This content was uploaded by our users and we assume good faith they have the permission to share this book. If you own the copyright to this book and it is wrongfully on our website, we offer a simple DMCA procedure to remove your content from our site. Start by pressing the button below!
Welcome to Earth l Visitors may also be interested in laking a look at the Moon.
I 2 3 4
XML Prolog: Every XML document mu st ha ve a prolog as its first line. The prolog mu st at least specify the version of XML in use (w hi ch is c urrent ly 1.0). For example:
A third attribute may be used to state whether the documen t stand s a lone or is dependent. on external definitions.
Ellcodillgs: The prolog may also spec ify the e ncoding (UTF-8 is the default and was explained in Section 4.3.2). The te nn encoding refers to the set of codes used to represe nt characters - ASCII being the best known example. Note that in the XML prolog, ASCII is specified as us-ascii. Other possible encodings include ISO-8859- 1 (or Latin- I ), an e ight-bit. encoding whose fi rst. 128 values are ASC n , the rest are used to represent the characters in western european languages. Other eight-bi t encodin gs are ava ilable for representing other alph abets, for examp le, greek or cyrilli c.
Illustration of the use of a namespace in the Person structure Smilh London
XML namespaces 0 Traditionally, namcspaces provide a means for sco ping nam es. An XML namespace is a set of names for a coll ection of element types and attr ibutes, that is referenced by a URL. An XML nam es pace may be used by any other XML document by referring 1.0 il s URL. Any e lement that makes use of an XML namespace can specify Ihal names pace as an attribute call ed xmlns, whose va lue is a URL refe rrin g to the fiJe containing the namcspace definitions, For example; xmlns:pers = ..!Jttp:l/www.cdk4.netlpersoll .. The name after xmllls, in thi s case pers can be lIsed as a prefi x to refer La th e e lements in a particular namespace, as shown in Figure 4.11. The pers prefix is bound to hrrp:// www.cdk4.l1et/persol1 for the persoll e lement A namespace applies w ithin the context of the enclosing pair of start and end tags unless overridden by an enclosed nam es pace dec laration . An XML document may be defined in term s of several different namespaces, each of which would be referenced by a unique prefix. The namespace co nvention allows an application to make use of multipl e sets of external definitions in different namespaces without the ri sk of nam e clashes. XML schemas 0 An XML schema [www.w3.org VllIj defines the elements and attributes that can appea r in a doc ument, how the elements are nested and the order and number of e lements, whether an e le ment is empty or can include text. For eac h element , it define s the Iype and de fault va lue. Figure 4,12 gives an exampl e of a sc hema that
An XML schema for the Person structure
T: Requ es t ti cket for serv ice S
l all rh(C)I
C requests the ticket- grantin g serve r T to suppl y a ti cket for communication with another server S.
I ricker(C .Tj IKT' S. II
4. T --> C: Service ticket
T checks the ti cket. If it is valid T generates a new random sess ion key K CS and relUrns it w ith a ticket for S (encrypted in the server' s sec ret key KS ).
C is th en read y to iss ue requ est m essages to the se rver. S :
Issue a sen'er request with a lide ,
5. C --> S: Service reque st
I aur"(C) IKCS . I ricker(C.5) IKS reqllest. 1/
C se nds th e li cke t 10 S wilh a new ly generated auth enti cator for C and a reques t. The request would be enc ry pted in Kcs if secrecy of the data is required.
For the client to be sure of the server' s authenti c ity. S should return the nonce f/ to C . (To reduce the number of messages required , thi s could be includ ed in th e messages (hat contain th e serve r's repl y to (h e request): D.
Authenticate server (optional)
6. S --> C: Se rv er auth el1licati o n
(Optional ): S send s the non ce to C, encrypted in Kcs.
Application of Kerberos 0 Ke rbe ros was developed for use in Projec t Ath ena at MIT - a c e => lEe
A cOJlsislelJ! global sIGle is one thai corres ponds to a cOllsistelll c ut. We may characterize Ih e exec ution of a di stributed sys tem as a se ries of tran sition s between global states of the sys te m:
In each tran sition, prec ise ly o ne even t occurs at so me single process in the sys tem. This event is either the sending o f a message, th e rece ipt of a message. or an internal event. If two event s happe ned simultaneo usly. we may nonetheless deem them to have occurred in a definite order - say ordered accordi ng to process identifi e rs. (Eve nts that occur simultan eously must be concurrent: ne ither happened-before the other. ) A system evolves in thi s way through consistent globa l states. A rull is a total o rderin g of a ll th e eve nt s in a global hi story that is consiste nt with each local hi story 's ordering, -')j (i = 1,2, ... , N) . A lilleari:atioll or COIIsiSle11l rull is an ordering of the eve nt s in a globa l hi story that is consistent with thi s happened-before re lation -') on H . Note that a linearization is also a run . No t all run s pass throug h consistent g lobal stat es. but a ll lineari zation s pass onl y through consistent global stat es. We say that a stat e 5' is reachable from a stale 5 if there is a linearizat ion that passes throug h S and then 5'. Sometimes we may alte r th e o rderin g of conc urrent eve nt s within a linearizati o n. and derive a run that still passes through onl y co nsistent global f'i tates. Fo r example, if IWO success ive even ts in a lineari za ti on are the rece ipt of messages by two processes, Ihen we may swap Ihe o rder of these two eveJ1l s.
11 .5.2 Global state predicates, stability, safety and live ness Detectin g a co ndition such as deadl oc k or termination amounts to evaluating a global stale predicate. A glo bal stal e predi cate is a functi on that maps from the set of global
states of processes in th e system ~o to 1True, False I. O ne of the lIseful c haracte ri sti cs of th e predi cat es associated with the stat e of an o bjec t be ing garbage. of the system bei ng deadlocked or th e system be ing te rminated is th at they are a ll stable: once the system e nte rs a stat e in whi ch the predicate is Tl'lle , it re mains True in a ll future states reac hable from that state. By contrast, when we monitor o r debug an app li cati o n we are often interes ted in non -s tabl e predicates. s uch as that in a LII" example of va ri ables who se difference is supposed to be bounded. Even if the app licat ion reac hes a state in which the bound obtains. it need not stay in that state. We al so note here two furth er notions relevant to glo ba l state predicates: safe ty and li vc ncss. Suppose th ere is an unde sirable property Ct th at is a predi cate or the system 's glo bal stat e - for example, a could be the propert y of be ing dead locked. Le t
So be the original state of the system. SafelY wit h respec t to 0. is the assertion that 0. evaluates 10 Fahe for all slales S reac hab le from SO' Conversel y. let P be a desirable property of a system 's global stal e - for exa mpl e. the prope rl y of reachin g termination. Li relless with res pect to P is the property th at, for any lineari zation L start ing in the stat e SO' P evaluates 10 True for so me slate SL reac hable from So'
11 .5.3 Th e 'snapshot' algorithm of Chandy and Lamport Chandy and Lamport [1 985] desc ribe a 'snapshot' algorithm for dete rminin g g lobal state s of di slributed sys tems. whi ch we no w prese nt. The goa l of the algo rithm is to record a se t of process and channel states (a 'snapshot' ) for a se t of processes Pi (i = 1.2, .'" N) such Ihal, evcllthough the combination of recorded Slates may never have occ urred at th e sam e lime, Ihe recorded global state is consisteill. We shall see th at Ihe slate thai the snapshot algor ilhm reco rds has conven ient properti es for evaluatin g stable global pred icates. The algorithm records state loca ll y at processes; it does nOI g ive a method for ga the rin g the global state at one sile. An obvio us method for gathe rin g th e slate is for all processes 10 send Ihe Slate they recorded to a designat ed collector process. but we shall not add ress thi s iss ue further here. The algorithm ass umes th at: ne ither channels nor processes fa il ; communi cation is reliable so thaI eve ry message se nt is eve ntually received intact, exac tl y once; channels are unidirectional and pro vide FIFO-ordered message de li ve ry; the graph of processes and c hann els is strongl y connec ted (there is a path between any IwO processes); any process may initiate a global snapshot at any time; the processes may continue the ir exec uti on and send and receive nomMI messages whil e the snapshot takes place. For eac h process Pj' lei the incoming chanflels be those at Pi over which othe r processes send it messages; similarl y. P i ' S outgoing challllels are those on whic h it send s messages to oth er processes. The esse ntial idea of the al gorithm is as follow s. Each process records its state and al so for eac h incoming chan ne l a set of messages sent 10 it. The process record s, for each channe l, any messages that arr ived after it recorded its state and before the sende r recorded its own state. This arrangement allows us 10 reco rd the stat es of processes at different tim es but to account for the diffe rentials between process states in lerms of messages tran smitted but not yet receiv ed. If process Pi has sent a message J1/ to process pl' bu t P j has not received it, then we account for m as be longing to th e state of the c hann el between them. The algori thm proceeds through use of spec ial marker messages. wh ich are di stinct from any othe r messages the processes send, and whic h the processes may send and receive whil e they proceed with their nomlal exec ution. The marker has a dual rol e: as a prompt fo r the receive r 10 save its own state, if it has not already done so; and as a means of determinin g which messages to include in the channel slale.
Figure 11.10 Chandy and Lamport's 'snapshot' algorithm Marker receiving rule Jor process Pi On P i'S receipt of a marker message over channel c if(Pi has no t yet recorded its state) it records its process state now; records the state of c as the empty set; turn s on recording of messages arriving over o th er inco ming c hannels; else Pi records the Sl.ate of c as the sel of messages it has received over c since it saved its state. elld if
Marker sending rule for process Pi After Pi has recorded its state, for each o utgo ing c hanne l c: Pi sends one marker message over c (before it sends any o th er message ove r c) .
The a lgorithm is de fined th roug h two rules. the marker re ceiviJ/~ rule and the marker sending rule (Figu re 11.1 0), The marker sending rule obli gales processes to send a marker after th ey ha ve recorded th eir state, but before they send any other me ssages. The marker receivi ng ru le obligates a process [ha t has not recorded its state to do so. In th at case, th is is the first marke r th at it has received. It notes whi ch messages subsequenLl y arri ve on the o th er incom ing channe ls. When a process that has already saved its state receives a marker (o n another channe l), it records th e state of that chann el as the set of messages it rece ived o n it since it saved its stare. Any process may begin the algorithm at any time. It ac ts as th oug h it has received a marker (over a non·ex istent channel) and foll ows the marke r receivin g rule. T hu s it record s its state and begi ns to record messages arrivin g over a ll its incomin g channels. Several processes may init iate recordin g co ncurrentl y in thi s way (as lo ng as the markers they use ean be di stin gu ished). We illustra te th e algorithm for a system of two processes, P I and P2 connected by two uni direct ional channels, C I and ('2' The two processes trade in ' w idget s' . Process PI send s orders For widgets o ve r ('2 to P2' enclosin g payment at the rate of $ 10 per widget. Some time later. process P2 sends w idge ts a lo ng channel c 1 to P I' The
Figure 11.11 Two processes and their initial states
I$1000 I I(none) I account
Figure 11 .12 The execution of the processes in Figure 11 .11 1. Global state
2. Global state 51
8 C2 4
3. Global state 52
4. Global state 53
(Order 10, $100) , M
8 C2 4
(Order 10, $1 00), M
(Order 10, $100) (empty)
·8 '8 ·8 '8 P2
1M = marker message)
processes have the in iti a l sta tes s hown in Fi g ure 11 . 11 . Process p ,., has already rece ived an o rder fo r fi ve widge ts. whic h it will sho rtl y di spatch to p '" Fi gure I 1.12 s hows an exec uti o n o f th e system whil e the state is recorded. Process PI records its siale in the ac tual g lo ba l slate So > when PI's stat e is . Fo ll ow in g the marke r se ndin g ru le, process P I th en emit s a marker message over its o utgo ing c han ne l c 2 before it se nd s the nex t appl icati o n- leve l message: (Orde r 10 , $ 100) ove r channel ('2 ' The system enlers actual global sta le 51' Before P2 rece ives th e marker. it e mit s an a pp lication message (fi ve w id gets) over c i in response to PI 'S prev io us orde r. yie lding a new ac tual g lobal state S 2' Now process jJ I rece ives P2's message (five widgets), and P2 receives the marker. Following the marker rece iv in g ru le, P2 reco rds its state as and Ihal o f channe l ('2 as the empt y sequence, Followi ng the marker sending rul e, it sends a mark er message over (' I . Whe n process P I rece ives P2's marker message, it record s the state of channel C I as th e s ing le mess age (fi ve widge ts) that it rece ived after it first reco rded its slale. The fi nal actual g loba l stal e is S 3' The tin al record ed siale is 1',: ; 1'2: : C I: « fi ve wicigels»; ('2: < >. NOle Ihm Ihis slalC differs from all Ihe global slares Ihrough which the sys tem ac tu a ll y passed.
Termination of the snapshot algorithm 0 We assume Ihal a process Ihal has received a marke r message record s its s tate w ith in a finite time and se nds marker messages ove r each o ut go in g chan nel w ithin a fin ite time (eve n when it no longer need s to send app l ieal iOil messages ove r th ese channe ls). Ir there is a path o f cOIllmunicatio n channe ls and processes from a process Pi to a process Pj ( j *- i), then it is c lea r on II~ ese ass umpti ons th ai Pj will record its state a finite tim e afte r Pi recorded its stale. S mce we are assuming th e g ra ph of processes and channe ls to be strong ly connected , it foll ows
Figure 11 .13 Reachability between states in the snapshot algorithm actual execution eO, el '"
recording beg ins
~ ... e'R_'
thai all processes w ill have reco rded th eir stales le: ,,¥(S) = Fal se I end while output "defillitely $":
11.6.2 Evaluating possibly
To evaluate possibly $, the monit or process Illust trave rse the latti ce of reac hable states, starting from the in it ia l stat e (s~), .\. g... s~). The a lgorithm is show n in F igure 11 . 16. T he a lgo rithm ass umes that th e exec uti on is infinit e. It may easi ly be adapted fo r a fi nite execu tion . The monitor process may di scover Ihe sel of co nsistent Siaies in level L + I reac habl e from a give n consistent state in level L by the fo ll owing meth od. Let 5 = (sl' s2' ... , sN) be a consiste nt state. The n a consistent state in the nex t level reachab le from S is or lhe form S' = (Sl' .1'2 ' ... 5;, ... , sN)' wh ich differs from S onl y by containin g th e nex t state (after a single event ) of some process Pi' The monitor ca n fin d a ll sti ch states by travers ing the que ues of state messages Qi (i = 1, 2, . . ., N). The state S' is reachab le frolll S if and onl y if: for j = 1.2 .... ,N,j"';:
\I(s)U ] ~\I(s;)Ij ]
Thi s cond ition comes fro m cond ition CGS above and from the fact that 5 was already a consistent globa l state. A give n stat e may in ge neral be rei.l ched from severa l states at th e prev ious leve l. so th e moni to r process shoul d take care to eva luate th e consistency of each state on ly once.
Figure 11 .17
Eva luating definitefy ljJ
2 3 4
F= 1(5) = False); T = 1(5) = True)
11 .6.3 Eval uating definitely To eva luate definitely $, the mo nitor process aga in tra ve rses the lattice of reachab le states a leve l at a lime. startin g from th e initi a l Slale (.II? s~, .. "' s~). The a lgorith m (show n in Fi g ure 11.16) aga in ass um es that the exec uti on is in finite but m ay eas il y be adapted for a finite exec uti o n. It ma intains the set Slates . whi ch contains those stat es at the c urrent leve l that may be reac hed on a lin eari zati on from the init ial state by traversin g o nl y stat es for whi ch 4> ev aluates to False. As lo ng as suc h a linearizati on exi sts, we may no t assert definirely $ : th e exec uti o n co ul d have taken thi s lineari zati on. and