1 Joint work with Claudio Antares Mezzina and Jean-Bernard Stefani Controlled Reversibility and Compensations Ivan Lanese Focus research group Computer Science Department University of Bologna/INRIA Italy
Roadmap l Reversibility and concurrency l Controlling reversibility l Compensations l Conclusions
Roadmap l Reversibility and concurrency l Controlling reversibility l Compensations l Conclusions
Why we are interested in reversibility? l We want programming abstractions for dependable distributed systems l Different proposals in the literature –Exception handling, checkpointing, transactions, … l Unrelated proposals, difficult to combine and compose l Is there a unifying concept? l … most of them include some form of undo
What if we could undo every action? l Very low-level mechanism l Can we build suitable abstractions on top of it? l Can we recover and better understand traditional error recovery schemes? l Can we find new schemes or combine old ones?
Reversing concurrent systems l What does it mean to go back one step for a concurrent system? l First approach in Reversible Communicating Systems. CONCUR 2004 by V. Danos and J. Krivine
Reversible Communicating Systems l Presents the RCCS calculus –A reversible version of CCS l Causal consistent reversibility –Transitions should be rollbacked in any order compatible with causal dependencies
Causal consistent reversibility a a b b
Many reversible calculi l Reversible variants of many calculi have been studied –CCS-like calculi: Phillips & Ulidowski [FoSSaCS 2006, JLAP 2007] –HOπ: Lanese, Mezzina & Stefani [CONCUR 2010] –μOz: Lienhardt, Lanese, Mezzina & Stefani [FMOODS&FORTE 2012] l All causally consistent l All allowing to reverse each single step l All providing perfect reversibility
End of the story? l These calculi specify how to reverse computations, but not when l If programs choose nondeterministically whether to go back or to go forward we get useless programs –Always diverge –If I get a result I cannot make it persistent
Roadmap l Reversibility and concurrency l Controlling reversibility l Compensations l Conclusions
Controlling reversibility l We want techniques to decide when to go back and when to go forward –Avoiding the drawbacks described before l The technique depends on the aim of reversibility l For error recovery –Normal computation is forward –In case of error, go back to reach a consistent state »Requires to undo many steps at the time l Go back n steps is not meaningful –In a concurrent setting it is not clear which the last steps are
Who should control reversibility? l Different possibilities l We propose a taxonomy –Internal control: reversibility is controlled by the programmer –External control: reversibility is controlled by the environment –Semantic control: reversibility control is embedded in the semantics of the language
Internal control l Some approaches in the literature –Irreversible actions (Danos&Krivine [CONCUR 2005]) »Cannot be executed backward »Allow to make a result persistent »Allow to model a form of (non nested) transaction »Still most programs are divergent –Roll operator (Lanese, Mezzina, Schmitt & Stefani [CONCUR 2011]) »Allows to undo a past action and all its consequences »If no roll points back past an action then the effect of the action is persistent »Allow to model checkpointing »Still most programs are divergent
External control l Not much studied yet in a concurrent setting l Seems interesting in some scenarios l Hierarchical component-based systems –The father component controls the direction of execution of its child –It needs information on the state of the child »E.g., the child should notify errors l Concurrent reversible debugger –The user controls whether the program under test should execute backward or forward –Backward execution in form of “undo this past action”
Semantic control l Reversibility policy embedded in the language l E.g., count how many times actions have been done and undone and always try new possibilities –Good for research in a state space –Different euristics may improve the efficiency l Bacci, Danos & Kammar [CALCO 2011] –Steps are taken subject to some probability –Rate depends on some energy parameters –There is a lower bound on energy allowing to commit a forward computation in finite average time
How to avoid divergence? l With internal control perfect reversibility leads to divergence –When I go back to a past state I can always go forward again along the same path l I want reversibility but not perfect reversibility –I go back, but I change something in the state –To remember past tries and learn from them –We advocate the use of compensations »From database and business process management –Compensation: ad hoc piece of code executed in case of error to go back to a consistent state
Roadmap l Reversibility and concurrency l Controlling reversibility l Compensations l Conclusions
Compensations and reversibility l Perfect reversibility –A;P : do A, then do P –If P contains a rollback of A we go back to A;P –We may redo the same error again, possibly forever l I add compensations to actions –A%B;P: do A (with compensation B), then do P –If P contains a rollback of A we go to B;P –Different state than before, hopefully no error now
Different kinds of compensations l Consider we want to compensate a failed booking of an airplane l Standard compensation: get back the money paid –Done automatically in a reversible setting l Replacing compensation: try again, with a different approach –Try to book using a different airline l Tracing compensation: remember the experience and learn from it –Remember that the tried airline is not good
Not only a matter of flavor l Consider nested transactions l E.g., airline booking part of travel booking l In case of travel failure –replacing compensations should be eliminated –tracing compensations should be preserved l Difference related to their interaction with the causality structure of the computation
Roadmap l Reversibility and concurrency l Controlling reversibility l Compensations l Conclusions
Summary l A classification of possible ways of controlling reversibility l A description of how to combine reversibility and compensations l A classification of different flavors of compensations
Future work l Many threads of research outlined here, still to be completed l Making real concurrent languages reversible –Concurrent ML? Erlang? Java? l Fully explore the design space of controlled reversibility –External control –Other primitives for internal control »Combining irreversible actions and rollback –Euristics for semantic control l Studying a language with rollback and compensations –Semantics –Behavioral theory –Applying it to recover existing error recovery frameworks
Finally