Formal%20Models%20for%20Distributed%20Negotiations%20Distributed%202PC

1
Formal Models forDistributed NegotiationsDistrib
uted 2PC
XVII Escuela de Ciencias Informaticas (ECI 2003),
Buenos Aires, July 21-26 2003
Roberto Bruni Dipartimento di Informatica
Università di Pisa
2
Orchestrating Zero-Safe Nets

• The transactional mechanism of ZSN can be
  implemented in the join calculus
• Centralized version
• The fragment corresponding to coloured nets
  suffices
• Distributed version
• Exploit full join (dynamic nets)

3
Centralized encoding

• Transactions have unique identifiers
• Participants must pick up the name at the begin
  of the transaction and will be tagged with this
  name
• Only participants holding the same name can
  interact during the transaction
• Controllers are associated with transactions
• Dynamically released from a unique generator
• Participants must interact with the controllers
  of their transactions when fetching or releasing
  tokens
• Parallelism is increased by the usage of
  credit/debit tokens

4
ZS nets in JOIN
We encode basic nets, which are expressive enough
given a net (T,S) we define an agent def T
? C?F in S gen(0)
E open e E() cdt(k) ? e(k)
fetched(k,E) e calc e e(k) ?
e(k) e fork e, e e(k) cdt(k) ?
e(k) e(k) e, e join e e(k)
e(k) ? e(k) dbt(k) e close E
e(k) ? frozen(k,E) dbt(k) e drop
e(k) ? dbt(k)
5
Generator, Controllers and Commit
C gen(k) ? gen(k1) state(k1,0) ?
state(k,n) ? state(k,n1) cdt(k) ?
state(k,n1) dbt(k) ? state(k,n) ? cdt(k) ?
dbt(k) ? state(k,0) ? commit(k) ?
commit(k) frozen(k,E) ? commit(k) E ?
commit(k) fetched(k,E) ? commit(k)
generation of fresh controllers
credit / debit administration
commit
6
Failures
F state(k,n) ? failed(k,n) ? failed(k,n1)
cdt(k) ? failed(k,n) ? failed(k,n1)
dbt(k) ? failed(k,n) ? failed(k,n)
frozen(k,E) ? failed(k,n) ? failed(k,n)
fetched(k,E) ? failed(k,n) E
nondeterministic failure
credit / debit administration
roll-back
7
Comments

• Highly non-deterministic
• credit tokens are not released by need to avoid
  serialization of activities
• Empty transactions
• Guesswork if different open statement should
  belong to the same transaction or not
• Semantic correspondence
• Invariant representing state consistency
• Correctness and completeness through
  normalization strategy
• active transactions fail
• committing transactions terminate successfully
• failing transactions are rolled back
• normalization is harmless
• reachable ZSN markings correspond to reachable
  consistent normalized states

8
Comments

• Highly non-deterministic
• credit tokens are not released by need to avoid
  serialization of activities
• Empty transactions
• Guesswork if different open statement should
  belong to the same transaction or not
• Semantic correspondence
• Invariant representing state consistency
• Correctness and completeness through
  normalization strategy
• active transactions fail
• committing transactions terminate successfully
• failing transactions are rolled back
• normalization is harmless
• reachable ZSN markings correspond to reachable
  consistent normalized states

9
Distributed Implementation

• ZS nets can be implemented in Join by using a
  distributed commit protocol (D2PC)
• where all participants play an active role in the
  decision
• which supports multiway transactions
• whose participants are not fixed statically

10
Distributed 2PC

• The distributed 2PC is a variant of the
  decentralized 2PC with a finite but unknown
  number of participants
• When a participant P is ready to commit it has
  only a partial knowledge of the whole set of
  participants
• Only those who directly cooperated with P
• To commit P must contact all its neighbors and
  learn the identity of other participants from them

11
D2PC

• Every participant P acts as coordinator
• During the transaction P builds its own
  synchronization set LP of cooperating agents
• When P is ready to commit, P asks readiness to
  processes in LP (if empty P was isolated and can
  commit)
• In doing so, P sends them the set LP
• Other participants will send to P
• either a successful reply with their own
  synchronization sets
• or a failure message
• (in this case, failure is then propagated)
• Successful replies are added to LP
• The protocol terminates when LP is transitively
  closed

12
Example D2PC
P2
P1
P3
13
Example D2PC

P2
P1
P3
14
Example D2PC

P2
P1

P3
15
Example D2PC

P2
P1

P3

16
Example D2PC

P2
P1

P3

17
Example D2PC
P3
P2
P1
P2
P3

18
Example D2PC
P3
P2
P1
P2
P3

19
Example D2PC
P1,P3
P2
P1
P2
P3
P2
20
Example D2PC
P1,P3
P2
P1
P2
P3
P2
21
Example D2PC
P1,P3
P2
ltP3,P2gt
P1
P2 P2 ()
P3
P2
22
Example D2PC
P1,P3
P2
ltP3,P2gt
P1
P2 P2 ()
P3
P2
23
Example D2PC
P1,P3 P1,P3 ()
P2
ltP3,P2gt
ltP2,P1,P3gt
ltP2,P1,P3gt
P1
P2 P2 ()
P3
P2
24
Example D2PC
P1,P3 P1,P3 ()
P2
ltP3,P2gt
ltP2,P1,P3gt
P1
P2 P2 ()
P3
ltP2,P1,P3gt
P2
25
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP2,P1,P3gt
P1
P2 P2 ()
P3
ltP2,P1,P3gt
P2
26
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP2,P1,P3gt
P1
P1,P2 P2 (P2)
P3
P2
27
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP2,P1,P3gt
P1
P1,P2 P1,P2 (P2)
P3
ltP3,P1,P2gt
P2
28
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP3,P1,P2gt
ltP2,P1,P3gt
P1
P1,P2 P1,P2 (P2)
P3
P2
29
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP3,P1,P2gt
ltP2,P1,P3gt
P1
ltP1,P2gt
P1,P2 P1,P2 (P2)
P3
P2 P2 ()
30
Example D2PC
P1,P3 P1,P3 (P3)
P2
ltP1,P2gt
ltP3,P1,P2gt
ltP2,P1,P3gt
P1
P1,P2 P1,P2 (P2)
P3
P2 P2 ()
31
Example D2PC
P1,P3 P1,P3 (P1,P3)
P2
ltP3,P1,P2gt
ltP2,P1,P3gt
P1
P1,P2 P1,P2 (P2)
P3
P2 P2 ()
32
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
ltP3,P1,P2gt
ltP2,P1,P3gt
P1
P1,P2 P1,P2 (P2)
P3
P2 P2 ()
33
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
ltP3,P1,P2gt
P1
P1,P2 P1,P2 (P2)
P3
P2,P3 P2 (P2)
34
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
ltP3,P1,P2gt
P1
P1,P2 P1,P2 (P2)
ltP1,P2,P3gt
P3
P2,P3 P2 (P2)
35
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
ltP3,P1,P2gt
P1
P1,P2 P1,P2 (P2)
P3
ltP1,P2,P3gt
P2,P3 P2 (P2)
36
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
P1
P1,P2 P1,P2 (P2)
P3
ltP1,P2,P3gt
P2,P3 P2 ,P3 (P2 ,P3)
37
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
P1
P1,P2 P1,P2 (P1,P2)
P3
P2,P3 P2 ,P3 (P2 ,P3)
38
Example D2PC
P1,P3 P1,P3 (P1,P3)
Q2
Q1
P1,P2 P1,P2 (P1,P2)
Q3
P2,P3 P2 ,P3 (P2 ,P3)
39
ZS nets in JOIN
We encode basic nets, which are expressive enough
given a net (T,S) we define an agent def T
in S , where
E open e E ? def D in e(put,
lock ) state( E ) e calc e
e(p, L) ? e(p, L) e fork e, e
e(p, L) ? def D in e(p, L ? lock )
e(put, L ? lock ) state( ? ) e, e
join e e(p, L) e(p, L) ? e(p,
L ? L) p(L ? L, ? ) e close E
e(p, L) ? p(L, E )
default compensation
40
DTC in JOIN
the definition D is the following
state(H) put(L, F) ? commit(L \ lock , L ,
lock , F, H ) state(H) ? failed()
release(H) commit( l ? L, L, L, F, H) ?
commit(L, L, L , F, H) l(L, lock,
fail ) commit(L, L, L, F, H) lock(L, l, f
) ? commit(L ? (L \ L), L ? L, L ?
l , F, H ) commit(?, L, L, F, H) ?
release(F) commit(L, L, L, F, H) fail() ?
failed() release(H) failed() put(L, F) ?
failed() failed() lock(L, l, f) ? failed()
f() failed() fail() ? failed()
41
Opening
the name of the new thread
a new thread is created and two tokens released
E open e E ? def D in e(put, lock
) state( E )
the return address of the new thread
the state of the new thread it contains the
consumed resources to be returned in case of
failure
42
Progress
return address where to send the set of threads
and the generated stable resources, if any
e calc e e(p, L) ? e(p, L)
set of threads, including self, the token has
been in contact with
43
Joining
the contacted sets of threads are conjoined
e, e join e e(p, L) e(p,
L) ? e(p, L ? L p(L ? L, ? )
the first thread continues
the second thread terminates
44
Splitting
the original thread continues but its contact set
is augmented with the name of new thread
a new thread is created and three tokens
released
e fork e, e e(p, L) ? def D in
e(p, L ? lock ) e(put, L ? lock )
state( ? )
the new thread starts with the augmented contact
set
the state of the new thread contains no consumed
resource
45
Pre-commit
generated stable resources to be unfrozen in case
of success
List of contacted threads already synchronized
with
list of contacted threads including self
state(H) put(L, F) ? commit(L \ lock , L ,
lock , F, H )
consumed resources to be returned in case of
failure
list of contacted threads to be synchronized
with for global commit
the thread receives the signal that it can commit
locally and evolves to a committed state
46
Commitment
sending a message to a thread to be synchronized
with
failure port
success port
commit( l ? L, L, L, F, H) ? commit(L, L,
L , F, H) l(L, lock, fail ) commit(L,
L, L, F, H) lock(L, l, f ) ?
commit(L ? (L \ L), L ? L, L ? l
, F, H ) commit(?, L, L, F, H) ? release(F)
receiving a message from a thread to be
synchronized with
synchronization sets updated for transitive
closure
frozen resources are released
all threads in the transitive closure have been
contacted commit
47
Failures
state(H) ? failed() release(H) commit(L, L,
L, F, H) fail() ? failed()
release(H) failed() put(L, F) ?
failed() failed() lock(L, l, f) ? failed()
f() failed() fail() ? failed()
consumed resources are given back
local failure
handling global failure
48
D2PC in Jocaml

• Jocaml is an extension of the Objective Caml
• Support Join calculus programming model
• Functional language
• Support of OO and imperative paradigms
• A running implementation of the controllers in
  Jocaml has been developed by Hernan Melgratti
• Given a description of a ZS net, it automatically
  generates a Jocaml program that simulates the net
  behavior

49
Thread Coordinator in Jocaml

• let def new_coordinator ()
• let def
• state! h timeout! () failed()
  release h deact timeout
• or failed!() fail! () failed ()
• or failed!() lock! (ll, l , f) failed ()
  f ()
• or failed!() put!(l,f) failed ()
• or commit!(l, l1, l2,f, h) fail!()
  failed() release h deact timeout
• or commit0!(l, l1, l2,f, h) fail!()
  failed() release h deact timeout
• or commit0!(l,l1,l2,f,h)
• match l with
• -gt if (equiv l1 l2) then
  release f else commit(l,l1,l2,f,h)
• tts -gt t (l1,lock,fail)
  commit0(ts,l1,l2,f,h)
• or commit!(l,l1,l2,f,h)lock!(l3,ll,f)
• let lnew union l (difference l3 l1)
  in
• commit0 (lnew, union l1 l3,union l2
  ll,f,h)
• or state! h put! (l,f) commit0 (del lock
  l, l, lock, f, h)
• deact timeout

50
A ZSNet in Jocaml

• let def aZSNet ()
• let def
• placeA!() let newthread
  new_coordinator() in
• (state newthread) placeA
• placeB (put newthread,lock
  newthread)
• act (timeout newthread)
• or placeB!(p,l) placeC!(p,l)
• or placeB!(p,l) let newthread
  create_thread() in (state
  newthread)
• placeC (p, union l lock
  newthread)
• placeD (put newthread,
  union l lock newthread)
• act (timeout newthread)
• or ...
• in reply placeA, place H .....

OPEN
CALC
FORK
Initial Marking
51
Example (Problem description)

• Apartment Rentals
• There is an offer of apartments that can be
  rented immediately
• There are requests to rent offered apartments
  from persons
• Also, there are request to change apartment,
  i.e., a person take a new apartment only when
  somebody else rents her apartment

52
Example (ZS Net)
State
53
Implementation
Initial State Matrix
Preferences Matrix
ZS Net Generator
ZsNet
Reflexive encoding
Jocaml Source Code
Jogc
54
Recap

• We have seen
• Implementation of Zero-Safe Nets in Join
• Centralized version
• Coloured nets / Join fragment
• Distributed version
• Distributed 2PC
• Dynamic nets / Full Join

55
References

• The reflexive chemical abstract machine and the
  Join calculus (Proc. POPL96, ACM, pp. 372-385)
• C. Fournet, G. Gonthier
• High-level Petri nets as type theories in the
  Join-calculus (Proc. FoSSaCS01, LNCS 2030, pp.
  104-120)
• M. Buscemi, V. Sassone