1 Formal Models for Distributed Negotiations Zero-Safe Nets Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July
Formal Models for Distributed Negotiations2 Why Extending Petri Nets The basic P/T net model does not offer any synchronization between transitions Only token synchronization Useful because Translating primitives of concurrent languages can involve complex constructions Needed for expressing transactions Useful in addressing Issues of refinement / abstraction System design, Sw architectures Moving from free-choice systems to deadlock-avoiding Reliable multicasts
Formal Models for Distributed Negotiations3 Why Zero-Safe Nets Zero-Safe Nets as a basis for modeling distributed transactions and workflows Simplicity (natural extension of Petri nets) Based on a concept easily exportable to other paradigms Offering both refined / abstract views Admit distributed interpreters / implementations based on unfolding, no backtracking based on join-calculus Easy to combine with other net flavors (e.g. read arcs)
Formal Models for Distributed Negotiations4 The Idea Zero-Safe Nets are like P/T Petri nets but places are partitioned in Stable places Ordinary places defining observable states Zero-Safe places (or just zero places) Idealized resources Empty in all observable states Temporarily used during transactions (coordinating activities) Transaction as transition synchronization A computation from observable states to observable states via non-stable markings Transactions can end when all tokens in zero places have been consumed
Formal Models for Distributed Negotiations5 Rendez-Vous sendreceive The message can be sent
Formal Models for Distributed Negotiations6 Rendez-Vous sendreceive Sender is blocked until message is received Frozen!
Formal Models for Distributed Negotiations7 Rendez-Vous sendreceive Ready to commit
Formal Models for Distributed Negotiations8 Rendez-Vous sendreceive Coordinated commit
Formal Models for Distributed Negotiations9 Nondeterministic Rendez-Vous send receive
Formal Models for Distributed Negotiations10 Origin of the Name In classic Petri net Theory A place a is n-safe if in any reachable marking it contains at most n tokens A net is n-safe if all its places are such Thus a place / net is 0-safe if in any reachable marking it is empty! Useless? We write zero-safe, not 0-safe Zero places must be empty in any observable marking
Formal Models for Distributed Negotiations11 From Free-Choice to Non-Deadlocking turn left right
Formal Models for Distributed Negotiations12 From Free-Choice to Non-Deadlocking turn left right
Formal Models for Distributed Negotiations13 From Free-Choice to Non-Deadlocking turn left right
Formal Models for Distributed Negotiations14 From Free-Choice to Non-Deadlocking turn left right Success!
Formal Models for Distributed Negotiations15 From Free-Choice to Non-Deadlocking turn left right
Formal Models for Distributed Negotiations16 From Free-Choice to Non-Deadlocking turn left right Deadlock!
Formal Models for Distributed Negotiations17 From Free-Choice to Non-Deadlocking turn left right Only successful choices by design!
Formal Models for Distributed Negotiations18 No Reuse of Stable Tokens Before Commit sendreceive The message can be sent…
Formal Models for Distributed Negotiations19 No Reuse of Stable Tokens Before Commit sendreceive …but no-one can receive it!
Formal Models for Distributed Negotiations20 Multicasting b a z c 2 new receive send reset copy
Formal Models for Distributed Negotiations21 Multicasting b a z c 2 new receive send reset copy
Formal Models for Distributed Negotiations22 Multicasting b a z c 2 new receive send reset copy
Formal Models for Distributed Negotiations23 Multicasting b a z c 2 new receive send reset copy
Formal Models for Distributed Negotiations24 Multicasting b a z c 2 new receive send reset copy
Formal Models for Distributed Negotiations25 Formal Definition A Zero-Safe net is B=(S ,T,pre,post,u 0,Z) N B =(S ,T,pre,post,u 0 ) is the underlying P/T Petri net Z S is the set of zero places L=S-Z is the set of stable places u 0 L is the initial marking Note: S = (L Z) L Z Markings can be represented as pairs (u,x) u L x Z
Formal Models for Distributed Negotiations26 Operational Semantics We can exploit the operational semantics (step semantics) of the underlying P/T Petri net N B uxNBvyuxNBvy (u,x) B (v,y) [underlying steps] (u, ) B (v, ) uBvuBv [commit] (u,x) B (v,x’) (u’,x’) B (v’,y) (u u’,x) B (v v’,y) [horizontal composition] The key feature is horizontal composition it acts as sequential composition on zero places it acts as parallel composition on stable places
Formal Models for Distributed Negotiations27 Transactions as Transitions The admissible behaviors of the net are those that can be committed Such concurrent transactions can be regarded as atomic activities at the higher level of abstraction In general there can be several P/T Petri nets N such that N B We should select an abstract net A (B) which is an ordinary P/T Petri net its places are the stable places of B its transitions are the (minimal) transactions of B not decomposable in parallel activities all other steps can be inferred
Formal Models for Distributed Negotiations28 Rendez-Vous sendreceive B A (B)
Formal Models for Distributed Negotiations29 From Free-Choice to Non-Deadlocking turn left right turn-Lturn-R B A (B)
Formal Models for Distributed Negotiations30 Collective or Individual? Different philosophies can yield different abstract nets Define an algebra of computations Careful axiomatization of horizontal composition * Select only those computations such that goes from stable marking to stable marking If there exist , with = then either = or = Computations are processes of NB Select only those processes that satisfy suitable conditions connected – not decomposable in parallel active processes all and only minimal / maximal places stable full – no idle place CTPh ITPh
Formal Models for Distributed Negotiations31 Multicasting CTPh b a c new 1-1 reset n n+1 …… Infinitely many transitions!
Formal Models for Distributed Negotiations32 Multicasting ITPh b a c new 1-1 reset n n+1 …… 1-n n+1 … Different copy policies are distinguished! Infinitely many transitions!
Formal Models for Distributed Negotiations33 Concurrent Copies sendcopy receive
Formal Models for Distributed Negotiations34 Sequential Copies send copy receive
Formal Models for Distributed Negotiations35 The ITPh “Monster” BCTPhITPh 2 2 n n ……
Formal Models for Distributed Negotiations36 Distributed Interpreter The operational semantics relies on some sort of meta- definition: one computes on the underlying net, building transaction segments and discarding undesired behaviors Given an interpreter: Is backtracking needed? Correctness and completeness? Halting criteria? The problem: Given a ZS net B with initial marking u 0, is it possible to compute in a distributed fashion the set R (B,u 0 ) of markings that can be reached via atomic transactions?
Formal Models for Distributed Negotiations37 Proposed Solution The unfolding technique provides a distributed interpreter Initial marking is needed! We modify the distributed algorithm for P/T net unfolding and extend it with a COMMIT rule that enforces synchronization in the execution of a transaction
Formal Models for Distributed Negotiations38 ZS Nets Interpreter I ka u 0 a,k, S U (B) initial marking (as before) t: i s i (v, j n j z j ) T ={ s i,k i,H i } i S U (B) co( ) e= t, T U (B) ={ z j,m,{e} | 1 m n j } j S U (B) pre(e)= post(e)= can be either stable or zero only zero! wait… where is v?
Formal Models for Distributed Negotiations39 ZS Nets Interpreter II u 0 R (B,u 0 ) T U (B) co( ) ZProd( )=ZCons( ) u 0 SProd( ) - SCons( ) R (B,u 0 ) Together with the unfolding we compute R (B,u 0 )! Where we take the obvious extensions to of: ZCons(e) is the set of zero tokens consumed by the ancestors of e (including e itself) ZProd(e) is the set of zero tokens produced by the ancestors of e (including e itself) SCons(e) = t:(u,x) (v,y), e u SProd(e) = t:(u,x) (v,y), e v sets multisets
Formal Models for Distributed Negotiations40 Results Proposition If T U (B) such that co( ) and ZProd( )=ZCons( ), then e= t, we have that t does not produce any zero token Theorem R (B,u 0 ) = { v | u 0 B v } Proof: : by rule induction : by induction on the proof of u B v
Formal Models for Distributed Negotiations41 Open Problems Computing the ITPh abstract net Identify isomorphic processes For v R (B,u 0 ) we could add tokens with history … Halting criteria The algorithm recursively enumerate R (B,u 0 ) Decidability proved by Nadia Busi using a result of Reinhardt Complexity The algorithm is as much as distributed as the classical unfolding applied to the abstract net To improve efficiency the sets ZProd(e) … could be encoded in e (they can be easily calculated from the history component)
Formal Models for Distributed Negotiations42 Recap We have seen Basic theory of Zero-Safe nets Formal definition Graphical representation Examples Abstract (CTPh / ITPh) nets Distributed interpreter based on unfolding
Formal Models for Distributed Negotiations43 References Zero-safe nets: comparing the collective and individual token approaches (Information and Computation 156(1-2):46-89, Academic Press 2000) R. Bruni, U. Montanari Executing transactions in zero-safe nets (Proc. ATPN’00, LNCS 1376, Springer 2000, pp ) R. Bruni, U. Montanari