Deadlock Freedom by Construction for Distributed Adaptative Applications Mila Dalla Preda, Ivan Lanese, Jacopo Mauro, Maurizio Gabbrielli, Saverio Giallorenzo Milan, Feb 2014

Structure of the talk Choreographies Adaptation Our approach: Motivation Scopes Adaptation Rules Results Demo → Saverio

Choreographies Allow to describe the behavior of a distributed communicating system from a global perspective All participants + interactions described together Composed by operations of the form Interaction ( op: a → b ) Sequential composition ( ; ) Parallel composition ( | ) Control flow (if then else, while) Very similar to global types in multiparty session types

Choreography Example

Easy to describe distributed systems Why Choreographies? Easy to describe distributed systems Possibility to derive actual code via projection Input: Choreography code Output: Code for every participant Properties: preserves semantics (when interacting, the participants behave as specified by the choreography)

Locations corresponding to participants, containing their code Where to Project? Locations corresponding to participants, containing their code Basic operations: input and output Composed using sequential composition ( ; ) parallel composition ( | ) Control flow (if then else, while)

Projection Example

Users can change their minds Adaption Systems should live for long periods of time in ever changing environments Users can change their minds The system should adapt to satisfy new requirements Adaptation happens at runtime Adaptation details not known when the system has been designed or even started

Motivation of Our Work Lots of works on adaptation exist Not many formal approaches Very little guarantees on the properties of the system after adaptation takes place Using choreographies we can guarantee safe adaptation Deadlock freedom

Our Approach A system is obtained as projection of a choreography The system runs on its own The system interacts with an adaptation middleware composed by distributed adaptation servers and the environment A single adaptation may involve many participants

Adaptation Rules The adaptation servers contain rules which can be applied to update the running system Conditions checking whether adaptation is applicable/useful can be specified New rules can be added at any moment Application of a rule involves code mobility from the adaptation server to the system

Adaptation Scopes Scopes to enclose code that could be adapted Contain default code May tag code with (non-functional) properties Specify leader of adaptation → who triggers the check of adaptation

Adaptation Rules Contain new code + information on when and where the rule can be applied

Projecting a Scope Semantics of the leader: Check whether there is a rule whose applicability condition holds ✓ → download the code for each participant and send it to them x → tell the other participants that no adaptation is needed Semantics of other participants Wait for instruction from the leader ✓ adaptation → execute the new code x adaptation → execute the current code

Connectedness Two syntactic conditions: For sequence → ensures that projecting a sequence I;I' implies actions in I executed before action in I' For parallel → ensure that different interactions with the same operation do not interfere Polynomial check On line validation while writing code – see tool

Results A choreography and its projection have the same traces Under all possible adaptations With environments and sets of applicable rules that may change at any moment during the computation The adapted system is deadlock free by construction Developed an Eclipse plug-in + automatic projection in Jolie