**Lecture 2 - Handling concurrency**

**Multi-processors with shared memory**

Idea: several CPUs sharing the same RAM. (Note: by CPU, we understand the circuits that process the instruction flow and execute the arithmetic operations; a PC CPU chip contains additional circuits, as well, such as the memory cache, memory controller, etc.)

**Memory caches**

Problems: high memory latency; memory bottleneck

Solution: use per-processor cache

![A diagram of a computer hardware system

Description automatically generated](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAUYAAAEUCAIAAADY8whbAAAJNmlDQ1BkZWZhdWx0X3JnYi5pY2MAAHiclZFnUJSHFobP933bCwvssnRYepMqZQHpvUmvogJL7yxLEbEhYgQiiog0RZCggAGjUiRWRLEQFBSxoFkkCCgxGEVUUPLDOxPn3vHHfX49884755yZA0ARBQBARQFSUgV8Pxd7TkhoGAe+IZKXmW7n4+MJ3+X9KCAAAPdWfb/zXSjRMZk8AFgGgHxeOl8AgOQCgGaOIF0AgBwFAFZUUroAADkLACx+SGgYAHIDAFhxX30cAFhRX30eAFj8AD8HABQHQKLFfeNR3/h/9gIAKNvxBQmxMbkc/7RYQU4kP4aT6ediz3FzcOD48NNiE5Jjvjn4/yp/B0FMrgAAwCEtfRM/IS5ewPmfoUYGhobw7y/e+gICAAh78L//AwDf9NIaAbgLANi+f7OoaoDuXQBSj//NVI8CMAoBuu7wsvjZXzMcAAAeKMAAFkiDAqiAJuiCEZiBJdiCE7iDNwRAKGwAHsRDCvAhB/JhBxRBCeyDg1AD9dAELdAOp6EbzsMVuA634S6MwhMQwhS8gnl4D0sIghAROsJEpBFFRA3RQYwQLmKNOCGeiB8SikQgcUgqkoXkIzuREqQcqUEakBbkF+QccgW5iQwjj5AJZBb5G/mEYigNZaHyqDqqj3JRO9QDDUDXo3FoBpqHFqJ70Sq0ET2JdqFX0NvoKCpEX6ELGGBUjI0pYboYF3PAvLEwLBbjY1uxYqwSa8TasV5sALuHCbE57COOgGPiODhdnCXOFReI4+EycFtxpbga3AlcF64fdw83gZvHfcHT8XJ4HbwF3g0fgo/D5+CL8JX4Znwn/hp+FD+Ff08gENgEDYIZwZUQSkgkbCaUEg4TOgiXCcOEScICkUiUJuoQrYjexEiigFhErCaeJF4ijhCniB9IVJIiyYjkTAojpZIKSJWkVtJF0ghpmrREFiWrkS3I3uRo8iZyGbmJ3Eu+Q54iL1HEKBoUK0oAJZGyg1JFaadco4xT3lKpVGWqOdWXmkDdTq2inqLeoE5QP9LEado0B1o4LYu2l3acdpn2iPaWTqer023pYXQBfS+9hX6V/oz+QYQpoifiJhItsk2kVqRLZETkNYPMUGPYMTYw8hiVjDOMO4w5UbKouqiDaKToVtFa0XOiY6ILYkwxQzFvsRSxUrFWsZtiM+JEcXVxJ/Fo8ULxY+JXxSeZGFOF6cDkMXcym5jXmFMsAkuD5cZKZJWwfmYNseYlxCWMJYIkciVqJS5ICNkYW53txk5ml7FPsx+wP0nKS9pJxkjukWyXHJFclJKVspWKkSqW6pAalfokzZF2kk6S3i/dLf1UBiejLeMrkyNzROaazJwsS9ZSlidbLHta9rEcKqct5ye3We6Y3KDcgryCvIt8uny1/FX5OQW2gq1CokKFwkWFWUWmorVigmKF4iXFlxwJjh0nmVPF6efMK8kpuSplKTUoDSktKWsoByoXKHcoP1WhqHBVYlUqVPpU5lUVVb1U81XbVB+rkdW4avFqh9QG1BbVNdSD1Xerd6vPaEhpuGnkabRpjGvSNW00MzQbNe9rEbS4Wklah7XuaqPaJtrx2rXad3RQHVOdBJ3DOsOr8KvMV6Wualw1pkvTtdPN1m3TndBj63nqFeh1673WV9UP09+vP6D/xcDEINmgyeCJobihu2GBYa/h30baRjyjWqP7q+mrnVdvW92z+o2xjnGM8RHjhyZMEy+T3SZ9Jp9NzUz5pu2ms2aqZhFmdWZjXBbXh1vKvWGON7c332Z+3vyjhamFwOK0xV+WupZJlq2WM2s01sSsaVozaaVsFWnVYCW05lhHWB+1Ftoo2UTaNNo8t1WxjbZttp2207JLtDtp99rewJ5v32m/6GDhsMXhsiPm6OJY7DjkJO4U6FTj9MxZ2TnOuc153sXEZbPLZVe8q4frftcxN3k3nluL27y7mfsW934Pmoe/R43Hc09tT75nrxfq5e51wGt8rdra1LXd3uDt5n3A+6mPhk+Gz6++BF8f31rfF36Gfvl+A/5M/43+rf7vA+wDygKeBGoGZgX2BTGCwoNaghaDHYPLg4Uh+iFbQm6HyoQmhPaEEcOCwprDFtY5rTu4bircJLwo/MF6jfW5629ukNmQvOHCRsbGyI1nIvARwRGtEcuR3pGNkQtRblF1UfM8B94h3qto2+iK6NkYq5jymOlYq9jy2Jk4q7gDcbPxNvGV8XMJDgk1CW8SXRPrExeTvJOOJ60kByd3pJBSIlLOpYqnJqX2pymk5aYNp+ukF6ULMywyDmbM8z34zZlI5vrMHgFLkC4YzNLM2pU1kW2dXZv9ISco50yuWG5q7uAm7U17Nk3nOef9tBm3mbe5L18pf0f+xBa7LQ1bka1RW/u2qWwr3Da13WX7iR2UHUk7fiswKCgveLczeGdvoXzh9sLJXS672opEivhFY7std9f/gPsh4YehPav3VO/5UhxdfKvEoKSyZLmUV3rrR8Mfq35c2Ru7d6jMtOzIPsK+1H0P9tvsP1EuVp5XPnnA60BXBaeiuOLdwY0Hb1YaV9YfohzKOiSs8qzqqVat3le9XBNfM1prX9tRJ1e3p27xcPThkSO2R9rr5etL6j8dTTj6sMGloatRvbHyGOFY9rEXTUFNAz9xf2pplmkuaf58PPW48ITfif4Ws5aWVrnWsja0Latt9mT4ybs/O/7c067b3tDB7ig5BaeyTr38JeKXB6c9Tved4Z5pP6t2tq6T2VnchXRt6prvju8W9oT2DJ9zP9fXa9nb+aver8fPK52vvSBxoewi5WLhxZVLeZcWLqdfnrsSd2Wyb2Pfk6shV+/3+/YPXfO4duO68/WrA3YDl25Y3Th/0+LmuVvcW923TW93DZoMdv5m8lvnkOlQ1x2zOz13ze/2Dq8ZvjhiM3LlnuO96/fd7t8eXTs6/CDwwcOx8DHhw+iHM4+SH715nP146cn2cfx48VPRp5XP5J41/q71e4fQVHhhwnFi8Ln/8yeTvMlXf2T+sTxV+IL+onJacbplxmjm/Kzz7N2X615OvUp/tTRX9KfYn3WvNV+f/cv2r8H5kPmpN/w3K3+XvpV+e/yd8bu+BZ+FZ+9T3i8tFn+Q/nDiI/fjwKfgT9NLOcvE5arPWp97v3h8GV9JWVn5By6ikLxSF1/9AAAACXBIWXMAAAxOAAAMTgF/d4wjAAAAHXRFWHRTb2Z0d2FyZQBHUEwgR2hvc3RzY3JpcHQgOS4wNmqmDDUAAAkcSURBVHic7d3blqJIAEVBndX//8vOA2sYmjuYJOYh4qnaQqVstiRy8f35fF5Aij93z8A93u/33bNwhvffmhpdSB6a9KvBPBpdwprW4kLyz93zAJQkaYgiaYgiaYgiaYgiaYgiaYgiaYhS9VCT9YMl+t36w8m6G/tbmtv1D5VVSrprchjk+/3+fD7D2/ufR7d3P3TT15lbaFe9gfcoyGmfioXv1UjawclQzQ99PGZoDd/7iTOxplvawDk11tKbrXYfiVWYE4hXb+B9aIta4XBOpYF3txdqVPVmt9Md1MC6etvSs02uhKphOOGHPvEGvidpiCJpiCJpiCJpiCJpiCJpiCJpiPITp23cwimfbGpxIXE+Y0nOD+V2Bt5Qz/RMh+IkXUyLgzTySLowYXMvSUMUSUMl/QW5Lh3KSboMn3XzIyRd2NXvwbBO0hBF0mUYdbNp+IVQ1z2LpMuTNzeSNESRNESRNESRNESRNESRNESRNESRNESRNESRNESRdBnDs6+cicXUaKm4biGRNNQwPOv20rPrJV2YayFwL0lDFEmX4WIm5xy9rnWF62C3TtLc6ehGStMbNd3MX71pJunCml7mCPDcr7l7ptF1Z4fbC/06pJ94Otl0+vW7TNdLK+uo0eOs3Lj5UE8m6WKa2JzuZnIaWzfno/Y2px8+bH+v0V2GNiOcLX/2GfW8RNIltbKQrczndCW8c/qVpxiusQ89zjTs6e1tqTDbD03691ensyosEE2ksuc94nuNLiQPTfrVyLI7VGEJO5HKzs2NzUeefZyVe9WpusWF5LlJs2R27F38LqO7jzaYR8PspQdvdwR+nYe+Ii0uCi3O81Bz89/cDL9er/f7bb80NbSYR6MkzeX0XJOkuZyea5I0RJE0RJE0RDmzX3rp+N7Nu5zYz7l0L5+49L7cJ/xwR5fM33cs6enfv/OQpqOnNAxP6FmajSfbfMtjp9nzz+6bnQIOr6VHf/Atf38T5zxdZPqHP/aluEjrr+eBpNf/1NmTZvt/jibbczYss/LWKj9i+pI22nbJY7xnD9MdXeB6eNrt9Oxcdtp5CDSb8l69YkkvnUm/ftpt3gtan5fuG3mv3oGk17dgpxey2fmY+ycGNh3eL71S7HDNvP8c2iJPDXSODbz7y0qNbux+6G/vh9+jCUaTjf65ub/KKh02fbsTa/P26QQ7L2q187pzwJADQiGKpCGKpCGKpCGKpCGKpCGKpCGKpCHKQ79t48lnXLNfiwuJy/2U5PJJ3M7AG+qZniJRnKSLaXGQRh5JFyZs7iVpiCJpqOTclX+OknQZPuvmR0i6MHu8uZekIYqky9h59SWebPZaXcVJGqJIGqJIGqJIGqJIGqJIGqJIGqJIGqJIGqJIGqJIGqJIuozh2VfOxGJq6WvVi5M01DA86/bSs+slXZhrIXAvSZfhygf8CElDFElDJd0W2dWbZpIuzIY095J0MWLmF0gaojx3j0uLH1A/9j/rFi0uIa/Hfr90i3uPG13CmtbiQmLgDVEkDVEkDVEkDVEkDVEkDVHO7MQa7U3Z80F//2XZJ55ieq/+t83tY4CrHUt6WubOnaVHzz3spx9FO7zRflqYOjzwHjVWfz154g0FnuPAWnq9n9FQeWnkPFr3rg+wp25/Q/lBNkO+kffqlTwgdDQeng6P+8Mwux+GR2Va3x5y9K2QJafXLj+rWNLDgIetDl+dgh90tXiQdhHT9z7vhsU1/ZIeSHr9I65+RH30Y7D9Ew+f65k9v+bGPo99KQqafT0bDfvwWnolp+GaeU91OycbPfWTe+7NfkboZTnh6O7V33cs6a6opf3Sw8sUv5YXtaVrlM++rJtvn0n/Ged4Bb6R9+odXktvrqI377i+df39E8GTOSAUokgaokgaokgaokgaokgaokgaokgaokgaokgaokgaojz0O7GOngTKM7W4kDhRsSQnfrKuwrmcBt4QRdLFtDhII4+kCxM295I0VHLu+nxHSRqiSLoMn3XzIyRdmD3e3EvSUMPo+yque9+XdBk7L3vKY1X7OjdJQxRJQxRJQxRJQxRJQxRJQxRJQxRJQxRJQxRJQxRJQxRJlzE8Ct+ZWExVW0IkDTVUO+tW0oW5FgL3knQZrnzAj5A0VHX1OE7SUEmdLTJJF2ZDmntJuhgx8wskDVVd/db/3D0uPqAm0kO/X9reYyK9328Db4giaYgiaYgiaYgiaYgiaYgiaYgiaYgiaYhy4Oix0RGUe46+6u6y/zit4VNM79X/1oFfsGRX0tMydx4gffRaH/30sz13Nzo2G1bsHXhX+w77nTMAzNpeS6+sFafj5KWR82jduz7AXp8ZbcOKbz8e+3w+0xX46Jauw35Q3f/zaJz93b+cZwj21cmVozXzcBU6zLXUB13901lXw5LttfRKPKfrOreW3pwfYO/Ae2m4O1ob7xkVH/0YfDSxVTSs2DXw7iKc3S89HXUvDaqnZc5ONp14/WGBoYeu8azqieRCRZBG0hBF0hBF0hBF0hBF0hBF0hBF0hBF0hBF0hBF0hDluYc6u5QCkZ6bNBU4PaY+A2+IImmuZQOnMklzFTHfQtIQRdIQRdJc6+jVI/mSpLmE3Vd3kTREkTSXWP+6Fa4jaYgiaYgiaYgiaYgiaYgiaYgiaYgiaYgiaYgiaYgiaYgiaS4xPKHSyZU1SRqiSJpLuPLBXSTNtVwLoTJJQxRJQxRJcxXj7VtImmsJuzJJQ5TnfhppFwuR/tw9A/ewZ4VI7/fbwBuiSBqiSBqiSBqiSBqiSBqiSBqiSBqiSBqi/HkNDo2cHlDV/WrpQKudx2BND72cfaLRjafnCp7sn9dqsSu/Xf/V7GSf/+w5vvr0XMGT/TXwHl3VsVo23XMtdX7XXEGL/k96M5X3QH/L8FfDH0oRMBwy/nhsPchu2Dx7+2uwCl1Z33aGDzL8554VNbDir6SHaU3TXc/1tWON2k2wNNnm7UbdsGlmJ9b6OvbLqEbbzP1W9HDovvTs3zwvPMQ46XMr0qNGfX4GVp7XKho2bR9qMlqprq9L99gcwO95cCttmPXQrVOb5URyoSJII2mIImmIImmIImmIImmIImmIImmIImmIImmIImmI8txDnZ34QaR/AS+jwVpWsxxBAAAAAElFTkSuQmCC)

New problem: ensure cache consistency (consider that one CPU modifies a memory location and, immediately afterwards, another CPU reads the same location).

Solution: cache-to-cache protocol for ensuring consistency. (Locking, cache invalidation, direct transfer between caches.) However, this means that:

* if multiple CPU access for both read and write the same memory location, the access is serialized and no speed-up results from multiple cores (moreover, there is a penalty to be paied for the cache ping-pong);
* the same happens if two variables are placed in distinct memory locations, but in the same cache line (false sharing).

Note: see [false-sharing.cpp](https://www.cs.ubbcluj.ro/~rlupsa/edu/pdp/progs/false-sharing.cpp) and play with the *alignof* argument.

**Instruction re-ordering**

In the beginning, the CPU executed instructions purely sequentially, that is, it started one instruction only after the previous one was fully completed.

However, each instruction consists in several steps (fetch the instruction from memory, decode it, compute the addresses of the operands, get the operands from memory, executing any arithmetic operation, etc) and sub-steps (a multiplication, for instance, is a complex operation and takes many clock cycles to complete). Thus, the execution of an instruction takes several clock cycles to complete.

It is possible, however, to parallelize the stages in instruction execution, for instance, to fetch the next instrunction while the previous one is being decoded. The result is a processing *pipeline*, and thus, at each moment, there are several instruction in various stages of their execution. The advantage is that the average execution time per instruction is reduced, but there is a problem if an instruction needs some results from the previous instruction before those results are ready. To solve this problem, the solution is to add wait states or to re-order instructions (so that there is enough time between dependent instructions). Both waits and re-orderings can be done either by the compiler or by the CPU itself.

The result for the programmer is that instructions can be re-ordered without the programmer knowing about that. The reordering is never allowed to change the behavior of a single thread, but can change the behavior in multi-threading contexts. Consider the following code:

bool ready = false;

int result;

Thread 1:

result = <some expression>

ready = true

Thread 2:

while(!ready) {}

use(result)

Because of re-ordering, the above code may not be correct. The compiler or the CPU can re-order the instructions in Thread 1 because the behavior of thread 1 is not change by that. However, this makes thread 2 belive the result is ready before actually being so.

**Processes and threads**

See a [C++ example](https://www.cs.ubbcluj.ro/~rlupsa/edu/pdp/progs/threads.cpp) and a [Java example](https://www.cs.ubbcluj.ro/~rlupsa/edu/pdp/progs/threads.java) with threads and performance measurement.

See also a [classical pitfall](https://www.cs.ubbcluj.ro/~rlupsa/edu/pdp/progs/MisleadingLambda.cs) regarding closures in C#, in a threading context.

A *thread* has a current instruction and a calling stack. In more details, it has the following attributes:

* The pointer to the current instruction (IP register);
* The stack of nested function calls (with the return address from each function to its caller);
* The local variables and temporaries for each active function.

At each moment, a thread can:

* *run* on one of the CPUs,
* *be suspended*, waiting for a CPU to become available,
* *sleep*, waiting for some external operation to complete.

This means that each CPU executes instructions from one thread until it either launches a blocking operation (read from a file or from network), its time slice expires, or some higher piority thread becomes runable. At that point, the operation system is invoked (by the read syscall, by the timer interrupt, or by the device driver interrupt), saves the registers of the current thread, including the *instruction pointer* (IP) and the *stack pointer* (SP), and loads the registers for the next scheduled thread. The last operation effectively restores the context of that thread and jumps to it.

It should be noted that a *context switch* (jumping from one thread to another) is quite an expensive operation, because it consists in some hundreds of instrunctions, and may invalidate a lot of the CPU cache.

Creation and termination of a thread is also expensive.

A *process* can have one or more threads executing for it. The memory and the opened files are per process.

**Mutual exclusion problem**

**The problem**

*Two threads walk into a bar. The bartender says:  
Go I don't away! want a race to get condition last like I time had.*

Consider several threads, where each of them adds a value to a shared sum. For instance, each thread processes a sale at a supermarket, and each adds the sale value to the total amount of money the supermarket has.

Since the addition itself is done in some register of the CPU, it is possible to have the following timeline:  
![A diagram of a graph

Description automatically generated](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAVEAAADjAQMAAAAGzbXLAAAABlBMVEUAAAD///+l2Z/dAAAEJ0lEQVRoge3awWvbVhwH8IQcfMyOpZSaXdrLbh0lWzLrvj9hsJ22wWDQkh7Skc7PXaFmpx52Cl3IcYOxbrvYBXeWQw6mFBxoYOtQHNkEGrrGlhN3kRJJ7zc5sq0n6SfrJ8jWZPM7BOvpw4+v3nsW0nMmgNxyE6fBmjvCoSFJqs4BbK/r9rpgNcGaZTi23OtaVj37F5fmXnzdPzzk3c1Xz42l3wRrZW88vezaFufKx0r/hMVbyvwHdqHm2Tu2/ePja67d5Xb3wcvBmUxrozjPH20xr65t1uo/ufYpvNd9MLy+smPf5/Oi5Yu1+oprt1jZHFqzvK0Uz/NPt4S88GV7YNVs5twn+mDMss1n1ytw/SMhr3XrzSeqa3t/Xw7HjbsVhfHttd9lz2reGH/oZvFbVbBVddi9DUi7xzzrb2a4C8b2BK3RpFu9Tbd7tXBnlLUSWJ7EJsjLW3TbTDBmqBzb12Hv0G1ukWwrjJyhIZHzdtLkazOmgWqtFFCtNQVUy11KspNAtrnBh3hbYWTrzAHVNtJeX4ztCHSktd3pItmuO10kW5vy942wfDLQN8IaCWzo1H/aTmMywnZw3LPnWDBDJxVhj0w5aMHAcM9eCVswplBrfoPYwfffaXt5wW5gFqzBMtFKglVQO1x/27OiZagF7n6/DgVrzERYgGNsi3UBoixMsCrYJZqF3BdgF4kWctJanmob3tqItSsa3cLYju3/2XKSde6/tbR3ixtle/fftgY7JYq9IrNdDbRZgnXuv2y3PdWk2D83Hk47dWskq8jMydum5N1XGGur0C4SbGeGMWfMmpQx24NAOyF7mMD+U+ssSQYefAIYYaHD6BZuJ7CBFCMtdCS6hdUE1pcixvpSxFkxRawVUsRaIUW89VIQLE+h9gfMgiHR7SCF336H234Kv63itp+CZt0UAXtBgvw9aG4H7XEKv63ZKugM6mro/biXwm/b76iynga7Gn7vroTmYsmx65NmF3mfT3UD9o/NlKaBaSLWmPM/yzlJZTXCQmVWOOBpqMuyHGVBfFRvgjUnyXfToOcx21j0QjhlvYbul1SH6963iYXalQWsLG7LA+vfG0Pt3QWsLG7f7dtViLcl11oSxR5v08MaEGx+Gis7aj8qWHaEDZUdYUNlo224bLRFNsairMHoNh/ujrJY2SiLlY3Y072JlcXtIVoWtw20LG4nJLpF5dielDVmEtQthvsi7S8J7K0ENvv67RH+U8epneOxHdux/RftOoAO3Nadp7kL12Ks7FlFj7E/X868vXNp79XzS9lncbb0+da+UmjtK5/JmYU4+9bFg+VC/aD7fWblRox9tAxXe/bJfb4ea7+FQr3QOri/xLW4DL+WL15d+6pxsLqZeSPu2mThQPivFtSqwoHw+dSunTNmjxLYF2fMds+YPZE5/hulVMNP3/+OgwAAAABJRU5ErkJggg==)  
So, thread B computes the sum based on the original value of S, not the one computed by thread A, and overwrites the value computed by A. What we should have is to execute the addition either fully by A and then fully by B, or viceversa; but not overlapped.

**Atomic operations**

These are simple operations, on simple types (integers, booleans, pointers), that are guaranteed to execute atomically. They have hardware support in the CPU. They need to be coupled with *memory fences* — directives to the compiler and CPU to refrain from performing some re-orderings.

Operations:

* *increment / decrement*;
* *add / substract* a given value;
* *compare-and-exchange*: compare the atomic variable with a given value and, if equal, set it to another value; also, return the old value.

See:

* C++ 11: [atomic<T>](http://en.cppreference.com/w/cpp/atomic/atomic)
* C#: [Interlocked (static class)](https://docs.microsoft.com/en-us/dotnet/api/system.threading.interlocked?view=netframework-4.6)
* Java: [AtomicInteger](https://docs.oracle.com/javase/8/docs/api/java/util/concurrent/atomic/AtomicInteger.html)

Uses:

* Simple atomic add/substract values;
* Basic block to implement spinlocks;
* Compare and exchange: compute new value, then replace current value with new value if the current value is still the old one.

**Mutexes**

A mutex can be hold by a single thread at a time. If a second thread tries to get the mutex, it waits until the mutex is released by the first thread.

A mutex can be implemented as a *spin-lock* (via atomic operations), or by going through the operating system (which puts the thread to sleep until the mutex is freed).

Mutexes are used to prevent simultaneous access to the same data.

Each mutex should have an associate invariant that holds as long as nobody holds that mutex:

* some variables are guaranteed not to change;
* some consistency conditions are guaranteed to hold.

Mutexes in various languages:

* C++ 11: [mutex](http://en.cppreference.com/w/cpp/thread/mutex): lock(), unlock(), try\_lock; also [unique\_lock<mutex>](http://en.cppreference.com/w/cpp/thread/unique_lock)
* C#: [Monitor (static class)](https://msdn.microsoft.com/en-us/library/system.threading.monitor(v=vs.110).aspx) Enter(), Exit(), or lock(){}
* Java: [Semaphore](https://docs.oracle.com/javase/7/docs/api/java/util/concurrent/Semaphore.html) or synchronized(){}

**Invariants in single-threaded applications**

In a single threaded program, when a function begins execution, it assumes some *pre-conditions* are met. For instance:

// preconditions:

// - a, b and result are valid vectors

// - vectors a and b are sorted in increasing order

// - vector result is not an alias to either a or b

// post-conditions:

// - a, b and result are valid vectors

// - vector result contains all the elements in a and b, each having

// the multiplicity equal to the sum of its multiplicities in a and b

// - vector result is sorted

// - vectors a and b are not modified

// - no other program state is modified

void merge(vector const& a, vector const& b, vector&result);

If the pre-conditions are met, the function promises to deliver the specified *post-conditions*.

If the pre-conditions are not met, the behavior of the function is undefined (anything may happen, including crashing, corrupting other data, infinite loops, etc).

In conjunction with classes, we have the concept of a *class invariant*: a condition that is satisfied by the member data of the class, whenever no member function is in execution.

Any public member function assumes, among its pre-conditions, that the invariant of its class is satisfied. Also, any public member function promises, among its post-conditions, to satisfy the class invariant.

At a larger scale, there are various invariants satisfied by subsets of the application variables. Consider the case of a bank accounts application: an invariant would be that the account balances and history all reflect the same set of processed transactions (the balance of an account an is the sum of all transactions in the account history, and if a transaction appears on the debited account, it appears also on the credited account, and viceversa).

At the beginning of certain functions (for instance, those performing a money transfer, as above), we assume some invariant is satisfied; the same invariant shall be satisifed in the end. Then, sub-functions are invoked, concerned with sub-aspects of the computation to be done; the precise pre- and post-conditions for those functions should be part of their design; however, many bugs arise from a misunderstanding regarding those per- and post-conditions (in other words, the exact responsability of each function).

Note that sometimes the history is not kept as a physical variable in the system; nevertheless, we could think of it as if it were really there.

An implicit assumption in a single-threaded program is that nobody changes a variable unless explicit instructions for that exist in the currently executing function.

**Invariants in multi-threaded applications**

In multi-threaded applications, it is hard to know when it is safe to assume a certain invariant and when it is safe to assume that a certain variable is not modified.

This is the role of mutexes: a mutex protects certain invariants involving certain variables. When a function aquires a mutex, it can rely that:

* the invariants are satisfied at the point the mutex is aquired;
* no other thread will modify the variables before the mutex is released.

The function must re-establish the invariant before releasing the mutex.

The above also implies that, in order to modify a variable, a function must make sure it (or its callers) hold all mutexes that protect invariants concerning that variable.

**Read-write (shared) mutexes**

There are two use cases concerning the invariants:

1. a function changes some variables, it needs to ensure that the invariant holds when it begins, promises to re-establish the invariant, but it will violate the invariant during its execution. Therefore, during the execution, nobody else can be allowed to see the variables involved in the invariant.
2. a function needs to ensure that some invariant is satisfied during its execution, but it does not change any variable involving in that invariant.

A thread doing case 1 above is incompatible with any other thread accessing any of the variables involved in the invariant. A thread doing case 2 above, however, is compatible with any number of threads doing case 2 (but not with one doing 1).

For this reason, we have *read-write mutexes*, also called *shared mutexes*. Such a mutex can be locked in 2 modes:

1. *exclusive lock* or *write lock*, which is incompatible with any other thread locking the mutex;
2. *shared lock* or *read lock*, which is incompatible with any other thread locking in *exclusive* mode the same mutex, but is compatible with any number of threads holding the mutex in *shared* mode.

Caveat: the implementation of a shared mutex must deal with the following dilemma: Suppose several readers hold the mutex in shared mode, and a new (writer) thread attempts to lock it in exclusive mode. What to do if, before all the readers finish, a new reader comes in? If we allow the reader, we run the risk of starving the writer (if we have enough readers to keep at least one active one for a long time). If we deny the reader, we miss a parallelizing opportunity.

**On recursive mutexes**

A recursive mutex allows a lock operation to succeed if the mutex is already locked by the same thread. The mutex must be unlocked the same number of times it was locked.

The problem with recursive mutexes is that, if a function attempting to aquire a mutex cannot determine if the mutex is alreay locked or not, will not be able to determine if the invariant protected by the mutex holds or not immediately after the mutex is aquired. On the other hand, if the function can determine if the mutex is already locked, it has no need for a recursive mutex.