Click here to load reader

Formal Models for Distributed Negotiations Distributed 2PC

  • View
    33

  • Download
    3

Embed Size (px)

DESCRIPTION

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003. Formal Models for Distributed Negotiations Distributed 2PC. Roberto Bruni Dipartimento di Informatica Università di Pisa. Orchestrating Zero-Safe Nets. - PowerPoint PPT Presentation

Text of Formal Models for Distributed Negotiations Distributed 2PC

  • Formal Models forDistributed NegotiationsDistributed 2PC Roberto BruniDipartimento di Informatica Universit di PisaXVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003

  • Orchestrating Zero-Safe NetsThe transactional mechanism of ZSN can be implemented in the join calculusCentralized versionThe fragment corresponding to coloured nets sufficesDistributed versionExploit full join (dynamic nets)

  • Centralized encodingTransactions have unique identifiersParticipants must pick up the name at the begin of the transaction and will be tagged with this nameOnly participants holding the same name can interact during the transactionControllers are associated with transactionsDynamically released from a unique generatorParticipants must interact with the controllers of their transactions when fetching or releasing tokensParallelism is increased by the usage of credit/debit tokens

  • ZS nets in JOINWe encode basic nets, which are expressive enough: [[ E open e ]] = E() | cdt(k) e(k) | fetched(k,E) [[ e calc e ]] = e(k) e(k) [[ e fork e, e ]] = e(k) | cdt(k) e(k) | e(k) [[ e, e join e ]] = e(k) | e(k) e(k) | dbt(k) [[ e close E ]] = e(k) frozen(k,E) | dbt(k) [[ e drop ]] = e(k) dbt(k)given a net (T,S) we define an agent def [[ T ]] CF in [[S]] | gen(0)

  • Generator, Controllers and CommitC = gen(k) gen(k+1) | state(k+1,0)

    state(k,n) state(k,n+1) | cdt(k) state(k,n+1) | dbt(k) state(k,n) cdt(k) dbt(k) state(k,0) commit(k)

    commit(k) | frozen(k,E) commit(k) | E commit(k) | fetched(k,E) commit(k)

    generation of fresh controllerscredit / debit administrationcommit

  • FailuresF = state(k,n) failed(k,n)

    failed(k,n+1) | cdt(k) failed(k,n) failed(k,n+1) | dbt(k) failed(k,n) failed(k,n) | frozen(k,E) failed(k,n) failed(k,n) | fetched(k,E) failed(k,n) | E

    nondeterministic failurecredit / debit administrationroll-back

  • CommentsHighly non-deterministiccredit tokens are not released by need to avoid serialization of activitiesEmpty transactionsGuesswork if different open statement should belong to the same transaction or notSemantic correspondenceInvariant representing state consistencyCorrectness and completeness through normalization strategyactive transactions failcommitting transactions terminate successfullyfailing transactions are rolled backnormalization is harmlessreachable ZSN markings correspond to reachable consistent normalized states

  • CommentsHighly non-deterministiccredit tokens are not released by need to avoid serialization of activitiesEmpty transactionsGuesswork if different open statement should belong to the same transaction or notSemantic correspondenceInvariant representing state consistencyCorrectness and completeness through normalization strategyactive transactions failcommitting transactions terminate successfullyfailing transactions are rolled backnormalization is harmlessreachable ZSN markings correspond to reachable consistent normalized states

  • Distributed ImplementationZS nets can be implemented in Join by using a distributed commit protocol (D2PC)where all participants play an active role in the decisionwhich supports multiway transactionswhose participants are not fixed statically

  • Distributed 2PCThe distributed 2PC is a variant of the decentralized 2PC with a finite but unknown number of participantsWhen a participant P is ready to commit it has only a partial knowledge of the whole set of participantsOnly those who directly cooperated with PTo commit P must contact all its neighbors and learn the identity of other participants from them

  • D2PCEvery participant P acts as coordinatorDuring the transaction P builds its own synchronization set LP of cooperating agentsWhen P is ready to commit, P asks readiness to processes in LP (if empty P was isolated and can commit)In doing so, P sends them the set LPOther participants will send to Peither a successful reply with their own synchronization setsor a failure message(in this case, failure is then propagated)Successful replies are added to LPThe protocol terminates when LP is transitively closed

  • Example: D2PCP1P2P3

  • Example: D2PCP1P2P3{}

  • Example: D2PCP1P2P3{}{}

  • Example: D2PCP1P2P3{}{}{}

  • Example: D2PCP1P2P3{}{}{}

  • Example: D2PCP1P2P3{P3}{P2}{}

  • Example: D2PCP1P2P3{P3}{P2}{}

  • Example: D2PCP1P2P3{P1,P3}{P2}{P2}

  • Example: D2PCP1P2P3{P1,P3}{P2}{P2}

  • Example: D2PCP1P2P3{P1,P3}{P2} [P2] ()

    {P2}

  • Example: D2PCP1P2P3{P1,P3}

    {P2} [P2] (){P2}

  • Example: D2PCP1P2P3{P1,P3} [P1,P3] ()

    {P2} [P2] ()

    {P2}

  • Example: D2PCP1P2P3

    {P2} [P2] ()

    {P1,P3} [P1,P3] (){P2}

  • Example: D2PCP1P2P3{P2} [P2] ()

    {P1,P3} [P1,P3] (P3){P2}

  • Example: D2PCP1P2P3{P1,P2} [P2] (P2)

    {P1,P3} [P1,P3] (P3){P2}

  • Example: D2PCP1P2P3{P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P3)

    {P2}

  • Example: D2PCP1P2P3{P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P3)

    {P2}

  • Example: D2PCP1P2P3{P2} [P2] (){P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P3)

  • Example: D2PCP1P2P3{P2} [P2] (){P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P3)

  • Example: D2PCP1P2P3{P2} [P2] (){P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2} [P2] (){P1,P2} [P1,P2] (P2)

    {P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2,P3} [P2] (P2){P1,P2} [P1,P2] (P2){P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2,P3} [P2] (P2){P1,P2} [P1,P2] (P2){P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2,P3} [P2] (P2){P1,P2} [P1,P2] (P2){P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2,P3} [P2 ,P3] (P2 ,P3){P1,P2} [P1,P2] (P2){P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCP1Q2P3{P2,P3} [P2 ,P3] (P2 ,P3){P1,P2} [P1,P2] (P1,P2){P1,P3} [P1,P3] (P1,P3)

  • Example: D2PCQ1Q2Q3{P2,P3} [P2 ,P3] (P2 ,P3){P1,P2} [P1,P2] (P1,P2){P1,P3} [P1,P3] (P1,P3)

  • ZS nets in JOINWe encode basic nets, which are expressive enough: [[ E open e ]] = E def D in e(put, { lock }) | state({ E }) [[ e calc e ]] = e(p, L) e(p, L) [[ e fork e, e ]] = e(p, L) def D in e(p, L { lock }) | e(put, L { lock }) | state( ) [[ e, e join e ]] = e(p, L) | e(p, L) e(p, L L) | p(L L, ) [[ e close E ]] = e(p, L) p(L, { E })given a net (T,S) we define an agent def [[ T ]] in [[S]] , wheredefault compensation

  • DTC in JOINthe definition D is the following state(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )state(H) failed() | release(H)commit({ l } L, L, L, F, H) commit(L, L, L , F, H)| l(L, lock, fail )commit(L, L, L, F, H) | lock(L, l, f ) commit(L (L \ L), L L, L { l }, F, H )commit(, L, L, F, H) release(F)commit(L, L, L, F, H) | fail() failed() | release(H)failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()

  • Openinga new thread is createdand two tokens releasedthe name of the new threadthe return address of the new threadthe state of the new thread;it contains the consumed resourcesto be returned in case of failure[[ E open e ]] = E def D in e(put, { lock }) | state({ E })

  • Progress [[ e calc e ]] = e(p, L) e(p, L)set of threads, including self, the token has been in contact withreturn address where to send the set of threads and the generated stable resources, if any

  • Joining[[ e, e join e ]] = e(p, L) | e(p, L) e(p, L L} | p(L L, )the contacted sets of threads are conjoined the second thread terminatesthe first thread continues

  • Splittingthe new thread starts with the augmented contact set

    a new thread is createdand three tokens released

    the original thread continuesbut its contact set is augmentedwith the name of new thread

    the state of the new threadcontains no consumed resource [[ e fork e, e ]] = e(p, L) def D in e(p, L { lock }) | e(put, L { lock }) | state( )

  • Pre-commitstate(H) | put(L, F) commit(L \ { lock }, L , { lock }, F, H )generated stable resources to be unfrozen in case of successlist of contacted threads including self

    List of contacted threads already synchronized withthe thread receives the signal that it can commit locallyand evolves to a committed state

    consumed resources to be returned in case of failure

    list of contacted threadsto be synchronized withfor global commit

  • Commitmentcommit({ l } L, L, L, F, H) commit(L, L, L , F, H) | l(L, lock, fail )

    commit(L, L, L, F, H) | lock(L, l, f ) commit(L (L \ L), L L, L { l }, F, H )

    commit(, L, L, F, H) release(F)sending a message to a thread to be synchronized with

    failure port

    success port

    synchronization sets updated for transitive closure

    receiving a message from a thread to be synchronized withall threads in the transitive closure have been contacted: commit

    frozen resources are released

  • Failuresstate(H) failed() | release(H)

    commit(L, L, L, F, H) | fail() failed() | release(H)

    failed() | put(L, F) failed()failed() | lock(L, l, f) failed() | f()failed() | fail() failed()local failure

    consumed resources are given back

    handling global failure

  • D2PC in JocamlJocaml is an extension of the Objective CamlSupport Join calculus programming modelFunctional languageSupport of OO and imperative paradigmsA running implementation of the controllers in Jocaml has been developed by Hernan MelgrattiGiven a description of a ZS net, it automatically generates a Jocaml program that simulates the net behavior

  • Thread Coordinator in Jocaml

    let def new_coordinator () = let def state! h | timeout! () = failed() | release h | deact timeout or failed!() | fail! () = failed () or failed!() | lock! (ll, l , f) = failed () | f () or failed!() | put!(l,f) = failed () or commit!(l, l1, l2,f, h) | fail!() = failed() | release h | deact timeout or commit0!(l, l1, l2,f, h) | fail!() = failed() |release h | deact timeout or commit0!(l,l1,l2,f,h) = match l with [] -> if (equiv l1 l2) then release f else commit(l,l1,l2,f,h) t::ts -> {t (l1,lock,fail) |commit0(ts,l1,l2,f,h)} or commit!(l,l1,l2,f,h)|lock!(l3,ll,f) = let lnew = union l (difference l3 l1) in commit0 (lnew, union l1 l3,union l2 [ll],f,h) or state! h | put! (l,f) = commit0 (del lock l, l, [lock], f, h) | deact timeoutin reply failed,fail,lock,put, commit, state, timeout ;;

  • A ZSNet in Jocamllet def aZSNet () = let def placeA!() = let newthread = new_coordinator() in { (state newthread) [placeA] | placeB (put newthread,[lock newthread]) | act (timeout newthread)}

    or placeB!(p,l) = placeC!(p,l)

    or placeB!(p,l) = let newthread = create_thread() in { (state newthread) [] | placeC (p, union l [lock newthread]) | placeD (put newthread, union l [lock newthread]) | act (timeout newthread)} or ...

    in reply placeA, place H .....;;

    spawn {placeA()|placeA()|placeH ()} ;;

    OPENCALCFORKInitial Marking

  • Example (Problem description)Apartment RentalsThere is an offer of apartments that can be rented immediatelyThere are requests to rent offered apartments from personsAlso, there are request to change apartment, i.e., a person take a new apartment only when somebody else rents her apartment

  • Example (ZS Net)State

  • ImplementationReflexive encoding*ZS Net GeneratorInitial State MatrixPreferences MatrixZsNetJocaml Source CodeJogc

  • RecapWe have seenImplementation of Zero-Safe Nets in JoinCentralized versionColoured nets / Join fragmentDistributed versionDistributed 2PCDynamic nets / Full Join

  • ReferencesThe reflexive chemical abstract machine and the Join calculus (Proc. POPL96, ACM, pp. 372-385)C. Fournet, G. GonthierHigh-level Petri nets as type theories in the Join-calculus (Proc. FoSSaCS01, LNCS 2030, pp. 104-120)M. Buscemi, V. Sassone