Upload
leila-thornton
View
36
Download
3
Tags:
Embed Size (px)
DESCRIPTION
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003. Formal Models for Distributed Negotiations Distributed 2PC. Roberto Bruni Dipartimento di Informatica Università di Pisa. Orchestrating Zero-Safe Nets. - PowerPoint PPT Presentation
Citation preview
1
Formal Models forDistributed NegotiationsDistributed 2PC
Roberto BruniDipartimento di Informatica Università di Pisa
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003
Formal Models for Distributed
Negotiations 2
Orchestrating Zero-Safe Nets
The transactional mechanism of ZSN can be implemented in the join calculus Centralized version
The fragment corresponding to coloured nets suffices
Distributed version Exploit full join (dynamic nets)
Formal Models for Distributed
Negotiations 3
Centralized encoding Transactions have unique identifiers
Participants must pick up the name at the begin of the transaction and will be tagged with this name
Only participants holding the same name can interact during the transaction
Controllers are associated with transactions Dynamically released from a unique generator Participants must interact with the controllers of
their transactions when fetching or releasing tokens Parallelism is increased by the usage of credit/debit tokens
Formal Models for Distributed
Negotiations 4
ZS nets in JOINWe encode basic nets, which are expressive enough:
[[ E open e ]] = E() | cdt(k) e(k) |
fetched(k,E)
[[ e calc e’ ]] = e(k) e’(k)
[[ e fork e’, e’’ ]] = e(k) | cdt(k) e’(k) | e’’(k)
[[ e’, e’’ join e ]] = e’(k) | e’’(k) e(k) | dbt(k)
[[ e close E ]] = e(k) frozen(k,E) | dbt(k)
[[ e drop ]] = e(k) dbt(k)
given a net (T,S) we define an agent def [[ T ]] CF in [[S]] | gen(0)fork
open join closecalc drop
Formal Models for Distributed
Negotiations 5
Generator, Controllers and Commit
C = gen(k) gen(k+1) | state(k+1,0)
state(k,n) state(k,n+1) | cdt(k)
state(k,n+1) | dbt(k) state(k,n)
cdt(k) dbt(k)
state(k,0) commit(k)
commit(k) | frozen(k,E) commit(k) | E
commit(k) | fetched(k,E) commit(k)
generation of fresh controllers
credit / debit administration
commit
Formal Models for Distributed
Negotiations 6
Failures
F = state(k,n) failed(k,n)
failed(k,n+1) | cdt(k) failed(k,n)
failed(k,n+1) | dbt(k) failed(k,n)
failed(k,n) | frozen(k,E) failed(k,n)
failed(k,n) | fetched(k,E) failed(k,n) | E
nondeterministic failure
credit / debit administration
roll-back
Formal Models for Distributed
Negotiations 7
Comments Highly non-deterministic
credit tokens are not released by need to avoid serialization of activities
Empty transactions Guesswork if different open statement should belong to the same
transaction or not Semantic correspondence
Invariant representing state consistency Correctness and completeness through normalization strategy
active transactions fail committing transactions terminate successfully failing transactions are rolled back normalization is harmless reachable ZSN markings correspond to reachable consistent
normalized states
Formal Models for Distributed
Negotiations 8
Comments Highly non-deterministic
credit tokens are not released by need to avoid serialization of activities
Empty transactions Guesswork if different open statement should belong to the same
transaction or not Semantic correspondence
Invariant representing state consistency Correctness and completeness through normalization strategy
active transactions fail committing transactions terminate successfully failing transactions are rolled back normalization is harmless reachable ZSN markings correspond to reachable consistent
normalized states
Formal Models for Distributed
Negotiations 9
Distributed Implementation
ZS nets can be implemented in Join by using a distributed commit protocol (D2PC) where all participants play an active role
in the decision which supports multiway transactions whose participants are not fixed statically
Formal Models for Distributed
Negotiations 10
Distributed 2PC The distributed 2PC is a variant of the
decentralized 2PC with a finite but unknown number of participants When a participant P is ready to commit it
has only a partial knowledge of the whole set of participants
Only those who directly cooperated with P To commit P must contact all its
neighbors and learn the identity of other participants from them
Formal Models for Distributed
Negotiations 11
D2PC Every participant P acts as coordinator
During the transaction P builds its own synchronization set LP of cooperating agents
When P is ready to commit, P asks readiness to processes in LP (if empty P was isolated and can commit)
In doing so, P sends them the set LP
Other participants will send to P either a successful reply with their own synchronization sets or a failure message
(in this case, failure is then propagated) Successful replies are added to LP
The protocol terminates when LP is transitively closed
Formal Models for Distributed
Negotiations 12
P1
P2
P3
Example: D2PC
Formal Models for Distributed
Negotiations 13
P1
P2
P3
{}
Example: D2PC
Formal Models for Distributed
Negotiations 14
P1
P2
P3
{}
{}
Example: D2PC
Formal Models for Distributed
Negotiations 15
P1
P2
P3
{}
{}
Example: D2PC
{}
Formal Models for Distributed
Negotiations 16
P1
P2
P3
{}
{}
Example: D2PC
{}
Formal Models for Distributed
Negotiations 17
P1
P2
P3
{P3}
{P2}
Example: D2PC
{}
Formal Models for Distributed
Negotiations 18
P1
P2
P3
{P3}
{P2}
Example: D2PC
{}
Formal Models for Distributed
Negotiations 19
P1
P2
P3
{P1,P3}
{P2}
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 20
P1
P2
P3
{P1,P3}
{P2}
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 21
P1
P2
P3
{P1,P3}
{P2} [P2] ()
<P3,{P2}>
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 22
P1
P2
P3
{P1,P3}
<P3,{P2}>
{P2} [P2] ()
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 23
P1
P2
P3
{P1,P3} [P1,P3] ()
<P3,{P2}>
{P2} [P2] ()
<P2,{P1,P3}><P2,{P1,P3}>
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 24
P1
P2
P3
<P3,{P2}>
{P2} [P2] ()
<P2,{P1,P3}>
<P2,{P1,P3}>
{P1,P3} [P1,P3] ()
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 25
P1
P2
P3
{P2} [P2] ()
<P2,{P1,P3}>
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 26
P1
P2
P3
{P1,P2} [P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 27
P1
P2
P3
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
<P3,{P1,P2}>
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 28
P1
P2
P3
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
<P3,{P1,P2}>
Example: D2PC
{P2}
Formal Models for Distributed
Negotiations 29
P1
P2
P3
{P2} [P2] ()
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
<P3,{P1,P2}>
<P1,{P2}>
Example: D2PC
Formal Models for Distributed
Negotiations 30
P1
P2
P3
{P2} [P2] ()
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P3)
<P3,{P1,P2}>
<P1,{P2}>
Example: D2PC
Formal Models for Distributed
Negotiations 31
P1
P2
P3
{P2} [P2] ()
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P1,P3)
<P3,{P1,P2}>
Example: D2PC
Formal Models for Distributed
Negotiations 32
P1
Q2
P3
{P2} [P2] ()
{P1,P2} [P1,P2] (P2)
<P2,{P1,P3}>
{P1,P3} [P1,P3] (P1,P3)
<P3,{P1,P2}>
Example: D2PC
Formal Models for Distributed
Negotiations 33
P1
Q2
P3
{P2,P3} [P2] (P2)
{P1,P2} [P1,P2] (P2)
{P1,P3} [P1,P3] (P1,P3)
<P3,{P1,P2}>
Example: D2PC
Formal Models for Distributed
Negotiations 34
P1
Q2
P3
{P2,P3} [P2] (P2)
{P1,P2} [P1,P2] (P2)
{P1,P3} [P1,P3] (P1,P3)
<P3,{P1,P2}>
<P1,{P2,P3}>
Example: D2PC
Formal Models for Distributed
Negotiations 35
P1
Q2
P3
{P2,P3} [P2] (P2)
{P1,P2} [P1,P2] (P2)
{P1,P3} [P1,P3] (P1,P3)
<P3,{P1,P2}>
<P1,{P2,P3}>
Example: D2PC
Formal Models for Distributed
Negotiations 36
P1
Q2
P3
{P2,P3} [P2 ,P3] (P2 ,P3)
{P1,P2} [P1,P2] (P2)
{P1,P3} [P1,P3] (P1,P3)
<P1,{P2,P3}>
Example: D2PC
Formal Models for Distributed
Negotiations 37
P1
Q2
P3
{P2,P3} [P2 ,P3] (P2 ,P3)
{P1,P2} [P1,P2] (P1,P2)
{P1,P3} [P1,P3] (P1,P3)
Example: D2PC
Formal Models for Distributed
Negotiations 38
Q1
Q2
Q3
{P2,P3} [P2 ,P3] (P2 ,P3)
{P1,P2} [P1,P2] (P1,P2)
{P1,P3} [P1,P3] (P1,P3)
Example: D2PC
Formal Models for Distributed
Negotiations 39
ZS nets in JOINWe encode basic nets, which are expressive enough:
fork
open join closecompute
[[ E open e ]] = E def D in e(put,
{ lock }) | state({ E })
[[ e calc e’ ]] = e(p, L) e’(p, L)
[[ e fork e’, e’’ ]] = e(p, L) def D in e’(p, L
{ lock })
| e’’(put, L { lock }) | state(
)
[[ e’, e’’ join e ]] = e’(p’, L’) | e’’(p’’, L’’) e(p’, L’ L’’) | p’’(L’’
L’, )
[[ e close E ]] = e(p, L) p(L, { E })
given a net (T,S) we define an agent def [[ T ]] in [[S]] , where
default compensation
Formal Models for Distributed
Negotiations 40
DTC in JOINthe definition D is the following
state(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )state(H) failed() | release(H)commit({ l } L, L’, L’’, F, H) commit(L, L’, L’’ , F, H)
| l(L’, lock, fail )commit(L, L’, L’’, F, H) | lock(L’’’, l, f )
commit(L (L’’’ \ L’), L’ L’’’, L’’ { l }, F, H )commit(, L, L, F, H) release(F)commit(L, L’, L’’, F, H) | fail() failed() | release(H)failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()
Formal Models for Distributed
Negotiations 41
Opening
a new thread is createdand two tokens released
the name of the new thread
the return address of the new thread
the state of the new thread;it contains the consumed resourcesto be returned in case of failure
[[ E open e ]] = E def D in e(put, { lock }) |
state({ E })
Formal Models for Distributed
Negotiations 42
Progress
[[ e calc e’ ]] = e(p, L) e’(p, L)
set of threads, including self, the token has been in contact with
return address where to send the set of threads and the generated stable resources, if any
Formal Models for Distributed
Negotiations 43
Joining
[[ e’, e’’ join e ]] = e’(p’, L’) | e’’(p’’, L’’) e(p’, L’ L’’} | p’’(L’’
L’, )
the contacted sets of threads are conjoined
the second thread terminates
the first thread continues
Formal Models for Distributed
Negotiations 44
Splitting
the new thread starts with the augmented contact set
a new thread is createdand three tokens released
the original thread continuesbut its contact set is augmentedwith the name of new thread
the state of the new threadcontains no consumed resource
[[ e fork e’, e’’ ]] = e(p, L) def D in e’(p, L
{ lock })
| e’’(put, L { lock }) | state(
)
Formal Models for Distributed
Negotiations 45
Pre-commit
state(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )
generated stable resources to be unfrozen in case of success
list of contacted threads including self
List of contacted threads already synchronized with
the thread receives the signal that it can commit locallyand evolves to a committed state
consumed resources to be returned in case of failure
list of contacted threadsto be synchronized withfor global commit
Formal Models for Distributed
Negotiations 46
Commitment
commit({ l } L, L’, L’’, F, H) commit(L, L’, L’’ , F, H) | l(L’, lock, fail )
commit(L, L’, L’’, F, H) | lock(L’’’, l, f ) commit(L (L’’’ \ L’), L’ L’’’, L’’ { l },
F, H )
commit(, L, L, F, H) release(F)
sending a message to a thread to be synchronized with
failure port
success port
synchronization sets updated for transitive closure
receiving a message from a thread to be synchronized with
all threads in the transitive closure have been contacted: commit
frozen resources are released
Formal Models for Distributed
Negotiations 47
Failures
state(H) failed() | release(H)
commit(L, L’, L’’, F, H) | fail() failed() | release(H)
failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()
local failure consumed resources are given back
handling global failure
Formal Models for Distributed
Negotiations 48
D2PC in Jocaml Jocaml is an extension of the Objective Caml
Support Join calculus programming model Functional language Support of OO and imperative paradigms
A running implementation of the controllers in Jocaml has been developed by Hernan Melgratti Given a description of a ZS net, it automatically
generates a Jocaml program that simulates the net behavior
Formal Models for Distributed
Negotiations 49
Thread Coordinator in Jocaml
let def new_coordinator () = let def state! h | timeout! () = failed() | release h | deact timeout or failed!() | fail! () = failed () or failed!() | lock! (ll, l , f) = failed () | f () or failed!() | put!(l,f) = failed () or commit!(l, l1, l2,f, h) | fail!() = failed() | release h | deact
timeout or commit0!(l, l1, l2,f, h) | fail!() = failed() |release h | deact
timeout or commit0!(l,l1,l2,f,h) = match l with [] -> if (equiv l1 l2) then release f else
commit(l,l1,l2,f,h) t::ts -> {t (l1,lock,fail) |commit0(ts,l1,l2,f,h)} or commit!(l,l1,l2,f,h)|lock!(l3,ll,f) = let lnew = union l (difference l3 l1) in
commit0 (lnew, union l1 l3,union l2 [ll],f,h)
or state! h | put! (l,f) = commit0 (del lock l, l, [lock], f, h) | deact timeoutin reply failed,fail,lock,put, commit, state, timeout ;;
local failure
linear patterns
Formal Models for Distributed
Negotiations 50
A ZSNet in Jocamllet def aZSNet () = let def placeA!() = let newthread = new_coordinator() in { (state newthread) [placeA] | placeB (put newthread,[lock newthread]) | act (timeout newthread)}
or placeB!(p,l) = placeC!(p,l)
or placeB!(p,l) = let newthread = create_thread() in { (state newthread) []
| placeC (p, union l [lock newthread]) | placeD (put newthread, union l [lock newthread]) | act (timeout newthread)} or ...
in reply placeA, place H .....;;
spawn {placeA()|placeA()|placeH ()} ;;
OPEN
CALC
FORK
Initial Marking
Formal Models for Distributed
Negotiations 51
Example (Problem description)
Apartment Rentals There is an offer of apartments that can
be rented immediately There are requests to rent offered
apartments from persons Also, there are request to change
apartment, i.e., a person take a new apartment only when somebody else rents her apartment
Formal Models for Distributed
Negotiations 52
State
Example (ZS Net)
Pref P Q R S
A
B
C
* *
*
*
Pref
Pw
Ps
QinB
QchB
Qs Ba
RinC
RchC
Rs Ca
Af
Aa
QtkA
QmvA
RtkB
RmvB
PtkC
PmvC
Sw
Ss
StkA
SmvA
P Q R S
A
B
C
Free
Wants
State
* *
*
*
Formal Models for Distributed
Negotiations 53
Implementation
Reflexive encoding*
ZS Net Generator
Initial State Matrix
Preferences Matrix
ZsNet
Jocaml Source Code Jogc
Formal Models for Distributed
Negotiations 54
Recap We have seen Implementation of Zero-Safe Nets in
Join Centralized version
Coloured nets / Join fragment Distributed version
Distributed 2PC Dynamic nets / Full Join
Formal Models for Distributed
Negotiations 55
References The reflexive chemical abstract
machine and the Join calculus (Proc. POPL’96, ACM, pp. 372-385) C. Fournet, G. Gonthier
High-level Petri nets as type theories in the Join-calculus (Proc. FoSSaCS’01, LNCS 2030, pp. 104-120) M. Buscemi, V. Sassone