formal models for distributed negotiations a calculus of compensations
Download
Skip this Video
Download Presentation
Formal Models for Distributed Negotiations A Calculus of Compensations

Loading in 2 Seconds...

play fullscreen
1 / 35

Formal Models for - PowerPoint PPT Presentation


  • 224 Views
  • Uploaded on

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003. Formal Models for Distributed Negotiations A Calculus of Compensations . Roberto Bruni Dipartimento di Informatica Università di Pisa. Compensations.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Formal Models for' - Rita


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
formal models for distributed negotiations a calculus of compensations

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003

Formal Models forDistributed NegotiationsA Calculus of Compensations

Roberto Bruni

Dipartimento di Informatica

Università di Pisa

compensations
Compensations
  • Long running transactions may abort also when some of their sub-transactions have been committed
    • Committed sub-transactions should be undone
      • Not always possible: visible events cannot be canceled
        • e.g. when booking holiday (flights, hotels, cars, shows), only partial refund can be obtained by canceling
        • e.g. when negotiating services and goods, some fines must be for canceling the contract
    • To Compensate =
      • to amends for, to make up for

Formal Models for Distributed Negotiations

objectives
Objectives
  • Clear understanding of long running transactions (LRT) and of their compositions
    • Formal models to clarify assumptions and obligations of the various components of a business system
    • Visual rendering of control structures
    • Algebra of LRTs
    • Design automatic analysis tools for checking coherence of business systems and guard against deadlocks and race conditions

Formal Models for Distributed Negotiations

lrts are not acid
LRTs are not ACID
  • LRTs
    • are composed out of a collection of traditional atomic transactions
      • for them, roll-back is supplied automatically
    • usually engage in externally visible events
      • these events cannot be undone automatically
      • user-defined (application-dependent) compensations are needed
    • approximately atomic and consistent, not isolated and globally durable, no automatic roll-back

Formal Models for Distributed Negotiations

inspiration
Inspiration
  • From XLANG
    • context P exception E compensation C

failure

normal entry point

compensation exit

normal exit point

compensation entry

Formal Models for Distributed Negotiations

sound traces
Sound Traces
  • Normal flow is vertical, from top to bottom
  • Compensation flow is still vertical, but in the reversed direction (from bottom to top)
  • For the moment we regard internal failures just as compensations
  • Sound traces
    • OK: normal in (nin) – normal out (nout)
    • FAIL: nin – compensation out (cout)
    • COMP: nin – nout – cin - cout

Formal Models for Distributed Negotiations

tree of traces
Tree of Traces
  • Traces can be conveniently represented as a tree
    • Nodes are labeled by events
    • A trace is a path from the root of the tree
  • Sound transactions
    • tree of traces must be conform to

nin

nout

cout

cin

cout

Formal Models for Distributed Negotiations

succeed and fail
Succeed and Fail
  • Straight arrows have no effects

nin

nin

nout

cout

cin

cout

Formal Models for Distributed Negotiations

sequential composition

nin & R.nin

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Sequential Composition
  • sequence R S
    • Compound events
      • nin & R.nin
      • R.nout & S.nin
      • S.nout & nout
      • cin & S.cin
      • S.cout & R.cin
      • R.cout & cout
    • Simultaneous occurrence of joint events

R;S

R

S

Formal Models for Distributed Negotiations

sequential composition is sound for r
Sequential Composition is Sound for R

nin & R.nin

  • sequence R S
    • Compound events
      • nin & R.nin
      • R.nout & S.nin
      • S.nout & nout
      • cin & S.cin
      • S.cout & R.cin
      • R.cout & cout
    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations

sequential composition is sound for s
Sequential Composition is Sound for S

nin & R.nin

  • sequence R S
    • Compound events
      • nin & R.nin
      • R.nout & S.nin
      • S.nout & nout
      • cin & S.cin
      • S.cout & R.cin
      • R.cout & cout
    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations

sequential composition is sound
Sequential Composition is Sound

nin & R.nin

  • sequence R S
    • Compound events
      • nin & R.nin
      • R.nout & S.nin
      • S.nout & nout
      • cin & S.cin
      • S.cout & R.cin
      • R.cout & cout
    • Simultaneous occurrence of joint events

R;S

R

R.nout & S.nin

R.cout & cout

S.nout & nout

S.cout & R.cin

S

cin & S.cin

R.cout & cout

S.cout & R.cin

R.cout & cout

Formal Models for Distributed Negotiations

notes about sequence
Notes About Sequence
  • Dynamic behaviour uniquely defined by the flowchart
    • Only tree that satisfies all three conditions of soundness
  • Sequential composition is associative
    • We can
      • omit outer boxes in nested serializations
      • omit parentheses in algebraic expressions
      • investigate properties by considering two operands at a time

Formal Models for Distributed Negotiations

sequential choice pick
Sequential Choice (Pick)
  • In sequential composition, a failure of a single component triggers the compensations of all previous activities
  • The pick operation allows to specify two or more alternatives for the same goal
    • tried sequentially
    • until one succeeds
    • or all have failed

Formal Models for Distributed Negotiations

sequential choice pick15

nin & R.nin

R.nout & nout

R.cout & S.nin

cin & R.cin

S.nout & nout

S.cout & cout

R.cout & cout

cin & S.cin

S.cout & cout

Sequential Choice (Pick)
  • pick R S
    • (associative)

S

R

The tree is more informative

than the flowchart

Formal Models for Distributed Negotiations

parallel composition all
Parallel Composition (All)
  • Two or more transactions can be executed concurrently
  • The all operation allows to specify two or more concurrent activities
    • initiated together
    • fail if any of them fail
    • completed when all succeed
    • roll-back all on subsequent failures

Formal Models for Distributed Negotiations

parallel composition all17

The tree is trivial

nin & R.nin & S.nin

R.cout & S.cout & cout

R.nout & S.nout & nout

The implementation is difficult!

What if, after R.nin and S.nin, it happens

that R.nout but S.cout?

Deadlock? (dealt with exceptions)

cin & R.cin & S.cin

R.cout & S.cout & cout

Parallel Composition (All)
  • all R S
    • Petri net–like flowchart
    • (assoc., comm.)

S

R

Formal Models for Distributed Negotiations

concurrent waiting parallel pick
Concurrent Waiting (Parallel Pick)
  • Speculation
    • local extra work in anticipation it may need later
  • Two or more transactions can be attempted concurrently
    • take the one that succeeds first
    • compensate all the others
    • alternatives must be independent each other and with no interaction

Formal Models for Distributed Negotiations

concurrent waiting parallel pick19
Concurrent Waiting (Parallel Pick)

nin &

R.nin &

S.nin

non-determinism

R.nout &

S.nout

R.nout &

S.cout &

nout

R.cout &

S.nout &

nout

R.cout &

S.cout &

cout

S.cin

R.cin

S.cout & nout

R.cout & nout

cin & R.cin

cin & S.cin

cin & R.cin

cin & S.cin

R.cout & cout

S.cout & cout

R.cout & cout

S.cout & cout

Formal Models for Distributed Negotiations

the pi calculus approach
The Pi-Calculus Approach
  • The pi-calculus is the most famous calculus for (name) mobility
  • Similar to join
    • many receivers on the same channel
    • hiding (x) and binding input prefix x(y).P instead of def xyPin …
  • Similar to CCS (with value passing)
    • outputs carry values xy
    • inputs have (bound) arguments x(y)

Formal Models for Distributed Negotiations

compensation primitives
Compensation Primitives
  • Asynchronous pi-calculus
    • P ::= 0 | xy | x(y).P | (x)P | !P | P|P
  • Additional primitives
    • done – successful termination of transaction
    • abort – internal failure
    • context(P,Q,R) – Process P with exception handler Q and compensation R
  • Some structural laws
    • P | done = P
    • abort | abort = abort
    • context(xy|P, Q, R) = xy | context(P, Q, R)

Formal Models for Distributed Negotiations

handling failures
Handling Failures
  • Compensations are remembered after commit by attaching them to on-failure processes of outer contexts
    • context(P|context(done,Q’,R’), Q, R)  context(P, R’|Q, R)
    • context(abort, Q, R)  Q
  • This allows for
    • Establishing abstract equivalences
      • e.g. if P is abort-free, then P is equivalent to any context(P,Q,R)
    • Formal encoding and comparison with other calculi
      • extended processes can be “compiled” in the pi-calculus

Formal Models for Distributed Negotiations

extending compensations
Extending Compensations
  • Standard approach
    • Compensations associated with primary activities of LRTs
      • When required, all compensations of successful activities are executed (in reversal order)
      • If savepoints are reached (committed choices), then compensations are no longer required and can be forgotten
  • StAC (Structured Activity Compensation)
    • In the spirit of Sagas
      • More general mechanisms (concurrent and non-atomic activities)
      • Multiple compensations (selective / alternative)

Formal Models for Distributed Negotiations

business process beans
Business Process Beans
  • Business Processes
    • model activities that are useful to the business
    • must be composable
      • hierarchy of abstractions
  • IBM’s BPBeans Application
    • hierarchy of nested components
      • bottom level: primitive Java beans components
      • activities act on a global set of shared variables
    • composed via the Application Builder for Components (ABC) tool

Formal Models for Distributed Negotiations

stac syntax
StAC Syntax
  • P ; P (sequential composition)
  • P | P (parallel composition)
  • par i in S do i.P (generalized parallel comp.)
  • if C then P else P (conditional)
  •  (early termination)
  • {P} (termination scoping)
  • P  P (compensation pair)
  • [P] (compensation scoping)
  •  (accept)
  •  (reverse)

Formal Models for Distributed Negotiations

sequential and concurrent activities
Sequential and Concurrent Activities
  • P ; Q
    • P is executed first. When P completes, Q is executed
    • associative
  • P | Q
    • associative
  • par i in S do i.P
    • used for generating many concurrent instances uniquely indexed by i
    • e.g. par i in 1..10 do i.P
      • creates 10 distinct concurrent instances of P

Formal Models for Distributed Negotiations

early termination
Early Termination
    • termination is limited by scoping brackets
      • e.g. {P;;Q} ; R
        • first executes P, then terminator prevents Q from being executed, but being termination limited within brackets, then R will be executed
    • also concurrent activities are terminated
      • maybe not immediately, but at a later stage
        • either prematurely or at completion
      • e.g. {(P;;Q) | S} | R
        • the termination causes S to terminate (not R, which is outside the scoping)
    • Termination scoping can be nested

Formal Models for Distributed Negotiations

compensations i
Compensations I
  • P  Q
    • P is the primary task
    • Q is the compensation task for P
    • First the primary task is executed, when completed, the compensation task is remembered for later use (in reversal)
    • executes available compensations
    • e.g. (P  Q) ; 
      • executes P and remembers Q, then reverse by executing Q
    • e.g. (P1 Q1); (P2 Q2);(P3 Q3);
      • executes P1 then P2 then P3 then Q3 then Q2 and finally Q1

Formal Models for Distributed Negotiations

compensations ii
Compensations II
    • e.g. ((P1 Q1)|(P2 Q2)|(P3 Q3)) ; 
      • executes P1, P2 and P3 concurrently, and then compensates with Q1, Q2 and Q3 concurrently
    • Invoked compensations are then cleared
      • e.g. (P  Q) ;  ;  is the same as (P  Q) ; 
    • forgets all currently remembered compensations (committed choice)
    • e.g. (P1 Q1) ;  ; (P2 Q2) ; 
      • executes P1 then P2and finally Q2 (Q1 is not performed because it has been removed by the accept operation)

Formal Models for Distributed Negotiations

compensations iii
Compensations III
    • Compensations can be nested
      • e.g. (P  (P1 Q1) ) ; 
        • executes P and remembers (P1 Q1), then on reversal executes P1 but remembers Q1 for later use
    • Square brackets delimit the scope of the accept and reverse operators
  • Restrictions in BPBeans
    • nested compensations are not allowed
    • each level in the hierarchy overrides lower levels (as if P was modeled by [P;])
    • concurrent activities have separated compensation scopes (as if P|Q was modeled by [P]|[Q])

Formal Models for Distributed Negotiations

multiple compensations
Multiple Compensations
  • Aim: to allow processes to remember several simultaneous compensation tasks
    • Individual tasks can then be accepted or reversed
    • Facilitate reuse of processes
  • Language extension
    • P i P (indexed compensation pair)
    • i (indexed accept)
    • i (indexed reverse)

Formal Models for Distributed Negotiations

selective and alternative compensations
Selective and Alternative Compensations
  • Selective compensations
    • reversals select some activities to be compensated for, while preserving the compensations for other activities
  • Alternative compensations
    • several alternative compensations are attached to the same activity and the reversal picks one of these alternatives for invocation and forget the others

Formal Models for Distributed Negotiations

stac vs other models
StAC vs Other Models
  • Sagas
    • non hierarchical and purely sequential
    • compensations invoked on system failure
    • assumption of perfect compensation
  • Nested transactions
    • compensations invoked on system failure
    • rigid scoping
    • multiple compensations are not allowed
  • ConTracts
    • single compensations
    • implicit accept and reversal

Formal Models for Distributed Negotiations

recap
Recap
  • We have seen
  • Different approaches to the formal modeling of compensations
    • Difficulties
    • Advantages
    • Mismatching
    • Basis for implementations

Formal Models for Distributed Negotiations

references
References
  • Notes by T. Hoare, C. Fournet, A. Gordon, L. Bocchi, C. Laneve, G. Zavattaro
  • Extending the concept of transaction compensation (IBM System Journal 41(4), 2002, pp. 743-758)
    • M. Chessell, C. Griffin, D. Vines, M. Butler, C. Ferreira, P. Henderson

Formal Models for Distributed Negotiations

ad