EOS: E Exactly xactly- -O Once E nce E- -S Service Middleware ervice Middleware EOS: German Shegalov, Gerhard Weikum Roger Barga, David Lomet (University of Saarland, Germany) (Microsoft Research, U.S.A.) PRESS THE SUBMIT BUTTON ONCE AND ONLY ONCE. R E G I S T E R PLEASE BE PATIENT, SUBMISSION CAN TAKE UP TO 30 SECONDS Image by Bruce W. Grant G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Banal Examples • The same item is ordered twice in an online-store. In some cases the order has to be cancelled by calling a toll hotline. • Home banking (PIN/TAN procedure). Each TAN may be used only once. – The first try to place a money transfer order results in a browser timeout . – After the subsequent browser refresh the server says: "A TAN was used twice . All other TANs have been frozen. To reactivate, please, contact the nearest branch office". • 8 health insurance cards for a family of 3 persons. G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Why does it happen? Web Application Database Client Server Server Exactly Once Guarantee Purchase Request is needed for correct execution Start Transaction SQL Request SQL Response Timeline SQL Request SQL Response Commit Transaction ACK ACK Transaction Restart Order Confirmation Purchase Request Non-idempotent execution ! Resubmission G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Sample n -Tier System Client Expedia Application Expedia Application Web Server Passport.com Expedia Expedia Sabre Application Sabre Application Amadeus Amadeus authentification Web Server Application Server Application Server Server Server Application Server Application Server Database Database Database Database Database Database Database Database Server Server Server Server Server Server Server Server G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Computational Model § Set of interacting components components : clients, servers etc. piecewise deterministic ( PWD PWD ) deterministic replay results in the same end state end state as originally deterministic replay asynchronous events are logged in the proper order asynchronous events (timers, interrupts, incoming messages etc.) relevant resources resources are mapped to logical ids § Failures are soft (no damage to stable storage) § Fail-stop so that only correct data is logged G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Components Guarantees § Testable State: Testable State: the component can determine if its state § include some effects (e.g. receive or send of particular message). § Testable Message: Testable Message: the component can determine if it sent or § received a particular message. Persistent State: the component‘s state will be available as of § Persistent State: § some specific time (e.g. when some message was sent). Persistent Message: content of a particular message will be § Persistent Message: § available either by periodic resend or explicitly requested. G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Component Types • eXternal Component ( XCom XCom ) modelling human users – cannot provide any of the guarantees • Persistent Component ( PCom PCom ) – guarantees persistence and testability • Transactional Component ( TCom TCom ) – guarantees persistence and testability only at transaction boundaries G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Interaction Contracts An IC IC between two components provides a mutually committed state transition . Both components guarantee that committed state transition the state transition is persistent . An IC can be set up a priori or dynamically negotiated. G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Committed IC ( CIC CIC )/Sender Sender Obligation 1 (S1): Persistent Sender State Sender Obligation 1 (S1): The sender state is as of the time of the message or more § recent. Sender Obligation 2 (S2): Persistent Message Sender Obligation 2 (S2): S2a: periodically re-send the message until (perhaps S2a: § § implicitly) released. S2b: re-send upon request until (explicitly) released. S2b: § § Sender Obligation 3 (S3): Unique Message Sender Obligation 3 (S3): Unique message content (headers, timestamps etc.) § G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Committed IC ( CIC CIC )/Receiver Receiver Obligation 1 (R1): Message Dupl. Elimination Receiver Obligation 1 (R1): § Dupl. messages detected & eliminated. Receiver Obligation 2 (R2): Persistent Receiver State Receiver Obligation 2 (R2): § R2a: R2a: the receiver makes its state persistent before releasing § S2a ( stable interaction, message has been processed ) . § R2b: R2b: the receiver makes its state persistent before releasing the § sender from S2b ( installed interaction ) G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Committed IC ( CIC CIC ) Sender Receiver 1. makePersistentState(); 2. msn++; 3. makePersistentMessage(m); 4. periodicResend(m); 1. if ( notDuplicated(m)) { 2. process(m); 3. makePersistentState(); 4. } 5. stableNotification(); 6. doSomething(); 5. stopResend(m); 7. ... 8. if(notInstalled(msn) 9. forceLog(); 10. installedNotification(); 11. forgetSender(msn); 6. forgetReceiver(msn); G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Immediately CIC ( ICIC ICIC ) The receiver makes message and state persistent immediately immediately § The sender is released from S2a and S2b immediately by § notification about installed interaction skipping stability notification . G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
eXternal IC ( XIC XIC ) Output Message Send (X1): Output Message Send (X1): § A Pcom (client) displays an output message to the external user after having logged it. Input Message Receive (X2): Input Message Receive (X2): § The Xcom sends a message via keyboard, mouse etc. to a Pcom (client) and the message is logged immediately . G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Transactional IC ( TIC TIC )/TCom Atomic state transition(T1): Atomic state transition(T1): § either commit or abort of the transaction and persistence Faithful reply message(T2): Faithful reply message(T2): § faithful final reply message regarding the outcome of TC1 Persistent commit reply message(T3): Persistent commit reply message(T3): § persistence of the commit reply message G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Transactional IC ( TIC TIC )/PCom Persistent state and commit request message (P1): Persistent state and commit request message (P1): § persistence of commit request message and the corresponding state Unique messages (P2) Unique messages (P2) No periodic message re- -send like in CIC send like in CIC No periodic message re G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
General Systems Theorem Theorem 1) a is sent before b => a < b PCom 2 3 2) b is sent after a received => a < b 6 2 3) ordering of asynchronous events is obtained from the log XCom PCom 1 5 4) a < b and b < c => a < c 1 TCom 4 If ICs are applied then all all failures can be masked failures can be masked with exception of failures during last external interaction. Proof Proof Induction on messages and state commits. G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Prototype System E-Service 1 E-Service 2 ... (I)CIC CIC (I)CIC CIC Internet Explorer CIC CIC CIC CIC XIC XIC TIC TIC TIC TIC Database Database Database Database Server Server Server Server G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Implementation Overview Client (web browser) Recovery: Client (web browser) Recovery: § DHTML event handling § client persistence with XML store § JScript Application Server Recovery: Application Server Recovery: § enhanced PHP session management § enhanced PHP ODBC support Database Server Recovery: Database Server Recovery: § enhanced ODBC driver manager Phoenix/ODBC style § stored procedures G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Web Browser Recovery (I) How to log? How to log? 1. 1. < <sdk:logger sdk:logger style= style=' 'behavior:url(#default#userData behavior:url(#default#userData);' );' 2. 2. id= id=' 'pagestate pagestate' ' 3. type='hidden'> 3. type='hidden'> 4. </sdk:logger sdk:logger> > 4. </ 5. 5. 6. 6. < <script script language="JavaScript language="JavaScript"> "> 7. pagestate.load(installationPoint .load(installationPoint); ); 7. pagestate 8. pagestate.save(installationPoint .save(installationPoint); ); 8. pagestate 9. 9. </ </script script> > G. Shegalov et. al EOS: Exactly-Once E-Service Middleware VLDB’2002 Demo Session 1
Recommend
More recommend