Formal Models for Distributed Negotiations Zero-Safe Nets

1
Formal Models forDistributed NegotiationsZero-Sa
fe Nets
XVII Escuela de Ciencias Informaticas (ECI 2003),
Buenos Aires, July 21-26 2003
Roberto Bruni Dipartimento di Informatica
Università di Pisa
2
Why Extending Petri Nets

• The basic P/T net model does not offer any
  synchronization between transitions
• Only token synchronization
• Useful because
• Translating primitives of concurrent languages
  can involve complex constructions
• Needed for expressing transactions
• Useful in addressing
• Issues of refinement / abstraction
• System design, Sw architectures
• Moving from free-choice systems to
  deadlock-avoiding
• Reliable multicasts

3
Why Zero-Safe Nets

• Zero-Safe Nets as a basis for modeling
  distributed transactions and workflows
• Simplicity (natural extension of Petri nets)
• Based on a concept easily exportable to other
  paradigms
• Offering both refined / abstract views
• Admit distributed interpreters / implementations
• based on unfolding, no backtracking
• based on join-calculus
• Easy to combine with other net flavors (e.g. read
  arcs)

4
The Idea

• Zero-Safe Nets are like P/T Petri nets but places
  are partitioned in
• Stable places
• Ordinary places defining observable states
• Zero-Safe places (or just zero places)
• Idealized resources
• Empty in all observable states
• Temporarily used during transactions
  (coordinating activities)
• Transaction as transition synchronization
• A computation from observable states to
  observable states via non-stable markings
• Transactions can end when all tokens in zero
  places have been consumed

5
Rendez-Vous
The message can be sent
send
receive
6
Rendez-Vous
Sender is blocked until message is received
send
receive
Frozen!
7
Rendez-Vous
Ready to commit
send
receive
8
Rendez-Vous
Coordinated commit
send
receive
9
Nondeterministic Rendez-Vous
receive
send
receive
10
Origin of the Name

• In classic Petri net Theory
• A place a is n-safe if in any reachable marking
  it contains at most n tokens
• A net is n-safe if all its places are such
• Thus a place / net is 0-safe if in any reachable
  marking it is empty!
• Useless?
• We write zero-safe, not 0-safe
• Zero places must be empty in any observable
  marking

11
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
12
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
13
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
14
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
Success!
15
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
16
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
Deadlock!
17
From Free-Choice to Non-Deadlocking
left
left
right
right
turn
turn
Only successful choices by design!
18
No Reuse of Stable Tokens Before Commit
The message can be sent
send
receive
19
No Reuse of Stable Tokens Before Commit
but no-one can receive it!
send
receive
20
Multicasting
a
b
send
new
z
2
receive
copy
reset
c
21
Multicasting
a
b
send
new
z
2
receive
copy
reset
c
22
Multicasting
a
b
send
new
z
2
receive
copy
reset
c
23
Multicasting
a
b
send
new
z
2
receive
copy
reset
c
24
Multicasting
a
b
send
new
z
2
receive
copy
reset
c
25
Formal Definition

• A Zero-Safe net is B(S?,T,pre,post,u0,Z)
• NB(S?,T,pre,post,u0) is the underlying P/T Petri
  net
• Z?S is the set of zero places
• LS-Z is the set of stable places
• u0?L? is the initial marking
• Note S? (L?Z)? ? L??Z?
• Markings can be represented as pairs (u,x)
• u?L?
• x?Z?

26
Operational Semantics

• We can exploit the operational semantics (step
  semantics) of the underlying P/T Petri net NB

u?x?NBv?y
(u,?)?B(v,?)
underlying steps
commit
(u,x)?B(v,y)
u?Bv
(u,x)?B(v,x) (u,x)?B(v,y)
horizontal composition
(u?u,x)?B(v?v,y)

• The key feature is horizontal composition
• it acts as sequential composition on zero places
• it acts as parallel composition on stable places

27
Transactions as Transitions

• The admissible behaviors of the net are those
  that can be committed
• Such concurrent transactions can be regarded as
  atomic activities at the higher level of
  abstraction
• In general there can be several P/T Petri nets N
  such that ?N ? ?B
• We should select an abstract net A(B) which
• is an ordinary P/T Petri net
• its places are the stable places of B
• its transitions are the (minimal) transactions of
  B
• not decomposable in parallel activities
• all other steps can be inferred

28
Rendez-Vous
send
receive
B
A(B)
29
From Free-Choice to Non-Deadlocking
turn-L
turn-R
B
A(B)
30
Collective or Individual?

• Different philosophies can yield different
  abstract nets
• Define an algebra of computations
• Careful axiomatization of horizontal composition
  ??
• Select only those computations ? such that
• ? goes from stable marking to stable marking
• If there exist ?,? with ? ??? then either ?? or
  ??
• Computations are processes of NB
• Select only those processes that satisfy suitable
  conditions
• connected not decomposable in parallel active
  processes
• all and only minimal / maximal places stable
• full no idle place

CTPh
ITPh
31
Multicasting CTPh
Infinitely many transitions!
a
b
new
n1
3
2
1-1
1-2
1-n


reset
2
3
n1
c
32
Multicasting ITPh
Infinitely many transitions!
a
Different copy policies are distinguished!
b
n1
new
n1
3
2
1-1
1-2
1-n
1-n



reset
2
3
n1
c
n1
33
Concurrent Copies
receive
copy
receive
send
copy
receive
copy
receive
34
Sequential Copies
receive
receive
send
copy
copy
receive
copy
receive
35
The ITPh Monster
n
2


2
n
B
CTPh
ITPh
36
Distributed Interpreter

• The operational semantics relies on some sort of
  meta-definition
• one computes on the underlying net, building
  transaction segments and discarding undesired
  behaviors
• Given an interpreter
• Is backtracking needed?
• Correctness and completeness?
• Halting criteria?
• The problem
• Given a ZS net B with initial marking u0, is it
  possible to compute in a distributed fashion the
  set R(B,u0) of markings that can be reached via
  atomic transactions?

37
Proposed Solution

• The unfolding technique provides a distributed
  interpreter
• Initial marking is needed!
• We modify the distributed algorithm for P/T net
  unfolding and extend it with a COMMIT rule that
  enforces synchronization in the execution of a
  transaction

38
ZS Nets Interpreter I
ka ? u0
initial marking (as before)
?a,k,?? ? SU(B)
can be either stable or zero
t?isi ? (v,?jnjzj) ? T ??si,ki,Hi?i ?
SU(B) co(?)
e?t,???TU(B) ??zj,m,e? 1 ? m ?
njj ? SU(B)
pre(e)? post(e)?
only zero!
wait where is v?
39
ZS Nets Interpreter II
Together with the unfolding we compute R(B,u0)!
?? TU(B) co(?) ZProd(?)ZCons(?)
u0 ? R(B,u0)
u0 ? SProd(?) - SCons(?) ? R(B,u0)

• Where we take the obvious extensions to ? of
• ZCons(e) is the set of zero tokens consumed by
  the ancestors of e (including e itself)
• ZProd(e) is the set of zero tokens produced by
  the ancestors of e (including e itself)
• SCons(e) ??t(u,x)?(v,y),?? ? e u
• SProd(e) ??t(u,x)?(v,y),?? ? e v

sets
multisets
40
Results

• Proposition
• If ??TU(B) such that co(?) and ZProd(?)ZCons(?),
  then ?e?t,???? we have that t does not produce
  any zero token
• Theorem
• R(B,u0) v u0 ?Bv
• Proof
• ? by rule induction
• ? by induction on the proof of u ?Bv

41
Open Problems

• Computing the ITPh abstract net
• Identify isomorphic processes
• For v?R(B,u0) we could add tokens with history ?
• Halting criteria
• The algorithm recursively enumerate R(B,u0)
• Decidability proved by Nadia Busi using a result
  of Reinhardt
• Complexity
• The algorithm is as much as distributed as the
  classical unfolding applied to the abstract net
• To improve efficiency the sets ZProd(e) could
  be encoded in e (they can be easily calculated
  from the history component)

42
Recap

• We have seen
• Basic theory of Zero-Safe nets
• Formal definition
• Graphical representation
• Examples
• Abstract (CTPh / ITPh) nets
• Distributed interpreter based on unfolding

43
References

• Zero-safe nets comparing the collective and
  individual token approaches (Information and
  Computation 156(1-2)46-89, Academic Press 2000)
• R. Bruni, U. Montanari
• Executing transactions in zero-safe nets (Proc.
  ATPN00, LNCS 1376, Springer 2000, pp. 83-102)
• R. Bruni, U. Montanari