1 / 62

Enhancing Reversibility in Conceptual Models for Dependable Distributed Systems

Explore the concept of reversibility with a focus on program control and error prevention in distributed systems. Presenting practical applications and drawbacks to enhance system dependability.

collierm
Download Presentation

Enhancing Reversibility in Conceptual Models for Dependable Distributed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Controlling Reversibility in Rhopi Ivan Lanese Computer Science Department Focus research group University of Bologna/INRIA Bologna, Italy Joint work with Claudio Antares Mezzina (INRIA), Jean-Bernard Stefani (INRIA) and Alan Schmitt (INRIA)

  2. Roadmap • Our aim • Reversibility • A rollback operator • Conclusions

  3. Roadmap • Our aim • Reversibility • A rollback operator • Conclusions

  4. Do you remember Rhopi? • What I will present is a follow-up of Rhopi’s talk, presented by Claudio Mezzina at last seminar • I will briefly recall it, but mainly build on top of it

  5. What Rhopi really is? • Rhopi, as well as the calculi RCCS and CCSk, propose (slightly different) answers to the same question: How can we reverse a process?

  6. A tool • For us, Rhopi is a tool • We want to reverse processes to program dependable distributed systems • The same tool can be used also for different purposes (e.g., modelling biological systems) • Rhopi alone is not enough • We want to go back only in case of errors • We want to specify how far back to go • We want to avoid repeating the same errors • We want to make the good results permanent • We want to add compensations to the mix

  7. Drawbacks of Rhopi alone

  8. Drawbacks of Rhopi alone

  9. Drawbacks of Rhopi alone

  10. Drawbacks of Rhopi alone

  11. Drawbacks of Rhopi alone

  12. Drawbacks of Rhopi alone

  13. Drawbacks of Rhopi alone

  14. Drawbacks of Rhopi alone

  15. Drawbacks of Rhopi alone

  16. Drawbacks of Rhopi alone • Absolutely no control • Impossible to make a result permanent • The activity producing it can always be undone • No commit • All the states are (weak) equivalent • Each program is either stuck or divergent

  17. The small-step approach • Add simple mechanisms for controlling reversibility • In RCCS: irreversible actions • Here: a rollback primitive • Other interesting possibilities exist • Understand their behavior • In a concurrent setting • Expressive power

  18. Final destination • Can reversibility act as an underlying theory for understanding various techniques for dependability in distributed systems? • Checkpointing • Transactions • Apple Time Machine • …

  19. Roll-pi idea • Normal computation goes forward • There is an explicit primitive, roll γ, to trigger a rollback • γ refers to a specific point in the past of the program • In a concurrent world, difficult to speak about time • We refer to an action to undo • Includes undoing all the actions depending on it • … and now we need some formal stuff

  20. Roadmap • Our aim • Reversibility • A rollback operator • Conclusions

  21. h i P Q P : : a m e s s a g e = ; j ( ) X P i t . a r g g e r j ( j ) l l l P Q i i t p a r a e c o m p o s o n j P º a n e w n a m e : j b l X i v a r a e j l l 0 n u p r o c e s s Q h i j ( ( ) ) f = g Q X P P . a a ! X HOpi fundamentals

  22. h i j ( ( ) ) j ( j ) j j j P Q P X P P Q P X 0 . : : a a º a = ; : ¯ M N i t c o n g u r a o n s : : = ; h d P t r e a · : j [ ] k m e m o r y m ; j ( j ) l l l M N p a r a e j M i i t t r e s r c o n º u : j l l ¯ i 0 t n u c o n g u r a o n ~ j h i k h h k t ¢ a g s · : : = ; ( ( h i ) j ( ( ) ) ) d P X Q i t . a c o n r e c o r m : : · : a · : a = 1 2 Rhopi syntax

  23. ( h i ) j ( ( ) ) P X Q . m · : a · : a = 1 2 F o r w a r d : P ( h i ) j ( ( ) ) ( f = g ) j [ ] k k k P X Q Q ³ . · : a · : a º : m ; X 1 2 : ( ) j [ ] k k P B a c k w a r d : m ; m : Ã Rhopi semantics • A forward rule similar to HOpi, managing tags and creating a memory • A backward rule for going back

  24. ( h ( i ) ) h h i h j i i k k k b b d X P X X 0 0 . . : : : a a c 3 2 1 Rhopi example

  25. [ h ( ( h h j i ) ) i i h h i h j i i ] k k k k k b b d k b d k M X X P N X 0 0 0 . . : : : : : a a c : ; 2 1 3 1 2 Rhopi example

  26. [ [ ( h ( ( h h h h h j i ) i ) i j i i i h h j h i i h ) j i i ] ] k k k k k k k b b b d d k d b d k k k M X P X N X N 0 0 0 0 0 0 . . : : : : : : : a a c c : ; : ; 3 1 4 2 1 2 3 1 4 Rhopi example

  27. [ h ( ( h h j i ) ) i i h h i h j i i ] k k k k k b b d k b d k M X X P N X 0 0 0 . . : : : : : a a c : ; 2 1 3 1 2 Rhopi example

  28. ( h ( i ) ) h h i h j i i k k k b b d X P X X 0 0 . . : : : a a c 3 2 1 Rhopi example

  29. Roadmap • Our aim • Reversibility • A rollback operator • Conclusions

  30. j j j ( j ) j h i j ( ) j l l P Q X P P Q P X P 0 . r o : : º a a a ° = ° ; : j j ( j ) j j [ ] k M N M M N P 0 : : º u · : ¹ ; = ; : Roll pi syntax • Extends Rhopi syntax • Adds the primitive roll γ for triggering rollback • Adds a γ label to triggers • The idea: roll γ takes the system back to the state before the trigger labelled by γ has been consumed • More precisely: undoes all the steps caused by the interaction involving the trigger labelled by γ

  31. ( h i ) j ( ( ) ) P X Q . m · : a · : a = 1 2 ° ( ) C & N o m k P k ( h i ) j ( ( ) ) ( f = g ) j [ ] k k k P X Q Q ³ ; . · : a · : a º : m ; X 1 2 ° ° : ; ( j [ ] j ( ) ) k k l l k N N l t I r o c o m p e e m ; · : ( ) N a i v e j [ ] j ( ) j k l l k & N N r o m ; · : m à k Giving semantics: naïve try • The forward rule uses the key k to replace the placeholder γ • A rule for roll • N ►k verifies that all the elements in N are related to k • Complete checks that the term is closed under causal relation • contains the elements in N not related to k

  32. ( h ( i ) ) h h i j i k k k b b l l X X X 0 0 . . r o : : : a a c ° 3 2 1 ° Naïve semantics example

  33. [ h ( h ( i j ) ) i h h i j ] i k k k k k b b l l k k b l k l M X X N X 0 0 . . r o r o : : : : : a a c : ; ° 1 3 2 1 2 ° Naïve semantics example

  34. ~ ~ h [ h [ h ( h ( i i i j j ) ) i h h h i i j ] i ] k k k k k k h h b b h h l k k l k k k b l l k l k l k M M X X N N X 0 0 0 . . r o ¢ ¢ r o r o : : : : : : a a : : c : : c ; ; ° 3 2 1 1 1 2 1 4 4 2 3 1 4 ° ; ; Naïve semantics example

  35. ~ ~ h [ h [ h ( h ( i i i j j ) ) i h h h i i j ] i ] k k k k k k h h b b h h l k k l k k k b l l k l k l k M M X X N N X 0 0 0 . . r o ¢ ¢ r o r o : : : : : : a a : : c : : c ; ; ° 3 2 1 1 1 2 1 4 4 2 3 1 4 ° ; ; Naïve semantics example

  36. ( h ( i ) ) h h i j i k k k b b l l X X X 0 0 . . r o : : : a a c ° 3 2 1 ° Naïve semantics example

  37. k k l l l l k k r r o o 1 1 The concurrency anomaly

  38. k k l l l l k k r r o o 1 1 The concurrency anomaly

  39. k 1 The concurrency anomaly

  40. k k l l l l k k r r o o 1 1 The concurrency anomaly

  41. k The concurrency anomaly

  42. The concurrency anomaly • Intuitively, I have rolls for undoing every action… • …but I am not able to go back to the starting state • I miss the possibility of performing rollbacks concurrently • Can I write a semantics capturing this aspect?

  43. ( h i ) j ( ( ) ) P X Q . m · : a · : a = 1 2 ° ( ) C o m k P ( h i ) j ( ( ) ) ( f = g ) j [ ] k k k P X Q Q ³ ; . · : a · : a º : m ; X 1 2 ° ° : ; ( ) j [ ] ( ) j [ ] ² l l k k l l k k ( ) S t a r t r o r o · : m ; · : m ; à 1 1 ( j [ ] ) k k N N l t I c o m p e e m ; ( ) R o l l j [ ] j ² k & N N m ; m à k Giving semantics: taming concurrency • The rollback has been splitted in two steps • Tagging the memory • Executing the rollback of a tagged memory

  44. k k l l l l k k r r o o 1 1 Concurrent rollback

  45. k k l l l l k k r r o o 1 1 Concurrent rollback

  46. k k l l l l k k r r o o 1 1 Concurrent rollback

  47. k 1 Concurrent rollback

  48. Concurrent rollback

  49. 0 0 0 f h h d k d ¤ ¤ M M M M M M i i t t ³ e n w a n u n m a r e à , Properties of concurrent semantics • Correct • If I go backward from M, I reach a state able to go forward to M • Complete • I can simulate any number of concurrent rollbacks • Good as abstract specification

  50. Going towards an implementation • The concurrent semantics is very high-level • Includes atomic steps involving an unbounded number of participants • Concurrently executing • Possibly distributed • Can we refine the semantics to a more distributed one? • Giving the same final result • Yes! • But technicalities are quite complex…

More Related