1
Formal Models forDistributed NegotiationsCommitted Join Calculus
Roberto BruniDipartimento di Informatica Università di Pisa
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003
Formal Models for Distributed
Negotiations 2
Our Focus In commercial applications, separately designed
and implemented components must interact commit (intermediate) results of long-running
activities upon (partial) agreements e.g. e-commerce, on-line auction systems
Formal models should avoid ad-hoc proprietary solutions offer alternatives to centralized transaction managers hide the coordination layer (separation of concerns)
Formal Models for Distributed
Negotiations 3
Distributed Agreements Negotiations / Contracts
commit, abort, compensation hierarchical decisions dynamic membership fully distributed control
Process cooperation coordination / orchestration / choreography different platforms and policies
Data integration unstructured documents in different formats
Formal Models for Distributed
Negotiations 4
Prerequisites forModeling Contracts
Local and global resources Local sub-contracts and decisions Global results posted upon commit Abort of ongoing contracts
All participants must be informed Compensations can be activated
Either abort or commit (no divergence) Dynamic joining of participants
Contracts can be merged Nested structure of contracts
Formal Models for Distributed
Negotiations 5
Commitment We have seen different concepts in
different areas DataBase transactions Transactional Workflows Transition synchronization PDLs with commit primitives Committed choice languages
Formal Models for Distributed
Negotiations 6
PDLs with commit Transactions in JavaSpaces and Linda
create(x) and commit(x) prefixes event notification TraLinda
typed messages (L / H) and atomic prefixing Long running transactions
MINI-XLANG asynchronous -calculus with transactional
context context(P,Pf,Pc)
Formal Models for Distributed
Negotiations 7
Committed Choice Languages
Logic programming Non determinism means exhaustive
search of successful computations don’t know non-determinism results are produced at the end
Concurrent logic / constraint languages limit backtracking to improve efficiency
don’t care non-determinism (indeterminism) partial outputs during computation
Formal Models for Distributed
Negotiations 8
Guarded Horn Clauses Head Guard | Body
Reduce Head to Body if Guard succeeds don’t know when evaluating guards don’t care when selecting clauses whose
guards are true Flat guards
conjunction of primitive predicates Deep guards (e.g. AKL)
both primitive and programmed predicates
Formal Models for Distributed
Negotiations 9
Our Proposal committed JOIN
PDL presentation Non ACID Multiway Open Nesting Flexible Split / Join Programmable commit / abort / compensation Concurrency and distribution Distributed 2PC Different levels of abstraction
Formal Models for Distributed
Negotiations 10
Why an extension of JOIN Well-known asynchronous calculus Distributed implementations
Jocaml Polyphonic C#
Analogous to dynamic coloured Petri nets Running D2PC implementation CHAM semantics
molecules form solutions enclosed in membranes nesting is free (via membranes)
Typed serializabilityOngoing
Work!
Formal Models for Distributed
Negotiations 11
Committed JOIN Syntax
M,N::= 0 | xŷ | M|NP,Q ::= M | def D in P | P|Q | abort |
[P:Q]D,E ::= JP | DE | JP J,K ::= xŷ | J|K
messages
programmable abort
compensation
contract
boundaries
merge definitions (boards):
defined boards must be disjoint from ordinary
defined names
Formal Models for Distributed
Negotiations 12
Committed JOIN Semantics0
P|Q P,Q
DE D,E
def D in P Ddn(D) , Pdn(D) range() fresh
J P, J J P, P
Formal Models for Distributed
Negotiations 13
Committed JOIN Semantics0
P|Q P,Q
DE D,E
def D in P Ddn(D) , Pdn(D) range() fresh
J P, J J P, P
[P:Q] {[ P , Q ]}
compensation is kept frozen
contract P can evolve in isolation
Formal Models for Distributed
Negotiations 14
Committed JOIN Semantics0
P|Q P,Q
DE D,E
def D in P Ddn(D) , Pdn(D) range() fresh
J P, J J P, P
[P:Q] {[ P , Q ]}
{[ M|def D in 0 , Q ]} M
commitglobal resources
Formal Models for Distributed
Negotiations 15
Committed JOIN Semantics0
P|Q P,Q
DE D,E
def D in P Ddn(D) , Pdn(D) range() fresh
J P, J J P, P
[P:Q] {[ P , Q ]}
{[ M|def D in 0 , Q ]} M
{[ abort |P , Q ]} Qcompensation on abort
Formal Models for Distributed
Negotiations 16
Committed JOIN Semantics0
P|Q P,Q
DE D,E
def D in P Ddn(D) , Pdn(D) range() fresh
J P, J J P, P
[P:Q] {[ P , Q ]}
{[ M|def D in 0 , Q ]} M
{[ abort |P , Q ]} Q
J1|…|JnP, i{[ Ji, Si, Qi ]} J1|…|JnP, {[iSi, P, |iQi ]}
merge n ongoing contracts
Formal Models for Distributed
Negotiations 17
JOIN vs cJOIN
PROPOSITIONcJOIN is a conservative extension of
JOIN:P J Q iff P
cJ Q (for P and Q JOIN
processes)
Formal Models for Distributed
Negotiations 18
A Multi-Way Contract…,J[P:Q],J …,J[P:Q],[P:Q]
…,J’[P’:Q’],J’ …,J’[P’:Q’],[P’:Q’]
…
…,J1|J2M, [J1:Q],[J2:Q’] …,J1|J2M,[M:Q|Q’]
…,[M:Q|Q’] …,M
Formal Models for Distributed
Negotiations 19
Multi-Level Nesting
…,J[[P1:Q1]|[P2:Q2]:Q],J
…,J[[P1:Q1]|[P2:Q2]:Q],
[ [P1 :Q1] |
[P2 :Q2] : Q]
…
…,[[M1 :Q1]|[P2 :Q2]:Q]
…,[ M1 | [P2 :Q2] : Q]
…
…,[ M1 | [M2 :Q2] : Q] …,[ M1 | M2 : Q]
…,[M1 | M2 : Q] …,M1,M2
Formal Models for Distributed
Negotiations 20
Nested Abort
…,J[[P1:Q1]|[P2:Q2]:Q],J
…,J[[P1:Q1]|[P2:Q2]:Q],
[ [P1 :Q1] |
[P2 :Q2] : Q]
…
…,[ [abort :Q1] |
[P2 :Q2] : Q] …,[ Q1 | [P2 :Q2] : Q]
…
…,[ M1 | [M2 :Q2] : Q] …,[ M1 | M2 : Q]
…,[M1 | M2 : Q] …,M1,M2
Formal Models for Distributed
Negotiations 21
Nested Abort II
…,J[[P1:Q1]|P2:Q],J …,J[[P1:Q1]|P2:Q],
[ [P1 :Q1] | P2 : Q]
…
…,[[P1 :Q1]|abort :Q] Q
Formal Models for Distributed
Negotiations 22
Hotel Booking
H def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedRoomv price$ abort in offeringRoom request,confirm : Q ]
BookedRoomv … in WaitBooking | …
Formal Models for Distributed
Negotiations 23
Hotel Booking
H def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedRoomv price$ abort in offeringRoom request,confirm : Q ]
BookedRoomv … in WaitBooking | …
C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound
offer$ abort in rofferin searchRoom hotelMsg : Q’ ]
in BookingHotel | …
Formal Models for Distributed
Negotiations 24
Hotel Booking
H def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedRoomv price$ abort in offeringRoom request,confirm : Q ]
BookedRoomv … in WaitBooking | …
C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound
offer$ abort in rofferin searchRoom hotelMsg : Q’ ]
in BookingHotel | …
HB def searchRoomhm | offeringRoom r,c hmr,c in H | C
Formal Models for Distributed
Negotiations 25
Hotel Booking…, WaitBooking , BookingHotel
…, […, offeringRoomrequest,confirm : Q ] , […, searchRoomhotelMsg : Q’]
…, […, hotelMsgrequest,confirm : Q | Q’]
…, […, requestoffer : Q | Q’]
…, […, offer$, price$ : Q | Q’]
…, […, confirmvisa, HotelFound , price$ : Q | Q’]
…, […, BookedRoomvisa, HotelFound : Q | Q’]
…, BookedRoomvisa, HotelFound
Formal Models for Distributed
Negotiations 26
Trip Booking IH as before
F def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedFlightv price$ abort in offeringFlight request,confirm : Q ]
BookedFlightv … in WaitBooking | …
local name, different from homonym name
in H
Formal Models for Distributed
Negotiations 27
Trip Booking IIC def hotelOKfc | flightOKhc fc | hc BookingHotel [def hotelMsgr,c def offer$ cvisa | hotelOKflightConf
offer$ abort flightConf HotelFound in rofferin searchRoom hotelMsg : Q’ ]
BookingFlight [def flightlMsgr,c def offer$ cvisa | flightOKhotelConf
offer$ abort hotelConf FlightFound in rofferin searchFlight flightMsg : Q’’ ]
in BookingHotel | BookingFlight | …
TB def searchRoomhm | offeringRoom r,c hmr,c searchFlightfm | offeringFlight r,c fmr,c in H | F | C
both needed to commit
Formal Models for Distributed
Negotiations 28
Matching the Prerequisites Local and global resources Local sub-contracts and decisions Global results posted upon commit Abort of ongoing contracts
All participants must be informed Compensations can be activated
Either abort or commit (no divergence) Dynamic joining of participants
Contracts can be merged Nested structure of contracts
membranes and
scoping rules
nesting commit reaction
several variants of abort
would limit the
expressiveness
merge definitions (boards)
multi-level
Formal Models for Distributed
Negotiations 29
ZS nets, JOIN and cJOIN ZS nets can be encoded in JOIN by attaching the
dynamic creation of a local DTC to transitions Implementation of D2PC (transparent to users) Tokens must carry several channel names Each firing must undergo local DTCs approval
cJOIN primitives allow a straightforward encoding No further protocol is needed Tokens carry just one contract identifier Firings directly correspond to reactions
Formal Models for Distributed
Negotiations 30
ZS nets in JOINWe encode basic nets, which are expressive enough:
fork
open join closecompute
[[ E open e ]] = E def D in e(put,
{ lock }) | state({ E })
[[ e calc e’ ]] = e(p, L) e’(p, L)
[[ e fork e’, e’’ ]] = e(p, L) def D in e’(p, L
{ lock })
| e’’(put, L { lock }) | state(
)
[[ e’, e’’ join e ]] = e’(p’, L’) | e’’(p’’, L’’) e(p’, L’ L’’) | p’’(L’’
L’, )
[[ e close E ]] = e(p, L) p(L, { E })
given a net (T,S) we define an agent def [[ T ]] in [[S]] , where
default compensation
Formal Models for Distributed
Negotiations 31
DTC in JOINthe definition D is the following
state(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )state(H) failed() | release(H)commit({ l } L, L’, L’’, F, H) commit(L, L’, L’’ , F, H)
| l(L’, lock, fail )commit(L, L’, L’’, F, H) | lock(L’’’, l, f )
commit(L (L’’’ \ L’), L’ L’’’, L’’ { l }, F, H )commit(, L, L, F, H) release(F)commit(L, L’, L’’, F, H) | fail() failed() | release(H)failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()
Formal Models for Distributed
Negotiations 32
ZS nets in cJOINWe encode basic nets, which are expressive enough:
fork
open join closecompute
[[ E open e ]] = E [def z0 in ez : E ]
[[ e calc e’ ]] = ez e’z
[[ e fork e’, e’’ ]] = ez e’z | e’’z
[[ e’, e’’ join e ]] = e’z’ | e’’z’’ ez’
[[ e close E ]] = e z E
given a net (T,S) we define an agent def [[ T ]] in [[S]] , wheredummy definition
(JOIN way of declaring a local id)
z’ and z’’ have now identical scope and
meaning
Formal Models for Distributed
Negotiations 33
Committed Join Features Negotiations can be defined in terms of
concurrent sub-negotiations Cooperation between contracts are given by
merging definitions Global resources produced inside a
negotiation are made available at commit time
Commit means termination Explicit abort and compensation
Formal Models for Distributed
Negotiations 34
Some results on cJoin cJoin is a conservative extension of
Join P
J Q iff P
cJ Q. (P and Q Join processes)
Zero-safe nets can be encoded as cJoin processes N=(T,S) a ZS net. (S,) * (S’,) iff
def [T] in [S] * def [T] in [S]
Formal Models for Distributed
Negotiations 35
cJOIN and Logic Languages Commit primitives of cJoin can be
used to implement committed choices of AKL explicit encoding of search strategies and
unification via continuation passing and compensation
Formal Models for Distributed
Negotiations 36
Serializability A simple type system that guarantees
serializability Shallow processes
the start of a sub-negotiation can be postponed until all the cooperating sub-negotiations needed to commit can be generated inside its parent negotiation
Proof via correspondence w.r.t. big step semantics
Formal Models for Distributed
Negotiations 37
Encoding of cJOIN in JOIN Aim:
Define an implementation of cJOIN in JOIN Associate to every cJOIN process a JOIN
process that simulate its behavior
Ideas: Identification of basic forms for definitions Definition of a type system to single out
canonical processes Reuse controllers of the D2PC protocol
Formal Models for Distributed
Negotiations 38
Abstract Semantics Expected Result
Define the abstract representative of a cJOIN process
a JOIN process describing all the stable behaviors of the original process
def ax|by [def cz bz in ay | cx : ax|
by] in a1|b2 def ax | by ay | bx in a1|b2
Formal Models for Distributed
Negotiations 39
Comparatives studies Comparison with other approaches for
modeling long-running activities Transactional context of MINI-XLANG
distinguish two kinds of compensations
Goals Find limitations / restrictions Show the encoding of other common
constructors (such as those in WMS)
Formal Models for Distributed
Negotiations 40
References Committed actions for mobile calculi
(PhD Thesis Proposal, Manuscript, 2003) H. Melgratti
Nested commits for mobile calculi: extending Join (Manuscript) R. Bruni, H. Melgratti, U. Montanari