Formal Models for Distributed Negotiations: Transactions

1
Models and Languages for Coordination and
Orchestration IMT- Institutions Markets
Technologies - Alti Studi Lucca
Nominal Calculi for Transactions CJOIN
Roberto Bruni Dipartimento di Informatica
Università di Pisa
2
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

3
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

4
Flow Diagrams meet Process Description Languages
from cCSP slides

• Many proposals to describe business processes
  unambiguously
• XML-based
• WSFL, XLANG, WSCI, BPEL4WS
• Extensions of known mobile calculi
• committed Join, ?t-calculus, web?-calculus
• Flow-based
• Compensating CSP (Butler, Hoare, Ferreira)
• previously Structured Activity Compensation
  (StAC)
• Sagas Calculus (Bruni, Melgratti, Montanari)

5
Interaction and Agreements

• In long lasting negotiations partial agreements
  can be reached and locally committed by parties
• to be compensated in case of failure
• to be published / confirmed on success
• In commercial applications, separately designed
  and implemented components must interact
• avoiding ad-hoc proprietary solutions
• offering alternatives to centralized transaction
  managers
• hiding the coordination layer (separation of
  concerns)

6
Distributed Negotiations

• Negotiations / Contracts
• commit, abort, compensation
• hierarchical decisions
• dynamic membership
• fully distributed control
• Process cooperation
• coordination / orchestration / choreography
• different platforms and policies
• Data integration
• unstructured documents in different formats

7
Prerequisites forModeling Contracts

• Local and global resources
• Local sub-contracts and decisions
• Global results posted upon commit
• Abort of ongoing contracts
• All participants must be informed
• Compensations can be activated
• Either abort or commit (no divergence)
• Dynamic joining of participants
• Contracts can be merged
• Nested structure of contracts

8
cJoin

• committed Join
• Process Description Language (PDL) presentation
• Non ACID (unrealistic in highly distributed
  systems)
• Multiway (several parties can start separately
  but commit on reached agreement)
• Compensations (certain acts cannot be undone)
• Programmable commit / abort / compensation
• Concurrency and distribution (Distributed 2PC)
• Different levels of abstraction

9
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

10
Committed Join Syntax
messages

• M,N 0 x?y? MN
• P,Q M def D in P PQ abort PQ
• D,E J?P D?E J?P
• J,K x?y? JK

programmable abort
merge definitions (boards) defined boards must
be disjoint from ordinary defined names
11
Committed Join Semantics
12
Committed Join Semantics
compensation is kept frozen
contract P can evolve in isolation
13
Committed Join Semantics
commit
global resources
14
Committed Join Semantics
compensation on abort
15
Committed Join Semantics
merge n ongoing contracts
16
Join vs cJoin

• PROPOSITION
• cJOIN is a conservative extension of JOIN

P ?J Q iff P ?cJ Q (for P and Q JOIN processes)
(Proof by obviousness -) )
17
Playful Digression5 Fast Proof Methods...

• Proof by tautology
• "It's true because it's true."
• Proof by logic
• "If it is on the exercise list, then it must be
  true!"
• Proof by lost reference
• "I know I saw it somewhere......"
• Proof by lack of interest
• "Does anyone really want to see this?"
• Proof by insignificance
• "Who really cares, anyway?"

18
Playful Digression ... and 5 Irrefutable Proof
Methods

• Proof by divine word
• "And the Lord said, 'Let it be true,' and it was
  true."
• Proof by supplication
• "Oh please, let it be true."
• Proof by necessity
• "It had better be true, or the entire structure
  of mathematics would crumble to the ground."
• Proof by design
• "If it's not true in today's math, invent a new
  system in which it is."

19
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

20
A Multi-Way Contract
21
Multi-Level Nesting
22
Nested Abort I
23
Nested Abort II
24
Hotel Booking I
H ? def WaitBooking ? def
request?o? ? o?? price?? ? price??
confirm?v? ? BookedRoom?v? ?
price?? ? abort in offeringRoom
?request,confirm? Q ? BookedRoom?v?
? in WaitBooking

25
Hotel Booking I
H ? def WaitBooking ? def
request?o? ? o?? price?? ? price??
confirm?v? ? BookedRoom?v? ?
price?? ? abort in offeringRoom
?request,confirm? Q ? BookedRoom?v?
? in WaitBooking C ? def
BookingHotel ? def hotelMsg ?r,c? ? def offer??
? c?visa? HotelFound ? offer?? ?
abort in r?offer? in searchRoom
?hotelMsg? Q in BookingHotel
26
Hotel Booking I
H ? def WaitBooking ? def
request?o? ? o?? price?? ? price??
confirm?v? ? BookedRoom?v? ?
price?? ? abort in offeringRoom
?request,confirm? Q ? BookedRoom?v?
? in WaitBooking C ? def
BookingHotel ? def hotelMsg ?r,c? ? def offer??
? c?visa? HotelFound ? offer?? ?
abort in r?offer? in searchRoom
?hotelMsg? Q in BookingHotel
HB ? def searchRoom?hm? offeringRoom ?r,c? ?
hm?r,c? in H C
27
Hotel Booking II
, WaitBooking , BookingHotel ? ? , ,
offeringRoom?request,confirm? Q , ,
searchRoom?hotelMsg? Q ? , ,
hotelMsg?request,confirm? Q Q ? , ,
request?offer? Q Q ? , , offer??,
price?? Q Q ? , , confirm?visa?,
HotelFound , price?? Q Q ? , ,
BookedRoom?visa?, HotelFound Q Q ? ,
BookedRoom?visa?, HotelFound
28
Trip Booking I
H as before F ? def WaitBooking ? def
request?o? ? o?? price?? ?
price?? confirm?v? ? BookedFlight?v? ?
price?? ? abort in
offeringFlight ?request,confirm? Q ?
BookedFlight?v? ? in WaitBooking

local name, different from homonym name in H
29
Trip Booking II
both needed to commit
C ? def hotelOK?fc? flightOK?hc? ? fc hc
? BookingHotel ? def hotelMsg?r,c? ? def
offer?? ? c?visa? hotelOK?flightConf?
? offer?? ? abort ? flightConf ?
HotelFound in r?offer? in searchRoom
?hotelMsg? Q ? BookingFlight ? def
flightlMsg?r,c? ? def offer?? ? c?visa?
flightOK?hotelConf? ? offer?? ? abort
? hotelConf ? FlightFound in
r?offer? in searchFlight ?flightMsg? Q
in BookingHotel BookingFlight TB ?
def searchRoom?hm? offeringRoom ?r,c? ?
hm?r,c? ? searchFlight?fm?
offeringFlight ?r,c? ? fm?r,c? in H
F C
30
Committed Join Features

• Negotiations can be defined in terms of
  concurrent sub-negotiations
• Cooperation between contracts are given by
  merging definitions
• Global resources produced inside a negotiation
  are made available at commit time
• Commit requires termination
• Programmable abort and compensation

31
Example Mailing List I
ML ? MailingList?k? ? MLDef
32
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def
in lst?nil? k?add, tell,
close?
33
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?...?
? ... ? lst?y? add?x? ? ? lst?y?
tell?v? ? ? lst?y? close? ? ?
in lst?nil? k?add, tell, close?
34
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?...?
? ... ? lst?y? add?x? ? def z?v,tid? ?
x?v? y?v, tid? in lst?z? ? lst?y?
tell?v? ? ? lst?y? close? ? ?
in lst?nil? k?add, tell, close?
35
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?...?
? ... ? lst?y? add?x? ? def z?v, tid? ?
x?v? y?v, tid? in lst?z? ? lst?y?
tell?v? ? def tid?? ? 0 in y?v, tid? lst?y?
lst?y? ? lst?y? close? ? ?
in lst?nil? k?add, tell, close?
36
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?v,
tid? ? tid ? ? ? lst?y? add?x? ? def
z?v, tid? ? x?v? y?v, tid? in lst?z? ?
lst?y? tell?v? ? def tid?? ? 0 in y?v,
tid? lst?y? lst?y? ? lst?y? close? ?
? in lst?nil? k?add, tell,
close?
37
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?v,
tid? ? tid ? ? ? lst?y? add?x? ? def
z?v, tid? ? x?v? y?v, tid? in lst?z? ?
lst?y? tell?v? ? def tid?? ? 0 in y?v,
tid? lst?y? lst?y? ? lst?y? close? ?
? 0 in lst?nil? k?add, tell,
close?
38
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?v,
tid? ? tid ? ? ? lst?y? add?x? ? def
z?v, tid? ? x?v? y?v, tid? in lst?z? ?
lst?y? tell?v? ? def tid?? ? 0 in y?v,
tid? lst?y? lst?y? ? lst?y? close? ?
? 0 in lst?nil? k?add, tell,
close? Emp ? employees?a,t,c? ? a?Alice?
a?Bob? t?News?
39
Example Mailing List I
ML ? MailingList?k? ? MLDef MLDef ? def nil?v,
tid? ? tid ? ? ? lst?y? add?x? ? def
z?v, tid? ? x?v? y?v, tid? in lst?z? ?
lst?y? tell?v? ? def tid?? ? 0 in y?v,
tid? lst?y? lst?y? ? lst?y? close? ?
? 0 in lst?nil? k?add, tell,
close? Emp ? employees?a,t,c? ? a?Alice?
a?Bob? t?News? SYS ? def ML ? Emp in
MailingList?employees?
40
Example Mailing List II
, MailingList?employees? ? , lst?nil? ,
employees?add, tell, close? ? , lst?nil? ,
add?Alice? , add?Bob? , tell?News? ? , z1?v,
tid? ? Alice?v? nil?v, tid? , lst?z1? ,
add?Bob? , tell?News? ? , z2?v, tid? ? Bob?v?
z1?v, tid? , lst?z2? , tell?News? ? , tid?? ?
0 , z2?News, tid? , lst?z2? lst?z2? ? ,
tid?? ? 0 , Bob?News? , z1?News, tid? , lst?z2?
lst?z2? ? , tid?? ? 0 , Bob?News? ,
Alice?News? , nil?News, tid? , lst?z2? lst?z2?
? , tid?? ? 0 , Bob?News? , Alice?News? , tid?
? , lst?z2? lst?z2? ? , tid?? ? 0 ,
Bob?News? , Alice?News? , lst?z2? lst?z2? ? ,
Bob?News? , Alice?News? , lst?z2? , tid?? ? 0
lst?z2? ? , Bob?News? , Alice?News? , lst?z2?
41
EIGHTH HOMEWORK

• Modify Emp and MLDef to serialize the
  subscriptions to the list and the dispatch of the
  news, i.e. in such a way that
• Bob is subscribed only after Alice
• the news is dispatched only after Bob is
  subscribed

42
ZS nets, Join and cJoin

• ZS nets can be encoded in Join by attaching the
  dynamic creation of a local DTC to transitions
• Implementation of D2PC (transparent to users)
• Tokens must carry several channel names
• Each firing must undergo local DTCs approval
• cJoin primitives allow a straightforward encoding
• No further protocol is needed
• Tokens carry just one contract identifier
• Firings directly correspond to reactions

43
ZS nets in cJoin I
We encode basic nets, which are expressive enough
given a net (T,S) we define an agent def T
in S , where
E open e E ? def z?0 in e?z?
E e calc e e?z? ? e?z? e
fork e, e e?z? ? e?z? e?z?
e, e join e e?z? e?z? ? e?z?
e close E e ?z? ? E
dummy definition (JOIN way of declaring a local
id)
z and z have now identical scope and meaning
44
ZS nets in cJoin II

• THEOREM
• (S,?) ? (S',?) iff def T in S ? def
  T in S'

45
Matching the Prerequisites

• Local and global resources
• Local sub-contracts and decisions
• Global results posted upon commit
• Abort of ongoing contracts
• All participants must be informed
• Compensations can be activated
• Either abort or commit (no divergence)
• Dynamic joining of participants
• Contracts can be merged
• Nested structure of contracts

46
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

47
Serializability

• A serializable transaction admits an abstract
  representation as a single transition
• cJoin negotiations may interact with other
  negotiations (not serializable in the previous
  sense)
• But all cooperating negotiations can be viewed as
  a single transition
• Moreover, we would like this property to hold at
  every level of nesting

48
Shallowness

• A simple type system guarantees serializability
• Shallow processes
• the start of a sub-negotiation can be postponed
  until all the cooperating sub-negotiations needed
  to commit can be generated inside its parent
  negotiation
• Proof via correspondence w.r.t. big step semantics

49
Shallow Processes

• P is shallow if every definition D in P
  satisfies
• Any reaction in shallow processes increases the
  height of the nesting structure by at most 1

either D J ? P, where nest ( P ) 0,
or P R Q and
nest ( R Q ) 0
or D J ? P, and nest (P) 0
50
Stable Processes

• Shallow board definitions are ranged over by B,
  B',...
• A shallow process P is stable if nest ( P ) 0
• Stable processes are ranged over by S, S', ...

51
Serializability

• Serializability as big step reduction relation
  (?) between shallow processes
• Theorem S ?cJ S iff S ? S

52
Contents

• Introduction
• cJoin syntax semantics
• Examples
• Serializability
• cJoin in Join

53
Encoding of cJoin in Join

• Aim
• Define an implementation of cJoin in Join
• Associate to every cJoin process a Join process
  that simulates its behavior
• Ideas
• Consider flat processes only
• Identification of basic forms for definitions
• expressive enough to model all flat cJoin
  processes
• a type system singles out canonical forms of
  processes
• Reuse controllers of the D2PC protocol

54
Flat cJoin

• Negotiations cannot be nested
• Type system for cJoin Processes
• P 0, P does not contain __ at all
• P 1, P may contain __ just in definitions
• P 2, P may have/generate flat negotiations, not
  nested
• D 0, D does not contain __ at all
• D 1, D may initiate flat negotiations, not
  nested
• Subject Reduction holds for 0 and 2
• not for 1
• Join Processes have type 0
• Flat cJoin The sub-calculus of all P2

55
Canonical Flat cJoin

• Inspired by the basic shapes of ZS nets
• Few elementary definition patterns
• Any flat process can be written in canonical form
• canonical processes are flat
• any process is bisimilar to its canonical form

56
Encoding Main Ideas

• Any message in a negotiation is managed by a
  coordinator
• Coordinators perform a slight variant of the D2PC
  protocol
• handling of failures is more complex here
• Adequacy theorems
• correctness and completeness of compilation
• JoCaml has been extended with cJoin primitives
• PhD Thesis of Hernán Melgratti

57
Concluding remarks

• cJoin models multi-way transactions by describing
  interacting agents
• but not their global structure
• choreography is the main issue
• Flat cJoin can be implemented in Join
• commit is fully distributed
• extensions of other Join implementations are
  planned
• cJoin compensations do not undo precommitted
  activities
• can such compensations be encoded in cJoin?

58
Recent Related Work Extensions of ?-calculus

• ?t
• inspired by long-running transactions in BizTalk
• additional primitives
• context(P,Pf,Pc)
• done
• abort
• unique entry point
• transactional contexts are not isolated
• not influencing commit / abort
• web?
• timed variant of ?t

59
References

• Nested commits for mobile calculi extending join
  (Proc. IFIP-TCS04, Kluwer)
• R. Bruni, H. Melgratti, U. Montanari
• Flat committed join in join (Proc.
  COMETA03, ENTCS)
• R. Bruni, H. Melgratti, U. Montanari
• Models and languages for global computing
  transactions, Part II (PhD Thesis, Univ. of Pisa,
  2005)
• H. Melgratti

60
That's All Folks!