The only work we know taking into account serializability is [6], where a parallel construct is defined, whose semantics is to allow serializable executions of the ...
Fl,,-HEWLETT a:~ PACKARD
Modeling Serializability via Process Equivalence in Petri Nets Nicoletta De Francesco*, Ugo Montanari* Gioia Ristori* Pisa Science Centre HPL-92-89 July, 1992
databases,fo~al
methods, mass storage
Concurrency control [2][9] concerns the monitoring of a set of activities (transactions) concurrently accessing the database in a multiuser database management system. In the paper a transaction system is modeled by a condition/event Petri net, in which the events of the net are the operations of the transactions and the conditions correspond to the objects, while each schedule corresponds to a firing sequence of the net. The net is seen as a program schema, representing the uninterpreted flow of control and data of a program: the conditions correspond to the data values, while the events correspond to the operations. Thus firing sequences may be seen as computations of the program schema and, moreover, the result of a computation can be defined as the value of the conditions holding in the final case. In the paper we prove that the semantics of a net, in terms of processes, is isomorphic to the semantics of the net seen as a program schema or, put in another way, two firing sequences compute the same value (for every interpretation of the operations) if, and only if, they are linearizations of the same process. As a result, we generalize concurrency control to any program schema, not necessarily corresponding to a transaction system.
... University of Pisa, Pisa, Italy © Copyright Hewlett-Packard Company 1992
,
,-
1 Introduction Concurrency control [2][9] concerns the monitoring of a set of activities concurrently accessing the database in a multiuser database management system. The activities to be coordinated are called transactions. A transaction is a sequence of operations on the objects of the database and is the logical computational unit of the system. Two properties must hold for each schedule, which is a concurrent execution of a set of transactions. The first one is serializability: the execution of a transaction must not interfere with the executions of the other transactions, i.e. database updates performed by a user cannot interfere with database retrievals and updates performed by another one. Serializability means that each transaction must have the illusion to execute in a dedicated system. Serializability is traditionally defined using a notion of schedule equivalence. A schedule is serializable if it is equivalent to a serial one, i.e. one in which each transaction is executed until completion before another transaction begins. The equivalence notion is based on an uninterpreted model, i.e. two schedules are equivalent if they have the same effect on the database and on the transactions for each possible interpretation. The second property is atomicity: either a transaction is executed until completion, or it has no effect on the database. Atomicity means that, if a transaction aborts, i.e. terminates due to an error, no trace of it must be left in the database. In order to assure this property, all the problems related to recoverability arise. The goal of concurrency control is to allow the highest degree of concurrency among transactions, at the same time assuring serializability and atomicity. The concurrency degree is intended in terms of number of correct interleaved executions of the transactions. Concurrency control is implemented in actual systems by some scheduler, which is responsible of accepting or rejecting at run-time the requests of the transactions. Each scheduler is based on a concurrency control protocol, for example two-phase locks or time stamps [2]. In general a scheduler allows, for efficiency reasons, only a sub-set of serializable schedules. Thus serializability must be seen as a correctness criterion for schedulers: a scheduler is correct if it allows only serializable schedules. Moreover schedulers must assure atomicity by using some recovery technique. While formalizations of the concurrency control problem are present in the literature, they remain in an ad hoc fremework, and few attempts have been made until now to completely formulate its characteristics with some semantic model for concurrency. Some works on refinement in concurrent systems address the atomicity problem, but not the serializability one. In fact some of these models, for example [1], allow every mixed execution of the transactions, while others, for example [4], impose that the transactions are executed one after the other in a sequential execution. Instead serializability is a property which is at the same time stronger than one allowing fully concurrent executions of the transactions and weaker than one permitting sequential executions only: for example, two transactions acting on different objects or issuing on the same object only read operations can be executed concurrently, while this is not possible if they read and write the same object This means that a serializable schedule represents a kind of "controlled concurrency" among the transactions. The only work we know taking into account serializability is [6], where a parallel construct is defined, whose semantics is to allow serializable executions of the operands. The goal of the present paper is more general: we want to define all the serializable schedules from a semantic point of view.
2
In the paper a transaction system is modeled by a condition/event Petri Net. As a first approximate explanation, the events of the net are the operations of the transactions and the conditions correspond to the objects, while each schedule corresponds to a firing sequence of the net. A characteristic of concurrency control is that, besides being a concurrency problem, it presents also functional aspects, for example it is important to functionally relate an operation reading an object to the immediately preceding operation acting on the same object. This suggests to adopt an approach in which a Petri Net is seen as a program schema, representing the uninterpreted flow of control and data of a program: the conditions correspond to the data values, while the events correspond to the operations. Thus firing sequences may be seen as computations of the program schema and, moreover, the result of a computation can be defined as the value of the conditions holding in the final case. In the paper we prove that, given a computation, the associated process fully represents the result of the computation when the net is considered as a program schema. This means that the semantics of a net, in terms of processes, is isomorphic to the semantics of the net seen as a program schema or, put in another way, equivalence classes from a functional point of view correspond to true concurrency classes. This is a general result for condition/event nets and it is interesting in our view because it relates the true concurrency approach to the functional view of a net. As a result, we generalize concurrency control to any program schema, not necessarily corresponding to a transaction system.
2 Background 2.1 Transactions and Serializability In this section we briefly recall the serializability theory, referring for a more extensive exposition to [2][9]. We do not consider the problem of atomicity and consequent recovery: in fact we concentrate only on the concurrency aspects of the transactions. We model a transaction system as a database along with a set of transactions. Definition 1 (Database) A database DB is a set ofobjects {A, B, ... }. Definition 2 (Transaction) Given a database DB, a transaction T; is a sequence
of steps. Each step represents an operation on some object of the database. Given a step ai,j, we indicate by object(ai,j) the objectofthe database involved in the step. There exist different models for transactions. In some of these models the steps are divided into read and write steps, where a read step does not modify the state of the object, while a write steps modifies the object independently from its previous state. We have choosen here a model (called Action Model in [9]) in which each step of a transaction consists of both reading the object and immediately writing a new value, possibly depending from the previous state. Thus the steps are read/write steps.
3
Example 3 (Transactions) The following are transactions on a database composed by three objects A,B and C; we letobject(a) = object(b) = object(e) = A, object(d) = Band objectic) =C.
• T1 =a; b; c
Definition 4 (Transaction system) A transaction system is a pair TS=(DB,T), where DB is a database and T is a set oftransactions. Definition 5 (Schedule) Given a transaction system TS=(DB,T), a schedule is any interleaving ofthe steps ofthe transactions in T such that the total order ofeach transaction is respected. Definition 6 (Serial schedule) A schedule is serial are not interleaved.
if the steps of the transactions
in T
Example 7 (Schedules) We give below three schedules for the transaction system ({A, B}, {T}, T2} ). SI is serial, while S2 and S3 are not so.
=a; b; c; d; e S2 = a; d; b; e; c S3 = a; d; e; b; c
• SI • •
Serializability is traditionally the notion of schedule correctness: informally, a schedule is serializable if the partial results of the steps of a transaction are not visible by the other transactions. A serial schedule has this property and thus is surely correct. The correctness of a non serial schedule is formulated in terms of some schedule equivalence: a schedule is serializable if it is equivalent to a serial schedule. The equivalence notion must be given taking into account that the model is uninterpreted, i.e. we do not know the initial state of the objects and the semantics of the operations. This means that, if two schedules are equivalent, they must give the same results under any interpretation. There are different definitions of serializability, depending on the observation one wants to have of a schedule. Almost all of these definitions coincide in the case of the Action Model. In the following, we give the definition of serializability for the Action Model. Definition 8 (Interpretation) Given a transaction system T S = {DB, T}, if we denote by State, and StateA the set ofall the possible states of T; and A respectively, an interpretation
• associates to each object A and transaction tively; and
n an initial state
SA
and s, respec-
• associates to each step ai,j ofa transaction T; and with object( ai,j )=A a function Ji,j : State, x StateA -+ State, x StateA.
4
Therefore, for each schedule S, given an initial state of each object and of each transaction and a meaning of the steps, we can obtain the result of the schedule by associating to each transaction and object a final state, computed by starting with the initial state and by employing the functions of the interpretation. Definition 9 (Schedule equivalence) A schedule S is equivalent to a schedule S'
if the
final state of the objects and of the transactions is equal in Sand S' for each possible interpretation. Definition 10 (Serializability) A schedule is serializable
if it is equivalent to a serial
schedule. Consider schedule 82. We can obtain an equivalent schedule by exchanging d and b, since they belong to different transactions and affect different objects. Moreover, for the same reason we can successively exchange e and c and d and c, obtaining schedule 8 1 which is serial. Consequently, 8J. is serializable, while 8 3 is not, because it is not equivalent to anyone of the two possible serial schedules. In fact in T3 the result of e depends on a and the result of b depends on f, while, in a serial schedule, either 11 precedes T2 or viceversa. There exist graph theoretical representations of serializability, by means of which it has been proved [9] that the complexity of deciding if a given schedule is serializable in the Action Model is polynomial.
2.2 ConditionlEvent Nets Nets [10] are structures consisting of nodes and arcs; the nodes are of two types, conditions and events. Usually, conditions are represented by circles and events by boxes. When a condition holds, the circle representing it is marked by a dot; a case is the set of conditions that are satisfied at a given instant. An event is allowed to happen when all its conditions hold; the occurrence of an event is called ajiring. All the nets we consider in this paper are finite. Definition 11 (Nets) A triple N
= (B, E; F) is calleda net if:
• Band E are disjoint sets (the elements ofB are calledplaces or conditions and the elements of E are calledtransitions or events); • F ~ (B x E) U (E x B) is a binaryrelation, thejlow relation ofN.
Presets and postsets are usually defined for conditions and events of a net. The preset of an event represents the set of conditions that must be verified in order to allow its firing while the postset is the set of conditions that will be true after the firing. Definition 12 (Pre-set and post-set) Given a net N = (B, E; F) and an element x E BUE,
• the pre-set ofx is theset •x
= {y I F (y, x)}, 5
0
1---
1
it
Figure 1: A Net
• the post-set ofx is the set z" = {y I F(x,y)}. The firing of an event depends on the set of conditions that are marked. Definition 13 (Enabling) A case C S; B enables an event e E E iff • e S; c and e· S;
·eU(B-c). The definition above states that an event e is enabled by a case c if all its preconditions are in the case and e does not modify conditions that are in the case but not in its preset. Note that we allow events to rewrite a precondition. A net can be viewed algebraically as a many sorted signature, with a sort for each condition, where the operations are the events of the net. Indeed, we can think of an event as an operation from the set of its preconditions to the set of its posteonditions. Definition 14 (Signature) Given a net N = (B, E; F), we can associate to it a many
sorted signature , where the sorts S and the operations are defined by the following inferencerules:
• Q"""ES' b....£JI. • e E E, ·e = {bI, ... ,bn},b E e· O'e,b E b••..bn,b Note: We assume here and in the following that B is totally ordered and we denote a generic set of conditions by enumerating its elements in increasing order, i. e. in {bI, ... , bn} we have that i < j implies b, < bj • Given a net N and a case c of N, the result of firing a enabled event is also a case, defined as follows. Definition 15 (Firing step) Given a net N = (B, E; F), (} = cI[e)c2 is a firing step if C2 S; B, e E E, e is enabled by CI, and C2 = (CI - ·e) U e", If 0 = cde)c2' we denote CI with start(O) and C2 with end(O). CI,
6
Given a net, afiring sequence is a finite or infinite sequence of firing steps 60th ... such that end(Oi) =start(Oi+l) for each i ~ O. The definitionsof start and end carry over firing sequences: start(Oo ... On) =start(Oo) and end(Oo ... On) =end(On). An emptysequence is simply a case c with start(c) =end(c) =c. Definition 16 (Firing sequences) Given a net N, the set offiring sequences is defined
by thefollowing syntax:
e::= c I cde)c21 ee
where c denotes a case and q[e)c2 denotes afiring step. Concatenation offiring sequences is a partialoperation and it is denoted by juxtaposition: 66 is only defined ifend(6J = start(6J. Moreover, thefollowing axioms hold: 1. 6(66)
= (66)6
2. if start(e) =
Cl
and end(e) = C2 then Cle =
eC2 = e.
Example 17 (Firing sequences) Given the net in Figure 1, 6 and 6 below arefiring
sequences: 6 = {A, B, a, s}, s2}[a){A, B, a, ba,b' S2}[b){A, B, a, bb.c, S2}[C) {A, B, a, t; S2}[d){A, B, c.t; bd.e}[e){A, B, c.t.. h} 6 = {A, B, a, s}, s2}[a){A, B, a, ba.b, S2}[d){A, B, a, ba,b' bd.e}[b) {A, B, a, bb,c, bd.e}[e){A, B, a, bb.c, h}[c){A, B, C, h, h} Definition 18 (Occurrence net, slice) Occurrence nets and slices are defined as fol-
lows: • An occurrence net is a cycle-free net such that each condition has at most one outgoing arc and one ingoing arc,' • a slice D of an occurrence net K is a set of unordered conditions, i. e. 'Vb,11 E D.....,(bF+b') and ....,(b'F+b), where F+ is the transitive closure ofthe relation F. In order to relate an occurrence net with a net, the notion of process is introduced; indeed, a process is a mapping from an occurrence net to a net such that the mapping of a slice is injective and the mapping of an event respects its environment.
Definition 19 (Process) A mapping p : K -+ N, that associates to each condition in K a condition in N and to eacheventin K an eventin N, is calleda process ifandonly iffor each slice D ofK and each e E EK: 1. plD (the restriction ofp to the conditions in D) is injective and p(D) is a case in N,'
Definition 20 (0 K, /{O) Let p : K -+ N, K = (BK, EK; FK), a process. Then we
define: 7
= {b E BK such thatve, (e, b) ¢ FK}; K" = {b E B K such thatve, (b, e) ¢ FK}
• "K •
Note that "K (resp. KO) denotes the set ofminimal (resp. maximal) conditions in K w. r. t. the relation FK. Definition 21 (Composable processes) Two processes PI : K I -+ N andP2 : K 2 -+ N are composable if and only if P2 ( oK2) = PI (Kf). Definition 22 (Process composition) Consider two composable processes PI : K I -+ Nand P2 : K 2 -+ N. Let K I = (BKh EKI;FKI) and K2 = (B K2, EK2; FK2). Without loss ofgenerality, assume (BKIUEKdn(BK2UEK2) = Kf = °K2. Then we construct the bounded occurrence net K = (BKI U BK2, EKI U EK2; FKI U FK2).
Then, P = PI· P2 : K for all x E K2.
-+
N, such that p(x)
= PI (x) for all x
E K I, and p(x)
= P2(x)
Definition 23 (Process associated to a firing sequence) Given a firing sequence
the net N, we define its process semantics 'P(e) as a process P : K (BK' E K; FK), in thefollowing way: • 'P(c) = P : K bE BK ;
-+
• 'P(cJle)c2) = P : K
N, where K -+
= ({b :
-+
b E c},0;0) and p(b)
eof
N, with K =
=
bfor each
N, where:
- EK = {e},p(e) = e - bE (C} U C2) - ( ·e U e") implies b E BK,p(b) = b - bE C} n ·e implies'b E BK'p(O) = b, (0, e) E FK - bE C2 n e· implies b- E BK,p(bj = b, (e, bj E FK
• 1'(66)
=1'(6) ·1'(6)
Process composition is associative. Moreover, for each case c. 'P(c) = (B, E; F) is the identity process w.r.t. each process P : K -+ N such that J(O = B ( and then p.'P(c) = p) or OK = B (and then'P(c) . P = p). Example 24 (Process) We showin Figure 2 theprocess corresponding to the firing se-
quence
el in the previous example.
Notice that we do not require our condition/event net N to be contact-free [10]. While processes are usually defined only for contact-free nets, and the nets we derive from transactions systems are in fact contact-free, our main result on nets, (Theorem 28), holds in the general case.
8
Figure 2: The process corresponding to 6
3 Nets as Program Schemata A PetriNet can be seen as a programschemawherethe conditions representthe data and the events the operationson them. In this way we can modelthe controland data flow of the program. Thus firingsequences may be seen as computations of the programschema and, moreover, the result of a computation can be defined as the value of the conditions holding in the final case. Program schemata are used for flow analysis [5].
3.1 Function Semantics Given a net with its associated signature, and a -algebraA, we can associate a function with each firingsequence This function is computed by evaluatingin A the events of eand provides the values of the conditions in end(e) given the values associates to the conditionsin start(O.
e.
Definition 25 (FunctionSemantics) Given an algebra A with signature and a case C = {bI, ... , bn } , ac-assignment is anyfunction pc : c A, withPc(bi ) E Abi' assigning to every condition in c an element 0/ the corresponding carrier. We denote with He the collection 0/ all c-assignments. Given a/mite firing sequence e withstart(e) =ct andend(e) =C2, we define itsfunction semantics in A FA(e) : RCI - R"" asfollows: • FA(c)pc
=pc
_ { U~b( VI, ... ,vn ) ifb E e· • FA(Ct [) e C2 )PCI (b) PCI (b) otherwise where {VI, ... ,vn } =PCI( ·e) 9
• FA(e16)
= FA(6) 0 FA(6)
where with 0 we denote function composition. Function composition is associative and has the semantics ofemptysequences as identities. Definition 26 (Formulae) Given afiring sequence
ewe call theformula ofe, denoted
by .1'(e), the assignment FT(e)(p), where p associates to each b E start(e) a variable Xb ofsort b. Example 27 (Formula associated to a firing sequence) Theformula associated to the firing sequence 6 oftheprevious examples is .1'(6) = p', where: p'(A) = Ue,A(Ub,A(ua,A(A,SI), Ua,ba,b(A, SI», ud.bd,e(B, S2» p'(B) = Ud,B(B, S2) p'(C) = u c,C(C,Ub,bb,JUa,A(A,SI),Ua,b a,b(A,s.»)) p'(h) = uc,ft(C,Ub,bbc(ua,A(A,SI),Ua,b ab(A,SI») p'(h) = ue,h(Ub,A( u~,A(A, SI), Ua,ba,b(A; SI», Ud,bd,e (B, S2» In the aboveformulae, variables Xb ofsort b havebeen simply denoted by b.
3.2 Relationships between Processes and Formulae In this Section we prove that, given a firing sequence, the associated process fully represents the result of the computation when the net is considered as a program schema.
This means that the semantics of a net, in terms of processes, is isomorphic to the semantics of the net seen as a program schema or, put in another way, equivalence classes from a functional point of view correspond to true concurrency classes.
Theorem 28 (Correspondences between formulae and processes) Given a net N
where no eventhasemptypostset, letel and 6 befiring sequences. Then .1'(el) =.1'(6) if and only i/P(6) =P(6).
Sketch of Proof: The proof is given in three steps.
1. we define a function FP from formulae to processes and PF from processes to formulae. Given a process p : K -+ N, PF(P) is defined as follows: • we first define a function f associating a term to each condition in B K ; f is defined using the following inference rules, where the definition of f is extended to sets of conditions in the obvious way:
bE OK = Xp(b) bEe·, f( • e) = t 1, ••• , t n } J(b) = Up(e),p(b)tl, ..• , tn) • PF (p) is f when restricted to KO.
I(b)
l
Let PF(P) be a formula, with p : K FP(pF(p» =p' : K' -+ N, where:
-+
Nand p( OK) =
10
Cl
and p(KO) = C2. Then
• Bk are the terms PF(p)(b), b E C2 and their subtenns; • Ek are the argument vectors (t}, ... ,tn ) in the above terms and subtenns O"e,b(t}, ... , tn);
• Fk is defined as t, Fk (t}, ... ,tn) and (t}, ... ,tn) Fk O"e,b(t}, ... ,tn); • pCb), bE Bk, is the sort oftenn b; • p(t}, ..• ,tn) =e where O"e,b(tl, •.. ,tn) E B K. 2. we prove that FP(PF(P»
=p.
3. we prove that PF is a homomorphism, i. e. it respects the constants (associated to cases and firing steps) and the operation of concatenation. Notice that, while the above theorem states that formulae and processes represent the same equivalence classes of firing sequences, a formula is never smaller, and sometimes exponentially larger than the corresponding process. For instance, let N be the net with two conditions and one event, having both conditions in its preset and postset. The computation e obtained by firing the event n times has a process p(en) of size O(n) and a formula F(en) of size O(2n).
3.3 Modeling Transaction Systems by Nets In this section we model transaction systems by means of nets. Given a transaction system TS=(DB,T), we define a net in which, as a first approximation, the events are the steps of the transactions and the conditions are the objects. If the object involved in some step ai,j of a transaction is A, then the condition corresponding to A is both a precondition and a postcondition of ai,j. Moreover, some other conditions are needed, in order to represent the sequential flow of control of each transaction.
Definition 29 (Net corresponding to a transaction system) Given a transaction system TS = (DB,T), the net N(TS) is defined as N = (B, E; F), whereB, E and Fare the minimalsets defined by thefollowing rules: • AE DB
AEB
Ti E T,object(airj) = A E E, A E a[j' A E iai,j
•
ai,j
•
Ti E T, Ti = ai,l ..• ai,np j = 1... ni - 1 b4;" ,4;,' +1 E B, b4;" ,4;,' +1 E ai,j, b4;" ,4;,' + 1 E eai,j+l
Example 30 (Net) The net corresponding to the transaction system in Example 3 is shown in Figure1. Definition 31 (Firing sequence associated to a schedule) To each schedule S we can associate afiring sequenceof N(TS), denoted by FS(S), where: 11
= DB U {s, : T; E T} end(F5(5)) = DB U {Ii: t: E T}
• start(F5(5)) •
• the i t h firing step oIFS(S) contains the event corresponding to the i th step of S, Example 32 (Firing sequences associated to schedules) 6 and 6 in Example 17 are thefiring sequences associatedto the schedules 51 and 52 in Example 7. We can now prove our main result on transaction systems.
Theorem 33 (Schedules and formulae) Let TS be a transaction system and let 51 and 52 be twoschedules. Then 51 and 52 areequivalentijandonlyijF(FS(51» =F(FS(5 2». Sketch of the proof: It is easy to see that, given a schedule S, the construction of the formula associate to FS(S), as defined in the previous section, corresponds to a term in which the functional relationships between the steps of S are exactly represented. Thus, given an interpretation of TS, it is possible to compute the final state of the objects and of the transactions produced by S by evaluating this formula. This means that it represents the free interpretation of S and consequently that two schedules are equivalent if and only if the formulae of the corresponding firing sequences are equal.
Corollary 34 (schedules and processes) LetTS be a transaction system and let 51 and 52be twoschedules. Then 51 and 52 are equivalemlfandonly ijP(FS(51» =P(FS(52». Proof: Immediate from Theorem 28.
4 Conclusions and future works In the paper, in order to outline more clearly our aim, we refer to the Action Model of transactions. There exist other models (read/write models), where each action of a transaction can be seen as a read or a write operation, where a read is an operation not modifying the involved object, while a write can modify its state. This makes unsuitable our modelization, because each event in it is seen as a read/write operation, always affecting the involved resource. We are investigating a solution also for these models: in order to model read operations we use a particularkind ofnets, called Contextual Nets, in which certain conditions, called contexts, are checked for presence but not consumed. Contextual nets are defined in [8], where also a suitable definition of processes for such nets is given. Employing these nets, we model in a natural way the concurrent execution of two read operations, performed by two different transactions on a same object A: they are two events sharing the same context (A) and thus they are allowed to execute concurrently. A second problem is the modeling of writes. In fact, a write Q' on an object A does not depend causally on A and thus is modeled as creating a new copy of it. This means that the
12
condition corresponding to A belongs to the posteonditions but not to the preconditions of the event corresponding to o. As a consequence, the resulting net presents contacts, because there may be many writes on the same object. Thus we use non contact-free c/e systems. Given a firing sequence of a non contact-free CIE system, it is well-known that the associated process does not represent all the actual causal relations among the events. For example, two writes on the same object cannot occur concurrently and thus in an actual computation one depends causally from the other one, but this dependence is not shown by the process associated to the computation containing the two events. Nevertheless, we have that, given a computation with contacts, the associated process fully represents the result of the computation when the net is considered as a program schema. This means that the main result of the paper, i.e. the equivalence between function and process semantics, holds also for the read/write model. Serializability, as defined in Section 2.1, must hold for each interpretation. Models have been defined ([3], [11], [12]), in which the semantics of the operations is used in order to increase the concurrency among the transactions. In this framework an operation is considered, from the standpoint of concurrency control, at a higher level than merely being a read/write operation. The objects of the database are defined as abstract data types with a specific set of operations. Taking advantage of this semantic information, the set of serializable schedules can be enlarged. In our running example, let A be a set, Ib a membership testing, and Ie an insertion. Now, if b tests the membership of an element different from the one inserted bye, the result of b is the same in S, and S3. Thus the final state of the objects and of the transactions is equal and S3 becomes serializable under this particular interpretation. This approach fits very naturally in our modelization of transactions by nets: instead of considering the word algebra for the formulae, we take the initial algebra defined by the axioms of the object types. Thus, given the formulae corresponding to two different schedules, we can prove that the schedules are equivalent by means of the axioms of the object types. In the example, if we have in the specification of the type set an axiom n =F m, member(insert(i, n),m) = member(i,m) the formulae corresponding to FS(Sl) and FS(S3) can be proved equivalent. In the multiversion approach to concurrency control, [2] [9], there exists more than one copy of each object, each produced by a write operation. Thus a schedule must contain, for each read, the version used. The multiversion variant allows a higher amount of concurrency than the basic version previously described, depending on the maximum number of copies available. It is our intention to model multiversion serializability via k-safe Petri Nets.
References [1] Aceto L., Hennessy M., "Adding Action Refinement to a Finite Process Algebra", in ICALP 91, Springer 1991.
[2] Bernstein P. A., Hadzilacos V., Goodman N., "Concurrency Control and Recovery in Database Systems", Addison-Wesley Series in Computer Science, M. C. Harri-
son ed., 1987.
13
[3] De Francesco N., Vaglini G., "Axiomatic Specification and Correctness of Concurrency Models", submitted for publication. [4] Gorrieri R., Marchetti S., Montanari U., "A2CCS: Atomic Actions for CCS", in Theoretical Computer Science 72, 1990, pp. 203 - 223, North-Holland. [5] Hecht W. S., "Flow Analysis of Computer Programs", New York, Elsevier, 1977. [6] Jannsen W., Mannes P., Zwiers J., "Action System and Action Refinement in the Development of Parallel Systems", in CONCUR 91, LNCS 527, pp. 298 - 316, 1991. [7] Montanari U., Rossi E, "Graph Grammars as Context-Dependent rewriting Systems", will appear on Proc. CAAP92, Rennes, France, February 1992, SpringerVerlag. [8] Montanari U., Rossi E, "Contextual Nets", submitted for publication. [9] Papadimitriou C., "The Theory of Database Concurrency Control", Principles of Computer Science Series, ISSN 0888-2096. [10] Reisig W., "Petri Nets: An Introduction", EATCS Monographs on Theoretical Computer Science, Springer Verlag, 1985. [11] Schwarz P. M., Spector A. Z., "Synchronizing Shared Abstract Types", ACM ToCS, 2, 3, Aug. 1984, pp. 223-250. [12] Weihl W. E., "Local Atomicity Properties: Modular Concurrency Control for Abstract Data Types", ACM ToPLaS, 11,2, April 1989, pp. 249-283.
14
