1
Formal Models forDistributed NegotiationsZero-Safe Nets
Roberto BruniDipartimento di Informatica Università di Pisa
XVII Escuela de Ciencias Informaticas (ECI 2003), Buenos Aires, July 21-26 2003
Formal Models for Distributed
Negotiations 2
Why Extending Petri Nets The basic P/T net model does not offer any
synchronization between transitions Only token synchronization
Useful because Translating primitives of concurrent languages
can involve complex constructions Needed for expressing transactions Useful in addressing
Issues of refinement / abstraction System design, Sw architectures Moving from free-choice systems to deadlock-avoiding Reliable multicasts
Formal Models for Distributed
Negotiations 3
Why Zero-Safe Nets Zero-Safe Nets as a basis for modeling
distributed transactions and workflows Simplicity (natural extension of Petri nets) Based on a concept easily exportable to other
paradigms Offering both refined / abstract views Admit distributed interpreters / implementations
based on unfolding, no backtracking based on join-calculus
Easy to combine with other net flavors (e.g. read arcs)
Formal Models for Distributed
Negotiations 4
The Idea Zero-Safe Nets are like P/T Petri nets but places
are partitioned in Stable places
Ordinary places defining observable states Zero-Safe places (or just zero places)
Idealized resources Empty in all observable states Temporarily used during transactions (coordinating
activities) Transaction as transition synchronization
A computation from observable states to observable states via non-stable markings
Transactions can end when all tokens in zero places have been consumed
Formal Models for Distributed
Negotiations 5
Rendez-Vous
send receive
The message can be sent
Formal Models for Distributed
Negotiations 6
Rendez-Vous
send receive
Sender is blocked until message is received
Frozen!
Formal Models for Distributed
Negotiations 7
Rendez-Vous
send receive
Ready to commit
Formal Models for Distributed
Negotiations 8
Rendez-Vous
send receive
Coordinated commit
Formal Models for Distributed
Negotiations 9
Nondeterministic Rendez-Vous
send
receive
receive
Formal Models for Distributed
Negotiations 10
Origin of the Name In classic Petri net Theory
A place a is n-safe if in any reachable marking it contains at most n tokens
A net is n-safe if all its places are such Thus a place / net is 0-safe if in any reachable
marking it is empty! Useless?
We write zero-safe, not 0-safe Zero places must be empty in any observable
marking
Formal Models for Distributed
Negotiations 11
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Formal Models for Distributed
Negotiations 12
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Formal Models for Distributed
Negotiations 13
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Formal Models for Distributed
Negotiations 14
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Success!
Formal Models for Distributed
Negotiations 15
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Formal Models for Distributed
Negotiations 16
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Deadlock!
Formal Models for Distributed
Negotiations 17
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
Only successful choicesby design!
Formal Models for Distributed
Negotiations 18
No Reuse of Stable Tokens Before Commit
send receive
The message can be sent…
Formal Models for Distributed
Negotiations 19
No Reuse of Stable Tokens Before Commit
send receive
…but no-one can receive it!
Formal Models for Distributed
Negotiations 20
Multicasting
b
a
z
c
2
new
receive
send
reset copy
Formal Models for Distributed
Negotiations 21
Multicasting
b
a
z
c
2
new
receive
send
reset copy
Formal Models for Distributed
Negotiations 22
Multicasting
b
a
z
c
2
new
receive
send
reset copy
Formal Models for Distributed
Negotiations 23
Multicasting
b
a
z
c
2
new
receive
send
reset copy
Formal Models for Distributed
Negotiations 24
Multicasting
b
a
z
c
2
new
receive
send
reset copy
Formal Models for Distributed
Negotiations 25
Formal Definition A Zero-Safe net is
B=(S,T,pre,post,u0,Z) NB=(S,T,pre,post,u0) is the underlying P/T
Petri net ZS is the set of zero places
L=S-Z is the set of stable places u0L is the initial marking
Note: S = (LZ) LZ Markings can be represented as pairs (u,x)
uL
xZ
Formal Models for Distributed
Negotiations 26
Operational Semantics We can exploit the operational semantics (step
semantics) of the underlying P/T Petri net NB
uxNBvy
(u,x)B(v,y)[underlying steps]
(u,)B(v,)
uBv[commit]
(u,x)B(v,x’) (u’,x’)B(v’,y)
(uu’,x)B(vv’,y)[horizontal composition]
The key feature is horizontal composition• it acts as sequential composition on zero places• it acts as parallel composition on stable places
Formal Models for Distributed
Negotiations 27
Transactions as Transitions
The admissible behaviors of the net are those that can be committed Such concurrent transactions can be regarded as
atomic activities at the higher level of abstraction In general there can be several P/T Petri nets
N such that N B We should select an abstract net A(B) which
is an ordinary P/T Petri net its places are the stable places of B its transitions are the (minimal) transactions of B
not decomposable in parallel activities all other steps can be inferred
Formal Models for Distributed
Negotiations 28
Rendez-Vous
send receive
B A(B)
Formal Models for Distributed
Negotiations 29
From Free-Choice to Non-Deadlocking
turn turn
left leftright right
turn-L turn-R
B A(B)
Formal Models for Distributed
Negotiations 30
Collective or Individual? Different philosophies can yield different abstract
nets Define an algebra of computations
Careful axiomatization of horizontal composition * Select only those computations such that
goes from stable marking to stable marking If there exist , with = then either = or =
Computations are processes of NB Select only those processes that satisfy suitable conditions
connected – not decomposable in parallel active processes all and only minimal / maximal places stable full – no idle place
CTPh
ITPh
Formal Models for Distributed
Negotiations 31
Multicasting CTPh
b
a
c
new
1-1reset
2
2
1-2
3
3
1-n
n+1
n+1
… …
Infinitely many transitions!
Formal Models for Distributed
Negotiations 32
Multicasting ITPh
b
a
c
new
1-1reset
2
2
1-2
3
3
1-n
n+1
n+1
… … 1-n
n+1
n+1
…
Different copy policies are distinguished!Infinitely many transitions!
Formal Models for Distributed
Negotiations 33
Concurrent Copies
send copy
copy
copy
receive
receive
receive
receive
Formal Models for Distributed
Negotiations 34
Sequential Copies
send copy
copy
copy
receive
receive
receive
receive
Formal Models for Distributed
Negotiations 35
The ITPh “Monster”
B CTPh ITPh
2
2
n
n
… …
Formal Models for Distributed
Negotiations 36
Distributed Interpreter The operational semantics relies on some sort of
meta-definition: one computes on the underlying net, building transaction
segments and discarding undesired behaviors Given an interpreter:
Is backtracking needed? Correctness and completeness? Halting criteria?
The problem: Given a ZS net B with initial marking u0, is it possible to
compute in a distributed fashion the set R(B,u0) of markings that can be reached via atomic transactions?
Formal Models for Distributed
Negotiations 37
Proposed Solution The unfolding technique provides a
distributed interpreter Initial marking is needed!
We modify the distributed algorithm for P/T net unfolding and extend it with a COMMIT rule that enforces synchronization in the execution of a transaction
Formal Models for Distributed
Negotiations 38
ZS Nets Interpreter Ika u0
a,k, SU(B) initial marking (as before)
t:isi (v,jnjzj) T ={si,ki,Hi}i SU(B) co()
e=t,TU(B) ={zj,m,{e} | 1 m nj}j SU(B)
pre(e)= post(e)=
can be either stable or zero
only zero!
wait… where is v?
Formal Models for Distributed
Negotiations 39
ZS Nets Interpreter II
u0 R(B,u0) TU(B) co() ZProd()=ZCons()
u0 SProd() - SCons() R(B,u0)
Together with the unfolding we compute R(B,u0)!
Where we take the obvious extensions to of: ZCons(e) is the set of zero tokens consumed by the
ancestors of e (including e itself) ZProd(e) is the set of zero tokens produced by the
ancestors of e (including e itself) SCons(e) = t:(u,x)(v,y), e u
SProd(e) = t:(u,x)(v,y), e v
sets
multisets
Formal Models for Distributed
Negotiations 40
Results Proposition
If TU(B) such that co() and ZProd()=ZCons(), then e=t, we have that t does not produce any zero token
Theorem R(B,u0) = { v | u0 Bv }
Proof: : by rule induction : by induction on the proof of u Bv
Formal Models for Distributed
Negotiations 41
Open Problems Computing the ITPh abstract net
Identify isomorphic processes For vR(B,u0) we could add tokens with history …
Halting criteria The algorithm recursively enumerate R(B,u0)
Decidability proved by Nadia Busi using a result of Reinhardt Complexity
The algorithm is as much as distributed as the classical unfolding applied to the abstract net
To improve efficiency the sets ZProd(e) … could be encoded in e (they can be easily calculated from the history component)
Formal Models for Distributed
Negotiations 42
Recap We have seen Basic theory of Zero-Safe nets
Formal definition Graphical representation Examples Abstract (CTPh / ITPh) nets Distributed interpreter based on
unfolding
Formal Models for Distributed
Negotiations 43
References Zero-safe nets: comparing the collective
and individual token approaches (Information and Computation 156(1-2):46-89, Academic Press 2000) R. Bruni, U. Montanari
Executing transactions in zero-safe nets (Proc. ATPN’00, LNCS 1376, Springer 2000, pp. 83-102) R. Bruni, U. Montanari