Producer–consumer problem
In computing, the producer–consumer problem is a classic example of a multi-process synchronization problem, proposed by Edsger W. Dijkstra. The problem describes two processes, the producer and the consumer, who share a common, fixed-size buffer used as a queue. The producer's job is to generate data, put it into the buffer, and start again. At the same time, the consumer is consuming the data, one piece at a time. The problem is to make sure that the producer won't try to add data into the buffer if it's full and that the consumer won't try to remove data from an empty buffer.
The solution for the producer is to either go to sleep or discard data if the buffer is full. The next time the consumer removes an item from the buffer, it notifies the producer, who starts to fill the buffer again. In the same way, the consumer can go to sleep if it finds the buffer empty. The next time the producer puts data into the buffer, it wakes up the sleeping consumer. The solution can be reached by means of inter-process communication, typically using semaphores. An inadequate solution could result in a deadlock where both processes are waiting to be awakened. The problem can also be generalized to have multiple producers and consumers.
Inadequate implementation
To solve the problem, some programmers might come up with a solution shown below. In the solution two library routines are used,sleep
and wakeup
. When sleep is called, the caller is blocked until another process wakes it up by using the wakeup routine. The global variable itemCount
holds the number of items in the buffer.int itemCount = 0;
procedure producer
procedure consumer
The problem with this solution is that it contains a race condition that can lead to a deadlock. Consider the following scenario:
- The
consumer
has just read the variableitemCount
, noticed it's zero and is just about to move inside theif
block. - Just before calling sleep, the consumer is interrupted and the producer is resumed.
- The producer creates an item, puts it into the buffer, and increases
itemCount
. - Because the buffer was empty prior to the last addition, the producer tries to wake up the consumer.
- Unfortunately, the consumer wasn't yet sleeping, and the wakeup call is lost. When the consumer resumes, it goes to sleep and will never be awakened again. This is because the consumer is only awakened by the producer when
itemCount
is equal to 1. - The producer will loop until the buffer is full, after which it will also go to sleep.
An alternative analysis is that if the programming language does not define the semantics of concurrent accesses to shared variables with use of synchronization, then the solution is unsatisfactory for that reason, without needing to explicitly demonstrate a race condition.
Using semaphores
solve the problem of lost wakeup calls. In the solution below we use two semaphores,fillCount
and emptyCount
, to solve the problem. fillCount
is the number of items already in the buffer and available to be read, while emptyCount
is the number of available spaces in the buffer where items could be written. fillCount
is incremented and emptyCount
decremented when a new item is put into the buffer. If the producer tries to decrement emptyCount
when its value is zero, the producer is put to sleep. The next time an item is consumed, emptyCount
is incremented and the producer wakes up. The consumer works analogously.semaphore fillCount = 0; // items produced
semaphore emptyCount = BUFFER_SIZE; // remaining space
procedure producer
procedure consumer
The solution above works fine when there is only one producer and consumer. With multiple producers sharing the same memory space for the item buffer, or multiple consumers sharing the same memory space, this solution contains a serious race condition that could result in two or more processes reading or writing into the same slot at the same time. To understand how this is possible, imagine how the procedure
putItemIntoBuffer
can be implemented. It could contain two actions, one determining the next available slot and the other writing into it. If the procedure can be executed concurrently by multiple producers, then the following scenario is possible:- Two producers decrement
emptyCount
- One of the producers determines the next empty slot in the buffer
- Second producer determines the next empty slot and gets the same result as the first producer
- Both producers write into the same slot
putItemIntoBuffer
at a time. In other words, we need a way to execute a critical section with mutual exclusion. The solution for multiple producers and consumers is shown below.mutex buffer_mutex; // similar to "semaphore buffer_mutex = 1", but different
semaphore fillCount = 0;
semaphore emptyCount = BUFFER_SIZE;
procedure producer
procedure consumer
Notice that the order in which different semaphores are incremented or decremented is essential: changing the order might result in a deadlock.
It is important to note here that though mutex seems to work as a semaphore with value of 1, but there is difference in the fact that mutex has ownership concept. Ownership means that mutex can only be "incremented" back by the same process that "decremented" it, and all other tasks wait until mutex is available for decrement, which ensures mutual exclusivity and avoids deadlock. Thus using mutexes improperly can stall many processes when exclusive access is not required, but mutex is used instead of semaphore.
Using monitors
The following pseudo code shows a solution to the producer–consumer problem using monitors. Since mutual exclusion is implicit with monitors, no extra effort is necessary to protect the critical section. In other words, the solution shown below works with any number of producers and consumers without any modifications. It is also noteworthy that it is less likely for a programmer to write code that suffers from race conditions when using monitors than when using semaphores.monitor ProducerConsumer
procedure producer
procedure consumer
Without semaphores or monitors
The producer–consumer problem, particularly in the case of a single producer and single consumer, strongly relates to implementing a FIFO or a channel. The producer–consumer pattern can provide highly efficient data communication without relying on semaphores, mutexes, or monitors for data transfer. The use of those primitives can be expansive in terms of performance, in comparison to basic read/write atomic operation. Channels and FIFOs are popular just because they avoid the need for end-to-end atomic synchronization. A basic example coded in C is shown below. Note that:- Atomic read-modify-write access to shared variables is avoided, as each of the two
Count
variables is updated only by a single thread. Also, these variables support an unbounded number of increment operations; the relation remains correct when their values wrap around on an integer overflow. - This example does not put threads to sleep, which may be acceptable depending on the system context. The
schedulerYield
is inserted as an attempt to improve performance, and may be omitted. Thread libraries typically require semaphores or condition variables to control the sleep/wakeup of threads. In a multi-processor environment, thread sleep/wakeup would occur much less frequently than passing of data tokens, so avoiding atomic operations on data passing is beneficial. - This example does not work for multiple producers and/or consumers because there is a race condition when checking the state. For example, if only one token is in the storage buffer and two consumers find the buffer non-empty, then both will consume the same token, and possibly increase the counter for the consumed tokens above the counter for the produced tokens.
- This example, as written, requires that
UINT_MAX + 1
is evenly divisible byBUFFER_SIZE
; if it is not evenly divisible,produces the wrong buffer index after
Count
wraps pastUINT_MAX
back to zero. An alternative solution that avoids this limitation employs two additionalIdx
variables to track the current buffer index for the head and tail. TheseIdx
variables would be used in place of, and each of them would have to be incremented at the same time as the respective
Count
variable is incremented, as follows:Idx = % BUFFER_SIZE
. - The two
Count
variables need to be sufficiently small to support atomic read and write actions. Otherwise, there is a race condition where the other thread reads a partially-updated and thus a wrong value.
volatile unsigned int produceCount = 0, consumeCount = 0;
TokenType sharedBuffer;
void producer
void consumer
The above solution employs counters that, when used frequently, may become overloaded and reach their maximal value
UINT_MAX
. The idea outlined on the fourth bullet, originally suggested by Leslie Lamport, explains how the counters can be replaced with finite-range counters. Specifically, they can be replaced with finite-range counters with maximal value N, the buffer's capacity.Four decades after the presentation of the producer-consumer problem, Aguilera, Gafni and Lamport showed that the problem can be solved so that the processes access only fixed-range counters while determining if the buffer is empty or full. The motivation for this efficiency measure is to accelerate interactions between a processor and devices that interact through FIFO channels. They proposed a solution in which counters of maximal value are read to determine whether it is safe to access the buffer. However, their solution still employs unbounded counters that infinitely grow, only that those counters are not accessed during the described check-phase.
Later, Abraham and Amram proposed a simpler solution, presented below in pseudo-code, that possesses the discussed fixed-range property. The solution employs counters of maximal value N. However, to determine whether the buffer is empty or full, the processes access only finite-range single writer registers. Each of the processes owns a 12-valued single-writer. The producer process writes to
Flag_p
, and the consumer process writes to Flap_c
, both are 3-field arrays. Flag_p
and Flag_c
may store `full’, `empty’, or `safe’, which correspondingly indicate if the buffer is full, empty, or neither full nor empty. The idea behind the algorithm is as follows. The processes count the number of items delivered and removed modulo N+1 through registers
CountDelivered
and CountRemoved
. When a process delivers or removes an item it compares those counters and thus successfully determines the buffer’s status, and stores this data into Flag_p
, or Flag_c
. In a check phase, the executing process reads Flag_p
and Flag_c
, and tries to estimate which value among Flag_p
and Flag_c
reflects the current status of the buffer. Two synchronization techniques assist to achieve this goal.- After delivering an item, the producer writes to
Flag_p
the value it read fromFlag_c
, and after removing an item, the consumer writes toFlag_c
the value:1-Flag_p
. Hence, conditionFlag_p Flag_c
suggests that the producer recently checked the buffer’s status, whileFlag_p != Flag_c
suggests the opposite. - A delivery operation ends by writing to
Flag_p
the value stored inFlag_p
. Hence, conditionFlag_p Flag_p
suggests that the producer finished its last deliver operation. Likewise, ConditionFlag_c = Flag_c
suggests that the consumer’s last removal was already terminated.
Flag_c != Flag_p & Flag_c Flag_c
, it acts according to the value of Flag_c
, and otherwise according to the value stored in Flag_p
. Analogously, if the consumer finds that Flag_p Flag_c & Flag_p Flag_p
, it acts according to the value of Flag_p
, and otherwise according to the value stored in Flag_c
.At the code below, capitalized variables indicate shared registers, written by one of the processes and read by both processes. Non-capitalized variables are local variables into which the processes copy the values read from the shared registers.
countDelivered = 0; countRemoved=0;
Flag_p = 0; Flag_p = 0; Flag_p = `empty’;
Flag_c = 0; Flag_c = 0; Flag_c = `empty’;
procedure producer
procedure consumer
The correctness of the code relies on the assumption that the processes can read an entire array, or write to several fields of an array, in a single atomic action. Since this assumption is not realistic, in practice, one should replace
Flag_p
and Flag_c
with integers that encode the values of those arrays. Flag_p
and Flag_c
are presented here as arrays only for the readability of the code.