Dipartimento di Informatica Università di Pisa Nested Commits for Mobile Calculi: Extending Join Roberto Bruni, Hernán Melgratti and Ugo Montanari

Dipartimento di InformaticaUniversità di Pisa

Nested Commits for Mobile Calculi: Extending Join

Roberto Bruni, Hernán Melgratti and Ugo Montanari

Hernán MelgrattiUniversità di Pisa IFIP-TCS 2004, Toulouse, August 21-27 2004

MotivationTo develop a process description language

with primitives for agreements or negotiationsMultiway (several parties can start separately but

commit on reached agreement)

Non-perfect compensations (certain actions cannot be undone)

Programmable abort / compensation

Different levels of abstraction


Committed Join (cJoin)Join + primitives for negotiationsSyntax:

P,Q ::= 0 | xŷ | def D in P | P|Q

D,E ::= JP | DE

J,K ::= xŷ | J|K

Processes

Definitions

Patterns



M,N ::= 0 | xŷ | M|N

P,Q ::= 0 | xŷ | def D in P | P|Q

D,E ::= JP | DE

J,K ::= xŷ | J|K

Processes

Definitions

Patterns

Messages



M,N ::= 0 | xŷ | M|N

P,Q ::= M | def D in P | P|Q

D,E ::= JP | DE

J,K ::= xŷ | J|K

Processes

Definitions

Patterns

Messages



M,N ::= 0 | xŷ | M|N

P,Q ::= M | def D in P | P|Q | abort | [P:Q]

D,E ::= JP | DE | JP

J,K ::= xŷ | J|K

Processes

Definitions

Patterns

Programmable abort

Negotiation

CompensationMerge

definition

Messages


Committed Join (cJoin)Operational Semantics (CHAM Style):

0

P|Q P,Q

DE D,E

def D in P Ddn(D) , Pdn(D) range() fresh

J P, J J P, P

heating and cooling

reaction



0

P|Q P,Q

DE D,E


J P, J J P, P[P:Q] {[ P , Q ]}

Contract P evolves in isolation

Compensation Q is kept

frozen



0

P|Q P,Q

DE D,E


J P, J J P, P[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

Global Resources

Commit



0

P|Q P,Q

DE D,E


J P, J J P, P[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

{[ abort |P , Q ]} Q

Compensation on Abort



0

P|Q P,Q

DE D,E


J P, J J P, P[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

{[ abort |P , Q ]} Q

J1|…|JnP, i{[ Ji, Si, Qi ]} J1|…|Jn

P, {[iSi, P, iQi ]}

Merge n ongoing

contracts


{[ M | def D in 0 , Q ]} M

Committed Join FeaturesCommit means termination


Committed Join FeaturesCommit means terminationGlobal resources produced inside a

negotiation are available at commit



negotiation are available at commit Explicit abort and compensation

{[ abort | P , Q ]} Q



negotiation are available at commit Explicit abort and compensationCooperation between contracts are given by

merging definitions (multiway contracts)

…,J1|J2 P, [J1| P1:Q1], [J2| P2: Q2]

…,J1|J2 P, [P| P1| P2: Q1 | Q2]




merging definitions (multiway contracts)Multi-level nesting

[ [P1 :Q1] | [P2:Q2] : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ M1 | [P2:Q2] : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ M1 | [P2:Q2] : Q] * [ M1 | M2 : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ M1 | [P2:Q2] : Q] * [ M1 | M2 : Q] M1 | M2





[ [P1 :Q1] | [P2:Q2] : Q] * [ [abort | P1’ :Q1] | [P2:Q2] : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ [abort | P1’ :Q1] | [P2:Q2] : Q] [ Q1 | [P2:Q2] : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ [abort | P1’ :Q1] | [P2:Q2] : Q] [ Q1 | [P2:Q2] : Q] * [ abort | Q1’ | [P2:Q2] : Q]





[ [P1 :Q1] | [P2:Q2] : Q] * [ [abort | P1’ :Q1] | [P2:Q2] : Q] [ Q1 | [P2:Q2] : Q] * [ abort | Q1’ | [P2:Q2] : Q] Q


Example I: Hotel Booking

H def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedRoomv price$ abort in offeringRoom request,confirm : Q ]

BookedRoomv … in WaitBooking | …





C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound

offer$ abort in roffer in searchRoom hotelMsg : Q’ ]

in BookingHotel | …





C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound

offer$ abort in roffer in searchRoom hotelMsg : Q’ ]

in BookingHotel | …

HB def searchRoomhm | offeringRoom r,c hmr,c in H | C



…, WaitBooking , BookingHotel

…, […, offeringRoomrequest,confirm : Q ] , […, searchRoomhotelMsg : Q’]

…, […, hotelMsgrequest,confirm : Q | Q’]

…, […, requestoffer : Q | Q’]

…, […, offer$, price$ : Q | Q’]

…, […, confirmvisa, HotelFound , price$ : Q | Q’]

…, […, BookedRoomvisa, HotelFound : Q | Q’]

…, BookedRoomvisa, HotelFound


Example I: Trip Booking I

H as before

F def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedFlightv price$ abort in offeringFlight request,confirm : Q ]

BookedFlightv … in WaitBooking | …

local name, different from homonym name

in H


Example I: Trip Booking II

C def hotelOKfc | flightOKhc fc | hc BookingHotel [def hotelMsgr,c def offer$ cvisa | hotelOKflightConf

offer$ abort flightConf HotelFound in rofferin searchRoom hotelMsg : Q’ ]

BookingFlight [def flightlMsgr,c def offer$ cvisa | flightOKhotelConf

offer$ abort hotelConf FlightFound in rofferin searchFlight flightMsg : Q’’ ]

in BookingHotel | BookingFlight | …

both needed to commit


Example I: Trip Booking II

C def hotelOKfc | flightOKhc fc | hc BookingHotel [def hotelMsgr,c def offer$ cvisa | hotelOKflightConf

offer$ abort flightConf HotelFound in rofferin searchRoom hotelMsg : Q’ ]

BookingFlight [def flightlMsgr,c def offer$ cvisa | flightOKhotelConf

offer$ abort hotelConf FlightFound in rofferin searchFlight flightMsg : Q’’ ]

in BookingHotel | BookingFlight | …

TB def searchRoomhm | offeringRoom r,c hmr,c searchFlightfm | offeringFlight r,c fmr,c in H | F | C

both needed to commit


Zero-safe netsSynchronization mechanism for transitionsPlaces are divided in Stable: Ordinary places Zero-safe: Idealized resources, invisible to external observers


Zero-safe netsSynchronization mechanism for transitionsPlaces are divided in Stable: Ordinary places Zero-safe: Idealized resources, invisible to external observers

S+Z [ S’+Z’ T

(S+S’’,Z+Z’’) T (S’+S’’,Z’+Z’’)

(Firing)

(S1,Z1) T (S1’,Z1’) (S2,Z2) T (S2’,Z2’)

(S1+S2,Z1+Z2) T (S1’+S2’,Z1’ + Z2’)

(Step)

(S1,Z) T (S1’,Z’’) (S2,Z’’) T (S2’,Z’)

(S1+S2,Z) T (S1’+S2’,Z’)

(Concatenation)

(S,) T (S’,)

(S,) T (S’,)

(Close)


Zero-safe nets

send receive

Synchronization mechanism for transitionsPlaces are divided in Stable: Ordinary places Zero-safe: Idealized resources, invisible to external observers

S+Z [ S’+Z’ T

(S+S’’,Z+Z’’) T (S’+S’’,Z’+Z’’)

(Firing)

(S1,Z1) T (S1’,Z1’) (S2,Z2) T (S2’,Z2’)

(S1+S2,Z1+Z2) T (S1’+S2’,Z1’ + Z2’)

(Step)

(S1,Z) T (S1’,Z’’) (S2,Z’’) T (S2’,Z’)

(S1+S2,Z) T (S1’+S2’,Z’)

(Concatenation)

(S,) T (S’,)

(S,) T (S’,)

(Close)


Zero-safe nets

send receive


S+Z [ S’+Z’ T

(S+S’’,Z+Z’’) T (S’+S’’,Z’+Z’’)

(Firing)

(S1,Z1) T (S1’,Z1’) (S2,Z2) T (S2’,Z2’)

(S1+S2,Z1+Z2) T (S1’+S2’,Z1’ + Z2’)

(Step)

(S1,Z) T (S1’,Z’’) (S2,Z’’) T (S2’,Z’)

(S1+S2,Z) T (S1’+S2’,Z’)

(Concatenation)

(S,) T (S’,)

(S,) T (S’,)

(Close)


Zero-safe nets

send receive


S+Z [ S’+Z’ T

(S+S’’,Z+Z’’) T (S’+S’’,Z’+Z’’)

(Firing)

(S1,Z1) T (S1’,Z1’) (S2,Z2) T (S2’,Z2’)

(S1+S2,Z1+Z2) T (S1’+S2’,Z1’ + Z2’)

(Step)

(S1,Z) T (S1’,Z’’) (S2,Z’’) T (S2’,Z’)

(S1+S2,Z) T (S1’+S2’,Z’)

(Concatenation)

(S,) T (S’,)

(S,) T (S’,)

(Close)


Zero-safe nets

send receive


S+Z [ S’+Z’ T

(S+S’’,Z+Z’’) T (S’+S’’,Z’+Z’’)

(Firing)

(S1,Z1) T (S1’,Z1’) (S2,Z2) T (S2’,Z2’)

(S1+S2,Z1+Z2) T (S1’+S2’,Z1’ + Z2’)

(Step)

(S1,Z) T (S1’,Z’’) (S2,Z’’) T (S2’,Z’)

(S1+S2,Z) T (S1’+S2’,Z’)

(Concatenation)

(S,) T (S’,)

(S,) T (S’,)

(Close)


Zero-safe nets: Encoding

Given a ZS net N=(T,S):Places portsTransitions firing rulesTokens messages

Encoding of a marking S:[[E]] ::= E [[S1+S2]] ::= [[S1]] | [[S2]]


Zero-safe nets: EncodingEncoding of (basic) transitions

open

E

e

calc

e1

e2

fork

e

e1 e2

close

e

E

drop

e

fork

e1 e2

e



open

E

e

calc

e1

e2

fork

e

e1 e2

close

e

E

drop

e

fork

e1 e2

e

E [ def z 0 in ez : E ] e1z e2z ez e1z | e2z

e1z1 | e2z2 ez1 ez E ez 0

Encoding of (basic) transitions



cJoin process for a ZS netLet N=(T,S) be a ZS net,

PN = def [[ T ]] in [[ S ]]

TheoremLet N=(T,S) be a ZS net. (S,) * (S’,)

iff def [[ T ]] in [[ S ]] * def [[ T ]] in [[ S’ ]]


SerializabilityA serializable transaction admits an abstract

representation as a single transitioncJoin negotiations may interact with other

negotiations (not serializable in the previous sense)

But all cooperating negotiations can be viewed as a single transition

Moreover, we would like this property to hold at every level of nesting


Serializability: Shallowness Shallow processes: any computation

increases the height of nesting structure in at most 1

P is shallow if every definition D in P satisfies

nest( 0 ) = nest( abort ) = nest( xŷ ) = 0nest( def D in P ) = nest(P ) nest( [ P : Q ]) = nest(P ) + 1

nest( P | Q ) = max{nest( P ), nest( Q )}

D = J P, where nest(P ) = 0, or P = [ R : Q ] and nest( R | Q ) = 0

D = J P, and nest(P ) = 0


SerializabilitySerializability as big step reduction

relation () between shallow processes

Theorem: S *cJ S’ iff S S’

D ├ P D ├ P’ D ├ Q D ├ Q’

D ├ P | Q D ├ P’ | Q’

(Par)

D ├ P D ├ P’’ D ├ P’’ D ├ P’

D ├ P D ├ P’

(Seq)

D J P ├ J D J P ├ P

(Global Firing)

|B| ├ S |B| ├ S’

D B ├ [S : Q] D B ├ [S’ : Q]

(Local Firing)

D iJi S ├ I [ Di ├ Ji | Si : Qi] D I Ji S ├ [iDi ├ I Si | S: I Qi]

(Merge)

D ├ [M | D’ ├ 0 : S] D ├ M

(Local Commit)

D ├ [abort | P : S] D ├ S

(Abort)

D ├ P D ├ P

(Idle)


Final RemarkscJoin models multi-way transactions by

describing interacting agents but not their global structure

Compensations do not undo precommitted activities.Can such compensations be encoded in cJoin?

Are cJoin primitives implementable?We plan to use the D2PC protocolThe subcalculus of flat processes can be implemented

Documents

Dipartimento di Informatica Università di Pisa Nested Commits for Mobile Calculi: Extending Join Roberto Bruni, Hernán Melgratti and Ugo Montanari