[Chapter Nineteen][Previous]
[Next] [Art of
Assembly][Randall Hyde]
Art of Assembly: Chapter Nineteen
- 19.5 - Synchronization
- 19.5.1 - Atomic Operations, Test &
Set, and Busy-Waiting
19.5 Synchronization
Many problems occur in cooperative concurrently executing processes
due to synchronization (or the lack thereof). For example, one process can
produce data that other processes consume. However, it might take much longer
for the producer to create than data than it takes for the consumer to use
it. Some mechanism must be in place to ensure that the consumer does not
attempt to use the data before the producer creates it. Likewise, we need
to ensure that the consumer uses the data created by the producer before
the producer creates more data.
The producer-consumer problem is one of several very famous synchronization
problems from operating systems theory. In the producer-consumer problem
there are one or more processes that produce data and write this data to
a shared buffer. Likewise, there are one or more consumers that read data
from this buffer. There are two synchronization issues we must deal with
- the first is to ensure that the producers do not produce more data than
the buffer can hold (conversely, we must prevent the consumers from removing
data from an empty buffer); the second is to ensure the integrity of the
buffer data structure by allowing access to only one process at a time.
Consider what can happen in a simple producer-consumer problem. Suppose
the producer and consumer processes share a single data buffer structure
organized as follows:
buffer struct
Count word 0
InPtr word 0
OutPtr word 0
Data byte MaxBufSize dup (?)
buffer ends
The Count field specifies the number of data bytes currently
in the buffer. InPtr points at the next available location
to place data in the buffer. OutPtr is the address of the next
byte to remove from the buffer. Data is the actual buffer array.
Adding and removing data is very easy. The following code segments almost
handle this job:
; Producer- This procedure adds the value in al to the buffer.
; Assume that the buffer variable MyBuffer is in the data segment.
Producer proc near
pushf
sti ;Must have interrupts on!
push bx
; The following loop waits until there is room in the buffer to insert
; another byte.
WaitForRoom: cmp MyBuffer.Count, MaxBufSize
jae WaitForRoom
; Okay, insert the byte into the buffer.
mov bx, MyBuffer.InPtr
mov MyBuffer.Data[bx], al
inc MyBuffer.Count ;We just added a byte to the buffer.
inc MyBuffer.InPtr ;Move on to next item in buffer.
; If we are at the physical end of the buffer, wrap around to the beginning.
cmp MyBuffer.InPtr, MaxBufSize
jb NoWrap
mov MyBuffer.InPtr, 0
NoWrap:
pop bx
popf
ret
Producer endp
; Consumer- This procedure waits for data (if necessary) and returns the
; next available byte from the buffer.
Consumer proc near
pushf ;Must have interrupts on!
sti
push bx
WaitForData: cmp Count, 0 ;Is the buffer empty?
je WaitForData ;If so, wait for data to arrive.
; Okay, fetch an input character
mov bx, MyBuffer.OutPtr
mov al, MyBuffer.Data[bx]
dec MyBuffer.Count
inc MyBuffer.OutPtr
cmp MyBuffer.OutPtr, MaxBufSize
jb NoWrap
mov MyBuffer.OutPtr, 0
NoWrap:
pop bx
popf
ret
Consumer endp
The only problem with this code is that it won't always work if there are
multiple producer or consumer processes. In fact, it is easy to come up
with a version of this code that won't work for a single set of producer
and consumer processes (although the code above will work fine, in that
special case). The problem is that these procedures access global variables
and, therefore, are not reentrant. In particular, the problem lies with
the way these two procedures manipulate the buffer control variables. Consider,
for a moment, the following statements from the Consumer procedure:
dec MyBuffer.Count
; // Suppose an interrupt occurs here //
inc MyBuffer.OutPtr
cmp MyBuffer.OutPtr, MaxBufSize
jb NoWrap
mov MyBuffer.OutPtr, 0
NoWrap:
If an interrupt occurs at the specified point above and control transfers
to another consumer process that reenters this code, the second consumer
would malfunction. The problem is that the first consumer has fetched data
from the buffer but has yet to update the output pointer. The second consumer
comes along and removes the same byte as the first consumer. The second
consumer then properly updates the output pointer to point at the next available
location in the circular buffer. When control eventually returns to the
first consumer process, it finishes the operation by incrementing the output
pointer. This causes the system to skip over the next byte which no process
has read. The end result is that two consumer processes fetch the same byte
and then skip a byte in the buffer.
This problem is easily solved by recognizing the fact that the code that
manipulates the buffer data is a critical region. By restricting execution
in the critical region to one process at a time, we can solve this problem.
In the simple example above, we can easily prevent reentrancy by turning
the interrupts off while in the critical region. For the consumer procedure,
the code would look like this:
; Consumer- This procedure waits for data (if necessary) and returns the
; next available byte from the buffer.
Consumer proc near
pushf ;Must have interrupts on!
sti
push bx
WaitForData: cmp Count, 0 ;Is the buffer empty?
je WaitForData ;If so, wait for data to arrive.
; The following is a critical region, so turn the interrupts off.
cli
; Okay, fetch an input character
mov bx, MyBuffer.OutPtr
mov al, MyBuffer.Data[bx]
dec MyBuffer.Count
inc MyBuffer.OutPtr
cmp MyBuffer.OutPtr, MaxBufSize
jb NoWrap
mov MyBuffer.OutPtr, 0
NoWrap:
pop bx
popf ;Restore interrupt flag.
ret
Consumer endp
Note that we cannot turn the interrupts off during the execution of the
whole procedure. Interrupts must be on while this procedure is waiting for
data, otherwise the producer process will never be able to put data in the
buffer for the consumer.
Simply turning the interrupts off does not always work. Some critical regions
may take a considerable amount of time (seconds, minutes, or even hours)
and you cannot leave the interrupts off for that amount of time. Another
problem is that the critical region may call a procedure that turns the
interrupts back on and you have no control over this. A good example is
a procedure that calls MS-DOS. Since MS-DOS is not reentrant, MS-DOS is,
by definition, a critical section; we can only allow one process at a time
inside MS-DOS. However, MS-DOS reenables the interrupts, so we cannot simply
turn off the interrupts before calling an MS-DOS function an expect this
to prevent reentrancy.
Turning off the interrupts doesn't even work for the consumer/producer procedures
given earlier. Note that interrupts must be on while the consumer is waiting
for data to arrive in the buffer (conversely, the producers must have interrupts
on while waiting for room in the buffer). It is quite possible for the code
to detect the presence of data and just before the execution of the cli
instruction, an interrupt transfers control to a second consumer process.
While it is not possible for both processes to update the buffer variables
concurrently, it is possible for the second consumer process to remove the
only data value from the input buffer and then switch back to the first
consumer that removes a phantom value from the buffer (and causes the Count
variable to go negative).
One poorly thought out solution is to use a flag to control access to a
critical region. A process, before entering the critical region, tests the
flag to see if any other process is currently in the critical region; if
not, the process sets the flag to "in use" and then enters the
critical region. Upon leaving the critical region, the process sets the
flag to "not in use." If a process wants to enter a critical region
and the flag's value is "in use", the process must wait until
the process currently in the critical section finishes and writes the "not
in use" value to the flag.
The only problem with this solution is that it is nothing more than a special
case of the producer/consumer problem. The instructions that update the
in-use flag form their own critical section that you must protect. As a
general solution, the in-use flag idea fails.
19.5.1 Atomic Operations, Test & Set, and Busy-Waiting
The problem with the in-use flag idea is that it takes several instructions
to test and set the flag. A typical piece of code that tests such a flag
would read its value and determine if the critical section is in use. If
not, it would then write the "in-use" value to the flag to let
other processes know that it is in the critical section. The problem is
that an interrupt could occur after the code tests the flag but before it
sets the flag to "in use." Then some other process can come along,
test the flag and find that it is not in use, and enter the critical region.
The system could interrupt that second process while it is still in the
critical region and transfer control back to the first. Since the first
process has already determined that the critical region is not in use, it
sets the flag to "in use" and enters the critical region. Now
we have two processes in the critical region and the system is in violation
of the mutual exclusion requirement (only one process in a critical region
at a time).
The problem with this approach is that testing and setting the in-use flag
is not an uninterruptable (atomic ) operation. If it were, then there would
be no problem. Of course, it is easy to make a sequence of instructions
non-interruptible by putting a cli instruction before them.
Therefore, we can test and set a flag in an atomic operation as follows
(assume in-use is zero, not in-use is one):
pushf
TestLoop: cli ;Turn ints off while testing and
cmp Flag, 0 ; setting flag.
je IsInUse ;Already in use?
mov Flag, 0 ;If not, make it so.
IsInUse: sti ;Allow ints (if in-use already).
je TestLoop ;Wait until not in use.
popf
; When we get down here, the flag was "not in-use" and we've just set it
; to "in-us." We now have exclusive access to the critical section.
Another solution is to use a so-called "test and set" instruction
- one that both tests a specific condition and sets the flag to a desired
value. In our case, we need an instruction that both tests a flag to see
if it is not in-use and sets it to in-use at the same time (if the flag
was already in-use, it will remain in use afterward). Although the 80x86
does not support a specific test and set instruction, it does provide several
others that can achieve the same effect. These instructions include xchg,
shl, shr, sar, rcl,
rcr, rol, ror, btc/btr/bts
(available only on the 80386 and later processors), and cmpxchg
(available only on the 80486 and later processors). In a limited sense,
you can also use the addition and subtraction instructions (add,
sub, adc, sbb, inc,
and dec) as well.
The exchange instruction provides the most generic form for the test and
set operation. If you have a flag (0=in use, 1=not in use) you can test
and set this flag without messing with the interrupts using the following
code:
InUseLoop: mov al, 0 ;0=In Use
xchg al, Flag
cmp al, 0
je InUseLoop
The xchg instruction atomically swaps the value in al
with the value in the flag variable. Although the xchg instruction
doesn't actually test the value, it does place the original flag value in
a location (al) that is safe from modification by another process.
If the flag originally contained zero (in-use), this exchange sequence swaps
a zero for the existing zero and the loop repeats. If the flag originally
contained a one (not in-use) then this code swaps a zero (in-use) for the
one and falls out of the in use loop.
The shift and rotate instructions also act as test and set instructions,
assuming you use the proper values for the in-use flag. With in-use equal
to zero and not in-use equal to one, the following code demonstrates how
to use the shr instruction for the test and set operation:
InUseLoop: shr Flag, 1 ;In-use bit to carry, 0->Flag.
jnc InUseLoop ;Repeat if already in use.
This code shifts the in-use bit (bit number zero) into the carry flag and
clears the in-use flag. At the same time, it zeros the Flag variable, assuming
Flag always contains zero or one. The code for the atomic test and set sequences
using the other shift and rotates is very similar and appears in the exercises.
Starting with the 80386, Intel provided a set of instructions explicitly
intended for test and set operations: btc (bit test and complement),
bts (bit test and set), and btr (bit test and
reset). These instructions copy a specific bit from the destination operand
into the carry flag and then complement, set, or reset (clear) that bit.
The following code demonstrates how to use the btr instruction
to manipulate our in-use flag:
InUseLoop: btr Flag, 0 ;In-use flag is in bit zero.
jnc InUseLoop
The btr instruction is a little more flexible than the shr
instruction because you don't have to guarantee that all the other bits
in the Flag variable are zero; it tests and clears bit zero
without affect any other bits in the Flag variable.
The 80486 (and later) cmpxchg instruction provides a very generic synchronization
primitive. A "compare and swap" instruction turns out to be the
only atomic instruction you need to implement almost any synchronization
primitive. However, its generic structure means that it is a little too
complex for simple test and set operations. You will get an opportunity
to design a test and set sequence using cmpxchg in the exercises.
Returning to the producer/consumer problem, we can easily solve the critical
region problem that exists in these routines using the test and set instruction
sequence presented above. The following code does this for the Producer
procedure, you would modify the Consumer procedure in a similar
fashion.
; Producer- This procedure adds the value in al to the buffer.
; Assume that the buffer variable MyBuffer is in the data segment.
Producer proc near
pushf
sti ;Must have interrupts on!
; Okay, we are about to enter a critical region (this whole procedure),
; so test the in-use flag to see if this critical region is already in use.
InUseLoop: shr Flag, 1
jnc InUseLoop
push bx
; The following loop waits until there is room in the buffer to insert
; another byte.
WaitForRoom: cmp MyBuffer.Count, MaxBufSize
jae WaitForRoom
; Okay, insert the byte into the buffer.
mov bx, MyBuffer.InPtr
mov MyBuffer.Data[bx], al
inc MyBuffer.Count ;We just added a byte to the buffer.
inc MyBuffer.InPtr ;Move on to next item in buffer.
; If we are at the physical end of the buffer, wrap around to the beginning.
cmp MyBuffer.InPtr, MaxBufSize
jb NoWrap
mov MyBuffer.InPtr, 0
NoWrap:
mov Flag, 1 ;Set flag to not in use.
pop bx
popf
ret
Producer endp
One minor problem with the test and set approach to protecting a critical
region is that it uses a busy-waiting loop. While the critical region is
not available, the process spins in a loop waiting for its turn at the critical
region. If the process that is currently in the critical region remains
there for a considerable length of time (say, seconds, minutes, or hours),
the process(es) waiting to enter the critical region continue to waste CPU
time waiting for the flag. This, in turn, wastes CPU time that could be
put to better use getting the process in the critical region through it
so another process can enter.
Another problem that might exist is that it is possible for one process
to enter the critical region, locking other processes out, leave the critical
region, do some processing, and then reenter the critical region all during
the same time slice. If it turns out that the process is always in the critical
region when the timer interrupt occurs, none of the other processes waiting
to enter the critical region will ever do so. This is a problem known as
starvation - processes waiting to enter the critical region never do so
because some other process always beats them into it.
One solution to these two problems is to use a synchronization object known
as a semaphore. Semaphores provide an efficient and general purpose mechanism
for protecting critical regions. To find out about semaphores, keep reading...
- 19.5 - Synchronization
- 19.5.1 - Atomic Operations, Test &
Set, and Busy-Waiting
Art of Assembly: Chapter Nineteen - 29 SEP 1996
[Chapter Nineteen][Previous]
[Next] [Art of
Assembly][Randall Hyde]