430 likes | 542 Views
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003. Formal Models for Distributed Negotiations Zero-Safe Nets. Roberto Bruni Dipartimento di Informatica Università di Pisa. Why Extending Petri Nets.
E N D
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003 Formal Models forDistributed NegotiationsZero-Safe Nets Roberto Bruni Dipartimento di Informatica Università di Pisa
Why Extending Petri Nets • The basic P/T net model does not offer any synchronization between transitions • Only token synchronization • Useful because • Translating primitives of concurrent languages can involve complex constructions • Needed for expressing transactions • Useful in addressing • Issues of refinement / abstraction • System design, Sw architectures • Moving from free-choice systems to deadlock-avoiding • Reliable multicasts Formal Models for Distributed Negotiations
Why Zero-Safe Nets • Zero-Safe Nets as a basis for modeling distributed transactions and workflows • Simplicity (natural extension of Petri nets) • Based on a concept easily exportable to other paradigms • Offering both refined / abstract views • Admit distributed interpreters / implementations • based on unfolding, no backtracking • based on join-calculus • Easy to combine with other net flavors (e.g. read arcs) Formal Models for Distributed Negotiations
The Idea • Zero-Safe Nets are like P/T Petri nets but places are partitioned in • Stable places • Ordinary places defining observable states • Zero-Safe places (or just zero places) • Idealized resources • Empty in all observable states • Temporarily used during transactions (coordinating activities) • Transaction as transition synchronization • A computation from observable states to observable states via non-stable markings • Transactions can end when all tokens in zero places have been consumed Formal Models for Distributed Negotiations
Rendez-Vous The message can be sent send receive Formal Models for Distributed Negotiations
Rendez-Vous Sender is blocked until message is received send receive Frozen! Formal Models for Distributed Negotiations
Rendez-Vous Ready to commit send receive Formal Models for Distributed Negotiations
Rendez-Vous Coordinated commit send receive Formal Models for Distributed Negotiations
Nondeterministic Rendez-Vous receive send receive Formal Models for Distributed Negotiations
Origin of the Name • In classic Petri net Theory • A place a is n-safe if in any reachable marking it contains at most n tokens • A net is n-safe if all its places are such • Thus a place / net is 0-safe if in any reachable marking it is empty! • Useless? • We write zero-safe, not 0-safe • Zero places must be empty in any observable marking Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Success! Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Deadlock! Formal Models for Distributed Negotiations
From Free-Choice to Non-Deadlocking left right left right turn turn Only successful choices by design! Formal Models for Distributed Negotiations
No Reuse of Stable Tokens Before Commit The message can be sent… send receive Formal Models for Distributed Negotiations
No Reuse of Stable Tokens Before Commit …but no-one can receive it! send receive Formal Models for Distributed Negotiations
Multicasting a b send new z 2 copy receive reset c Formal Models for Distributed Negotiations
Multicasting a b send new z 2 copy receive reset c Formal Models for Distributed Negotiations
Multicasting a b send new z 2 copy receive reset c Formal Models for Distributed Negotiations
Multicasting a b send new z 2 copy receive reset c Formal Models for Distributed Negotiations
Multicasting a b send new z 2 copy receive reset c Formal Models for Distributed Negotiations
Formal Definition • A Zero-Safe net is B=(S,T,pre,post,u0,Z) • NB=(S,T,pre,post,u0) is the underlying P/T Petri net • ZSis the set of zero places • L=S-Z is the set of stable places • u0L is the initial marking • Note: S = (LZ) LZ • Markings can be represented as pairs (u,x) • uL • xZ Formal Models for Distributed Negotiations
Operational Semantics • We can exploit the operational semantics (step semantics) of the underlying P/T Petri net NB uxNBvy (u,)B(v,) [underlying steps] [commit] (u,x)B(v,y) uBv (u,x)B(v,x’) (u’,x’)B(v’,y) [horizontal composition] (uu’,x)B(vv’,y) • The key feature is horizontal composition • it acts as sequential composition on zero places • it acts as parallel composition on stable places Formal Models for Distributed Negotiations
Transactions as Transitions • The admissible behaviors of the net are those that can be committed • Such concurrent transactions can be regarded as atomic activities at the higher level of abstraction • In general there can be several P/T Petri nets N such that N B • We should select an abstract net A(B) which • is an ordinary P/T Petri net • its places are the stable places of B • its transitions are the (minimal) transactions of B • not decomposable in parallel activities • all other steps can be inferred Formal Models for Distributed Negotiations
Rendez-Vous send receive B A(B) Formal Models for Distributed Negotiations
left right left right turn turn From Free-Choice to Non-Deadlocking turn-L turn-R B A(B) Formal Models for Distributed Negotiations
Collective or Individual? • Different philosophies can yield different abstract nets • Define an algebra of computations • Careful axiomatization of horizontal composition * • Select only those computations such that • goes from stable marking to stable marking • If there exist , with = then either = or = • Computations are processes of NB • Select only those processes that satisfy suitable conditions • connected – not decomposable in parallel active processes • all and only minimal / maximal places stable • full – no idle place CTPh ITPh Formal Models for Distributed Negotiations
Multicasting CTPh Infinitely many transitions! a b new n+1 3 2 1-1 1-2 1-n … … reset 2 3 n+1 c Formal Models for Distributed Negotiations
Multicasting ITPh Infinitely many transitions! a Different copy policies are distinguished! b n+1 new n+1 3 2 1-1 1-2 1-n 1-n … … … reset 2 3 n+1 c n+1 Formal Models for Distributed Negotiations
Concurrent Copies receive copy receive send copy receive copy receive Formal Models for Distributed Negotiations
Sequential Copies receive receive send copy copy receive copy receive Formal Models for Distributed Negotiations
The ITPh “Monster” n 2 … … 2 n B CTPh ITPh Formal Models for Distributed Negotiations
Distributed Interpreter • The operational semantics relies on some sort of meta-definition: • one computes on the underlying net, building transaction segments and discarding undesired behaviors • Given an interpreter: • Is backtracking needed? • Correctness and completeness? • Halting criteria? • The problem: • Given a ZS net B with initial marking u0, is it possible to compute in a distributed fashion the set R(B,u0) of markings that can be reached via atomic transactions? Formal Models for Distributed Negotiations
Proposed Solution • The unfolding technique provides a distributed interpreter • Initial marking is needed! • We modify the distributed algorithm for P/T net unfolding and extend it with a COMMIT rule that enforces synchronization in the execution of a transaction Formal Models for Distributed Negotiations
ZS Nets Interpreter I ka u0 initial marking (as before) a,k, SU(B) can be either stable or zero t:isi (v,jnjzj) T={si,ki,Hi}i SU(B)co() e=t,TU(B) ={zj,m,{e} | 1 m nj}j SU(B) pre(e)= post(e)= only zero! wait… where is v? Formal Models for Distributed Negotiations
ZS Nets Interpreter II • Where we take the obvious extensions to of: • ZCons(e) is the set of zero tokens consumed by the ancestors of e (including e itself) • ZProd(e) is the set of zero tokens produced by the ancestors of e (including e itself) • SCons(e) = t:(u,x)(v,y), e u • SProd(e) = t:(u,x)(v,y), e v Together with the unfolding we compute R(B,u0)! TU(B)co() ZProd()=ZCons() u0 R(B,u0) u0 SProd() - SCons() R(B,u0) sets multisets Formal Models for Distributed Negotiations
Results • Proposition • If TU(B) such that co() and ZProd()=ZCons(), then e=t, we have that t does not produce any zero token • Theorem • R(B,u0) = { v | u0Bv } • Proof: • : by rule induction • : by induction on the proof of u Bv Formal Models for Distributed Negotiations
Open Problems • Computing the ITPh abstract net • Identify isomorphic processes • For vR(B,u0) we could add tokens with history … • Halting criteria • The algorithm recursively enumerate R(B,u0) • Decidability proved by Nadia Busi using a result of Reinhardt • Complexity • The algorithm is as much as distributed as the classical unfolding applied to the abstract net • To improve efficiency the sets ZProd(e) … could be encoded in e (they can be easily calculated from the history component) Formal Models for Distributed Negotiations
Recap • We have seen • Basic theory of Zero-Safe nets • Formal definition • Graphical representation • Examples • Abstract (CTPh / ITPh) nets • Distributed interpreter based on unfolding Formal Models for Distributed Negotiations
References • Zero-safe nets: comparing the collective and individual token approaches (Information and Computation 156(1-2):46-89, Academic Press 2000) • R. Bruni, U. Montanari • Executing transactions in zero-safe nets (Proc. ATPN’00, LNCS 1376, Springer 2000, pp. 83-102) • R. Bruni, U. Montanari Formal Models for Distributed Negotiations