Formal models for distributed negotiations a calculus of compensations
Download
1 / 35

Formal Models for - PowerPoint PPT Presentation


  • 221 Views
  • Uploaded on

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003. Formal Models for Distributed Negotiations A Calculus of Compensations . Roberto Bruni Dipartimento di Informatica Università di Pisa. Compensations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Formal Models for' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Formal models for distributed negotiations a calculus of compensations l.jpg

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003

Formal Models forDistributed NegotiationsA Calculus of Compensations

Roberto Bruni

Dipartimento di Informatica

Università di Pisa


Compensations l.jpg
Compensations Aires, July 21-26 2003

  • Long running transactions may abort also when some of their sub-transactions have been committed

    • Committed sub-transactions should be undone

      • Not always possible: visible events cannot be canceled

        • e.g. when booking holiday (flights, hotels, cars, shows), only partial refund can be obtained by canceling

        • e.g. when negotiating services and goods, some fines must be for canceling the contract

    • To Compensate =

      • to amends for, to make up for

Formal Models for Distributed Negotiations


Objectives l.jpg
Objectives Aires, July 21-26 2003

  • Clear understanding of long running transactions (LRT) and of their compositions

    • Formal models to clarify assumptions and obligations of the various components of a business system

    • Visual rendering of control structures

    • Algebra of LRTs

    • Design automatic analysis tools for checking coherence of business systems and guard against deadlocks and race conditions

Formal Models for Distributed Negotiations


Lrts are not acid l.jpg
LRTs are not ACID Aires, July 21-26 2003

  • LRTs

    • are composed out of a collection of traditional atomic transactions

      • for them, roll-back is supplied automatically

    • usually engage in externally visible events

      • these events cannot be undone automatically

      • user-defined (application-dependent) compensations are needed

    • approximately atomic and consistent, not isolated and globally durable, no automatic roll-back

Formal Models for Distributed Negotiations


Inspiration l.jpg
Inspiration Aires, July 21-26 2003

  • From XLANG

    • context P exception E compensation C

failure

normal entry point

compensation exit

normal exit point

compensation entry

Formal Models for Distributed Negotiations


Sound traces l.jpg
Sound Traces Aires, July 21-26 2003

  • Normal flow is vertical, from top to bottom

  • Compensation flow is still vertical, but in the reversed direction (from bottom to top)

  • For the moment we regard internal failures just as compensations

  • Sound traces

    • OK: normal in (nin) – normal out (nout)

    • FAIL: nin – compensation out (cout)

    • COMP: nin – nout – cin - cout

Formal Models for Distributed Negotiations


Tree of traces l.jpg
Tree of Traces Aires, July 21-26 2003

  • Traces can be conveniently represented as a tree

    • Nodes are labeled by events

    • A trace is a path from the root of the tree

  • Sound transactions

    • tree of traces must be conform to

nin

nout

cout

cin

cout

Formal Models for Distributed Negotiations


Succeed and fail l.jpg
Succeed and Fail Aires, July 21-26 2003

  • Straight arrows have no effects

nin

nin

nout

cout

cin

cout

Formal Models for Distributed Negotiations


Sequential composition l.jpg

nin & R.nin Aires, July 21-26 2003

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Sequential Composition

  • sequence R S

    • Compound events

      • nin & R.nin

      • R.nout & S.nin

      • S.nout & nout

      • cin & S.cin

      • S.cout & R.cin

      • R.cout & cout

    • Simultaneous occurrence of joint events

R;S

R

S

Formal Models for Distributed Negotiations


Sequential composition is sound for r l.jpg
Sequential Composition is Sound for R Aires, July 21-26 2003

nin & R.nin

  • sequence R S

    • Compound events

      • nin & R.nin

      • R.nout & S.nin

      • S.nout & nout

      • cin & S.cin

      • S.cout & R.cin

      • R.cout & cout

    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations


Sequential composition is sound for s l.jpg
Sequential Composition is Sound for S Aires, July 21-26 2003

nin & R.nin

  • sequence R S

    • Compound events

      • nin & R.nin

      • R.nout & S.nin

      • S.nout & nout

      • cin & S.cin

      • S.cout & R.cin

      • R.cout & cout

    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations


Sequential composition is sound l.jpg
Sequential Composition is Sound Aires, July 21-26 2003

nin & R.nin

  • sequence R S

    • Compound events

      • nin & R.nin

      • R.nout & S.nin

      • S.nout & nout

      • cin & S.cin

      • S.cout & R.cin

      • R.cout & cout

    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations


Notes about sequence l.jpg
Notes About Sequence Aires, July 21-26 2003

  • Dynamic behaviour uniquely defined by the flowchart

    • Only tree that satisfies all three conditions of soundness

  • Sequential composition is associative

    • We can

      • omit outer boxes in nested serializations

      • omit parentheses in algebraic expressions

      • investigate properties by considering two operands at a time

Formal Models for Distributed Negotiations


Sequential choice pick l.jpg
Sequential Choice (Pick) Aires, July 21-26 2003

  • In sequential composition, a failure of a single component triggers the compensations of all previous activities

  • The pick operation allows to specify two or more alternatives for the same goal

    • tried sequentially

    • until one succeeds

    • or all have failed

Formal Models for Distributed Negotiations


Sequential choice pick15 l.jpg

nin & R.nin Aires, July 21-26 2003

R.nout & nout

R.cout & S.nin

cin & R.cin

S.nout & nout

S.cout & cout

R.cout & cout

cin & S.cin

S.cout & cout

Sequential Choice (Pick)

  • pick R S

    • (associative)

S

R

The tree is more informative

than the flowchart

Formal Models for Distributed Negotiations


Parallel composition all l.jpg
Parallel Composition (All) Aires, July 21-26 2003

  • Two or more transactions can be executed concurrently

  • The all operation allows to specify two or more concurrent activities

    • initiated together

    • fail if any of them fail

    • completed when all succeed

    • roll-back all on subsequent failures

Formal Models for Distributed Negotiations


Parallel composition all17 l.jpg

The tree is trivial Aires, July 21-26 2003

nin & R.nin & S.nin

R.cout & S.cout & cout

R.nout & S.nout & nout

The implementation is difficult!

What if, after R.nin and S.nin, it happens

that R.nout but S.cout?

Deadlock? (dealt with exceptions)

cin & R.cin & S.cin

R.cout & S.cout & cout

Parallel Composition (All)

  • all R S

    • Petri net–like flowchart

    • (assoc., comm.)

S

R

Formal Models for Distributed Negotiations


Concurrent waiting parallel pick l.jpg
Concurrent Waiting Aires, July 21-26 2003(Parallel Pick)

  • Speculation

    • local extra work in anticipation it may need later

  • Two or more transactions can be attempted concurrently

    • take the one that succeeds first

    • compensate all the others

    • alternatives must be independent each other and with no interaction

Formal Models for Distributed Negotiations


Concurrent waiting parallel pick19 l.jpg
Concurrent Waiting Aires, July 21-26 2003(Parallel Pick)

nin &

R.nin &

S.nin

non-determinism

R.nout &

S.nout

R.nout &

S.cout &

nout

R.cout &

S.nout &

nout

R.cout &

S.cout &

cout

S.cin

R.cin

S.cout & nout

R.cout & nout

cin & R.cin

cin & S.cin

cin & R.cin

cin & S.cin

R.cout & cout

S.cout & cout

R.cout & cout

S.cout & cout

Formal Models for Distributed Negotiations


The pi calculus approach l.jpg
The Pi-Calculus Approach Aires, July 21-26 2003

  • The pi-calculus is the most famous calculus for (name) mobility

  • Similar to join

    • many receivers on the same channel

    • hiding (x) and binding input prefix x(y).P instead of def xyPin …

  • Similar to CCS (with value passing)

    • outputs carry values xy

    • inputs have (bound) arguments x(y)

Formal Models for Distributed Negotiations


Compensation primitives l.jpg
Compensation Primitives Aires, July 21-26 2003

  • Asynchronous pi-calculus

    • P ::= 0 | xy | x(y).P | (x)P | !P | P|P

  • Additional primitives

    • done – successful termination of transaction

    • abort – internal failure

    • context(P,Q,R) – Process P with exception handler Q and compensation R

  • Some structural laws

    • P | done = P

    • abort | abort = abort

    • context(xy|P, Q, R) = xy | context(P, Q, R)

Formal Models for Distributed Negotiations


Handling failures l.jpg
Handling Failures Aires, July 21-26 2003

  • Compensations are remembered after commit by attaching them to on-failure processes of outer contexts

    • context(P|context(done,Q’,R’), Q, R)  context(P, R’|Q, R)

    • context(abort, Q, R)  Q

  • This allows for

    • Establishing abstract equivalences

      • e.g. if P is abort-free, then P is equivalent to any context(P,Q,R)

    • Formal encoding and comparison with other calculi

      • extended processes can be “compiled” in the pi-calculus

Formal Models for Distributed Negotiations


Extending compensations l.jpg
Extending Compensations Aires, July 21-26 2003

  • Standard approach

    • Compensations associated with primary activities of LRTs

      • When required, all compensations of successful activities are executed (in reversal order)

      • If savepoints are reached (committed choices), then compensations are no longer required and can be forgotten

  • StAC (Structured Activity Compensation)

    • In the spirit of Sagas

      • More general mechanisms (concurrent and non-atomic activities)

      • Multiple compensations (selective / alternative)

Formal Models for Distributed Negotiations


Business process beans l.jpg
Business Process Beans Aires, July 21-26 2003

  • Business Processes

    • model activities that are useful to the business

    • must be composable

      • hierarchy of abstractions

  • IBM’s BPBeans Application

    • hierarchy of nested components

      • bottom level: primitive Java beans components

      • activities act on a global set of shared variables

    • composed via the Application Builder for Components (ABC) tool

Formal Models for Distributed Negotiations


Stac syntax l.jpg
StAC Syntax Aires, July 21-26 2003

  • P ; P (sequential composition)

  • P | P (parallel composition)

  • par i in S do i.P (generalized parallel comp.)

  • if C then P else P (conditional)

  •  (early termination)

  • {P} (termination scoping)

  • P  P (compensation pair)

  • [P] (compensation scoping)

  •  (accept)

  •  (reverse)

Formal Models for Distributed Negotiations


Sequential and concurrent activities l.jpg
Sequential and Concurrent Activities Aires, July 21-26 2003

  • P ; Q

    • P is executed first. When P completes, Q is executed

    • associative

  • P | Q

    • associative

  • par i in S do i.P

    • used for generating many concurrent instances uniquely indexed by i

    • e.g. par i in 1..10 do i.P

      • creates 10 distinct concurrent instances of P

Formal Models for Distributed Negotiations


Early termination l.jpg
Early Termination Aires, July 21-26 2003

    • termination is limited by scoping brackets

      • e.g. {P;;Q} ; R

        • first executes P, then terminator prevents Q from being executed, but being termination limited within brackets, then R will be executed

    • also concurrent activities are terminated

      • maybe not immediately, but at a later stage

        • either prematurely or at completion

      • e.g. {(P;;Q) | S} | R

        • the termination causes S to terminate (not R, which is outside the scoping)

    • Termination scoping can be nested

Formal Models for Distributed Negotiations


Compensations i l.jpg
Compensations I Aires, July 21-26 2003

  • P  Q

    • P is the primary task

    • Q is the compensation task for P

    • First the primary task is executed, when completed, the compensation task is remembered for later use (in reversal)

    • executes available compensations

    • e.g. (P  Q) ; 

      • executes P and remembers Q, then reverse by executing Q

    • e.g. (P1 Q1); (P2 Q2);(P3 Q3);

      • executes P1 then P2 then P3 then Q3 then Q2 and finally Q1

Formal Models for Distributed Negotiations


Compensations ii l.jpg
Compensations II Aires, July 21-26 2003

  • e.g. ((P1 Q1)|(P2 Q2)|(P3 Q3)) ; 

    • executes P1, P2 and P3 concurrently, and then compensates with Q1, Q2 and Q3 concurrently

  • Invoked compensations are then cleared

    • e.g. (P  Q) ;  ;  is the same as (P  Q) ; 

    • forgets all currently remembered compensations (committed choice)

    • e.g. (P1 Q1) ;  ; (P2 Q2) ; 

      • executes P1 then P2and finally Q2 (Q1 is not performed because it has been removed by the accept operation)

  • Formal Models for Distributed Negotiations


    Compensations iii l.jpg
    Compensations III Aires, July 21-26 2003

    • Compensations can be nested

      • e.g. (P  (P1 Q1) ) ; 

        • executes P and remembers (P1 Q1), then on reversal executes P1 but remembers Q1 for later use

    • Square brackets delimit the scope of the accept and reverse operators

  • Restrictions in BPBeans

    • nested compensations are not allowed

    • each level in the hierarchy overrides lower levels (as if P was modeled by [P;])

    • concurrent activities have separated compensation scopes (as if P|Q was modeled by [P]|[Q])

  • Formal Models for Distributed Negotiations


    Multiple compensations l.jpg
    Multiple Compensations Aires, July 21-26 2003

    • Aim: to allow processes to remember several simultaneous compensation tasks

      • Individual tasks can then be accepted or reversed

      • Facilitate reuse of processes

    • Language extension

      • P i P (indexed compensation pair)

      • i (indexed accept)

      • i (indexed reverse)

    Formal Models for Distributed Negotiations


    Selective and alternative compensations l.jpg
    Selective and Alternative Compensations Aires, July 21-26 2003

    • Selective compensations

      • reversals select some activities to be compensated for, while preserving the compensations for other activities

    • Alternative compensations

      • several alternative compensations are attached to the same activity and the reversal picks one of these alternatives for invocation and forget the others

    Formal Models for Distributed Negotiations


    Stac vs other models l.jpg
    StAC vs Other Models Aires, July 21-26 2003

    • Sagas

      • non hierarchical and purely sequential

      • compensations invoked on system failure

      • assumption of perfect compensation

    • Nested transactions

      • compensations invoked on system failure

      • rigid scoping

      • multiple compensations are not allowed

    • ConTracts

      • single compensations

      • implicit accept and reversal

    Formal Models for Distributed Negotiations


    Recap l.jpg
    Recap Aires, July 21-26 2003

    • We have seen

    • Different approaches to the formal modeling of compensations

      • Difficulties

      • Advantages

      • Mismatching

      • Basis for implementations

    Formal Models for Distributed Negotiations


    References l.jpg
    References Aires, July 21-26 2003

    • Notes by T. Hoare, C. Fournet, A. Gordon, L. Bocchi, C. Laneve, G. Zavattaro

    • Extending the concept of transaction compensation (IBM System Journal 41(4), 2002, pp. 743-758)

      • M. Chessell, C. Griffin, D. Vines, M. Butler, C. Ferreira, P. Henderson

    Formal Models for Distributed Negotiations


    ad