Two Mutual Exclusion Algorithms for Shared Memory
Jordi Bataller Mascarell

TL;DR
This paper presents two formally proven mutual exclusion algorithms for shared memory systems, one with a coordinator and one without, ensuring fair access for concurrent processes.
Contribution
Introduces two novel mutual exclusion algorithms for shared memory, with formal correctness proofs and different fairness mechanisms.
Findings
Guarantee that every process trying to enter the critical section eventually does so.
One algorithm uses a coordinator process for fairness, the other elects the next process without a coordinator.
Both algorithms are proven correct and use specific shared variables for coordination.
Abstract
In this paper, we introduce two algorithms that solve the mutual exclusion problem for concurrent processes that communicate through shared variables, [2]. Our algorithms guarantee that any process trying to enter the critical section, eventually, does enter it. They are formally proven to be correct. The first algorithm uses a special coordinator process in order to ensure equal chances to processes waiting for the critical section. In the second algorithm, with no coordinator, the process exiting the critical section is in charge to fairly elect the following one. In the case that no process is waiting, the turn is marked free and will be determined by future waiting processes. The type of shared variables used are a turn variable, readable and writable by all processes; and a flag array, readable by all with flag[i] writable only by process i. There is a version of the first…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDistributed systems and fault tolerance · Optimization and Search Problems · Advanced Data Storage Technologies
Two Mutual Exclusion Algorithms
for Shared Memory
Jordi Bataller Mascarell
Departament de Sistemes Informàtics i Computació
Universitat Politècnica de València (SPAIN)
Abstract
In this paper, we introduce two algorithms that solve the mutual exclusion problem for concurrent processes that communicate through shared variables, [2]. Our algorithms guarantee that any process trying to enter the critical section, eventually, does enter it. They are formally proven to be correct.
The first algorithm uses a special coordinator process in order to ensure equal chances to processes waiting for the critical section. In the second algorithm, with no coordinator, the process exiting the critical section is in charge to fairly elect the following one. In the case that no process is waiting, the turn is marked free and will be determined by future waiting processes. The type of shared variables used are a variable, readable and writable by all processes; and a array, readable by all with writable only by process . There is a version of the first algorithm where no writable by all variable is used.
The bibliography reviewed for this paper is [4] and [3], all the rest is original work.
1 Asymmetric Algorithm
This algorithm uses a coordinator process in charge of assigning the right to access the critical section to processes trying to enter it. The algorithms are written using the notation described in [1].
Shared variables
- •
Processes , plus the coordinator.
- •
, initially THINKING, readable and writable by all.
- •
. Initially, . is readable by all and writable by .
A process willing to enter the critical section announces this by setting to WAITING, and then waits until is . On exit, it reverts to REMAINDER and sets to THINKING, so the coordinator knows the process is done and turn must be updated.
Algorithm for process
WAITING
CRITICAL SECTION
REMAINDER
The coordinator performs an infinite loop where it serially inspects the state of processes. When a processes is found waiting for the critical section, the coordinator grants the access to it; and then waits until that process leaves the section –signaled by setting to THINKING.
Algorithm for the coordinator process
THINKING
mod
Although the above algorithms are written mathematically, problems on concurrency are difficult to reason about. It is much more suitable to define algorithms by means of finite state automata with edges representing events –transitions between two states. An event may have a precondition, written “precondition ”; or an effect, written “ effect”. This is a practical simplification of the formalism in [4].
Automaton for process .
1 2 critical section 3 4
Automaton for the coordinator process.
[TABLE] 1 2 \scriptstyle{flag[p]\neq\text{WAITING}\Rightarrow}$$\scriptstyle{flag[p]=\text{WAITING}\Rightarrow} 2.1 2.2 3
Theorem 1.1
Mutual exclusion.
No two processes can be at the same time in the critical section state.
Proof of theorem 1.1
Suppose, for a contradiction, that there exists an execution where process is the first one to enter the critical section while another one, , is still inside. This timeline shows the situation.
If has to enter the critical section while is in, there must be another process, say , to change to THIKING before does (within the lapse ), so the coordinator scapes from 2.2 and can reach again to let in. But that means that is in the critical section overlapped with before overlaps with .
This is a contradiction, as we assumed that is the first one breaching the critical section.
Lemma 1.2
If the turn is assigned to a process, then, it will enter the critical section.
Proof of lemma 1.2
If process is in a state and turn is assigned to it –as the coordinator reaches 2.2; only may enter the critical section (by the condition ) since the coordinator will be in state 2.2 while . In this point, there is no other process in the critical section (or could violate mutual exclusion) able to change to THINKING.
A second case is when process leaves the critical section. Because sets to REMAINDER before signaling the coordinator to choose the following process for the critical section, with , can’t reach state 4 with the turn reasigned to it.
Theorem 1.3
A proceess waiting in state 2 will enter the critical section.
Proof of theorem 1.3
The coordinator asigns turns in a round-robin fashion between processes with –in the loop using counter .
Once a process is waiting in 2, processes with number could enter the critical section before . If one such process is not waiting, increases towards ; if it is waiting, it will enter the critical section and, at exit, is equally increased towards . Finally, and will enter the critical section.
2 Asymmetric Algorithm with one-writer/multiple-reader variables
A new version of our previous algorithm can be devised in order to have the variable to be writable only by the coordinator process. This is at the expense of making the exiting process, , to wait until the coordinator changes to something different from . Otherwise, would be able to re-enter the critical section using its previous . And worse, the coordinator could change to a different waiting process and the mutual exclusion would be broken.
Shared variables
- •
Processes , plus the coordinator.
- •
, initially THINKING, writable only by the coordinator process, readable by all.
- •
. Initially, . is readable by all and writable by .
Algorithm for process
WAITING
CRITICAL SECTION
REMAINDER
i
Algorithm for the coordinator process
REMAINDER
mod
3 Symmetric Algorithm
This algorithm has no special coordinator process, but, in some way, it integrates its task. When a process exits the critical section, it fairly decides which waiting process is granted the next access –setting variable . If no one is waiting, is set to FREE, same as at the beginnig. If the critical section is found free, incoming processes will elect one of them to enter the critical section.
Shared variables
- •
Processes
- •
, initially FREE, readable and writable by all.
- •
. Initially, . is readable by all and writable by .
Algorithm for process , entry part
WAITING
CANDIDATE
[math]
WAITING
WAITING
CRITICAL SECTION
Algorithm for process , exit part
CRITICAL SECTION
THINKING
REMAINDER
THINKING
, 0
FREE
This is the automaton version of the algorithm.
Entry part
Exit part
Lemma 3.1
No two processes are in state 3.5.1 simultaneously.
Proof of lemma 3.1 Suppose for a contradiction that two processes and are in state , being the first to arrive.
The number of processes with is computed in the loop . When arrives at , . That means that has not reached state (its flag is not CANDIDATE) when inspects .
Now, by assumption, remains in until arrives. That implies that during that lapse. Eventually, passes , marking itself as candidate and, when it ends the loop, for must be at least 2 (itself and ).
Thus, can’t enter as the condition to do so fails. This contradicts the assumption that both and can be in simultaneously.
We say that a turn assignment (like the one when state 3.5.2 is reached) is an enabling turn assignment iff that assignment is the latest before the process granted by it enters the critical section.
The following timeline shows an enabling turn assignment for process . In the marked lapse, is not changed.
Theorem 3.2
Mutual exclusion.
No two processes can be at the same time in the extended critical section –states in .
Corolary 3.3
(of theorem 3.2)
Two processes can’t be simultaneously in the critical section.
Proof of theorem 3.2
Suppose, for a contradiction, that there exists an execution where process is the first one to enter the extended critical section (states ) while another one, say , is still in. This is:
Now, let’s consider the cases where the enabling turn assignments of ’s and ’s can happen.
- •
Case 1. The enabling assignments for both processes and occur at 3.5.2.
By lemma 3.1, when is in , is not. From , reaches the extended critical section, and, by assumption, it remains alone within it (until also arrives at). Thus, during this lapse, is either or THINKING, never FREE:
As a consequence, can’t access state (nor ) to perform its enabling assignment, since . This contradicts this case.
- •
Case 2. No matter which is the enabling assignment for , the enablig assignment for process is performed by a third process going from state to . This would be the situation.
By the contradicting assumption, must enter the critical section before (and remain there until it overlaps with ). In this case, must be before as well, because is set at that moment and it is fixed until . This implies that must be overlapped in the critical section with process . This contradicts the asumption that and are the first processes that break the mutual exclusion.
- •
Case 3 (last). The enabling assignment for process is done by a third process, say ; and the enabling asigment for occurs at state . This is the outline now:
Let’s consider when arrived at state . Because this needs , a process must assignt FREE to as it reaches its state .
The assignment can’t be in (lapse 1), because that process would overlap its critical section with ’s. Neither in because is fixed for to enter the critical section. Neither in (lapse 2), because that overlaps with ’s critical section. Therefore, is in state before . This is:
Now let’s consider how is set to in . In this interval, by lemma 3.1, cannot do a turn asigment to itself from state . Hence, a process, say , does this assignment in its state . When did enter its critical section? If later than , then again, another process in should have performed ’s enabling assignment after . But there may exist only a finite number of proceses entering its critical section in and enabling the following one until and then . Let’s suppose it is process the one which is in state after but enters its critical section before. This is depicted in the following timeline.
Finally, we reach the desired contradiction: can’t be changed to FREE in because there cannot exist another process in the critical section overlapped with – and are the first ones to overlap.
Lemma 3.4
If the turn is assigned to a process, then, no other one will change this assignment before it enters the critical section.
Proof of lemma 3.4
If a process assigns the turn to itself in state , the assignment won’t be changed (before enters the critical section):
- •
Not at state . Otherwise, this would imply that a process is in and could use its turn to break theorem 3.2.
- •
Not at state , because, by lemma 3.1, it can’t be already in and, as seen in the previous point, there is no one in the extented critical section to change to FREE.
If is assigned to at state by a process , again, no other one may change this asigment:
- •
Not at state . For a contradiction, suppose process is the first one in doing so. must be at state () before is set to , so the assumptions for this case hold. If this can happen, then, could also reach the critical section in , breaching theorem 3.2.
- •
Not at state . If, oppositely, a process is the first to do this, it must enter the critical section after (not to be overlapped with ). But this would require a change in to before the supposed first change after .
Lemma 3.5
If the turn is assigned to a process, then, it will enter the critical section.
Proof of lemma 3.5
If a process sets to itself in ; it is able to reach state –there is no condition against this.
A process in the extended critical section can’t choose itself for : it is not eligible in state because its flag is REMAINDER.
If is assigned to a process in , in case it is waiting at state , the assignment enables it to get to state .
Finally, since an assignment of to a process doesn’t change (lemma 3.4) and it is able to arrive at state , it will eventually enter the critical section.
Lemma 3.6
A given process in will elect another process for , considering this order: , such that is smaller or equal than the minimum identifier of the processes which passed state before process arrived at .
Proof of lemma 3.6
The loop defined by the states makes process to look for a waiting process () with minimum identifier following this order: . Every process that has changed its flag to WAITING in state 2 before the loop begins (actually in state ) will be eligible for in state .
There is the corner case that a process becomes WAITING when the loop has begun. In this case, will be considered only if the loop counter . Note that will remain in state until the decision for is made, because is set to THINKING by in . It will able to continue when reaches state and is set.
Corolary 3.7
(of lemma 3.6)
When a process sets to FREE, there is no process in a state between .
Proof of corolary 3.7 Any process in a state between has set its to WAITING before is set to THINKING by the elector process in . Thus, it must be considered for in This implies that cannot be set to FREE.
Lemma 3.8
If is set to FREE, one of the waiting processes will be elected for in state .
Proof of lemma 3.8
If is set to FREE, by corolary 3.7, all waiting processes must be at state before this assignment. The remaining processes have . The asignment to FREE allows processes waiting at to continue (). At least one of them will reach state (while ), as well as at least one will reach state (again while is not set in ).
Let’s consider the set of processes, , that reach state from since for the last time, and for which their CANDIDATE. is not empty, and its size is bounded by ; this is, all the processes.
For a given execution, consider the instant after which no more processes are added to and let be the process with the smallest identifier in .
If a process different from is in state then, by lemma 3.1, won’t be able to reach before that process sets to itself. And as a consequence, this is proves the theorem for this case.
If on the contrary, no process is already in , will reach this state.
The loop defined by states counts how many processes set in and which of them has the lowest identifier.
Any process , , will reach state and because its variable is less than , it will proceed to state and, finally, it will set to WAITING. This means that is no more a candidate, it will not reach state again in this loop, and that is removed from . Eventually, only will be in . Then, will find that and (being ). This allows to assign to itself in state .
Theorem 3.9
A waiting process () will be elected for and it will enter the critical section.
Proof of theorem 3.9
By lemma 3.6, a process in the extended critical section fairly chooses the following process for among waiting processes, or sets it to FREE if no one is waiting when it performed the election.
In case is FREE, as initially, by lemma 3.8, is eventually granted to a process.
By lemma 3.4, once a process has the , it is not changed before the process arrives at the critical section. By lemma 3.5, a process with the turn will reach the critical section.
Finally, a process that sets its to WAITING, eventually arrives at state , and doesn’t change this setting, unless it reaches state after the critical section.
Therefore, a waiting process will, eventually, enter the critical section.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] Jordi Bataller Mascarell. Visual help to learn programming. ACM Inroads , 2(4):42–48, December 2011.
- 2[2] E. W. Dijkstra. Solution of a problem in concurrent programming control. Commun. ACM , 8(9):569–, September 1965.
- 3[3] David Gries and Fred B. Schneider. A logical approach to discrete math . Springer-Verlag New York, Inc., New York, NY, USA, 1993.
- 4[4] Nancy A. Lynch. Distributed Algorithms . Morgan Kaufmann, 1996.
