Reversibility for Recoverability
Ivan LaneseComputer Science Department
FOCUS research groupUniversity of Bologna/INRIA
Reversing concurrent systems
Reversibility and compensations
We want programming abstractions for dependable distributed systems
Different proposals in the literature– Exception handling, checkpointing, transactions, …
Unrelated proposals, difficult to combine and compose Is there a unifying concept?
… most of them include some form of undo
What if we could undo every action?
Very low-level mechanism Can we recover and better understand traditional
recovery schemes? Can we find new schemes or combine old ones?
Reversing concurrent systems
What does it means to go back one step for a concurrent system?
Which information is needed?
First approach in
Reversible Communicating Systems. CONCUR 2004
by V. Danos and J. Krivine
Simple algebraic models for concurrent systems Different calculi in the literature
– CCS, CSP, π-calculus, HOπ, …
Basic actions for communication on named channels Composition operators (sequence, parallel, choice) Semantics defining the behavior
a:bjb:cja ! bjb:c ! c
Reversible Communicating Systems
Provides a reversible version of CCS History information is added to each thread Causal consistent reversibility
– Transitions should be rollbacked in any order compatible with causal dependencies
Causal consistent reversibility
Not much happened for some times– RCCS used for defining a simple transaction mechanism
– Generalization from CCS to a simple rule format (2006)
Our contributions (from 2009)– Applying the technique to HOpi, a calculus with higher-
– An encoding of reversible HOpi into HOpi
– Applying the technique to Oz abstract machine» Oz is a concurrent language with asynchronous communication
– An analysis of the space overhead of reversibility in Oz
In the previous approaches reversibility is wild– They are interested in how to realize reversibility, not on
how to use it
Nothing tells to the system whether it has to go backward or forward
We want reversibility for recoverability Normal execution should be forward Backward execution in case of errors
Every communication input has a label γ The label can be used by a roll γ primitive
– Go back till you undo communication γ
– Undo all the causally dependent actions
– Do not undo unrelated actions
Keep in mind that “undo the last action” is not meaningful in a concurrent scenario
Are we satisfied by controllable rollback?
Rollback is perfect: I go back to a previous state… … and probably I will redo the exact same errors
We need a way to keep trace of failed attempts We need to go to a state which is (possibly) slightly
different from the previous ones
The idea of compensations comes from database theory
– Studied also in the framework of service oriented computing
A compensation is a piece of code used to manage an error
By executing the compensation the system goes back to a consistent state
– Possibly different from any previous state
Mixing compensations and reversibility
We go back to a previous state as in roll-pi We attach compensations to part of the code, so that it
is changed during rollback– C%D: execute code C, in case of rollback replace it with D
Now we are expressive enough to model interesting scenarios
Transaction models Speculative parallelism Software Transactional Memories
A better understanding of reversibility in a concurrent scenario
An abstract machine for a concurrent reversible language
An analysis of the space overhead of reversibility A mechanism for controlling reversibility An integration between compensations and reversibility A set of known patterns revisited in the new framework
A long road in front of us On the mechanisms for controlling reversibility
– Are there other possible mechanisms?
– Are they equivalent? Can they be composed?
On expressive power– Which existing patterns benefit from our approach?
– Do we miss some other mechanism?
On foundations– Which are the good equivalences for reversible systems?
Future work: going towards practice
Implementing the reversible Oz machine– Extended with control mechanisms and compensations
– Which optimizations are possible?
An application– Reversible debugger
The REVER project
A French ANR project– Thanks to FOCUS team
Includes INRIA teams Sardes (Grenoble) and FOCUS (Bologna), PPS (Paris) and CEA (Paris)
4 years project, started December 1st 2011 Total funding 642k€ Exactly on these topics
V. Danos, J. Krivine: Reversible Communicating Systems. CONCUR 2004
V. Danos, J. Krivine: Transactions in RCCS. CONCUR 2005 I. Phillips, I. Ulidowski: Reversing Algebraic Process Calculi.
FoSSaCS 2006 H. Garcia-Molina, K. Salem: Sagas. ACM SIGMOD 1987 R. Bruni, H. Melgratti, U. Montanari: Theoretical foundations for
compensations in flow composition languages. POPL 2005 I. Lanese, C. A. Mezzina, J.-B. Stefani: Reversing Higher-Order
Pi. CONCUR 2010 I. Lanese, C. A. Mezzina, A. Schmitt, J.-B. Stefani: Controlling
Reversibility in Higher-Order Pi. CONCUR 2011