formal models for distributed negotiations zero-safe nets

1

Formal Models forDistributed NegotiationsZero-Safe Nets

Roberto BruniDipartimento di Informatica Università di Pisa

XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003

Formal Models for Distributed

Negotiations 2

Why Extending Petri Nets The basic P/T net model does not offer any

synchronization between transitions Only token synchronization

Useful because Translating primitives of concurrent languages

can involve complex constructions Needed for expressing transactions Useful in addressing

Issues of refinement / abstraction System design, Sw architectures Moving from free-choice systems to deadlock-avoiding Reliable multicasts


Negotiations 3

Why Zero-Safe Nets Zero-Safe Nets as a basis for modeling

distributed transactions and workflows Simplicity (natural extension of Petri nets) Based on a concept easily exportable to other

paradigms Offering both refined / abstract views Admit distributed interpreters / implementations

based on unfolding, no backtracking based on join-calculus

Easy to combine with other net flavors (e.g. read arcs)


Negotiations 4

The Idea Zero-Safe Nets are like P/T Petri nets but places

are partitioned in Stable places

Ordinary places defining observable states Zero-Safe places (or just zero places)

Idealized resources Empty in all observable states Temporarily used during transactions (coordinating activities)

Transaction as transition synchronization A computation from observable states to observable

states via non-stable markings Transactions can end when all tokens in zero places have

been consumed


Negotiations 5

Rendez-Vous

send receive

The message can be sent


Negotiations 6

Rendez-Vous

send receive

Sender is blocked until message is received

Frozen!


Negotiations 7

Rendez-Vous

send receive

Ready to commit


Negotiations 8

Rendez-Vous

send receive

Coordinated commit


Negotiations 9

Nondeterministic Rendez-Vous

send

receive

receive


Negotiations 10

Origin of the Name In classic Petri net Theory

A place a is n-safe if in any reachable marking it contains at most n tokens

A net is n-safe if all its places are such Thus a place / net is 0-safe if in any reachable

marking it is empty! Useless?

We write zero-safe, not 0-safe Zero places must be empty in any observable

marking


Negotiations 11

From Free-Choice to Non-Deadlocking

turn turn

left leftright right


Negotiations 12


turn turn



Negotiations 13


turn turn



Negotiations 14


turn turn


Success!


Negotiations 15


turn turn



Negotiations 16


turn turn


Deadlock!


Negotiations 17


turn turn


Only successful choicesby design!


Negotiations 18

No Reuse of Stable Tokens Before Commit

send receive

The message can be sent…


Negotiations 19

No Reuse of Stable Tokens Before Commit

send receive

…but no-one can receive it!


Negotiations 20

Multicasting

b

a

z

c

2

new

receive

send

reset copy


Negotiations 21

Multicasting

b

a

z

c

2

new

receive

send

reset copy


Negotiations 22

Multicasting

b

a

z

c

2

new

receive

send

reset copy


Negotiations 23

Multicasting

b

a

z

c

2

new

receive

send

reset copy


Negotiations 24

Multicasting

b

a

z

c

2

new

receive

send

reset copy


Negotiations 25

Formal Definition A Zero-Safe net is

B=(S,T,pre,post,u0,Z) NB=(S,T,pre,post,u0) is the underlying P/T

Petri net ZS is the set of zero places

L=S-Z is the set of stable places u0L is the initial marking

Note: S = (LZ) LZ Markings can be represented as pairs (u,x)

uL

xZ


Negotiations 26

Operational Semantics We can exploit the operational semantics (step

semantics) of the underlying P/T Petri net NB uxNB

vy(u,x)B(v,y)[underlying steps]

(u,)B(v,)uBv

[commit]

(u,x)B(v,x’) (u’,x’)B(v’,y)(uu’,x)B(vv’,y) [horizontal composition]

The key feature is horizontal composition• it acts as sequential composition on zero places• it acts as parallel composition on stable places


Negotiations 27

Transactions as Transitions

The admissible behaviors of the net are those that can be committed Such concurrent transactions can be regarded as

atomic activities at the higher level of abstraction In general there can be several P/T Petri nets

N such that N B We should select an abstract net A(B) which

is an ordinary P/T Petri net its places are the stable places of B its transitions are the (minimal) transactions of B

not decomposable in parallel activities all other steps can be inferred


Negotiations 28

Rendez-Vous

send receive

B A(B)


Negotiations 29


turn turn


turn-L turn-R

B A(B)


Negotiations 30

Collective or Individual? Different philosophies can yield different abstract

nets Define an algebra of computations

Careful axiomatization of horizontal composition * Select only those computations such that

goes from stable marking to stable marking If there exist , with = then either = or =

Computations are processes of NB Select only those processes that satisfy suitable conditions

connected – not decomposable in parallel active processes all and only minimal / maximal places stable full – no idle place

CTPh

ITPh


Negotiations 31

Multicasting CTPh

b

a

c

new

1-1reset2

21-2

3

3

1-n

n+1

n+1

… …

Infinitely many transitions!


Negotiations 32

Multicasting ITPh

b

a

c

new

1-1reset2

21-2

3

3

1-n

n+1

n+1

… … 1-n

n+1

n+1

…

Different copy policies are distinguished!Infinitely many transitions!


Negotiations 33

Concurrent Copies

send copy

copy

copy

receive

receive

receive

receive


Negotiations 34

Sequential Copies

send copy

copy

copy

receive

receive

receive

receive


Negotiations 35

The ITPh “Monster”

B CTPh ITPh

2

2

n

n

… …


Negotiations 36

Distributed Interpreter The operational semantics relies on some sort of

meta-definition: one computes on the underlying net, building transaction

segments and discarding undesired behaviors Given an interpreter:

Is backtracking needed? Correctness and completeness? Halting criteria?

The problem: Given a ZS net B with initial marking u0, is it possible to

compute in a distributed fashion the set R(B,u0) of markings that can be reached via atomic transactions?


Negotiations 37

Proposed Solution The unfolding technique provides a

distributed interpreter Initial marking is needed!

We modify the distributed algorithm for P/T net unfolding and extend it with a COMMIT rule that enforces synchronization in the execution of a transaction


Negotiations 38

ZS Nets Interpreter Ika u0

a,k, SU(B) initial marking (as before)

t:isi (v,jnjzj) T ={si,ki,Hi}i SU(B) co()e=t,TU(B) ={zj,m,{e} | 1 m nj}j SU(B)

pre(e)= post(e)=

can be either stable or zero

only zero!

wait… where is v?


Negotiations 39

ZS Nets Interpreter II

u0 R(B,u0) TU(B) co() ZProd()=ZCons()

u0 SProd() - SCons() R(B,u0)

Together with the unfolding we compute R(B,u0)!

Where we take the obvious extensions to of: ZCons(e) is the set of zero tokens consumed by the

ancestors of e (including e itself) ZProd(e) is the set of zero tokens produced by the

ancestors of e (including e itself) SCons(e) = t:(u,x)(v,y), e u SProd(e) = t:(u,x)(v,y), e v

sets

multisets


Negotiations 40

Results Proposition

If TU(B) such that co() and ZProd()=ZCons(), then e=t, we have that t does not produce any zero token

Theorem R(B,u0) = { v | u0 Bv }

Proof: : by rule induction : by induction on the proof of u Bv


Negotiations 41

Open Problems Computing the ITPh abstract net

Identify isomorphic processes For vR(B,u0) we could add tokens with history …

Halting criteria The algorithm recursively enumerate R(B,u0)

Decidability proved by Nadia Busi using a result of Reinhardt Complexity

The algorithm is as much as distributed as the classical unfolding applied to the abstract net

To improve efficiency the sets ZProd(e) … could be encoded in e (they can be easily calculated from the history component)


Negotiations 42

Recap We have seen Basic theory of Zero-Safe nets

Formal definition Graphical representation Examples Abstract (CTPh / ITPh) nets Distributed interpreter based on

unfolding


Negotiations 43

References Zero-safe nets: comparing the collective

and individual token approaches (Information and Computation 156(1-2):46-89, Academic Press 2000) R. Bruni, U. Montanari

Executing transactions in zero-safe nets (Proc. ATPN’00, LNCS 1376, Springer 2000, pp. 83-102) R. Bruni, U. Montanari

formal models for distributed negotiations zero-safe nets

Documents