Title: Formal Models for Distributed Negotiations Transactions in Linda
1Formal Models forDistributed NegotiationsTransac
tions in Linda
XVII Escuela de Ciencias Informaticas (ECI 2003),
Buenos Aires, July 21-26 2003
Roberto Bruni Dipartimento di Informatica
Università di Pisa
2Zero-Safe Approach
- Zero-Safe nets are based on a two-level
classification of resources - Stable Observable Persistent
- Zero Temporary Volatile
- This idea can be easily exported from Petri nets
to other formalisms whenever - States are multisets
- Elementary actions can fetch and release
resources - Outcome
- Express transactions in a concurrent scenario
- Related refined / abstract views of the same
system
3Adding Transactions to Linda
- We have already seen net models for Linda
- Places model messages and processes
- We can apply the Zero-Safe approach
- Get some insights on a choice of language
primitives for expressing transactions - Surprisingly, concurrent semantics is more
natural than interleaving semantics - Refined / abstract views
- Problem
- Linda requires contextual arcs
4Zero-Safe Nets with Read Arcs
- The combined use of zero-safe places and read
arcs is not problematic - Crucial point is
- whether to forbid or not that a stable token is
read (possibly many times) and then also fetched
during the same transaction - We consider the semantics that forbids these
behaviors - Regarding read arcs on zero safe places
- can be dealt with
- for simplicity and uniformity (see why in a few
slides) read arcs on zero safe places are not
considered here
5Zero-Safe Nets with Inhibitor Arcs
- The combined use of zero-safe places and
inhibitor arcs is not completely straightforward - We would like to keep consistent refined /
abstract views - the example above has apparently two independent
transactions (s followed by r / just t) - they are not really independent because tokens
flow in z - not reflected in the abstract view
- Ambiguity solved by restricting inhibitor arcs to
stable places only
6Operational Semantics
- No read arcs on zero safe places (can be relaxed)
- No inhibitor arcs on zero safe places (avoid
ambiguity) - (Fix the positive/negative context and do the
transaction)
x?u?x ?w?NBv?y
x?(u,?) ?w?B(v,?)
underlying steps
commit
x?(u,x) ?w?B(v,y)
x?u ?w?Bv
x?(u?w,x) ?w?B(v?w,x) x?(u?w,x)
?w?B(v?w,y)
?x?x??(u?u?w,x) ?w?B(v?v?w,y)
horizontal composition
if (x?x)?(u?u?w?w?v?v) ?
7From Linda to TraLinda
- Main ideas
- distinguish between low-level and high-level
messages - Typing relation a? with ??L,H
- atomic prefixing ?_C
- Execute ? if the concurrent program C can
complete the transaction - stable guards only!
- solve ambiguity in the semantics
8Syntax
- Messages
- M ?a??
- Action Prefixes
- ? out(a?) rd(aH) in(a?) !in(a?)
- Predicates
- ? rdp(aH) inp(aH)
- Sequential Programs
- S 0 ?.C ??CC ?_C
- Concurrent Programs
- C S CC
- Processes
- P M C PP
can be relaxed
cannot be relaxed
9Examples
- in(aH)_(out(bH).0 in(cH).0)
- can input the message ?aH? provided that also
inputs ?cH? and outputs ?bH? - P1 Pn Qn
- Pi in(aiH)_out(zL).0
- Q0 Q (generic process)
- Qi1 in(zL)_Qi
- can start a task Q after consuming the messages
?a1H? ?anH? (regardless of the order) - in(aH)_0
- deadlock (always abort) should we allow it?
10Truly Concurrent Semantics for TraLinda
- Straightforward adaptation of truly concurrent
semantics for Linda - We must carefully distinguish zero safe places
from stable ones - Messages
- ?aH? is stable
- ?aL? is zero safe
- Sequential Processes
- Two versions
- P is stable
- _P is zero safe (due to atomic prefixing)
- Correspondingly, there are two versions of
transitions
11Decomposition Function
- dec(P) is defined as usual, plus
- dec(?_P) ?_P
- In general dec(P) P1,,Pn,M1,,Mm
- We let _dec(P) _P1,,_Pn,M1,,Mm
12Some Transitions
- See Bruni, Montanari 2003 for full list and
technicalities - IN(a,?,P) ? ? ?a?? ? in(a?).P ??? dec(P)
- ATIN(a,?,P) ? ? ?a?? ? in(a?)_P ??? _dec(P)
- OUT(a,?,P) ? ? out(a?).P ??? ?a?? ? dec(P)
- ATOUT(a,?,P) ? ? out(a?)_P ??? ?a?? ? _dec(P)
- _IN(a,?,P) ? ? ?a?? ? _in(a?).P ??? dec(P)
- _ATIN(a,?,P) ? ? ?a?? ? _in(a?)_P ??? _dec(P)
- _OUT(a,?,P) ? ? _out(a?).P ??? ?a?? ? dec(P)
- _ATOUT(a,?,P) ? ? _out(a?)_P ??? ?a?? ?
_dec(P)
13Example Message Typing
out(aH).P in(aH).Q
out(aH).P
in(aH).Q
?aH?
dec(P)
14Example Message Typing
out(aL).P in(aL).Q
out(aL).P
in(aL).Q
?aL?
dec(P)
dec(Q)
15Example Prefixing
in(aL).out(bH).P
?aL?
out(bH).P
?bH?
dec(P)
16Example Prefixing
in(aL)_out(bH).P
?aL?
_out(bH).P
?bH?
dec(P)
17Example Prefixing
in(aL)_out(bH)_P
?aL?
_out(bH)_P
?bH?
_dec(P)
18Example Reading
- Take the process P P1 P2 ?aH? ?bH?
- P1 rd(aH)_in(bH)_out(cH).0
- P2 rd(bH)_in(aH)_out(cH).0
- Either P1 or P2 can be executed successfully, but
not both - because the messages ?aH? and ?bH? cannot be
first read and then consumed during the same
transaction - Compare against Q Q1 Q2 ?aH? ?bH?
- Q1 rd(aH).in(bH).out(cH).0
- Q2 rd(bH).in(aH).out(cH).0
19Example Reading
P1
?aH?
?bH?
?cH?
0
P2
20Some Results
- For each process P we can construct a finite zero
safe net zsnet(P) - If P does not contain atomic prefixing
- The only zero safe places in zsnet(P) are those
associated with messages - all transactions in zsnet(P) consist of two
events at most - If P is a Linda process, then zsnet(P)net(P)
21A Note on Ordered and Unordered Semantics I
- Ordered and unordered semantics for Linda have
different expressive power - (deadlock is decidable in the unordered)
- In their corresponding net semantics, netO(P) and
netU(P), the main difference relies in the
atomicity of emission and rendering - Take ??a?? as stable or zero safe
- We can translate unordered processes in ordered
processes via a transformation div(.) - div(out(a).P) out(_a).div(P) in(_a).out(a).0
- div(.) is the identity for the rest
22A Note on Ordered and Unordered Semantics II
- Proposition
- netU(P) is deadlock equivalent to netO(div(P))
- (the proof exploits a third net equivalent to
both) - Atomicity is essential, take
- div(out(a).P) out(_aL).div(P)
in(_aL)_out(aH).0 - div(.) is the identity for the rest
- Proposition
- netO(P) is deadlock equivalent to (the abstract
net of) zsnet(div(P))
23An Alternative Approach
- In the context of coordination middlewares
- JavaSpaces (Sun Microsystem)
- TSpaces (IBM)
- Both borrowing features from generative
communications of Linda (data-driven
coordination) - Also event notification (control-driven
coordination) - Transaction mechanisms
- Interest on serializability
- JavaSpaces specifications were not enough
precise! - Busi, Zavattaro 2001
24Sketch of the Alternative Approach
- PDL similar to that of Linda
- New prefixes for transactions
- create(x)
- commit(x)
- New processes
- ?a?T
- xP
- Interleaving semantics
- suitable observations
- Limitations
- No nesting, ad-hoc interleaving semantics,
monolitic view
25Principles
- Data produced within a transaction x will be
accessible outside only after the commit of x - Data consumption or test for presence within a
transaction can operate on local and global items - Data tested for presence during a transaction x
cannot be consumed by processes outside x - Concerning test for absence in a transaction x,
if the only occurrences of matching data have
been consumed by another transaction, the
operation will wait for the commit before
reporting the absence of data
26Improving the Specification
- When read, an entry is added to the set of
entries read by the provided transaction. Such an
entry may be read in any other transaction to
which the entry is visible, but cannot be taken - Ok if we do not have conditionals in the language
- Otherwise, this is not enough for guaranteeing
serializability - A further lock policy is proposed
- After a test for absence is performed inside a
transaction on a certain kind of data, no data of
that kind can be introduced in the shared
dataspace before the end of the transaction - New processes needed xPR,A
- to keep track of data removed (R) and tested for
absence (A) by x
27Recap
- We have seen
- Transaction primitives for Linda
- Inspired from zero safe nets
- Truly concurrent semantics
- Refined / abstract views
- Examples
- Sketch of an alternative approach
28References
- Concurrent models for Linda with transactions
(Mathematical Structures in Computer Science,
2003, to appear) - R. Bruni, U. Montanari
- On the serializability of transactions in
JavaSpaces (Proc. ConCoord01, ENTCS 54) - N. Busi, G. Zavattaro