| OCR Text |
Show 28 8. GuardListi(Tr) lists the guards that are passed as parameters to the alter-native operation executed by Pj on transaction T,. We will take the liberty of giving GuardList a dual meaning - it either refers to a list of guards or a list of process that are designated in the I/O commands of these guards. The particular meaning that is intended will be clear from the context. 3.2 The Safety Property Lemmas 1 through 5 lead to theorem 1 which states that no race conditions arise that might cause a process to mistakenly rendezvous with a second process that does not wish to rendezvous with the first. Theorem 2 subsumes theorem 1 and ensures that the algorithm obeys the safety property. Lemma I P,(T,) signals P', iff P,(T,) commits to P. Proof: This follows immediately from examination of the algorithm. A process only sends a signal after it commits, and always sends a signal after it commits. I This lemma implies that Wake.pj must be set to 0 before a signal can be sent to P. In addition, at most one signal is sent to P each time WakeUpj is set to 0. Lemma 2 At the beginning and at the end of each transaction entered by Pj, tlj' following conditions must hold: (a) No signals sent to P, are pending. (b) WakeUp, is nonzero. Proof: Use induction on m, the number of transactions entered by P. Consider the first transaction (m = 1) executed by PF. Wake Up, is initialized to 1. Because W'akeUp. can only be set to 0 by P during a transaction. Wake Up, must remain nonzero up to at least the beginning |
