiple units of a single resource are managed by requiring that the processes specify their total resource needs at initiation time. Also each process acquires or returns resource units one at a time. A request by any process whose remaining needs are in excess of the available resources is denied by the algorithm. In a sense this scheme projects detection into the future to keep the system from committing itself to an allocation which eventually leads to deadlock. (ii) Maximum claims strategy. Haberman[4] suggested a practical model and a good example of avoidance which uses the "maximum claims strategy" with regard to information on future resource requirements of each process. Deadlock avoidance is achieved by testing each possible allocation and making only those which lead to safe states. If there is a process which can run to completion using only its allocated resources and those that are immediately available, then the current state of the system is said to be safe or "deadlock free". Also every successor state obtained this way is safe. An interesting observation is that if the process originating this allocation (i.e. which lead to a safe state) can run to completion and release the resources it holds, then all other processes in the system can be completed, since the state prior to the allocation was safe.
2. No strategy technique This approach suggests that the deadlock problem be simply ignored. No doubt this had a superficial advantage of saving processor time and space otherwise required for detection, prevention or avoidance methods; but the onus of recognizing deadlocks is borne by either a computer operator discovering blocked processes or a user waiting for an answer. Further, ignoring of deadlocks will prove disastrous for the consistency of data in any data-base system [20]. 3. Mixed technique Howard[l l] discussed thoroughly the inappropriateness of the applicability of detection, avoidance, or prevention principles alone for the entire spectrum of resource allocation problems in operating systems and suggested a mixed approach combining the basic principles and allowing the selection of the optimal one for each class of resources in a system. Within the framework of resource ordering, the mixed method closely corresponds to the hierarchical structure of the operating system. This hierarchy is in the form of enveloping layers of capability in some operating systems. Each layer modifies and extends the facilities provided by an inner layer. Implementation of a primitive function or operation at one level is done through the creation of an inner-level process, which performs necessary actions and returns a result. An outer process must wait for a message, signalling the completion of the inner process. Deadlock handling mechanisms treat such messages as consumable resources.
102
I.M. Sol and K. K. AGG~WAL
Interpreted in terms of resource ordering, this implies that an outer process can't hold any resources required by the inner process it creates. As resources required by inner-level processes would automatically appear later in the ordering, so such a restriction automatically enforces a "natural" ordering of resources. Howard[l l] has illustrated the above concept of mixed method as an ideal solution of deadlock problem in a typical multibatch computing system consisting of four resources: Space in the swapping store; assignable devices such as tape drives and job resources such as access to files; central memory for user jobs; and internal resources such as memory for transient system overlays, and access to channels and controllers. As a solution to the resource management problem, Howard[ll] organized the resources into the four ordered classes mentioned above and suggested using a different scheme for each class as follows: (a) Use preallocation for the swapping space, since the maximum storage requirements are usually known. (b) As a job can always be swapped out, so central memory can be pre-empted and thus deadlock prevention is feasible. (c) As much information about the intended requirements for the job resources can be obtained from job control cards, so deadlock avoidance can be used. Here deadlock detection can also be used as resource ordering is possible, but it may lead to problems if file pre-emption is attempted during an update. (d) For internal system resources, use prevention through resource ordering since run-time choices between pending requests are unnecessary. Howard[l l] concluded that the practical advantages of the mixed approach in operating systems will outweigh the theoretical desirability of using a single method throughout. In summary it can be observed empirically that deadlock prevention methods tend to undercommit resources; detection methods give away resources so freely that prolonged blocking situations arise frequently; and avoidance methods fall somewhere in between. In heavily loaded systems Havender's[2] set of approaches provides very few safe resource allocations, and processes become blocked for long periods while holding valuable resources. A prevention strategy differs with an avoidance strategy in that the system need not perform run-time testing of potential allocations and agrees on the requirement that recovery from a system implementation error will need a rollback mechanism. MODELING FOR DEADLOCK ANALYSIS An important point in the analysis of the deadlock problem is the representation of process interactions during resource allocation phases. Computer systems consist of dynamic processes since one process may create another. Interaction among processes is said to be explicit when they communicate among themselves; and it is said to be implicit if it results from competition for access to physical objects. Either type of interaction (implicit or explicit) may cause blocking of processes. Holt[5] proposed the modeling of implicit and explicit interactions through the use of reusable and consumable resources respectively. Reusable resources include physical devices of a computer system (tape drives, disks, memory, and I/0 channels) and the total number of units of these resources in a system is fixed. Since any unit of a particular resource can be held by one process at a time, so each unit of a resource is either free for allocation or is held by processes. The total number of consumable resources (e.g. message text from operators, external interrupts, interprocess communications, and card images produced by a card reader) is not fixed. Further, a consumable ceases to exist when it is acquired by process. A process that creates a consumable resource may release any number of units at a time and must be treated as if it were holding the resource. It is the resource manager who assigns the reusable resources to requesting processes, which eventually return them to the manager, and in contrast with it, consumable resources are created and released by a producing process and are requested, acquired, and used by other processes. The complexity of the deadlock problem increases if a system has different resource types
Someaspectsof computerdeadlocks
103
and more than one resource of the same type. A formalization of the deadlock problem is attempted broadly in two ways: (i) Graph-theoretic models, i.e. graph models of the process interactions are developed and deadlocks are expressed precisely in terms of graph topologies; (ii) probabilistic or gameplaying models which attempt to avoid deadlock by ensuring, with high likelihood, that every state in the system is secure. A brief treatment of these modelling techniques for analyzing the deadlock problem is given below: (A) Graph-theoretic models Two different kinds of graph-theoretic models are available in literature: State graph model [6]. A state graph can be used to describe the relationships between a set of processes and a set of distinct resources in use by these processes. This state graph is a directed graph whose nodes correspond to the resources and whose edges are defined so that if some process P has access to resource Ri and is waiting for access to resource R~, then there exists an edge directed from node Ri to node R i. The existence of a circuit in the state graph means that a deadlock exists. A circuit is a closed directed path linking a subset of the nodes in the graph. As the general case involving multiple-unit resources could not be dealt with in the above defined state graph, Coffman et a/.[6] suggested the partitioning of the resources into different types in such a way that resources of a given type are identical. Thus in the state graph, nodes represent resource types; and a directed edge is said to exist between a node representing one resource type to another whenever any process has acquired access to at least one unit of the resource type and has requested access to at least one unit of another type. The requirements of such a method are an elaborate state description mechanism supplemented with "allocation" and "request" matrices and an "available resources vector". General Resource graph model: [5, 18, 19]. Holt[5] proposed the system modeling approach which is characterized by the use of a "general resource system" which models reusable as well as consumable resources. A general resource graph is a "bipartite graph" [7] in which nodes correspond to the set of processes and the set of resources (reusable and consumable). An available units vector, whose elements are positive measures of the quantity available, is associated with the set of resources. Edges directed from a process node to a resource node are termed request edges; while edges directed from reusable and consumable resource nodes to processes are called assignment and producer edges, respectively. If the number of request edges from the process to a particular resource exceeds the number of available units of resource, then the process is said to be blocked. Deadlock occurs when it is not possible to get the process out of the blocked state. Holt[5] proposed a graph reduction technique to detect the process deadlock. A graphreduction corresponds to the best sequence of operations a particular process can execute to help unblock other processes and is achieved by finding if the successive elimination of all sink nodes produces predecessors which are also sinks (a sink node is one with no edges emanating from it, i.e. no wait requests). When no circuit is present in the graph, then only will all the nodes become sinks. Holt's[5] algorithm to determine if a particular blocked process is deadlocked systematically traces out all paths emanating from the corresponding process node. A path which leads to a sink exists if and only if the process was deadlock free. In the general case, involving multiple-unit resources, a weight is associated with each allocation edge to represent the number of units held by the resource. (B) Advanced models Game-playing model. Devillers[14] recognized that the resource allocation problem is effectively a zero sum game in which the resource manager, RM, is competing against independent processes demand service. The manager is said to be winning if all the processes complete successfully, while the opposition wins if it creates a deadlock avoidance: "From some a priori information about the processes, the resources, the operating system, etc., determine what situations may be realized wl~thout endangering the smooth running of the
104
I.M. SoI and K. K. AGGARWAL
system." Generalizing the maximum claims[4] and task step[6] strategies, Devillers[14] also proposed a flow chart model, but with this model, it is not easy to define the safe states. This problem can be overcome by employing a global approach in which a state is defined safe if and only if a strategy exists for the R M which ensures its success, whatever operation the processes in that state choose [14]. As the game-playing model appears to be practical only for small systems, so this approach for deadlock analysis has not received much attention[20]. Probabilistic model. Ellis[15] tried a probabilistic approach to the deadlock problem and investigated the likelihood of deadlock in certain classes of systems. A state diagram representing process-resource interactions can be viewed as finite state automaton. A probability measure can be attached to an occurrence of each possible transition. A random resource allocation model is assumed, and the sum of the probabilities associated with transitions out of a given state is required to be unity. The likelihood of deadlock is measured in terms of the expected value of either the number of system actions to deadlock or the the number of resource allocations to deadlock. Ellis [16] in his studies using a probabilistic model, considered no more than five resources and processes, which is by no means very many in the commercial world; so further research is warranted on this technique for deadlock analysis. DEADLOCK-HANDLING IN DISTRIBUTED COMPUTER NETWORKS
The concept of deadlock is not as well understood for computer networks as for computer systems [6, 21]. At least four forms of deadlock have been identified in computer networks: (i) Deadlock may occur when user's processes can request resources at distinct hosts [27]. (ii) If protocols are improperly defined, they may contain situations in which sender and receiver wait for each other to act before proceeding [23]. (iii) Store-and-forward lock up occurs when two or more switches have all their buffers full of messages for other members of the deadlocked set of switches [26]. (iv) Re-assembly lock-up occurs when all message re-assembly buffer storage is used by partially re-assembled messages, resulting in messages being prevented from being received by their destinations [26]. The occurrence of deadlock implies that nothing can proceed in the portion of the network affected. No practical solution is yet known for the problem of store-and-forward lock-up. The main characteristic of distributed computing is that operating systems must contend with more autonomous behavior, thus aggravating the control problem. Presence of appreciable time lags renders coordination of the various controllers in the system much more difficult. Moreover, in geographically distributed computer system, all information needed to detect deadlocks is not necessarily available at any single installation, so the deadlock problem is somewhat different than that of a computer system. Communication delays may also make it difficult to get an accurate view of the status of the computer network. The result is that either a new deadlock may not be detected or a deadlock may be indicated where one no longer exists. Synchronizing the updates of files which are replicated at different sites is also nontrivial; and abortion, rollback, and recovery become very involved and require complex interprocess communication. If the design of a network allows a processor to request control of resources located at nodes other than the one on which the process is executing, the possibility of deadlocks within the network arises. The central difficulty presented by deadlocks in a network environment is that a deadlock may be detectable globally but not at any one node. Thus, in order to implement a deadlock detection or avoidance algorithm, it is necessary to construct a global description of network resource requests and allocations, either at some central location or at the node attempting to process a resource request [27, 28]. Some available techniques proposed for deadlock detection in a computer network are discussed below: (i) The technique of deadlock detection proposed by Chandra et al. [9] requires the maintenance of resource tables at each installation, containing information on processes (local/remote) having access to resources (local/remote). The type of access requested by the
Some aspects of computer deadlocks
105
process is also stored. By using such tables, it is hypothesized that well known algorithms for detecting deadlocks in a single computer system could be extended to detect deadlocks in a network of computers, by communication between installations and by appropriate expansion of resource tables. (ii) Mahmoud and Riordon [28] suggested two approaches--centralized control and distributed control--to deadlock detection. The centralized approach detects deadlocks by creating an overall global picture of the network status. In the distributed control approach each computer sends identical messages to every other one and receives different messages from each one, so that a deadlock may be detected at any particular installation. A potential problem with the centralized control approach is the selection of suitably sized groups of data to transmit, because if message congestion occurs at the control node, the performance of the whole detection scheme degrades. (iii) Goldman's[10] deadlock detection scheme is based on the creation and expansion of what is called an ordered blocked process list (OBPLs). Each process in an OBPL is waiting for a resource held by the next process in the list. Whenever an OBPL is transmitted between installations, a data resource name is inserted into the identification part of the OBPL. The last process in the list has access to, or is waiting for, that resource. In the former case the state (blocked or active) of the last process in the OBPL must be determined, while in the later case one needs to know the state of the process which holds the data resource. To determine these states and to eventually detect deadlocks, techniques are proposed to expand OBPLs by periodically transmitting them between installations. Though this approach solves many problems, yet it has the following shortcomings: (a) Each process is restricted to having only one outstanding request, which in reality is usually not the case. (b) When several readers share access to a data resource, the same requires the creation and expansion of a different copy of the OBPL for each reader since, if one of the readers is deadlocked, any process which requests access to that resource is blocked forever. It is possible that OBPLs, while undergoing expansion, could be transferred (sequentially) among several installations or several times between the same two installations before a deadlock is detected. (c) OBPLs could become large, leading to substantial overhead, especially when records or entities, instead of files, are considered as data resources. (d) Hutchinson, Mahmoud, and Riordon[25] have developed an optimal scheme for deadlock detection and recovery by pre-empting some of deadlocked processes. Bochmann[23], Postel[30], Gunther[24] and Raubold and Haenle[29] have studied the problem of preventing and avoiding deadlocks and lock-up situations in packet-switched networks to some extent. However, much more research is needed in this area. In any case all the above proposals generate network communication overhead (i.e. communication of large tables between installations), which increases as the size of the network increases, and moreover, has repercussions, since the information may be out of date by the time it arrives. On-line detection of deadlocks in distributed computer networks is defined to be the recognition of deadlock as requests are made or granted, by both local and remote resource allocators, without the necessity of further communication among installations. Existing algorithms [9, 10, 28] for deadlock detection in computer networks are not suitable for on-line use due to the following shortcomings: (i) For every request, granted or not, existing algorithms need to obtain the global network status by simultaneous transmission of each installation's status, leading to heavy communication traffic. (ii) Since this traffic results in communication delays, a new deadlock may go undetected or an apparent deadlock may no longer exist. (iii) After obtaining the complete network status, the algorithms still have to perform
106
I.M. Sol and K. K. AGGARWAL
Some of the above problems may be overcome by use of a reachable set [5], i.e. in a system graph representing process interactions, the set of all nodes traversed by a directed graph from a given node constitutes its reachable set, and a process is deadlocked if and only if the corresponding process node belongs to its own reachable set. Maintaining reachable sets by incremental updates, as resources are allocated and freed at each installation, enables local recognition of deadlocks and allows the allocation decision to be made without further messages. The on-line approach to deadlock handling eliminates the need for periodic transfer of lengthy messages among the computers in the network to ascertain the deadlock status of the system. Because communication delays are negligible, the method reduces the time interval during which deadlocks go undetected. Consider for example Fig. 1 representing computer systems C1 and C2. Let processes Pl, P2 and resources R~, R2 reside on C~ and similarly processes P3, P4 and resources R3, R4 reside on C2. For simplicity assume that each resource R2 is held by process P2 for exclusive access, for all (i), that P4 is waiting for access to R~, and that P2 is waiting for R3. At any instant (say, to) both Ca and C2 possess updated reachable sets for R2 and R4, namely {P2, R3, P3} and {P4, R1, P1}, respectively. Subsequently let P~ and P3 request access to R2 and R4, respectively. Deadlock is now inevitable and will be recognized upon the introduction of the processresource wait edges from P3 to R4 and Pt to R2. At the instant h, neither computer detects trouble, but when C1 and C2 receive the information on the addition of the edges at each other's installation, the deadlock is detected at both sites as the reachable sets are updated. The essence of this example is that requests by P1 for R2 and P3 for R4 occur within the same time frame. Thus, no matter what detection is used, the allocation will occur because neither computer can be aware of the activities of the other. Under these circumstances, a pre-emption mechanism is necessary in order to recover control of the system. Besides its low level of communication activity, the on-line approach has the following major advantages [20]: (i) A process is allowed to have any number of outstanding requests. (ii) When a number of readers share a data resource, no special treatment is needed, unlike schemes which require that a different copy of OBPL be formed for each such reader. (iii) Every request is dealt within a uniform way, since the detection technique does not classify requests according to the relationship between the original of the process and the addressed data resource. CONCLUSIONS AND FUTURE RESEARCH
Prevention methods tend to undercommit resources while detection techniques give away resources so freely that .prolonged blocking situations arise frequently. Avoidance methods fall somewhere in between. However, obtaining good upper bounds is a severe technical difficulty, since otherwise resources are used inefficiently. As none of these basic approaches alone-prevention, detection and avoidance--is appropriate for the entire spectrum of resource
{
c,
\
/
c2
Resource-process access edge .....
~
Process-resource wait edge
e: Exctusive access s : Shared access
Fig. 1.
\
Some aspects of computer deadlocks
107
allocation problems encountered in computing systems, a mixed strategy evolved b y tailoring the individual techniques to optimally handle subproblems of resource allocation seems to be the most attractive and desirable. Because the d e a d l o c k algorithms themselves typically have execution times which increase as the square of the n u m b e r of resources, deadlock prevention should be used in computer networks if possible rather than avoidance or detection. With the present-day trend towards increased concurrent access, a deadlock detection method outweighs prevention schemes in distributed systems b y enhancing concurrency. Typically a network will use a mix of strategies for deadlock, using prevention wherever possible and other techniques when prevention cannot be used. Some areas where more research is possibly needed are: (i) To find cost-effective ways of detecting and correcting errors in distributed data bases and discovering synchronization errors in networks featuring distributed processing. (ii) A comprehensive probabilistic model for computer deadlocks of large systems has not yet appeared in the literature, and an extension to systems with consumable resources is also needed. It is necessary to determine an efficient and effective method of rolling back a process. Such a mechanism will make existing detection techniques more attractive. REFERENCES 1. S. E. Madnick and J. J. Donovan, Operating Systems, pp. 255-261. McGraw-Hill, New York (1974). 2. J. W. Havender, Avoiding deadlock in multitasking systems. IBM Systems J. 7(2), 74--84 0968). 3. P. Brinch Hansen, Operating System Principles, pp. 42-49, 124-125. Prentice-Hall, Englewood Cliffs, New Jersey (1973). 4. A. N. Habermann, Prevention of system deadlocks CACM 12(7), 373-377 (1969). 5. R. C. Holt, Some deadlock properties of computer systems. Computing Surveys 4(3), 179-196 (1972). 6. E. G. Coffman, Jr., M. J. EIphick and A. Shoshain, System deadlocks. Computing Surveys 3(2), 67-78 (1971). 7. N. Deo, Graph Theory With Applications to Engineeringand ComputerScience. Prentice-Hall, Englewood Cliffs, New Jersey (1974). 8. D. D. Chamberlin, R. F. Boyce and I. L. Traiger, A deadlock-free scheme for resource locking in a data base environment. Inf. Proc. 74 Proc. IFIP Cong. pp. 340-343. Noah-Holland, Amsterdam (1974). 9. A. N. Chandra, W. G. Howe and D. P. Karp, Communication protocol for deadlock detection in computer networks. IBM Tech. Disclos. Bull. 16(10), 3471-3481 (1974). 10. B. Goldman, Deadlock Detection in Computer Networks. Technical Report MIT/LCS/TR-185, Laboratory for Computer Sciences, MIT, Cambridge, Massachusetts (1977). I1. J. H. Howard, Jr., Mixed solutions for the deadlock problem. CACM 16(7), 427-430 (1973). 12. D. W. Boettner and M. T. Alexander, The Michigan Terminal System Proc. IEEE 63(6), 912-918 (1975). 13. G. C. Pirkola, A file system for a general purpose timesharing environment. Proc. IEEE 63(6), 918-924 (1975). 14. R. Devillers, Game interpretation of the deadlock avoidance problem. CACM 20(10), 741-745 (1977). 15. C. A. Ellis, Probabilistic Models of computer Deadlock. Report CU-CS-041-74, Department of Computer Science, University of Colorado, Boulder, Colorado (1974). 16. C. A. Ellis, On the probability of deadlock in computer systems. 4th Syrup. Operating System Principles, (1973). 17. D. J. Frailey, A practical approach to managing resources and avoiding deadlocks. CACM 16(5), 323-329 (1973). 18. R. C. Holt, On Deadlock in ComputerSystems. Ph.D. dissertation, Department of Computer Science, Cornell University, Ithaca, New York (1971). 19. R. C. Holt, Comments of prevention of system deadlocks. CACM 14(1), 36-38 (1971). 20. S. S. Isloor and T. A. Marsland, The deadlock problem: An overview. IEEE Comput. 13(9), 58-78 0980). 21. T. J. Miller, Deadlock in Distributed Computer Networks. UIUCDCS-R-74--619, Department of Computer Science, University of Illinois, Urbana, Illinois (1974). 22. A. Shoshani and E. G. Coffman, Jr., Prevention, detection, and recovery from system deadlocks. Proc. 4th Ann. Princeton Conf. Inf. Sci~ Systems (1970). 23. G. V. Bockmann, Finite State Desc@tion o/ Communication Protocols. Publication No. 236, Department D' Informatique, University de Montreal (1976). 24. K. D. Gunther, Prevention of buffer deadlocks in packet switching networks. Presentedat IFIP-II ASA Workshop On Data Communications, Laxenburg, Austria (1975). 25. D. A. Hutchinson, S. A. Mahmoud and J. S. Riordon, A recursive algorithm for deadlock pre-emption in computer networks. Inf. Proc. 77, Proc., IFIP Cong. 77, Toronto, August 1977, pp. 241-246. 26. L. Kleinrock, Queuing Systems, Vol. II. Wiley, New York (1976). 27. S. Mahmoud and J. S. Riordon, Protocol considerations for software controlled access methods in distributed data bases. Proc. Int. Syrup. on Comput. Per/. Model. Measur., Eval. Harvard University, Cambridge, Massachusetts (1976). 28. S. A. Mahmoud and J. S. Riordon, Software controlled access to distributed data bases. INFOR lS(1), 22-36 (1977). 29. E. Raubold and J. Haeule, A method of deadlock-free resource allocation and flow control in packet networks. Proc. 3rd Int. Conf. Comput. Comm. pp. 483-487. Toronto (1976). 30. J. B. Postel, A Graph Model Analysis of Computer Communication Protocols. Computer Science Department, University of California, Los Angeles (1974).
0045-7906183 $3.00+ .00 © 1983 Pergamon Press Ltd.
Printed in Great Britain.
SOME ASPECTS OF COMPUTER
DEADLOCKS
INDERM. SoI and K. K. AGGARWAL Department of Electronics and Communication Engineering, Regional Engineering College, Kurukshetra, 132119, India
(Received[or publication 16 August 1982) Abstract--Modern multiprogramming systems are designed to support a high degree of parallelism by ensuring that as many system components as possible are operating concurrently. Deadlocks arise when members of a group of processes which hold resources are blocked indefinitely from access to resources held by other processes within the group. When no member of the group will relinquish control over its resources until after it has completed its current resource acquisition, deadlock is inevitable and can be broken only by the involvement of some external agency. In this paper we present a comprehensive study of the resource management problem in computer systems by critically reviewing the principles, techniques and tools involved in handling and avoiding deadlocks and by discussing the modelling techniques available for deadlock analysis. Toward the end we discuss the problem of on-line handling of deadlock in distributed computer networks.
INTRODUCTION
Deadlock is a constant threat in terminal oriented computer systems as such systems exhibit a high degree of resource and data sharing, a situation highly prone to deadlock occurrence. Deadlocks arise when members of a group of processes which hold resources are blocked indefinitely from access to resources held by other processes within the group. When no member of the group relinquishes control over its resources until after it has completed its current resource acquisition, deadlock is inevitable and can be broken only by the involvement of some external agency. The deadlock problem occurs in many different contexts, and analogies can be made to real-life situations, provided one interprets the process and resources involved appropriately. For deadlocks that may occur in computer operating systems, the term "system resource" broadly refers to storage media (e.g. primary memory, tapes, disks, and drums), system components (e.g. tape drives, disk drives, I10 channels, CPUS, readers and printers), and information (e.g. communication messages, data records, files, directories, programs, and system routines). Take the case of a small multiprogramming system with a single card reader and a printer, in which two user jobs share use of the printer and the card reader by means of request and release operations, as given in standard operating system texts[l]. Due to independent scheduling of the jobs, request and release operations can be interspersed in several different orders. Some of the sequences lead to a "deadly embrace", a deadlock where two jobs hold the printer and the card reader, respectively, and at the same time request the unit held by the other. More generally, a set of processes becomes deadlocked as a consequence of exclusive access and circular wait. The set of waiting processes is said to form a circular chain when each process holds at least one resource and makes a conflicting access request for some resource held by the next process in the chain. Necessary conditions which may give rise to such a circular wait are: (i) Exclusive control, i.e. processes request exclusive control of resources. (ii) Hold wait, i.e. processes hold resources allocated to them while waiting for additional ones. (iii) No preemption, i.e. a resource from a process cannot be preemptied without aborting the process. The basic strategies for handling deadlocks involve ensuring violation of at least one of these three necessary conditions for deadlock. In this paper we present a comprehensive study 99
100
I.M. SoI and K. K. AGGARWAL
of the resource/management problem in terminal-oriented computer systems by critically reviewing the principles, techniques, and tools involved in handling and avoiding deadlocks, and by discussing the modelling techniques available for deadlock analysis. Based on the on-line detection of deadlocks in distributed data bases, we propose a modified approach which can hopefully be used for on-line handling of deadlocks in distributed computer networks. DEADLOCK HANDLING TECHNIQUES 1. Basic techniques Broadly speaking, basic approaches to handle deadlock in computer systems fall into three categories: prevention, detection, and avoidance, as discussed below: (A) Prevention techniques Prevention is the process of constraining system users so that requests leading to deadlock never occur/22]. Deadlocks may be prevented in following several ways: (i) By outlawing concurrency is the simplest strategy, but is not consistent with current system design philosophies as it leads to very poor resource utilization. (ii) By acquiring all resources before processing starts works well for processes which perform a single burst of activity, (e.g. I/0 drivers) because the resource can be released immediately after each use. A disadvantage of this scheme is its inefficiency resulting from the fact that resources held may be idle for prolonged periods. The method becomes impractical for processes with fluctuating requirements and in a data-base environment, where it may be impossible for a data-driven process to specify and acquire all needed resources before execution begins. In short, this deadlock prevention technique discriminates heavily against data-driven processes where relationships in the data indicate future resources which are required for processing. (iii) By requiting a blocked process to release resources requested by an active process; e.g. blocking occurs when a process needs more main memory than is currently available, and thus the process is swapped to secondary storage by preempting its memory for use by an active process and is swapped back only when the entire, larger quantity of memory is available. Such a scheme using preemption to prevent deadlocks is prone to the danger of cyclic restart, in which two or more processes loop by continually blocking, aborting, and restarting each other. (iv) A set of approaches suggested by Havender[2] to eliminate the possibility of deadlocks includes strategies such as: (a) requesting all required resources at once; (b) pre-empting and re-requesting resources, in the case of a denial of incremental request for resources; and (c) a unique ordering of resources. Out of the above three strategies suggested by Havender[2], the last (i.e. a unique ordering of resources) is the most sophisticated form of prevention. A request for a specific resource is met only if all resources lower in rank, which are needed in the future, have also been allocated. By this means circular chains of blocked processes cannot occur since each process requests resources in the same orderly way. A major advantage of this scheme is the feasibility of enforcing resource ordering by compile-time checks. Restrictions on the allowable sequences of process requests force knowledgeable use of the ordering rule. A process may request and hold some units of a resource rather early in the processing stage, in which case a later incremental request for the same resource may be disallowed by the ordering rule; consequent recovery is possible only by pre-empting all the resources held by the process. As ordering the data resources (e.g. records, entities, or fields) is not possible in data-driven processes in fluctuating needs, so this scheme does not find its applicability in data-base systems. In heavily loaded systems, Havender's[2] prevention approaches provide very few safe resource allocations, and processes become blocked for long periods while holding valuable resources. (B) Detection techniques The assumption in these techniques is that all resource requests will be granted eventually. An algorithm, invoked periodically, examines current resource allocation and outstanding
Someaspectsof computerdeadlocks
101
requests to determine if any processes or resources are deadlocked. If a deadlock is discovered, the system must recover as gracefully as possible by preempting resources from affected processes until the deadlock is broken. Some of the drawbacks associated with detection methods are[22]: (a) Overhead arising out of the run-time cost of the algorithm as well as the potential losses inherent in pre-empting resources. (b) Since no action takes place until the actual occurrence of a deadlock, so resources may be held idle by blocked processes for long periods of time. (c) Detection principles may be difficult to use effectively due to unacceptable overhead in some situations, e.g., pre-emption of resources such as tape drives. However, detection strategies are still popular as deadlock handling schemes since the schemes have to be invoked intermittently and only essential pre-emptions need be performed. (C) Avoidance techniques In avoidance schemes, a resource request is granted only if at least one way remains for all processes to complete execution[17]. Two well known avoidance schemes are Banker's algorithm and maximum claims strategy. (i) Banker's algorithm [3]. Multiple units of a single resource are managed by requiring that the processes specify their total resource needs at initiation time. Also each process acquires or returns resource units one at a time. A request by any process whose remaining needs are in excess of the available resources is denied by the algorithm. In a sense this scheme projects detection into the future to keep the system from committing itself to an allocation which eventually leads to deadlock. (ii) Maximum claims strategy. Haberman[4] suggested a practical model and a good example of avoidance which uses the "maximum claims strategy" with regard to information on future resource requirements of each process. Deadlock avoidance is achieved by testing each possible allocation and making only those which lead to safe states. If there is a process which can run to completion using only its allocated resources and those that are immediately available, then the current state of the system is said to be safe or "deadlock free". Also every successor state obtained this way is safe. An interesting observation is that if the process originating this allocation (i.e. which lead to a safe state) can run to completion and release the resources it holds, then all other processes in the system can be completed, since the state prior to the allocation was safe.
2. No strategy technique This approach suggests that the deadlock problem be simply ignored. No doubt this had a superficial advantage of saving processor time and space otherwise required for detection, prevention or avoidance methods; but the onus of recognizing deadlocks is borne by either a computer operator discovering blocked processes or a user waiting for an answer. Further, ignoring of deadlocks will prove disastrous for the consistency of data in any data-base system [20]. 3. Mixed technique Howard[l l] discussed thoroughly the inappropriateness of the applicability of detection, avoidance, or prevention principles alone for the entire spectrum of resource allocation problems in operating systems and suggested a mixed approach combining the basic principles and allowing the selection of the optimal one for each class of resources in a system. Within the framework of resource ordering, the mixed method closely corresponds to the hierarchical structure of the operating system. This hierarchy is in the form of enveloping layers of capability in some operating systems. Each layer modifies and extends the facilities provided by an inner layer. Implementation of a primitive function or operation at one level is done through the creation of an inner-level process, which performs necessary actions and returns a result. An outer process must wait for a message, signalling the completion of the inner process. Deadlock handling mechanisms treat such messages as consumable resources.
102
I.M. Sol and K. K. AGG~WAL
Interpreted in terms of resource ordering, this implies that an outer process can't hold any resources required by the inner process it creates. As resources required by inner-level processes would automatically appear later in the ordering, so such a restriction automatically enforces a "natural" ordering of resources. Howard[l l] has illustrated the above concept of mixed method as an ideal solution of deadlock problem in a typical multibatch computing system consisting of four resources: Space in the swapping store; assignable devices such as tape drives and job resources such as access to files; central memory for user jobs; and internal resources such as memory for transient system overlays, and access to channels and controllers. As a solution to the resource management problem, Howard[ll] organized the resources into the four ordered classes mentioned above and suggested using a different scheme for each class as follows: (a) Use preallocation for the swapping space, since the maximum storage requirements are usually known. (b) As a job can always be swapped out, so central memory can be pre-empted and thus deadlock prevention is feasible. (c) As much information about the intended requirements for the job resources can be obtained from job control cards, so deadlock avoidance can be used. Here deadlock detection can also be used as resource ordering is possible, but it may lead to problems if file pre-emption is attempted during an update. (d) For internal system resources, use prevention through resource ordering since run-time choices between pending requests are unnecessary. Howard[l l] concluded that the practical advantages of the mixed approach in operating systems will outweigh the theoretical desirability of using a single method throughout. In summary it can be observed empirically that deadlock prevention methods tend to undercommit resources; detection methods give away resources so freely that prolonged blocking situations arise frequently; and avoidance methods fall somewhere in between. In heavily loaded systems Havender's[2] set of approaches provides very few safe resource allocations, and processes become blocked for long periods while holding valuable resources. A prevention strategy differs with an avoidance strategy in that the system need not perform run-time testing of potential allocations and agrees on the requirement that recovery from a system implementation error will need a rollback mechanism. MODELING FOR DEADLOCK ANALYSIS An important point in the analysis of the deadlock problem is the representation of process interactions during resource allocation phases. Computer systems consist of dynamic processes since one process may create another. Interaction among processes is said to be explicit when they communicate among themselves; and it is said to be implicit if it results from competition for access to physical objects. Either type of interaction (implicit or explicit) may cause blocking of processes. Holt[5] proposed the modeling of implicit and explicit interactions through the use of reusable and consumable resources respectively. Reusable resources include physical devices of a computer system (tape drives, disks, memory, and I/0 channels) and the total number of units of these resources in a system is fixed. Since any unit of a particular resource can be held by one process at a time, so each unit of a resource is either free for allocation or is held by processes. The total number of consumable resources (e.g. message text from operators, external interrupts, interprocess communications, and card images produced by a card reader) is not fixed. Further, a consumable ceases to exist when it is acquired by process. A process that creates a consumable resource may release any number of units at a time and must be treated as if it were holding the resource. It is the resource manager who assigns the reusable resources to requesting processes, which eventually return them to the manager, and in contrast with it, consumable resources are created and released by a producing process and are requested, acquired, and used by other processes. The complexity of the deadlock problem increases if a system has different resource types
Someaspectsof computerdeadlocks
103
and more than one resource of the same type. A formalization of the deadlock problem is attempted broadly in two ways: (i) Graph-theoretic models, i.e. graph models of the process interactions are developed and deadlocks are expressed precisely in terms of graph topologies; (ii) probabilistic or gameplaying models which attempt to avoid deadlock by ensuring, with high likelihood, that every state in the system is secure. A brief treatment of these modelling techniques for analyzing the deadlock problem is given below: (A) Graph-theoretic models Two different kinds of graph-theoretic models are available in literature: State graph model [6]. A state graph can be used to describe the relationships between a set of processes and a set of distinct resources in use by these processes. This state graph is a directed graph whose nodes correspond to the resources and whose edges are defined so that if some process P has access to resource Ri and is waiting for access to resource R~, then there exists an edge directed from node Ri to node R i. The existence of a circuit in the state graph means that a deadlock exists. A circuit is a closed directed path linking a subset of the nodes in the graph. As the general case involving multiple-unit resources could not be dealt with in the above defined state graph, Coffman et a/.[6] suggested the partitioning of the resources into different types in such a way that resources of a given type are identical. Thus in the state graph, nodes represent resource types; and a directed edge is said to exist between a node representing one resource type to another whenever any process has acquired access to at least one unit of the resource type and has requested access to at least one unit of another type. The requirements of such a method are an elaborate state description mechanism supplemented with "allocation" and "request" matrices and an "available resources vector". General Resource graph model: [5, 18, 19]. Holt[5] proposed the system modeling approach which is characterized by the use of a "general resource system" which models reusable as well as consumable resources. A general resource graph is a "bipartite graph" [7] in which nodes correspond to the set of processes and the set of resources (reusable and consumable). An available units vector, whose elements are positive measures of the quantity available, is associated with the set of resources. Edges directed from a process node to a resource node are termed request edges; while edges directed from reusable and consumable resource nodes to processes are called assignment and producer edges, respectively. If the number of request edges from the process to a particular resource exceeds the number of available units of resource, then the process is said to be blocked. Deadlock occurs when it is not possible to get the process out of the blocked state. Holt[5] proposed a graph reduction technique to detect the process deadlock. A graphreduction corresponds to the best sequence of operations a particular process can execute to help unblock other processes and is achieved by finding if the successive elimination of all sink nodes produces predecessors which are also sinks (a sink node is one with no edges emanating from it, i.e. no wait requests). When no circuit is present in the graph, then only will all the nodes become sinks. Holt's[5] algorithm to determine if a particular blocked process is deadlocked systematically traces out all paths emanating from the corresponding process node. A path which leads to a sink exists if and only if the process was deadlock free. In the general case, involving multiple-unit resources, a weight is associated with each allocation edge to represent the number of units held by the resource. (B) Advanced models Game-playing model. Devillers[14] recognized that the resource allocation problem is effectively a zero sum game in which the resource manager, RM, is competing against independent processes demand service. The manager is said to be winning if all the processes complete successfully, while the opposition wins if it creates a deadlock avoidance: "From some a priori information about the processes, the resources, the operating system, etc., determine what situations may be realized wl~thout endangering the smooth running of the
104
I.M. SoI and K. K. AGGARWAL
system." Generalizing the maximum claims[4] and task step[6] strategies, Devillers[14] also proposed a flow chart model, but with this model, it is not easy to define the safe states. This problem can be overcome by employing a global approach in which a state is defined safe if and only if a strategy exists for the R M which ensures its success, whatever operation the processes in that state choose [14]. As the game-playing model appears to be practical only for small systems, so this approach for deadlock analysis has not received much attention[20]. Probabilistic model. Ellis[15] tried a probabilistic approach to the deadlock problem and investigated the likelihood of deadlock in certain classes of systems. A state diagram representing process-resource interactions can be viewed as finite state automaton. A probability measure can be attached to an occurrence of each possible transition. A random resource allocation model is assumed, and the sum of the probabilities associated with transitions out of a given state is required to be unity. The likelihood of deadlock is measured in terms of the expected value of either the number of system actions to deadlock or the the number of resource allocations to deadlock. Ellis [16] in his studies using a probabilistic model, considered no more than five resources and processes, which is by no means very many in the commercial world; so further research is warranted on this technique for deadlock analysis. DEADLOCK-HANDLING IN DISTRIBUTED COMPUTER NETWORKS
The concept of deadlock is not as well understood for computer networks as for computer systems [6, 21]. At least four forms of deadlock have been identified in computer networks: (i) Deadlock may occur when user's processes can request resources at distinct hosts [27]. (ii) If protocols are improperly defined, they may contain situations in which sender and receiver wait for each other to act before proceeding [23]. (iii) Store-and-forward lock up occurs when two or more switches have all their buffers full of messages for other members of the deadlocked set of switches [26]. (iv) Re-assembly lock-up occurs when all message re-assembly buffer storage is used by partially re-assembled messages, resulting in messages being prevented from being received by their destinations [26]. The occurrence of deadlock implies that nothing can proceed in the portion of the network affected. No practical solution is yet known for the problem of store-and-forward lock-up. The main characteristic of distributed computing is that operating systems must contend with more autonomous behavior, thus aggravating the control problem. Presence of appreciable time lags renders coordination of the various controllers in the system much more difficult. Moreover, in geographically distributed computer system, all information needed to detect deadlocks is not necessarily available at any single installation, so the deadlock problem is somewhat different than that of a computer system. Communication delays may also make it difficult to get an accurate view of the status of the computer network. The result is that either a new deadlock may not be detected or a deadlock may be indicated where one no longer exists. Synchronizing the updates of files which are replicated at different sites is also nontrivial; and abortion, rollback, and recovery become very involved and require complex interprocess communication. If the design of a network allows a processor to request control of resources located at nodes other than the one on which the process is executing, the possibility of deadlocks within the network arises. The central difficulty presented by deadlocks in a network environment is that a deadlock may be detectable globally but not at any one node. Thus, in order to implement a deadlock detection or avoidance algorithm, it is necessary to construct a global description of network resource requests and allocations, either at some central location or at the node attempting to process a resource request [27, 28]. Some available techniques proposed for deadlock detection in a computer network are discussed below: (i) The technique of deadlock detection proposed by Chandra et al. [9] requires the maintenance of resource tables at each installation, containing information on processes (local/remote) having access to resources (local/remote). The type of access requested by the
Some aspects of computer deadlocks
105
process is also stored. By using such tables, it is hypothesized that well known algorithms for detecting deadlocks in a single computer system could be extended to detect deadlocks in a network of computers, by communication between installations and by appropriate expansion of resource tables. (ii) Mahmoud and Riordon [28] suggested two approaches--centralized control and distributed control--to deadlock detection. The centralized approach detects deadlocks by creating an overall global picture of the network status. In the distributed control approach each computer sends identical messages to every other one and receives different messages from each one, so that a deadlock may be detected at any particular installation. A potential problem with the centralized control approach is the selection of suitably sized groups of data to transmit, because if message congestion occurs at the control node, the performance of the whole detection scheme degrades. (iii) Goldman's[10] deadlock detection scheme is based on the creation and expansion of what is called an ordered blocked process list (OBPLs). Each process in an OBPL is waiting for a resource held by the next process in the list. Whenever an OBPL is transmitted between installations, a data resource name is inserted into the identification part of the OBPL. The last process in the list has access to, or is waiting for, that resource. In the former case the state (blocked or active) of the last process in the OBPL must be determined, while in the later case one needs to know the state of the process which holds the data resource. To determine these states and to eventually detect deadlocks, techniques are proposed to expand OBPLs by periodically transmitting them between installations. Though this approach solves many problems, yet it has the following shortcomings: (a) Each process is restricted to having only one outstanding request, which in reality is usually not the case. (b) When several readers share access to a data resource, the same requires the creation and expansion of a different copy of the OBPL for each reader since, if one of the readers is deadlocked, any process which requests access to that resource is blocked forever. It is possible that OBPLs, while undergoing expansion, could be transferred (sequentially) among several installations or several times between the same two installations before a deadlock is detected. (c) OBPLs could become large, leading to substantial overhead, especially when records or entities, instead of files, are considered as data resources. (d) Hutchinson, Mahmoud, and Riordon[25] have developed an optimal scheme for deadlock detection and recovery by pre-empting some of deadlocked processes. Bochmann[23], Postel[30], Gunther[24] and Raubold and Haenle[29] have studied the problem of preventing and avoiding deadlocks and lock-up situations in packet-switched networks to some extent. However, much more research is needed in this area. In any case all the above proposals generate network communication overhead (i.e. communication of large tables between installations), which increases as the size of the network increases, and moreover, has repercussions, since the information may be out of date by the time it arrives. On-line detection of deadlocks in distributed computer networks is defined to be the recognition of deadlock as requests are made or granted, by both local and remote resource allocators, without the necessity of further communication among installations. Existing algorithms [9, 10, 28] for deadlock detection in computer networks are not suitable for on-line use due to the following shortcomings: (i) For every request, granted or not, existing algorithms need to obtain the global network status by simultaneous transmission of each installation's status, leading to heavy communication traffic. (ii) Since this traffic results in communication delays, a new deadlock may go undetected or an apparent deadlock may no longer exist. (iii) After obtaining the complete network status, the algorithms still have to perform
106
I.M. Sol and K. K. AGGARWAL
Some of the above problems may be overcome by use of a reachable set [5], i.e. in a system graph representing process interactions, the set of all nodes traversed by a directed graph from a given node constitutes its reachable set, and a process is deadlocked if and only if the corresponding process node belongs to its own reachable set. Maintaining reachable sets by incremental updates, as resources are allocated and freed at each installation, enables local recognition of deadlocks and allows the allocation decision to be made without further messages. The on-line approach to deadlock handling eliminates the need for periodic transfer of lengthy messages among the computers in the network to ascertain the deadlock status of the system. Because communication delays are negligible, the method reduces the time interval during which deadlocks go undetected. Consider for example Fig. 1 representing computer systems C1 and C2. Let processes Pl, P2 and resources R~, R2 reside on C~ and similarly processes P3, P4 and resources R3, R4 reside on C2. For simplicity assume that each resource R2 is held by process P2 for exclusive access, for all (i), that P4 is waiting for access to R~, and that P2 is waiting for R3. At any instant (say, to) both Ca and C2 possess updated reachable sets for R2 and R4, namely {P2, R3, P3} and {P4, R1, P1}, respectively. Subsequently let P~ and P3 request access to R2 and R4, respectively. Deadlock is now inevitable and will be recognized upon the introduction of the processresource wait edges from P3 to R4 and Pt to R2. At the instant h, neither computer detects trouble, but when C1 and C2 receive the information on the addition of the edges at each other's installation, the deadlock is detected at both sites as the reachable sets are updated. The essence of this example is that requests by P1 for R2 and P3 for R4 occur within the same time frame. Thus, no matter what detection is used, the allocation will occur because neither computer can be aware of the activities of the other. Under these circumstances, a pre-emption mechanism is necessary in order to recover control of the system. Besides its low level of communication activity, the on-line approach has the following major advantages [20]: (i) A process is allowed to have any number of outstanding requests. (ii) When a number of readers share a data resource, no special treatment is needed, unlike schemes which require that a different copy of OBPL be formed for each such reader. (iii) Every request is dealt within a uniform way, since the detection technique does not classify requests according to the relationship between the original of the process and the addressed data resource. CONCLUSIONS AND FUTURE RESEARCH
Prevention methods tend to undercommit resources while detection techniques give away resources so freely that .prolonged blocking situations arise frequently. Avoidance methods fall somewhere in between. However, obtaining good upper bounds is a severe technical difficulty, since otherwise resources are used inefficiently. As none of these basic approaches alone-prevention, detection and avoidance--is appropriate for the entire spectrum of resource
{
c,
\
/
c2
Resource-process access edge .....
~
Process-resource wait edge
e: Exctusive access s : Shared access
Fig. 1.
\
Some aspects of computer deadlocks
107
allocation problems encountered in computing systems, a mixed strategy evolved b y tailoring the individual techniques to optimally handle subproblems of resource allocation seems to be the most attractive and desirable. Because the d e a d l o c k algorithms themselves typically have execution times which increase as the square of the n u m b e r of resources, deadlock prevention should be used in computer networks if possible rather than avoidance or detection. With the present-day trend towards increased concurrent access, a deadlock detection method outweighs prevention schemes in distributed systems b y enhancing concurrency. Typically a network will use a mix of strategies for deadlock, using prevention wherever possible and other techniques when prevention cannot be used. Some areas where more research is possibly needed are: (i) To find cost-effective ways of detecting and correcting errors in distributed data bases and discovering synchronization errors in networks featuring distributed processing. (ii) A comprehensive probabilistic model for computer deadlocks of large systems has not yet appeared in the literature, and an extension to systems with consumable resources is also needed. It is necessary to determine an efficient and effective method of rolling back a process. Such a mechanism will make existing detection techniques more attractive. REFERENCES 1. S. E. Madnick and J. J. Donovan, Operating Systems, pp. 255-261. McGraw-Hill, New York (1974). 2. J. W. Havender, Avoiding deadlock in multitasking systems. IBM Systems J. 7(2), 74--84 0968). 3. P. Brinch Hansen, Operating System Principles, pp. 42-49, 124-125. Prentice-Hall, Englewood Cliffs, New Jersey (1973). 4. A. N. Habermann, Prevention of system deadlocks CACM 12(7), 373-377 (1969). 5. R. C. Holt, Some deadlock properties of computer systems. Computing Surveys 4(3), 179-196 (1972). 6. E. G. Coffman, Jr., M. J. EIphick and A. Shoshain, System deadlocks. Computing Surveys 3(2), 67-78 (1971). 7. N. Deo, Graph Theory With Applications to Engineeringand ComputerScience. Prentice-Hall, Englewood Cliffs, New Jersey (1974). 8. D. D. Chamberlin, R. F. Boyce and I. L. Traiger, A deadlock-free scheme for resource locking in a data base environment. Inf. Proc. 74 Proc. IFIP Cong. pp. 340-343. Noah-Holland, Amsterdam (1974). 9. A. N. Chandra, W. G. Howe and D. P. Karp, Communication protocol for deadlock detection in computer networks. IBM Tech. Disclos. Bull. 16(10), 3471-3481 (1974). 10. B. Goldman, Deadlock Detection in Computer Networks. Technical Report MIT/LCS/TR-185, Laboratory for Computer Sciences, MIT, Cambridge, Massachusetts (1977). I1. J. H. Howard, Jr., Mixed solutions for the deadlock problem. CACM 16(7), 427-430 (1973). 12. D. W. Boettner and M. T. Alexander, The Michigan Terminal System Proc. IEEE 63(6), 912-918 (1975). 13. G. C. Pirkola, A file system for a general purpose timesharing environment. Proc. IEEE 63(6), 918-924 (1975). 14. R. Devillers, Game interpretation of the deadlock avoidance problem. CACM 20(10), 741-745 (1977). 15. C. A. Ellis, Probabilistic Models of computer Deadlock. Report CU-CS-041-74, Department of Computer Science, University of Colorado, Boulder, Colorado (1974). 16. C. A. Ellis, On the probability of deadlock in computer systems. 4th Syrup. Operating System Principles, (1973). 17. D. J. Frailey, A practical approach to managing resources and avoiding deadlocks. CACM 16(5), 323-329 (1973). 18. R. C. Holt, On Deadlock in ComputerSystems. Ph.D. dissertation, Department of Computer Science, Cornell University, Ithaca, New York (1971). 19. R. C. Holt, Comments of prevention of system deadlocks. CACM 14(1), 36-38 (1971). 20. S. S. Isloor and T. A. Marsland, The deadlock problem: An overview. IEEE Comput. 13(9), 58-78 0980). 21. T. J. Miller, Deadlock in Distributed Computer Networks. UIUCDCS-R-74--619, Department of Computer Science, University of Illinois, Urbana, Illinois (1974). 22. A. Shoshani and E. G. Coffman, Jr., Prevention, detection, and recovery from system deadlocks. Proc. 4th Ann. Princeton Conf. Inf. Sci~ Systems (1970). 23. G. V. Bockmann, Finite State Desc@tion o/ Communication Protocols. Publication No. 236, Department D' Informatique, University de Montreal (1976). 24. K. D. Gunther, Prevention of buffer deadlocks in packet switching networks. Presentedat IFIP-II ASA Workshop On Data Communications, Laxenburg, Austria (1975). 25. D. A. Hutchinson, S. A. Mahmoud and J. S. Riordon, A recursive algorithm for deadlock pre-emption in computer networks. Inf. Proc. 77, Proc., IFIP Cong. 77, Toronto, August 1977, pp. 241-246. 26. L. Kleinrock, Queuing Systems, Vol. II. Wiley, New York (1976). 27. S. Mahmoud and J. S. Riordon, Protocol considerations for software controlled access methods in distributed data bases. Proc. Int. Syrup. on Comput. Per/. Model. Measur., Eval. Harvard University, Cambridge, Massachusetts (1976). 28. S. A. Mahmoud and J. S. Riordon, Software controlled access to distributed data bases. INFOR lS(1), 22-36 (1977). 29. E. Raubold and J. Haeule, A method of deadlock-free resource allocation and flow control in packet networks. Proc. 3rd Int. Conf. Comput. Comm. pp. 483-487. Toronto (1976). 30. J. B. Postel, A Graph Model Analysis of Computer Communication Protocols. Computer Science Department, University of California, Los Angeles (1974).