CS110 Lecture 11: Condition Variables and Semaphores

Principles of Computer Systems

Winter 2020

Stanford University

Computer Science Department

Instructors: Chris Gregg and

                            Nick Troccoli

PDF of this presentation

CS110 Topic 3: How can we have concurrency within a single process?

Learning About Processes

Introduction to Threads

Threads and Mutexes

Condition Variables and Semaphores

Multithreading Patterns

2/3

2/5

Today

2/12

Today's Learning Goals

• Learn how condition variables can let threads signal to each other
• Get practice with the "available permits" resource model
• Learn what a semaphore is and how it is implemented

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

• Threads allow a process to parallelize a problem across multiple cores
• Consider a scenario where we want to process 250 images and have 10 cores
• Simulation: let each thread help process images until none are left

Race Conditions and Mutexes

There is a race condition here!

• Problem: multiple threads could access remainingImages between lines 2 and 4.

​

• Why is this? It's because remainingImages > 0 test and remainingImages-- aren't atomic
• Atomicity: externally, the code has either executed or not; external observers do not see any intermediate states mid-execution
• If a thread evaluates remainingImages > 0 to be true and commits to processing an image, another thread could come in and claim that same image before this thread processes it.

Race Conditions and Mutexes

• C++ statements are not inherently atomic - anything that takes more than 1 assembly instruction could be interleaved or interrupted.
• E.g. even remainingImages-- takes multiple assembly instructions:

• Each core has its own registers that it has to read from
• Each thread makes a local copy of the variable before operating on it
• Problem: What if multiple threads do this simultaneously?  They all think there's only 128 images remaining and process 128 at the same time!

Race Conditions and Mutexes

Mutex

https://www.flickr.com/photos/ofsmallthings/8220574255

A mutex is a variable type that represents something like a "locked door".

You can lock the door:

- if it's unlocked, you go through the door and lock it

- if it's locked, you ​wait for it to unlock first

If you most recently locked the door, you can unlock the door:

- door is now unlocked, another may go in now

• A mutex is a type used to enforce mutual exclusion, i.e., a critical section
• Mutexes are often called locks
• When a thread locks a mutex...
  • If the lock is unlocked: the thread takes the lock and continues execution
  • If the lock is locked: the thread blocks and waits until the lock is unlocked
  • If multiple threads are waiting for a lock: they all wait until it's unlocked, one receives lock
• When a thread unlocks a mutex, it continues normally; one waiting thread (if any) takes the lock and is scheduled to run

Mutex - Mutual Exclusion

Goal: keep critical sections as small as possible to maximize concurrent execution

Note: we don't need to lock around printing out remainingImages - reading a size_t has no risk of corruption

Critical Sections Can Be Bottlenecks

Hardware provides atomic memory operations to build on top of: e.g. "compare and swap"

• ​cas old, new, addr - instruction that says if addr == old, set addr to new
• Idea: use this as a single bit to see if the lock is held - if not, take it - if it is, enqueue yourself in a thread-safe way and tell kernel to sleep you
• When a node unlocks, it clears the bit and wakes up a thread

Caches add an additional challenge:

• Each core has its own cache
• Writes are typically write-back (write to higher cache level when line is evicted), not write-through (always write to main memory) for performance
• Caches are coherent -- if one core writes to a cache line that is also in another core's cache, the other core's cache line is invalidated: this can become a performance problem

How Do Mutexes Work?

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

• This is a canonical multithreading example of the potential for deadlock and how to avoid it.
• Five philosophers sit around a circular table, eating spaghetti
• There is one fork for each of them
• Each philosopher thinks, then eats, and repeats this three times for their three daily meals.
• To eat, a philosopher must grab the fork on their left and the fork on their right.  With two forks in hand, they chow on spaghetti to nourish their big, philosophizing brain. When they're full, they put down the forks in the same order they picked them up and return to thinking for a while.
• To think, the a philosopher keeps to themselves for some amount of time.  Sometimes they think for a long time, and sometimes they barely think at all.
• Let's take our first attempt. (The full program is right here.)

Dining Philosophers Problem

https://commons.wikimedia.org/wiki/File:An_illustration_of_the_dining_philosophers_problem.png​

Dining Philosophers Problem

A philosopher thinks, then eats, and repeats this three times.  

• think is modeled as sleeping the thread for some amount of time

Dining Philosophers Problem

A philosopher thinks, then eats, and repeats this three times.  

• eat is modeled as grabbing the two forks, sleeping for some amount of time, and putting the forks down.

Dining Philosophers Problem

Food For Thought

When coding with threads, you need to ensure that:

• there are never any race conditions
• there's zero chance of deadlock; otherwise a subset of threads are forever starved
• Race conditions can generally be solved with mutexes.
  • We use them to mark the boundaries of critical regions and limit the number of threads present within them to be at most one.
• Deadlock can be programmatically prevented by implanting directives to limit the number of threads competing for a shared resource.  ​What does this look like?

Race Conditions and Deadlock

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

Race Conditions and Deadlock

• Let's add a new variable in main called permits, and a lock for it called permitsLock, so that we can update it without race conditions.
• We pass these to each philosopher by reference.
• The full program can be found right here.

Tickets, Please...

• Each philosopher takes two additional parameters as a result.
• The implementation of think does not change, as it does not use permits.
• The full program can be found right here.

Tickets, Please...

• The implementation of eat changes:
  • Before eating, the philosopher must get a permit
  • After eating, the philosopher must return their permit.
• The full program can be found right here.

Tickets, Please...

• How do we implement grantPermission?
• Recall: "To return a permit, increment by 1 and continue"

grantPermission

• How do we implement waitForPermission?
• Recall:
  • "If there are permits available (count > 0) then decrement by 1 and continue"
  • "If there are no permits available (count == 0) then block until a permit is available"

waitForPermission

It would be nice if....someone could let us know when they return their permit.  Then, we can sleep until this happens.

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

Plan For Today

A ​condition variable is a variable that can be shared across threads and used for one thread to notify to another thread when something happens.  A thread can also use this to wait until it is notified by another thread.

• We can call wait to sleep until another thread signals this condition variable.
• We can call notify_all to send a signal to waiting threads.

• How do we implement waitForPermission?
• Recall:
  • "If there are permits available (count > 0) then decrement by 1 and continue"
  • "If there are no permits available (count == 0) then block until a permit is available"

Idea:

• when someone returns a permit and it is the only one now available, signal.
• if we need a permit but there are none available, wait.

waitForPermission

Full program: here

• Now we must create a condition variable to pass by reference to all threads.

Condition Variables

Full program: here

• For grantPermission, we must signal when we make permits go from 0 to 1.

grantPermission

Full program: here

• For waitForPermission, if no permits are available we must wait until one becomes available.

Here's what cv.wait does:

• it puts the caller to sleep and unlocks the given lock, all atomically
• it wakes up when the cv is signaled
• upon waking up, it tries to acquire the given lock (and blocks until it's able to do so)
• then, cv.wait returns

waitForPermission

• The Dining Philosophers Problem, continued
  • while loops around cv.wait(m) calls are so common that the
    condition_variable_any class exports a second, two-argument version of wait whose implementation is a while loop around the first. That second version looks like this:
    
    
    
     
  • It's a template method, because the second argument supplied via pred can be anything capable of standing in for a zero-argument, bool-returning function.
  • The first waitForPermissions can be rewritten to rely on this new version, as with:

Lecture 11: Multithreading and Condition Variables

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

Announcements

Midterm This Friday

• Midterm info webpage with practice materials, BlueBook download: cs110.stanford.edu/exams/midterm/
• Please notify us of any OAE accommodations by today
• We use BlueBook, computerized testing software you will run on your laptop. If you don't have a laptop to use, let us know by today.
• Review Session tonight 7-8:30PM in Hewlett 201 (recorded)

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

• The lock_guard is a convenience class whose constructor calls lock on the supplied mutex and whose destructor calls unlock on the same mutex. It's a convenience class used to ensure the lock on a mutex is released no matter how the function exits (early return, standard return at end, exception thrown, etc.)
• Here's how we could use it in waitForPermission and grantPermission:

Lock Guards

• Fundamentally, the size_t, condition_variable_any, and mutex are collectively working together to track a resource count—in this case, four permission slips.
  • They provide thread-safe increment in grantPermission and thread-safe decrement in waitForPermission.
  • They work to ensure that a thread blocked on zero permission slips goes to sleep indefinitely, and that it remains asleep until another thread returns one.
• In our latest dining-philosopher example, we relied on these three variables to collectively manage a thread-safe accounting of four permission slips. However!
  • There is little about the implementation that requires the original number be four. Had we gone with 20 philosophers and and 19 permission slips, waitForPermission and grantPermission would still work as is.
  • The idea of maintaining a thread-safe, generalized counter is so useful that most programming languages include more generic support for it. That support normally comes under the name of a semaphore.
  • For reason that aren't entirely clear to me, standard C++ omits the semaphore from its standard libraries. My guess as to why? It's easily built in terms of other supported constructs, so it was deemed unnecessary to provide official support for it.

Lecture 11: Multithreading and Condition Variables

• The semaphore constructor is so short that it's inlined right in the declaration of the semaphore class.
• semaphore::wait is our generalization of waitForPermission.

• Why does the capture clause include the this keyword?
  • Because the anonymous predicate function passed to cv.wait is just that—a regular function.  Since functions aren't normally entitled to examine the private state of an object, the capture clause includes this to effectively convert the bool-returning function into a bool-returning semaphore method.
• semaphore::signal is our generalization of grantPermission.

Lecture 11: Multithreading and Condition Variables

• Here's our final version of the dining-philosophers.
  • It strips out the exposed size_t, mutex, and condition_variable_any and replaces them with a single semaphore.
  • It updates the thread constructors to accept a single reference to that semaphore.

Lecture 11: Multithreading and Condition Variables

• eat now relies on that semaphore to play the role previously played by waitForPermission and grantPermission.
• 
  
  
  
  
  
  
   
  • We could switch the order of the last two lines, so that right.unlock() precedes
    left.unlock(). Is the switch a good idea? a bad one? or is it really just arbitrary?
  • One student suggested we use a mutex to bundle the calls to left.lock() and right.lock() into a critical region. Is this a solution to the deadlock problem?
  • We could lift the permits.signal() call up to appear in between right.lock() and the first cout statement.  Is that valid?  Why or why not?

Lecture 11: Multithreading and Condition Variables

• The semaphore class is not built in to C++, but it is a useful way to generalize the "permits" idea. We will link against our version of a semaphore for this class, but you should understand how it is built.
• Using a semaphore is straightforward: you first declare a semaphore with a number of permits you would like:

semaphore

• When a thread wants to use a permit, it first waits for the permit, and then signals when it is done using a permit:

• A mutex is kind of like a special case of a semaphore with one permit, but you should use a mutex in that case as it is simpler and more efficient. Additionally, the benefit of a mutex is that it can only be released by the lock-holder.

• Question: what would a semaphore initialized with 0 mean?

semaphore

• Question: what would a semaphore initialized with 0 mean?

semaphore

• In this case, we don't have any permits!
• So, permits.wait() always has to wait for a signal, and will never stop waiting until that signal is received.
• We will see an example of this shortly.

• What about a negative initializer for a semaphore?

• What about a negative initializer for a semaphore?

• In this case, the semaphore would have to reach 1 before the wait would stop waiting. You might want to wait until a bunch of threads finished before a final thread is allowed to continue. Example (full program here): 

semaphore

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

• New concurrency pattern!
  • semaphore::wait and semaphore::signal can be leveraged to support a different form of communication: thread rendezvous.
  • Thread rendezvous is a generalization of thread::join. It allows one thread to stall—via semaphore::wait—until another thread calls semaphore::signal, often because the signaling thread just prepared some data that the waiting thread needs before it can continue.
• To illustrate when thread rendezvous is useful, we'll implement a simple program without it, and see how thread rendezvous can be used to repair some of its problems.
  • The program has two meaningful threads of execution: one thread publishes content to a shared buffer, and a second reads that content as it becomes available.
  • The program is a nod to the communication in place between a web server and a browser. The server publishes content over a dedicated communication channel, and the browser consumes that content.
  • The program also reminds me of how two independent processes behave when one writes to a pipe, a second reads from it, and how the write and read processes behave when the pipe is full (in principle, a possibility) or empty.

semaphore

• Consider the following program, where concurrency directives have been intentionally omitted. (The full program is right here.)

semaphore

Plan For Today

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

• Here's what works:
  • Because the main thread declares a circular buffer and shares it with both children, the children each agree where content is stored.
  • Think of the buffer as the state maintained by the implementation of pipe, or the state maintained by an internet connection between a server and a client.
  • The writer thread publishes content to the circular buffer, and the reader thread consumes that same content as it's written. Each thread cycles through the buffer the same number of times, and they both agree that i % 8 identifies the next slot of interest.
• Here's what's broken:
  • Each thread runs more or less independently of the other, without consulting the other to see how much progress it's made.
  • In particular, there's nothing in place to inform the reader that the slot it wants to read from has meaningful data in it. It's possible the writer just hasn't gotten that far yet.
  • Similarly, there's nothing preventing the writer from advancing so far ahead that it begins to overwrite content that has yet to be consumed by the reader.

semaphore

• One solution? Maintain two semaphores.
  • One can track the number of slots that can be written to without clobbering yet-to-be-consumed data. We'll call it emptyBuffers, and we'll initialize it to 8.
  • A second can track the number of slots that contain yet-to-be-consumed data that can be safely read. We'll call it fullBuffers, and we'll initialize it to 0.
• Here's the new main program that declares, initializes, and shares the two semaphores.
  
  
  
  
  
  
   
• The writer thread waits until at least one buffer is empty before writing. Once it writes, it'll increment the full buffer count by one.
• The reader thread waits until at least one buffer is full before reading. Once it reads, it increments the empty buffer count by one.

semaphore

• Here are the two new thread routines:
  
  
  
  
  
  
  
  
  
   
•  
• 
  
  
   
• The reader and writer rely on these semaphores to inform the other how much work they can do before being necessarily forced off the CPU.
• Thought question: can we rely on just one semaphore instead of two? Why or why not?

semaphore

• Implementing myth-buster!
  • The myth-buster is a command line utility that polls all 16 myth machines to determine which is the least loaded.
    • By least loaded, we mean the myth machine that's running the fewest number of CS110 student processes.
    • Our myth-buster application is representative of the type of thing load balancers (e.g. myth.stanford.edu, www.facebook.com, or www.netflix.com) run to determine which internal server your request should forward to.
  • The overall architecture of the program looks like that below. We'll present various ways to implement compileCS110ProcessCountMap.

semaphore

• Implementing myth-buster!
  
  
  
  
  
  
   
  • readStudentFile updates cs110Students to house the SUNet IDs of all students currently enrolled in CS110. There's nothing interesting about its implementation, so I don't even show it (though you can see its implementation right here).
  • compileCS110ProcessCountMap is more interesting, since it uses networking—our first networking example!—to poll all 16 myths and count CS110 student processes.
  • processCountMap is updated to map myth numbers (e.g. 61) to process counts (e.g. 9).
  • publishLeastLoadedMachineInfo traverses processCountMap and and identifies the least loaded myth.

semaphore

• The networking details are hidden and packaged in a library routine with this prototype:
  
  
   
• num is the myth number (e.g. 54 for myth54) and sunetIDs is a hashset housing the SUNet IDs of all students currently enrolled in CS110 (according to our /usr/class/cs110/repos/assign4 directory).
• Here is the sequential implementation of a compileCS110ProcessCountMap, which is very brute force and CS106B-ish:

semaphore

• Here are two sample runs of myth-buster-sequential, which polls each of the myths in sequence (i.e. without concurrency).
  
  
  
  
  
   

• Each call to getNumProcesses is slow (about half a second), so 16 calls adds up to about 16 times that. Each of the two runs took about 5 seconds.

semaphore

• Each call to getNumProcesses spends most of its time off the CPU, waiting for a network connection to be established.
• Idea: poll each myth machine in its own thread of execution. By doing so, we'd align the dead times of each getNumProcesses call, and the total execution time will plummet.

semaphore

• Here are key observations about the code on the prior slide:
  • Polling the myths concurrently means updating processCountMap concurrently. That means we need a mutex to guard access to processCountMap.
  • The implementation of compileCS110ProcessCountMap wraps a thread around each call to getNumProcesses while introducing a semaphore to limit the number of threads to a reasonably small number.
  • Note we use an overloaded version of signal. This one accepts the on_thread_exit tag as its only argument.
    • Rather than signaling the semaphore right there, this version schedules the signal to be sent after the entire thread routine has exited, as the thread is being destroyed.
    • That's the correct time to really signal if you're using the semaphore to track the number of active threads.
  • This new version, called myth-buster-concurrent, runs in about 0.75 seconds. That's a substantial improvement.
  • The full implementation of myth-buster-concurrent sits right here.

semaphore

Recap

• Recap: Race Conditions and Mutexes
• Recap: Dining With Philosophers
• Encoding Resource Constraints
• Condition Variables
• Break: Announcements
• Semaphores
• Thread Coordination
• Example: Reader-Writer

Next time: more threads