formal models for distributed negotiations committed join calculus

1

Formal Models forDistributed NegotiationsCommitted Join Calculus

Roberto BruniDipartimento di Informatica Università di Pisa

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003

Formal Models for Distributed

Negotiations 2

Our Focus In commercial applications, separately designed

and implemented components must interact commit (intermediate) results of long-running

activities upon (partial) agreements e.g. e-commerce, on-line auction systems

Formal models should avoid ad-hoc proprietary solutions offer alternatives to centralized transaction managers hide the coordination layer (separation of concerns)


Negotiations 3

Distributed Agreements Negotiations / Contracts

commit, abort, compensation hierarchical decisions dynamic membership fully distributed control

Process cooperation coordination / orchestration / choreography different platforms and policies

Data integration unstructured documents in different formats


Negotiations 4

Prerequisites forModeling Contracts

Local and global resources Local sub-contracts and decisions Global results posted upon commit Abort of ongoing contracts

All participants must be informed Compensations can be activated

Either abort or commit (no divergence) Dynamic joining of participants

Contracts can be merged Nested structure of contracts


Negotiations 5

Commitment We have seen different concepts in

different areas DataBase transactions Transactional Workflows Transition synchronization PDLs with commit primitives Committed choice languages


Negotiations 6

PDLs with commit Transactions in JavaSpaces and Linda

create(x) and commit(x) prefixes event notification TraLinda

typed messages (L / H) and atomic prefixing Long running transactions

MINI-XLANG asynchronous -calculus with transactional

context context(P,Pf,Pc)


Negotiations 7

Committed Choice Languages

Logic programming Non determinism means exhaustive

search of successful computations don’t know non-determinism results are produced at the end

Concurrent logic / constraint languages limit backtracking to improve efficiency

don’t care non-determinism (indeterminism) partial outputs during computation


Negotiations 8

Guarded Horn Clauses Head Guard | Body

Reduce Head to Body if Guard succeeds don’t know when evaluating guards don’t care when selecting clauses whose

guards are true Flat guards

conjunction of primitive predicates Deep guards (e.g. AKL)

both primitive and programmed predicates


Negotiations 9

Our Proposal committed JOIN

PDL presentation Non ACID Multiway Open Nesting Flexible Split / Join Programmable commit / abort / compensation Concurrency and distribution Distributed 2PC Different levels of abstraction


Negotiations 10

Why an extension of JOIN Well-known asynchronous calculus Distributed implementations

Jocaml Polyphonic C#

Analogous to dynamic coloured Petri nets Running D2PC implementation CHAM semantics

molecules form solutions enclosed in membranes nesting is free (via membranes)

Typed serializabilityOngoing

Work!


Negotiations 11

Committed JOIN Syntax

M,N::= 0 | xŷ | M|NP,Q ::= M | def D in P | P|Q | abort |

[P:Q]D,E ::= JP | DE | JP J,K ::= xŷ | J|K

messages

programmable abort

compensation

contract

boundaries

merge definitions (boards):

defined boards must be disjoint from ordinary

defined names


Negotiations 12

Committed JOIN Semantics0

P|Q P,Q

DE D,E

def D in P Ddn(D) , Pdn(D) range() fresh

J P, J J P, P


Negotiations 13


P|Q P,Q

DE D,E


J P, J J P, P

[P:Q] {[ P , Q ]}

compensation is kept frozen

contract P can evolve in isolation


Negotiations 14


P|Q P,Q

DE D,E


J P, J J P, P

[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

commitglobal resources


Negotiations 15


P|Q P,Q

DE D,E


J P, J J P, P

[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

{[ abort |P , Q ]} Qcompensation on abort


Negotiations 16


P|Q P,Q

DE D,E


J P, J J P, P

[P:Q] {[ P , Q ]}

{[ M|def D in 0 , Q ]} M

{[ abort |P , Q ]} Q

J1|…|JnP, i{[ Ji, Si, Qi ]} J1|…|JnP, {[iSi, P, |iQi ]}

merge n ongoing contracts


Negotiations 17

JOIN vs cJOIN

PROPOSITIONcJOIN is a conservative extension of

JOIN:P J Q iff P

cJ Q (for P and Q JOIN

processes)


Negotiations 18

A Multi-Way Contract…,J[P:Q],J …,J[P:Q],[P:Q]

…,J’[P’:Q’],J’ …,J’[P’:Q’],[P’:Q’]

…

…,J1|J2M, [J1:Q],[J2:Q’] …,J1|J2M,[M:Q|Q’]

…,[M:Q|Q’] …,M


Negotiations 21

Nested Abort II

…,J[[P1:Q1]|P2:Q],J …,J[[P1:Q1]|P2:Q],

[ [P1 :Q1] | P2 : Q]

…

…,[[P1 :Q1]|abort :Q] Q


Negotiations 22

Hotel Booking

H def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedRoomv price$ abort in offeringRoom request,confirm : Q ]

BookedRoomv … in WaitBooking | …


Negotiations 23

Hotel Booking



C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound

offer$ abort in rofferin searchRoom hotelMsg : Q’ ]

in BookingHotel | …


Negotiations 24

Hotel Booking



C def BookingHotel [def hotelMsg r,c def offer$ cvisa | HotelFound

offer$ abort in rofferin searchRoom hotelMsg : Q’ ]

in BookingHotel | …

HB def searchRoomhm | offeringRoom r,c hmr,c in H | C


Negotiations 25

Hotel Booking…, WaitBooking , BookingHotel

…, […, offeringRoomrequest,confirm : Q ] , […, searchRoomhotelMsg : Q’]

…, […, hotelMsgrequest,confirm : Q | Q’]

…, […, requestoffer : Q | Q’]

…, […, offer$, price$ : Q | Q’]

…, […, confirmvisa, HotelFound , price$ : Q | Q’]

…, […, BookedRoomvisa, HotelFound : Q | Q’]

…, BookedRoomvisa, HotelFound


Negotiations 26

Trip Booking IH as before

F def WaitBooking [ def requesto o$ | price$ price$ | confirmv BookedFlightv price$ abort in offeringFlight request,confirm : Q ]

BookedFlightv … in WaitBooking | …

local name, different from homonym name

in H


Negotiations 27

Trip Booking IIC def hotelOKfc | flightOKhc fc | hc BookingHotel [def hotelMsgr,c def offer$ cvisa | hotelOKflightConf

offer$ abort flightConf HotelFound in rofferin searchRoom hotelMsg : Q’ ]

BookingFlight [def flightlMsgr,c def offer$ cvisa | flightOKhotelConf

offer$ abort hotelConf FlightFound in rofferin searchFlight flightMsg : Q’’ ]

in BookingHotel | BookingFlight | …

TB def searchRoomhm | offeringRoom r,c hmr,c searchFlightfm | offeringFlight r,c fmr,c in H | F | C

both needed to commit


Negotiations 28

Matching the Prerequisites Local and global resources Local sub-contracts and decisions Global results posted upon commit Abort of ongoing contracts

All participants must be informed Compensations can be activated

Either abort or commit (no divergence) Dynamic joining of participants

Contracts can be merged Nested structure of contracts

membranes and

scoping rules

nesting commit reaction

several variants of abort

would limit the

expressiveness

merge definitions (boards)

multi-level


Negotiations 29

ZS nets, JOIN and cJOIN ZS nets can be encoded in JOIN by attaching the

dynamic creation of a local DTC to transitions Implementation of D2PC (transparent to users) Tokens must carry several channel names Each firing must undergo local DTCs approval

cJOIN primitives allow a straightforward encoding No further protocol is needed Tokens carry just one contract identifier Firings directly correspond to reactions


Negotiations 30

ZS nets in JOINWe encode basic nets, which are expressive enough:

fork

open join closecompute

[[ E open e ]] = E def D in e(put,

{ lock }) | state({ E })

[[ e calc e’ ]] = e(p, L) e’(p, L)

[[ e fork e’, e’’ ]] = e(p, L) def D in e’(p, L

{ lock })

| e’’(put, L { lock }) | state(

)

[[ e’, e’’ join e ]] = e’(p’, L’) | e’’(p’’, L’’) e(p’, L’ L’’) | p’’(L’’

L’, )

[[ e close E ]] = e(p, L) p(L, { E })

given a net (T,S) we define an agent def [[ T ]] in [[S]] , where

default compensation


Negotiations 31

DTC in JOINthe definition D is the following

state(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )state(H) failed() | release(H)commit({ l } L, L’, L’’, F, H) commit(L, L’, L’’ , F, H)

| l(L’, lock, fail )commit(L, L’, L’’, F, H) | lock(L’’’, l, f )

commit(L (L’’’ \ L’), L’ L’’’, L’’ { l }, F, H )commit(, L, L, F, H) release(F)commit(L, L’, L’’, F, H) | fail() failed() | release(H)failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()


Negotiations 32

ZS nets in cJOINWe encode basic nets, which are expressive enough:

fork

open join closecompute

[[ E open e ]] = E [def z0 in ez : E ]

[[ e calc e’ ]] = ez e’z

[[ e fork e’, e’’ ]] = ez e’z | e’’z

[[ e’, e’’ join e ]] = e’z’ | e’’z’’ ez’

[[ e close E ]] = e z E

given a net (T,S) we define an agent def [[ T ]] in [[S]] , wheredummy definition

(JOIN way of declaring a local id)

z’ and z’’ have now identical scope and

meaning


Negotiations 33

Committed Join Features Negotiations can be defined in terms of

concurrent sub-negotiations Cooperation between contracts are given by

merging definitions Global resources produced inside a

negotiation are made available at commit time

Commit means termination Explicit abort and compensation


Negotiations 34

Some results on cJoin cJoin is a conservative extension of

Join P

J Q iff P

cJ Q. (P and Q Join processes)

Zero-safe nets can be encoded as cJoin processes N=(T,S) a ZS net. (S,) * (S’,) iff

def [T] in [S] * def [T] in [S]


Negotiations 35

cJOIN and Logic Languages Commit primitives of cJoin can be

used to implement committed choices of AKL explicit encoding of search strategies and

unification via continuation passing and compensation


Negotiations 36

Serializability A simple type system that guarantees

serializability Shallow processes

the start of a sub-negotiation can be postponed until all the cooperating sub-negotiations needed to commit can be generated inside its parent negotiation

Proof via correspondence w.r.t. big step semantics


Negotiations 37

Encoding of cJOIN in JOIN Aim:

Define an implementation of cJOIN in JOIN Associate to every cJOIN process a JOIN

process that simulate its behavior

Ideas: Identification of basic forms for definitions Definition of a type system to single out

canonical processes Reuse controllers of the D2PC protocol


Negotiations 39

Comparatives studies Comparison with other approaches for

modeling long-running activities Transactional context of MINI-XLANG

distinguish two kinds of compensations

Goals Find limitations / restrictions Show the encoding of other common

constructors (such as those in WMS)


Negotiations 40

References Committed actions for mobile calculi

(PhD Thesis Proposal, Manuscript, 2003) H. Melgratti

Nested commits for mobile calculi: extending Join (Manuscript) R. Bruni, H. Melgratti, U. Montanari

formal models for distributed negotiations committed join calculus

Documents