1

Reversibility for Recoverability

Ivan LaneseComputer Science Department

FOCUS research groupUniversity of Bologna/INRIA

Bologna, Italy

Roadmap

Why reversibility?

Reversing concurrent systems

Controlling reversibility

Reversibility and compensations

Conclusions

Why reversibility?

We want programming abstractions for dependable distributed systems

Different proposals in the literature– Exception handling, checkpointing, transactions, …

Unrelated proposals, difficult to combine and compose Is there a unifying concept?

… most of them include some form of undo

What if we could undo every action?

Very low-level mechanism Can we recover and better understand traditional

recovery schemes? Can we find new schemes or combine old ones?

Reversing concurrent systems

What does it means to go back one step for a concurrent system?

Which information is needed?

First approach in

Reversible Communicating Systems. CONCUR 2004

by V. Danos and J. Krivine

Process calculi

Simple algebraic models for concurrent systems Different calculi in the literature

– CCS, CSP, π-calculus, HOπ, …

Basic actions for communication on named channels Composition operators (sequence, parallel, choice) Semantics defining the behavior

a:bjb:cja ! bjb:c ! c

Reversible Communicating Systems

Provides a reversible version of CCS History information is added to each thread Causal consistent reversibility

– Transitions should be rollbacked in any order compatible with causal dependencies

Causal consistent reversibility

a

a

b

b

…and then?

Not much happened for some times– RCCS used for defining a simple transaction mechanism

(2005)

– Generalization from CCS to a simple rule format (2006)

Our contributions (from 2009)– Applying the technique to HOpi, a calculus with higher-

order communication

– An encoding of reversible HOpi into HOpi

– Applying the technique to Oz abstract machine» Oz is a concurrent language with asynchronous communication

– An analysis of the space overhead of reversibility in Oz

Taming reversibility

In the previous approaches reversibility is wild– They are interested in how to realize reversibility, not on

how to use it

Nothing tells to the system whether it has to go backward or forward

We want reversibility for recoverability Normal execution should be forward Backward execution in case of errors

Roll-pi proposal

Every communication input has a label γ The label can be used by a roll γ primitive

– Go back till you undo communication γ

– Undo all the causally dependent actions

– Do not undo unrelated actions

Keep in mind that “undo the last action” is not meaningful in a concurrent scenario

Are we satisfied by controllable rollback?

Rollback is perfect: I go back to a previous state… … and probably I will redo the exact same errors

We need a way to keep trace of failed attempts We need to go to a state which is (possibly) slightly

different from the previous ones

Compensations

The idea of compensations comes from database theory

– Studied also in the framework of service oriented computing

A compensation is a piece of code used to manage an error

By executing the compensation the system goes back to a consistent state

– Possibly different from any previous state

Mixing compensations and reversibility

We go back to a previous state as in roll-pi We attach compensations to part of the code, so that it

is changed during rollback– C%D: execute code C, in case of rollback replace it with D

Applications

Now we are expressive enough to model interesting scenarios

Transaction models Speculative parallelism Software Transactional Memories

Summary

A better understanding of reversibility in a concurrent scenario

An abstract machine for a concurrent reversible language

An analysis of the space overhead of reversibility A mechanism for controlling reversibility An integration between compensations and reversibility A set of known patterns revisited in the new framework

Future work

A long road in front of us On the mechanisms for controlling reversibility

– Are there other possible mechanisms?

– Are they equivalent? Can they be composed?

On expressive power– Which existing patterns benefit from our approach?

– Do we miss some other mechanism?

On foundations– Which are the good equivalences for reversible systems?

Future work: going towards practice

Implementing the reversible Oz machine– Extended with control mechanisms and compensations

– Which optimizations are possible?

An application– Reversible debugger

The REVER project

A French ANR project– Thanks to FOCUS team

Includes INRIA teams Sardes (Grenoble) and FOCUS (Bologna), PPS (Paris) and CEA (Paris)

4 years project, started December 1st 2011 Total funding 642k€ Exactly on these topics

Finally

Bibliography

V. Danos, J. Krivine: Reversible Communicating Systems. CONCUR 2004

V. Danos, J. Krivine: Transactions in RCCS. CONCUR 2005 I. Phillips, I. Ulidowski: Reversing Algebraic Process Calculi.

FoSSaCS 2006 H. Garcia-Molina, K. Salem: Sagas. ACM SIGMOD 1987 R. Bruni, H. Melgratti, U. Montanari: Theoretical foundations for

compensations in flow composition languages. POPL 2005 I. Lanese, C. A. Mezzina, J.-B. Stefani: Reversing Higher-Order

Pi. CONCUR 2010 I. Lanese, C. A. Mezzina, A. Schmitt, J.-B. Stefani: Controlling

Reversibility in Higher-Order Pi. CONCUR 2011