Download presentation
Presentation is loading. Please wait.
1
1 Formal Models for Distributed Negotiations A Calculus of Compensations Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003
2
Formal Models for Distributed Negotiations2 Compensations Long running transactions may abort also when some of their sub-transactions have been committed Committed sub-transactions should be undone Not always possible: visible events cannot be canceled e.g. when booking holiday (flights, hotels, cars, shows), only partial refund can be obtained by canceling e.g. when negotiating services and goods, some fines must be for canceling the contract To Compensate = to amends for, to make up for
3
Formal Models for Distributed Negotiations3 Objectives Clear understanding of long running transactions (LRT) and of their compositions Formal models to clarify assumptions and obligations of the various components of a business system Visual rendering of control structures Algebra of LRTs Design automatic analysis tools for checking coherence of business systems and guard against deadlocks and race conditions
4
Formal Models for Distributed Negotiations4 LRTs are not ACID LRTs are composed out of a collection of traditional atomic transactions for them, roll-back is supplied automatically usually engage in externally visible events these events cannot be undone automatically user-defined (application-dependent) compensations are needed approximately atomic and consistent, not isolated and globally durable, no automatic roll-back
5
Formal Models for Distributed Negotiations5 Inspiration From XLANG context P exception E compensation C normal entry point normal exit point failure compensation entry compensation exit
6
Formal Models for Distributed Negotiations6 Sound Traces Normal flow is vertical, from top to bottom Compensation flow is still vertical, but in the reversed direction (from bottom to top) For the moment we regard internal failures just as compensations Sound traces OK: normal in (nin) – normal out (nout) FAIL: nin – compensation out (cout) COMP: nin – nout – cin - cout
7
Formal Models for Distributed Negotiations7 Tree of Traces Traces can be conveniently represented as a tree Nodes are labeled by events A trace is a path from the root of the tree Sound transactions tree of traces must be conform to nin nout cin cout
8
Formal Models for Distributed Negotiations8 Succeed and Fail Straight arrows have no effects nin nout cin cout nin cout
9
Formal Models for Distributed Negotiations9 R;S Sequential Composition sequence R S Compound events nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin S.cout & R.cin R.cout & cout Simultaneous occurrence of joint events S R nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin R.cout & cout S.cout & R.cin R.cout & cout S.cout & R.cin R.cout & cout
10
Formal Models for Distributed Negotiations10 R;S Sequential Composition is Sound for R sequence R S Compound events nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin S.cout & R.cin R.cout & cout Simultaneous occurrence of joint events S R nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin R.cout & cout S.cout & R.cin R.cout & cout S.cout & R.cin R.cout & cout
11
Formal Models for Distributed Negotiations11 R;S Sequential Composition is Sound for S sequence R S Compound events nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin S.cout & R.cin R.cout & cout Simultaneous occurrence of joint events S R nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin R.cout & cout S.cout & R.cin R.cout & cout S.cout & R.cin R.cout & cout
12
Formal Models for Distributed Negotiations12 R;S Sequential Composition is Sound sequence R S Compound events nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin S.cout & R.cin R.cout & cout Simultaneous occurrence of joint events S R nin & R.nin R.nout & S.nin S.nout & nout cin & S.cin R.cout & cout S.cout & R.cin R.cout & cout S.cout & R.cin R.cout & cout
13
Formal Models for Distributed Negotiations13 Notes About Sequence Dynamic behaviour uniquely defined by the flowchart Only tree that satisfies all three conditions of soundness Sequential composition is associative We can omit outer boxes in nested serializations omit parentheses in algebraic expressions investigate properties by considering two operands at a time
14
Formal Models for Distributed Negotiations14 In sequential composition, a failure of a single component triggers the compensations of all previous activities The pick operation allows to specify two or more alternatives for the same goal tried sequentially until one succeeds or all have failed Sequential Choice (Pick)
15
Formal Models for Distributed Negotiations15 Sequential Choice (Pick) pick R S (associative) S R nin & R.nin R.nout & nout cin & R.cin R.cout & cout R.cout & S.nin S.nout & nout cin & S.cin S.cout & cout The tree is more informative than the flowchart
16
Formal Models for Distributed Negotiations16 Two or more transactions can be executed concurrently The all operation allows to specify two or more concurrent activities initiated together fail if any of them fail completed when all succeed roll-back all on subsequent failures Parallel Composition (All)
17
Formal Models for Distributed Negotiations17 Parallel Composition (All) all R S Petri net–like flowchart (assoc., comm.) S R nin & R.nin & S.nin R.nout & S.nout & nout cin & R.cin & S.cin R.cout & S.cout & cout The tree is trivial The implementation is difficult! What if, after R.nin and S.nin, it happens that R.nout but S.cout? Deadlock? (dealt with exceptions)
18
Formal Models for Distributed Negotiations18 Speculation local extra work in anticipation it may need later Two or more transactions can be attempted concurrently take the one that succeeds first compensate all the others alternatives must be independent each other and with no interaction Concurrent Waiting (Parallel Pick)
19
Formal Models for Distributed Negotiations19 nin & R.nin & S.nin R.nout & S.cout & nout cin & R.cin R.cout & cout Concurrent Waiting (Parallel Pick) R.cout & S.nout & nout cin & S.cin S.cout & cout R.cout & S.cout & cout R.nout & S.nout S.cin S.cout & nout cin & R.cin R.cout & cout R.cin R.cout & nout cin & S.cin S.cout & cout non-determinism
20
Formal Models for Distributed Negotiations20 The Pi-Calculus Approach The pi-calculus is the most famous calculus for (name) mobility Similar to join many receivers on the same channel hiding ( x) and binding input prefix x(y).P instead of def x y P in … Similar to CCS (with value passing) outputs carry values x y inputs have (bound) arguments x(y)
21
Formal Models for Distributed Negotiations21 Compensation Primitives Asynchronous pi-calculus P ::= 0 | x y | x(y).P | ( x)P | !P | P|P Additional primitives done – successful termination of transaction abort – internal failure context(P,Q,R) – Process P with exception handler Q and compensation R Some structural laws P | done = P abort | abort = abort context(x y |P, Q, R) = x y | context(P, Q, R)
22
Formal Models for Distributed Negotiations22 Handling Failures Compensations are remembered after commit by attaching them to on-failure processes of outer contexts context(P|context(done,Q’,R’), Q, R) context(P, R’|Q, R) context(abort, Q, R) Q This allows for Establishing abstract equivalences e.g. if P is abort-free, then P is equivalent to any context(P,Q,R) Formal encoding and comparison with other calculi extended processes can be “compiled” in the pi-calculus
23
Formal Models for Distributed Negotiations23 Extending Compensations Standard approach Compensations associated with primary activities of LRTs When required, all compensations of successful activities are executed (in reversal order) If savepoints are reached (committed choices), then compensations are no longer required and can be forgotten StAC (Structured Activity Compensation) In the spirit of Sagas More general mechanisms (concurrent and non-atomic activities) Multiple compensations (selective / alternative)
24
Formal Models for Distributed Negotiations24 Business Process Beans Business Processes model activities that are useful to the business must be composable hierarchy of abstractions IBM’s BPBeans Application hierarchy of nested components bottom level: primitive Java beans components activities act on a global set of shared variables composed via the Application Builder for Components (ABC) tool
25
Formal Models for Distributed Negotiations25 StAC Syntax P ; P (sequential composition) P | P (parallel composition) par i in S do i.P (generalized parallel comp.) if C then P else P (conditional) (early termination) {P} (termination scoping) P P (compensation pair) [P] (compensation scoping) (accept) (reverse)
26
Formal Models for Distributed Negotiations26 Sequential and Concurrent Activities P ; Q P is executed first. When P completes, Q is executed associative P | Q associative par i in S do i.P used for generating many concurrent instances uniquely indexed by i e.g. par i in 1..10 do i.P creates 10 distinct concurrent instances of P
27
Formal Models for Distributed Negotiations27 Early Termination termination is limited by scoping brackets e.g. {P; ;Q} ; R first executes P, then terminator prevents Q from being executed, but being termination limited within brackets, then R will be executed also concurrent activities are terminated maybe not immediately, but at a later stage either prematurely or at completion e.g. {(P; ;Q) | S} | R the termination causes S to terminate (not R, which is outside the scoping) Termination scoping can be nested
28
Formal Models for Distributed Negotiations28 Compensations I P Q P is the primary task Q is the compensation task for P First the primary task is executed, when completed, the compensation task is remembered for later use (in reversal) executes available compensations e.g. (P Q) ; executes P and remembers Q, then reverse by executing Q e.g. (P 1 Q 1 ); (P 2 Q 2 );(P 3 Q 3 ); executes P 1 then P 2 then P 3 then Q 3 then Q 2 and finally Q 1
29
Formal Models for Distributed Negotiations29 Compensations II e.g. ((P 1 Q 1 )|(P 2 Q 2 )|(P 3 Q 3 )) ; executes P 1, P 2 and P 3 concurrently, and then compensates with Q 1, Q 2 and Q 3 concurrently Invoked compensations are then cleared e.g. (P Q) ; ; is the same as (P Q) ; forgets all currently remembered compensations (committed choice) e.g. (P 1 Q 1 ) ; ; (P 2 Q 2 ) ; executes P 1 then P 2 and finally Q 2 (Q 1 is not performed because it has been removed by the accept operation)
30
Formal Models for Distributed Negotiations30 Compensations III Compensations can be nested e.g. (P (P 1 Q 1 ) ) ; executes P and remembers (P 1 Q 1 ), then on reversal executes P 1 but remembers Q 1 for later use Square brackets delimit the scope of the accept and reverse operators Restrictions in BPBeans nested compensations are not allowed each level in the hierarchy overrides lower levels (as if P was modeled by [P; ]) concurrent activities have separated compensation scopes (as if P|Q was modeled by [P]|[Q])
31
Formal Models for Distributed Negotiations31 Multiple Compensations Aim: to allow processes to remember several simultaneous compensation tasks Individual tasks can then be accepted or reversed Facilitate reuse of processes Language extension P i P (indexed compensation pair) i (indexed accept) i (indexed reverse)
32
Formal Models for Distributed Negotiations32 Selective and Alternative Compensations Selective compensations reversals select some activities to be compensated for, while preserving the compensations for other activities Alternative compensations several alternative compensations are attached to the same activity and the reversal picks one of these alternatives for invocation and forget the others
33
Formal Models for Distributed Negotiations33 StAC vs Other Models Sagas non hierarchical and purely sequential compensations invoked on system failure assumption of perfect compensation Nested transactions compensations invoked on system failure rigid scoping multiple compensations are not allowed ConTracts single compensations implicit accept and reversal
34
Formal Models for Distributed Negotiations34 Recap We have seen Different approaches to the formal modeling of compensations Difficulties Advantages Mismatching Basis for implementations
35
Formal Models for Distributed Negotiations35 References Notes by T. Hoare, C. Fournet, A. Gordon, L. Bocchi, C. Laneve, G. Zavattaro Extending the concept of transaction compensation (IBM System Journal 41(4), 2002, pp. 743-758) M. Chessell, C. Griffin, D. Vines, M. Butler, C. Ferreira, P. Henderson
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.