1. 1 Static vs dynamic SAGAs Ivan Lanese Computer Science Department University of Bologna/INRIA Italy

2. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

3. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

4. Today computing systems l Computing systems of increasing complexity –Many components –Interactions –Distribution l Many sources of unreliability –Other components –Communication middleware (wireless, …) l Computing systems have to provide reliable services to the users l Important to handle unexpected events

5. Long running transactions l Unexpected events make activities to abort l One has to manage the abort to allow the whole application to reach a consistent state l Impossible to have perfect rollback (as for ACID transactions) –Irreversible actions: sending of an email –Penalties: booking of an airplane ticket l Approaches based on long running transactions and compensations l A compensation is executed to take the system to a consistent state

6. Formal models for long running transactions l Different formal models for long running transactions –To clearly specify the expected behavior –To prove properties of systems l Interaction based compensations –Extending name passing calculi such as pi-calculus with operators for error handling –c-join, webπ, dcπ, … l Compensable flow composition approaches –Analyzing how compensations of simple activities are composed –cCSP, StAC, SAGAs calculi, … l Need for some order

7. Comparing models l A difficult task l Models differ in many aspects –Atomic activities, communication, state –Different levels of abstraction –Different primitives l We will concentrate on one kind of model, SAGAs, and one particular aspect, static vs dynamic compensations

8. Static vs dynamic l Static: the possible orders of execution of compensations depend only on the structure of the term –Example 1: to compensate P;Q execute the compensation of Q then the compensation of P –Example 2: to compensate P|Q execute concurrently the compensations of P and of Q l Dynamic: the possible orders of execution of compensations may depend on runtime information –Example: to compensate P|Q execute the compensations of P and Q in reverse order of completion of P and Q

9. Static vs dynamic in the literature l Static vs dynamic for interaction based compensations at ESOP 2010 (with Vaz, Ferreira) l Classic SAGAs calculi (Bruni, Melgratti, Montanari, POPL 2005) are static l Dynamic SAGAs calculus at SEFM 2009 (with Zavattaro) l Which are the relations between static and dynamic SAGAs calculi?

10. Something more on SAGAs calculi l The basic building blocks are compensable actions A%B –Execute activity A, if the SAGA aborts execute activity B as compensation for A l SAGAs can be composed –sequence P;Q –parallel P|Q –nested {P}

11. Which semantics for SAGAs? l Many possible choices –Static vs dynamic –Interruption vs no interruption –Centralized vs distributed compensations l We consider the semantics with interruption and centralized compensation –Interruption for avoiding unnecessary computations –Semantics of distributed compensations unrealistic for real systems

12. Nesting l Useful for modeling complex systems and for refinement –Allows to see a SAGA as an activity l Present in the original proposal (POPL 2005) l Never defined for static SAGAs with interruption and centralized compensation nor for dynamic SAGAs l Second aim of the paper: extending the two approaches with nesting –Not a trivial issue

13. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

14. Static SAGA semantics l Big-step semantics l Γ is an environment describing basic activities The final outcome ¤ of a SAGA can be – ¡ : success – £ : abort – ¥ : failure, if a compensation aborts l Observation α: the activities that have been successfully executed l Compensation β: starting compensation l Compensation β 1 : final compensation ¡ ` h P ; ¯ i ® ¡ ! h ¤ ; ¯ 1 i

15. Sample static rule l A rule for sequential composition l Observations can also include parallel composition l We refer to the paper for the whole semantics ¡ ` h P ; ¯ i ® ¡ ! d h ¡ ; ¯ 00 i ¡ ` h Q ; ¯ 00 i ® 0 ¡ ! d h ¤ ; ¯ 0 i ¡ ` h P ; Q ; ¯ i ®;® 0 ¡¡¡ ! d h ¤ ; ¯ 0 i

16. Static SAGA semantics l Activities are executed and compensations stored for later retrieval –Executed in case of failure by the innermost SAGA (centralized compensation) l If a branch aborts and/or fails, other branches should be notified –Abort makes the other branches to compensate –Fail is catastrophic and blocks all the activities »Can only occur with nesting

17. Branch outcome notification l Notification blocks execution of other branches l We need to model incomplete executions £ : abort because of external abort (successful compensation) ¥ : failure because of external failure (no compensation) ¢ : failure because of external abort and failure of the compensation l Parallel composition rules describe the allowed combinations l Notifications should be also propagated to subSAGAs

18. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

19. Dynamic SAGA semantics l Small-step semantics The final result * of a dynamic SAGA can be either an intermidiate process P’ or a final outcome ¡, £ or ¥ l Observation a can be an activity or empty l A SAGA gives rise to computations to reach a final outcome ¡ ` h P ; ¯ i a ¡ ! h ¤ ; ¯ 1 i

20. Sample dynamic rules l A few rules for sequential composition l Allow to compute inside P and to complete P execution successfully l Again, we refer to the paper for the whole semantics ¡ ` h P ; ¯ i a ¡ ! s h P 0 ; ¯ 0 i ¡ ` h P ; Q ; ¯ i a ¡ ! s h P 0 ; Q ; ¯ 0 i ¡ ` h P ; ¯ i a ¡ ! s h ¡ ; ¯ 0 i ¡ ` h P ; Q ; ¯ i a ¡ ! s h Q ; ¯ 0 i

21. Dynamic SAGA execution l When a subSAGA executes it produces some items of compensation l Compensations of subSAGAs and of the main SAGA should not mix l Auxiliary syntax is needed l Running SAGA: {P,β} –SAGA executing P with stored compensation β

22. Compensation execution l Running compensations should not be interrupted by external aborts –Should execute in a protected way l Auxiliary syntax is needed again l [β] is a running compensation l Two possible causes for compensation execution –Internal: if compensation is successful then the SAGA is successful –External: the SAGA can not succeed anyway, abort is at the upper level Two forms of running compensations: [β] ¡ and [β] £

23. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

24. Static vs dynamic SAGAs l Two different intuitions about compensation order l Big-step vs small-step semantics l Which is the relation between them? l Are the two definitions coherent? –Good hint of correctness

25. Towards the correspondance l Static big-steps correspond to sets of possible dynamic computations l Big-step with label (A|B);C corresponds to the set of computations with sequences of labels A,B,C or B,A,C –Steps with empty labels are deleted

26. From dynamic to static l For each complete dynamic computation there is a static big-step with a compatible label and with the same outcome l Proof by induction on the SAGA structure Auxiliary results to relate partial computations to big- steps with outcomes £, ¥ or ¢

27. From static to dynamic l For each static big-step there is a dynamic computation with a compatible label and with the same outcome l There is not one such computation for each possible interleaving of the parallel observations l Dynamic SAGAs have more constraints on order of execution of actions l In A%B|C%D compensations B and D can be executed in any order in static SAGAs l In dynamic SAGAs if A is executed before C then D has to be executed before B l A;C;B;D is valid for static SAGAs but not for dynamic SAGAs

28. Comparison outcomes l Static and dynamic SAGAs are strongly related l Static SAGAs allow for more nondeterminism in the order of compensation of parallel actions l The strong relation is a good hint about the correctness of the formalization

29. Roadmap l Long running transactions l A journey in static SAGAs l A journey in dynamic SAGAs l Static vs dynamic l Conclusions

30. Results l Formalization of –Nested static SAGAs with interruption and centralized compensations –Nested dynamic SAGAs l Proved a strong relationship between the two models

31. Future work l Fully analyze dynamic SAGAs l Define a realistic semantics for SAGAs with interruption and distributed compensations (WADT 2010) l Continue to study the relationships between different approaches to long running transactions –Still lot of work to do –Hierarchical vs flat

32. The end