Producer–consumer problem


In computing, the producer–consumer problem is a classic example of a multi-process synchronization problem, proposed by Edsger W. Dijkstra. The problem describes two processes, the producer and the consumer, who share a common, fixed-size buffer used as a queue. The producer's job is to generate data, put it into the buffer, and start again. At the same time, the consumer is consuming the data, one piece at a time. The problem is to make sure that the producer won't try to add data into the buffer if it's full and that the consumer won't try to remove data from an empty buffer.
The solution for the producer is to either go to sleep or discard data if the buffer is full. The next time the consumer removes an item from the buffer, it notifies the producer, who starts to fill the buffer again. In the same way, the consumer can go to sleep if it finds the buffer empty. The next time the producer puts data into the buffer, it wakes up the sleeping consumer. The solution can be reached by means of inter-process communication, typically using semaphores. An inadequate solution could result in a deadlock where both processes are waiting to be awakened. The problem can also be generalized to have multiple producers and consumers.

Inadequate implementation

To solve the problem, some programmers might come up with a solution shown below. In the solution two library routines are used, sleep and wakeup. When sleep is called, the caller is blocked until another process wakes it up by using the wakeup routine. The global variable itemCount holds the number of items in the buffer.

int itemCount = 0;
procedure producer
procedure consumer

The problem with this solution is that it contains a race condition that can lead to a deadlock. Consider the following scenario:
  1. The consumer has just read the variable itemCount, noticed it's zero and is just about to move inside the if block.
  2. Just before calling sleep, the consumer is interrupted and the producer is resumed.
  3. The producer creates an item, puts it into the buffer, and increases itemCount.
  4. Because the buffer was empty prior to the last addition, the producer tries to wake up the consumer.
  5. Unfortunately, the consumer wasn't yet sleeping, and the wakeup call is lost. When the consumer resumes, it goes to sleep and will never be awakened again. This is because the consumer is only awakened by the producer when itemCount is equal to 1.
  6. The producer will loop until the buffer is full, after which it will also go to sleep.
Since both processes will sleep forever, we have run into a deadlock. This solution therefore is unsatisfactory.
An alternative analysis is that if the programming language does not define the semantics of concurrent accesses to shared variables with use of synchronization, then the solution is unsatisfactory for that reason, without needing to explicitly demonstrate a race condition.

Using semaphores

solve the problem of lost wakeup calls. In the solution below we use two semaphores, fillCount and emptyCount, to solve the problem. fillCount is the number of items already in the buffer and available to be read, while emptyCount is the number of available spaces in the buffer where items could be written. fillCount is incremented and emptyCount decremented when a new item is put into the buffer. If the producer tries to decrement emptyCount when its value is zero, the producer is put to sleep. The next time an item is consumed, emptyCount is incremented and the producer wakes up. The consumer works analogously.

semaphore fillCount = 0; // items produced
semaphore emptyCount = BUFFER_SIZE; // remaining space
procedure producer
procedure consumer

The solution above works fine when there is only one producer and consumer. With multiple producers sharing the same memory space for the item buffer, or multiple consumers sharing the same memory space, this solution contains a serious race condition that could result in two or more processes reading or writing into the same slot at the same time. To understand how this is possible, imagine how the procedure putItemIntoBuffer can be implemented. It could contain two actions, one determining the next available slot and the other writing into it. If the procedure can be executed concurrently by multiple producers, then the following scenario is possible:
  1. Two producers decrement emptyCount
  2. One of the producers determines the next empty slot in the buffer
  3. Second producer determines the next empty slot and gets the same result as the first producer
  4. Both producers write into the same slot
To overcome this problem, we need a way to make sure that only one producer is executing putItemIntoBuffer at a time. In other words, we need a way to execute a critical section with mutual exclusion. The solution for multiple producers and consumers is shown below.

mutex buffer_mutex; // similar to "semaphore buffer_mutex = 1", but different
semaphore fillCount = 0;
semaphore emptyCount = BUFFER_SIZE;
procedure producer
procedure consumer

Notice that the order in which different semaphores are incremented or decremented is essential: changing the order might result in a deadlock.
It is important to note here that though mutex seems to work as a semaphore with value of 1, but there is difference in the fact that mutex has ownership concept. Ownership means that mutex can only be "incremented" back by the same process that "decremented" it, and all other tasks wait until mutex is available for decrement, which ensures mutual exclusivity and avoids deadlock. Thus using mutexes improperly can stall many processes when exclusive access is not required, but mutex is used instead of semaphore.

Using monitors

The following pseudo code shows a solution to the producer–consumer problem using monitors. Since mutual exclusion is implicit with monitors, no extra effort is necessary to protect the critical section. In other words, the solution shown below works with any number of producers and consumers without any modifications. It is also noteworthy that it is less likely for a programmer to write code that suffers from race conditions when using monitors than when using semaphores.

monitor ProducerConsumer
procedure producer
procedure consumer

Without semaphores or monitors

The producer–consumer problem, particularly in the case of a single producer and single consumer, strongly relates to implementing a FIFO or a channel. The producer–consumer pattern can provide highly efficient data communication without relying on semaphores, mutexes, or monitors for data transfer. The use of those primitives can be expansive in terms of performance, in comparison to basic read/write atomic operation. Channels and FIFOs are popular just because they avoid the need for end-to-end atomic synchronization. A basic example coded in C is shown below. Note that:

volatile unsigned int produceCount = 0, consumeCount = 0;
TokenType sharedBuffer;
void producer
void consumer

The above solution employs counters that, when used frequently, may become overloaded and reach their maximal value UINT_MAX. The idea outlined on the fourth bullet, originally suggested by Leslie Lamport, explains how the counters can be replaced with finite-range counters. Specifically, they can be replaced with finite-range counters with maximal value N, the buffer's capacity.
Four decades after the presentation of the producer-consumer problem, Aguilera, Gafni and Lamport showed that the problem can be solved so that the processes access only fixed-range counters while determining if the buffer is empty or full. The motivation for this efficiency measure is to accelerate interactions between a processor and devices that interact through FIFO channels. They proposed a solution in which counters of maximal value are read to determine whether it is safe to access the buffer. However, their solution still employs unbounded counters that infinitely grow, only that those counters are not accessed during the described check-phase.
Later, Abraham and Amram proposed a simpler solution, presented below in pseudo-code, that possesses the discussed fixed-range property. The solution employs counters of maximal value N. However, to determine whether the buffer is empty or full, the processes access only finite-range single writer registers. Each of the processes owns a 12-valued single-writer. The producer process writes to Flag_p, and the consumer process writes to Flap_c, both are 3-field arrays. Flag_p and Flag_c may store `full’, `empty’, or `safe’, which correspondingly indicate if the buffer is full, empty, or neither full nor empty.
The idea behind the algorithm is as follows. The processes count the number of items delivered and removed modulo N+1 through registers CountDelivered and CountRemoved. When a process delivers or removes an item it compares those counters and thus successfully determines the buffer’s status, and stores this data into Flag_p, or Flag_c. In a check phase, the executing process reads Flag_p and Flag_c, and tries to estimate which value among Flag_p and Flag_c reflects the current status of the buffer. Two synchronization techniques assist to achieve this goal.
  1. After delivering an item, the producer writes to Flag_p the value it read from Flag_c, and after removing an item, the consumer writes to Flag_c the value: 1-Flag_p. Hence, condition Flag_p Flag_c suggests that the producer recently checked the buffer’s status, while Flag_p != Flag_c suggests the opposite.
  2. A delivery operation ends by writing to Flag_p the value stored in Flag_p. Hence, condition Flag_p Flag_p suggests that the producer finished its last deliver operation. Likewise, Condition Flag_c = Flag_c suggests that the consumer’s last removal was already terminated.
Therefore, at the check phase, if the producer finds that Flag_c != Flag_p & Flag_c Flag_c, it acts according to the value of Flag_c, and otherwise according to the value stored in Flag_p. Analogously, if the consumer finds that Flag_p Flag_c & Flag_p Flag_p, it acts according to the value of Flag_p, and otherwise according to the value stored in Flag_c.
At the code below, capitalized variables indicate shared registers, written by one of the processes and read by both processes. Non-capitalized variables are local variables into which the processes copy the values read from the shared registers.

countDelivered = 0; countRemoved=0;
Flag_p = 0; Flag_p = 0; Flag_p = `empty’;
Flag_c = 0; Flag_c = 0; Flag_c = `empty’;
procedure producer
procedure consumer

The correctness of the code relies on the assumption that the processes can read an entire array, or write to several fields of an array, in a single atomic action. Since this assumption is not realistic, in practice, one should replace Flag_p and Flag_c with integers that encode the values of those arrays. Flag_p and Flag_c are presented here as arrays only for the readability of the code.