1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy

Roadmap l Why reversibility? l Reversing concurrent systems l Controlling reversibility l Reversibility and compensations l Conclusions

Why reversibility? l We want programming abstractions for dependable distributed systems l Different proposals in the literature –Exception handling, checkpointing, transactions, … l Unrelated proposals, difficult to combine and compose l Is there a unifying concept? l … most of them include some form of undo

What if we could undo every action? l Very low-level mechanism l Can we recover and better understand traditional recovery schemes? l Can we find new schemes or combine old ones?

Reversing concurrent systems l What does it means to go back one step for a concurrent system? l Which information is needed? l First approach in Reversible Communicating Systems. CONCUR 2004 by V. Danos and J. Krivine

Process calculi l Simple algebraic models for concurrent systems l Different calculi in the literature –CCS, CSP, π-calculus, HOπ, … l Basic actions for communication on named channels l Composition operators (sequence, parallel, choice) l Semantics defining the behavior a : b j b : c j a ! b j b : c ! c

Reversible Communicating Systems l Provides a reversible version of CCS l History information is added to each thread l Causal consistent reversibility –Transitions should be rollbacked in any order compatible with causal dependencies

Causal consistent reversibility a a b b

…and then? l Not much happened for some times –RCCS used for defining a simple transaction mechanism (2005) –Generalization from CCS to a simple rule format (2006) l Our contributions (from 2009) –Applying the technique to HOpi, a calculus with higher- order communication –An encoding of reversible HOpi into HOpi –Applying the technique to Oz abstract machine »Oz is a concurrent language with asynchronous communication –An analysis of the space overhead of reversibility in Oz

Taming reversibility l In the previous approaches reversibility is wild –They are interested in how to realize reversibility, not on how to use it l Nothing tells to the system whether it has to go backward or forward l We want reversibility for recoverability l Normal execution should be forward l Backward execution in case of errors

Roll-pi proposal l Every communication input has a label γ l The label can be used by a roll γ primitive –Go back till you undo communication γ –Undo all the causally dependent actions –Do not undo unrelated actions l Keep in mind that “undo the last action” is not meaningful in a concurrent scenario

Are we satisfied by controllable rollback? l Rollback is perfect: I go back to a previous state… l … and probably I will redo the exact same errors l We need a way to keep trace of failed attempts l We need to go to a state which is (possibly) slightly different from the previous ones

Compensations l The idea of compensations comes from database theory –Studied also in the framework of service oriented computing l A compensation is a piece of code used to manage an error l By executing the compensation the system goes back to a consistent state –Possibly different from any previous state

Mixing compensations and reversibility l We go back to a previous state as in roll-pi l We attach compensations to part of the code, so that it is changed during rollback –C%D: execute code C, in case of rollback replace it with D

Applications l Now we are expressive enough to model interesting scenarios l Transaction models l Speculative parallelism l Software Transactional Memories

Summary l A better understanding of reversibility in a concurrent scenario l An abstract machine for a concurrent reversible language l An analysis of the space overhead of reversibility l A mechanism for controlling reversibility l An integration between compensations and reversibility l A set of known patterns revisited in the new framework

Future work l A long road in front of us l On the mechanisms for controlling reversibility –Are there other possible mechanisms? –Are they equivalent? Can they be composed? l On expressive power –Which existing patterns benefit from our approach? –Do we miss some other mechanism? l On foundations –Which are the good equivalences for reversible systems?

Future work: going towards practice l Implementing the reversible Oz machine –Extended with control mechanisms and compensations –Which optimizations are possible? l An application –Reversible debugger

The REVER project l A French ANR project –Thanks to FOCUS team l Includes INRIA teams Sardes (Grenoble) and FOCUS (Bologna), PPS (Paris) and CEA (Paris) l 4 years project, started December 1st 2011 l Total funding 642k€ l Exactly on these topics

Finally

Bibliography l V. Danos, J. Krivine: Reversible Communicating Systems. CONCUR 2004 l V. Danos, J. Krivine: Transactions in RCCS. CONCUR 2005 l I. Phillips, I. Ulidowski: Reversing Algebraic Process Calculi. FoSSaCS 2006 l H. Garcia-Molina, K. Salem: Sagas. ACM SIGMOD 1987 l R. Bruni, H. Melgratti, U. Montanari: Theoretical foundations for compensations in flow composition languages. POPL 2005 l I. Lanese, C. A. Mezzina, J.-B. Stefani: Reversing Higher-Order Pi. CONCUR 2010 l I. Lanese, C. A. Mezzina, A. Schmitt, J.-B. Stefani: Controlling Reversibility in Higher-Order Pi. CONCUR 2011