Extending the logical update view with transaction support JanWielemaker WebandMediagroup,VUUniversityAmsterdam, 3 DeBoelelaan1081a, 1 1081HVAmsterdam,TheNetherlands, 0 [email protected] 2 n a J Abstract. Since the database update view was standardised in theProlog ISO 1 standard,thesocalledlogicalupdateviewisavailableinallactivelymaintained 3 Prologsystems.Whilethisupdateviewprovidedawelldefinedupdatesemantics andallowsforefficienthandlingofdynamiccode,itdoesnothelpinmaintaining ] L consistency of thedynamic database. Withtheintroduction ofmultiplethreads and deployment of Prolog in continuously running server applications, consis- P tencyofthedynamicdatabasebecomesimportant. . s Inthisarticle,weproposeanextensiontothegeneration-basedimplementation c [ ofthelogicalupdateviewthatsupportstransactions.Generation-basedtransac- tions have been implemented according to this description in the SWI-Prolog 1 RDFstore. Theaimof thispaper istomotivate transactions, outlinean imple- v mentationandgeneratediscussiononthedesirablesemanticsandinterfaceprior 9 toimplementation. 6 6 7 . 1 Introduction 1 0 3 AlthoughPrologcanbeconsideredadeductivedatabasesystem,itspracticewithregard 1 to database update semantics is rather poor. Old systems typically implemented the : v immediateupdateview,wherechangestotheclause-setbecomeimmediatelyvisibleto Xi allgoalsonbacktracking.Thisupdateviewimpliesthata callto adynamicpredicate mustleaveachoicepointtoanticipatethepossibilitythataclauseisaddedthatmatches r a thecurrentgoal.Quintusintroduced1 thenotionofthelogicalupdateview[4],where the set of visible clausesfora goalis frozenat the startof the goal,which allowsfor pruningthechoice-pointonadynamicpredicateifnomoreclausesmatchthecurrent goal.ThroughtheISOstandard(section7.5.4ofISO/IEC1321l-l),thelogicalupdate viewisadoptedbyallactivelymaintainedimplementationsoftheProloglanguage. Thelogicalupdateviewhelpsto realiseefficientprogramsthatdependonthedy- namicdatabase,butdoesnotguaranteeconsistencyofthedatabaseifmultiplechanges ofthedatabasearerequiredtorealiseatransitionfromone consistentstatetothenext. A typical example is an application that realises a transfer between two accounts as shownbelow. 1http://dtai.cs.kuleuven.be/projects/ALP/newsletter/archive_93_96/net/systems/update.htm transfer(From, To, Amount) :- retract(balance(From, FromBalanceStart)), retract(balance(To, ToBalanceStart)), FromBalance is FromBalanceStart - Amount, ToBalance is ToBalanceStart + Amount, asserta(balance(From, FromBalance)), asserta(balance(To, ToBalance)). Eveninasinglethreadedenvironment,thiscodemaybesubjecttotimeouts,(resource- )exceptions and exceptions due to programming errors that result in an inconsistent database.ManyPrologprogramscontainapredicatetoclean thedynamicdatabaseto avoidtheneedtorestarttheprogramduringdevelopment.Still,suchapredicateneeds to be kept consistent with the used set of dynamic predicates and provides no easy solutionifthedatabaseisnotemptyatthestart. Obviously, in concurrent applications we need additional measures to guarantee consistencywithconcurrenttransferrequestsandenquiriesforthecurrentbalance.Be- low we give a possible solution based on mutexes.Anothersolution is to introducea bankthreadandrealisetransferaswellasenquirieswithmessagepassingtothebank thread. mt_transfer(From, To, Amount) :- with_mutex(bank, transfer(From, To, Amount)). mt_balance(Account, Balance) :- with_mutex(bank, balance(Account, Balance)). Asweneedtoserialiseupdateoperationsinamultithreadedcontext,updateoperations thatrequiresignificanttimetocompleteseriouslyharmconcurrency. With transactions, we can rewrite the above using the code below, where we do not need any precautions for reading the currentbalance.2 Consistency is guaranteed because,aswewillexplainlater,twotransactionsthatretractthesameclausearecon- sideredtoconflict. mt_transfer(From, To, Amount) :- transaction(transfer(From, To, Amount), true, [restart(true)]). In the remainder of this article, we first describe related work. Next, we define the desired semantics of transactions in Prolog, followed by a description how these se- mantics can be realised using generations. In section 5, we propose a concrete set of predicatestomaketransactionsavailabletothePrologprogrammer.Weconcludewith implementationexperienceintheSWI-PrologRDFstoreandadiscussionsection. 2Reading multiple values from a single consistent view still requires a transaction. See sec- tion3.1. 18 2 Related work The most comprehensive overview of transactions in relation to Prolog we found is [2],whichintroduces“Transactionlogic”.Transactionlogichasbeenimplementedasa prototypeforXSBProlog[3].Thisisamuchmorefundamentalsolutionindealingwith updatesemanticsthanwhatweproposeinthisarticle.In[2],wealsofinddescriptions of related work, notably Dynamic Prolog and an extension to Datalog by Naqvi and Krishnamurthy. These systems too introduce additional logic and are not targeted to dealwithconcurrency. Contrarytothesesystems,weproposesomethingthatiseasy toimplementonen- ginesthatalreadyprovidethelogicalupdateviewandiseasytounderstandandusefora typicalPrologprogrammer.Whatwedolearnfromthesesystemsisthatabacktrackable dynamicdatabasehaspromisingapplications.Wenotproposetosupportbacktracking modificationstothedynamicdatabaseyet,butourproposalsimplifieslaterimplemen- tation thereof, while the transaction interface may provide an adequate way to scope backtracking.Seetransaction/3describedinsection5. 3 Transaction semantics CommonlyseenpropertiesoftransactionsareknownbythetermACID,3 summarised below.Wewanttorealisealltheseproperties,exceptforDurability. Atomic Eitherallmodificationsinthetransactionpersistornoneofthemodifications. Consistency Asuccessfultransactionbringsthesystemfromoneconsistentstateinto thenext. Isolation The modifications made inside a transaction are not visible to the outside worldbeforethetransactioniscommitted.Concurrentaccessalwaysseesaconsis- tentdatabase. Durability Theeffectsofacommittedtransactionremainpermanentlyvisible. Inaddition,codethatisexecutedinthecontextofatransactionshouldbehaveac- cordingtothetraditionalProlog(logicalview)updatesemanticsanditmustbepossible tonesttransactions,suchthatcodethatcreatesatransactioncanbecalledfromanycon- text,bothoutsideandinsideatransaction. Anobviousbaselineinterfacefordealingwithtransactionsistointroduceameta- predicate transaction(:Goal). If Goal succeeds, the transaction is committed. If Goal fails or throws an exception, the transaction is rolled back and transaction/1 fails or re-throws the exception. In our view, transaction/1 is logically equivalent to once/1 (i.e., it prunespossibly remainingchoice points) because database actions are stillconsideredside-effects.Toomuchreal-worldcodeis intendedtobedeterministic, but leaves unwanted choice points. This is also the reason why with mutex/2 prunes choicepoints. Notethatit iseasyto see usefulapplicationscenariosfornon-deterministictrans- actions.Forexample,generate-and-testapplicationsthatusethedatabasecouldbeim- plementedusingtheskeletoncodebelow.Tosupportthisstyleofprogramming,failing 3http://en.wikipedia.org/wiki/ACID 19 into a transaction shouldatomically make the changesinvisibleto the outside and all changes after the last choice pointinside the transaction must be discarded. This can be implemented by extending each choice point with a reference into the change-log maintainedbythecurrenttransaction. generate_and_test :- transaction(generate_world), satisfying_world, !. Given our proposed once-based semantics, we can still improve considerably on this use-casecomparedtotraditionalPrologusingaside-effectfreegenerator.Thisresults inthefollowingskeleton: generate_and_test :- generate_world(World), transaction(( assert_world(World), satisfying_world )), !. 3.1 Snapshots We can exploit the isolation feature of transactions to realise snapshots. A predicate snapshot(:Goal)executesGoalasonce/1withoutgloballyvisibleaffectsonthedy- namicdatabase.ThisfeatureisasupplementtoSWI-Prolog’sthreadlocalpredicates, predicatesthathaveadifferentsetofclausesineachthread.Snapshotsprovideacom- fortableprimitiveforcomputationsthatmaketemporaryuseofthedynamicdatabase. Atthesametimetheymakesuchcodethread-safeaswellassafeforfailedorincom- pletecleanupduetoexceptionsorprogrammingerrors. Snapshotsalsoformanaturalabstractiontoreadmultiplevaluesfromaconsistent state ofthedynamicdatabase.Forexample,the summedbalanceofa listofaccounts canbecomputedusingthecodebelow.Thesnapshotisolationguaranteesthattheresult correctlyrepresentsthatsummedbalanceatthetimethatthesnapshotwasstarted. summed_balance(Accounts, Sum) :- snapshot(maplist(balance, Accounts, Balances)), sum_list(Balances, Sum). Notethatthissummaybeoutdatedbeforetheisolatedgoalfinishes.Still,itrepresents a figure that was true at a particular point in time, while unprotected execution can computea valuethatwasnevercorrect.Forexample,considerthesequenceofevents below,wheretosummedbalanceis10$toohigh. 1. The‘summer’fetchesthebalanceofA 2. Aconcurrentoperationtransfers10$fromAtoB 3. The‘summer’fetchesthebalanceofB 20 4 Generation basedtransactions AcommontechniqueusedtoimplementtheProloglogicalupdateviewistotageach clause with two integers: the generation in which it was born and the generation in whichitdied.Anewgoalsavesthecurrentgenerationandonlyconsidersclausescre- atedbeforeandnotdiedbeforeitsgeneration.Thisisclearlydescribedin[1].Below, weoutlinethestepstoaddtransactionstothispicture. First, we split the generation range into two areas: the low values, 0..G TBASE (transactionbase generation)are used forgloballyvisible clauses. Generationsabove G TBASEareusedforgenerations,wherewesplitthespacefurtherbythread-id.E.g., the generation for the 10th modification inside a transaction executed by thread 3 is G TBASE+3*G TMAX+10. Isolation Isolated behaviourinside a transaction is achieved by setting the modifica- tion generation to the next thread write generation. Code operating outside a trans- action does not see these modifications because they are time-stamped ‘in the fu- ture’. Code operating inside the transaction combines the global view at the start of the transaction with changes made inside the transaction, i.e., changes in the range G TBASE+htidi*G TMAX..G TBASE+(htidi+1)*G TMAX. Atomic Committing a transaction renumbers all modifications to the current global write generation and then increments the generation. This implies that commit oper- ationsmustbe serialised (locked).All modificationsbecomeatomicallyvisible atthe momentthattheglobalgenerationisincremented.Ifatransactionisdiscarded,allas- serted clauses are made available for garbage collection and the generation of all re- tractedclausesisresettoinfinity. Consistency Theabovedoesnotprovideconsistencyguarantees.Weaddaglobalcon- sistency check by disallowing multiple retracts of the same clause. This implies that anattempttoretractanalreadyretractedclauseinsideatransactionorwhilethetrans- actioncommitscausesthetransactiontobeaborted.Thisconstraintensuresthatcode that updates the database by retracting a value, computing the new value and assert- ing this becomes safe. For example, this deals efficiently with global counters or the balanceexamplefromsection1.Notethatdisallowingmultipleretractsisalsoneeded because there is only one placeholder to store the ‘died generation’. Similar to rela- tionaldatabases,wecanaddanintegrityconstraint,introducingtransaction(:Goal, :Constraint),whereConstraintisexecutedwhiletheglobalcommitlockisheld. Nesting Whereweneeddistinctgenerationrangesforconcurrentlyexecutingtransac- tions,wecanusethegenerationrangeoftheparenttransactionforanestedtransaction becauseexecutionasonce/1guaranteesstrictnesting.Nestedtransactionsmerelyneed to remember where the nested transaction started. Committing is a no-op, while dis- cardingisthesameasdiscardinganoutertransaction,butonlyaffectingmodifications afterthestartofthenestedtransaction. 21 Implication for visibility rules The logic to decide that a clause is visible does not change for queries outside transactions because manipulationsinside transactions are ‘inthefuture’.Insideatransaction,wemustexcludegloballyvisibleclausesthathave diedinsidethetransaction(i.e.,betweenthetransactionstartgenerationandthecurrent generation)andincludeclausesthatarecreatedandnotyetretractedinthetransaction. 5 Proposed predicates We proposeto add the followingthree predicatesto Prolog.In the descriptionbelow, predicateargumentsareprefixedwithamodeannotation.The:annotationmeansthat theargumentismodule-sensitive,e.g.,:GoalmeansthatGoaliscalledin themodule that calls the transaction interface predicate. The modes +, - and ? specifies that the argumentis‘input’,‘output’and‘eitherinputoroutput’. transaction(:Goal) Execute Goal in a transaction. Goal is executed as by once/1. Changes to the dynamic database become visible atomically when Goal succeeds. Changes are discardedifGoaldoesnotsucceed. transaction(:Goal,:Constraint) RunGoalastransaction/1.IfGoalsucceeds,executeConstraintwhileholdingthe transactionmutex (see with mutex/24). If Constraint succeeds, the transac- tioniscommitted.Otherwise,thetransactionisdiscarded.IfConstraintfails,throw the error error(transaction error(constraint, failed), ). If Constraintthrowsanexception,rethrowthisexception. transaction(:Goal,:Constraint,+Options) Astransaction/3,processingthefollowingoptions: restart(+Boolean) If true, catch errors that unify with error(transaction error( , ), )andrestartthetransaction. id(Term) Give the transaction an identifier. This identifier is made available through transaction property/2.Therearenorestrictionsonthetypeorinstantiation ofTerm. snapshot(:Goal) ExecuteGoalasonce/1,isolatingchangestothedynamicdatabaseanddiscarding thesechangeswhenGoalcompletes,regardlesshow. transaction property(?Transaction,?Property) True when this goal is executing inside a transaction identified by the opaque groundtermTransactionandhasgivenProperty.Definedpropertiesare: level(-Level) Transactionisnestedatthislevel.Theoutermosttransactionhaslevel1.This propertyisalwayspresent. modified(-Boolean) Trueifthetransactionhasmodifiedthedynamicdatabase. 4http://www.swi-prolog.org/pldoc/doc_for?object=with_mutex/2 22 modifications(-List) Listexpressesallmodificationsexecutedinsidethetransaction.Eachelement is either a term retract(Term),asserta(Term) or assertz(Term). Clausesthatarebothassertedanderasedinsidethetransactionareomitted. id(?Id) TransactionhasbeengiventhecurrentIdusingtransaction/3. If any of these predicate encounters a conflicting retract operation, the exception error(transaction error(conflict, PredicateIndicator), ) is generated. 6 Implementation results: theSWI-Prolog RDF-DB TheSWI-PrologRDF database[5]is adedicatedC-based implementationofa single dynamicpredicaterdf(?Subject,?Predicate,?Object).Thededicatedimplementation wasintroducedtoreducememoryusageandimproveperformancebyexploitingknown featuresofthispredicate.Forexample,allargumentsareground,andSubjectandPred- icateareknowtobeatoms.Also,all‘clauses’areunitclauses(i.e.,therearenorules). QuiteearlyinthedevelopmentoftheRDFstoreweaddedtransactionstoprovidebetter consistencyandgroupingofmodifications.Thesefeatureswerecrucialforrobustness and ‘undo’supportin the graphicaltriple editorTriple20 [6]. Initially, the RDF store did not support concurrency. Later, this was added based on ‘read/write locks’, i.e., multiplereadersoronewritermayaccessthedatabaseatanypointintime. Withversion35oftheRDFstore,developedlastyear,werealisedthelogicalupdate view also fortheexternal rdf/3predicateand we implementedtransactionsfollowing thisarticle.Inaddition,werealisedconcurrentgarbagecollectionofdeadtriples.The garbagecollectorexaminestherunningqueriesandtransactionstofindtheoldestactive generation and walks the linked lists of the index hash-tables, removing dead triples from these lists. Actual reclaiming of the dead triples is left to the Boehm-Demers- Weiserconservativegarbagecollector.6 7 Discussion We havedescribedanextensiontothegeneration-basedlogicalupdateviewavailable in todaysProlog system thatrealises transactions.There is no additionalmemoryus- age neededforclauses. The engine(eachenginein multithreadedPrologsystems) is requiredtomaintainastackoftransactionrecords,whereeachtransactionremembers theglobalgenerationinwhichiswascreatedandsetofaffectedclauses(eitherasserted orretracted).Thevisibilitytestofaclauseforgoalsoutsidetransactionsisequaltothe testrequiredforrealisingthelogicalupdateviewandrequiresanadditionaltestofthe samecostifatransactionisinprogress. 5Available from http://www.swi-prolog.org/git/packages/semweb.git, branchversion3. 6http://www.hpl.hp.com/personal/Hans_Boehm/gc/ 23 The described implementation of transactions realises ACI of the ACID model (atomic, consistency and isolation, but not durability). Durability can be realised by usingaconstraintgoalthatusestransaction property/2toexaminethemodifications andwritethemodificationstoajournalfileorexternalpersistentstore. Ourimplementationhastwolimitations:(1)goalsinatransactionareexecutedas once/1 (pruning choice-points) and (2) it is not possible for multiple transactions to retract the same clause. Supportingnon-deterministictransactions requires additional changes to Prolog choice points, but transactions already maintain a list of modifica- tionstorealisecommitandrollbackand transaction/3alreadyprovidesanextensible interfacetoactivatethisbehaviour.Supportingmultiple retractsispossiblebyusinga list to representthe ‘died’generationsofthe clause.This is hardlyusefulfortransac- tionsbecausemultipleconcurrentretractsindicatea conflictingupdate.However,this limitationisaseriousrestrictionforsnapshots(section3.1). WehaveimplementedthistransactionsystemfortheSWI-PrologRDFstore,where it functionsas expected.We believe that transactions will greatly simplify the imple- mentationofconcurrentprogramsthatusethedynamicdatabaseasasharedstore.At thesametimeiteliminatestheneedforserialisationofcode,improvingconcurrentper- formance. In our experience with Triple20, transactions are useful in single threaded applications to maintain consistency of the database. Notably, consistency of the dy- namic storage is maintainedwhen an edit operationfails due to a programmingerror oranabortinitiatedfromthedebugger.Thisallowsforfixingtheproblemandretrying theoperationwithoutrestartingtheapplication. WeplantoimplementtheoutlinedfeaturesinSWI-Prologinthenearfuture. Acknowledgements ThisresearchwaspartlyperformedinthecontextoftheCOMBINEprojectsupported bytheONRGlobalNICOPgrantN62909-11-1-7060.Thispublicationwassupported bytheDutchnationalprogramCOMMIT. IwouldliketothankJaccovanOssenbruggen,MichielHildebrandandWillemvan HagefortheirfeedbackinredesigningthetransactionsupportfortheSWI-PrologRDF store. References 1. Egon Boerger and Bart Demoen. A framework to specify database update views for pro- log.InJanMaluszynskiandMartinWirsing,editors,ProgrammingLanguageImplementation andLogicProgramming,volume528ofLectureNotesinComputerScience,pages147–158. SpringerBerlin/Heidelberg,1991. 10.1007/3-540-54444-5 95. 2. AnthonyJ.Bonner, MichaelKifer,andMarianoConsens. Databaseprogramming intrans- action logic. In In Proc. 4th Int. Workshop on Database Programming Languages, pages 309–337,1993. 3. SamuelY.K.Hung. Implementationandperformanceoftransactionlogicinprolog. Master’s thesis,DepartmentofComputerScience,UniversityofToronto,1996. 4. Timothy G. Lindholm and Richard A. O’Keefe. Efficient implementation of a defensible semanticsfordynamicprologcode. InICLP,pages21–39,1987. 24 5. JanWielemaker, GuusSchreiber,andBobJ.Wielinga. Prolog-based infrastructureforrdf: Scalabilityandperformance. InDieterFensel,KatiaP.Sycara,andJohnMylopoulos,editors, InternationalSemanticWebConference,volume2870ofLectureNotesinComputerScience, pages644–658.Springer,2003. 6. JanWielemaker,GuusSchreiber,andBobJ.Wielinga. Usingtriplesforimplementation:The triple20ontology-manipulation tool. InYolanda Gil,Enrico Motta, V. Richard Benjamins, andMarkA.Musen,editors,InternationalSemanticWebConference,volume3729ofLecture NotesinComputerScience,pages773–785.Springer,2005. 25