Causal-Consistent Reversibility in a Tuple-Based Language Elena Giachino and Ivan Lanese Focus Team, University of Bologna/INRIA, Italy Email: elena.giachino@unibo.it, ivan.lanese@gmail.com Claudio Antares Mezzina SOA Unit FBK Trento, Italy Email: mezzina@fbk.eu Francesco Tiezzi School of Science and Technology University of Camerino, Italy Email: francesco.tiezzi@unicam.it Abstract—Causal-consistent reversibility is a natural way of undoing concurrent computations. We study causal-consistent reversibility in the context of μKLAIM, a formal coordination language based on distributed tuple spaces. We consider both uncontrolled reversibility, suitable to study the basic properties of the reversibility mechanism, and controlled reversibility based on a rollback operator, more suitable for programming applications. The causality structure of the language, and thus the definition of its reversible semantics, differs from all the reversible lan- guages in the literature because of its generative communication paradigm. In particular, the reversible behavior of μKLAIM read primitive, reading a tuple without consuming it, cannot be matched using channel-based communication. We illustrate the reversible extensions of μKLAIM on a simple, but realistic, application scenario. I. I NTRODUCTION Reversibility is a main ingredient of different kinds of systems, including, e.g., biological systems or quantum sys- tems. We are mainly interested in reversibility as a support for programming reliable concurrent systems. The basic idea is that if a system reaches an undesired state (e.g., an error or deadlock state), reversibility can be used to go back to a past desirable state. Our claim is that the ability to reverse actions is key to understanding and improving existing patterns for programming reliable systems, such as transactions or checkpointing, and to devise new ones. Studying reversibility in a concurrent setting is partic- ularly tricky. In fact, even the definition of reversibility is different w.r.t. the sequential one, since “recursively undo the last action” is not meaningful in a concurrent scenario, where many actions can be executed at the same time by different threads. This observation led to the concept of causal- consistent reversibility: one may undo any action if no other action depending on it has been executed (and not undone). Building on this definition, reversible extensions of many concurrent calculi and languages have been defined, e.g., for CCS [5], [17], π-calculus [4], higher-order π [13] and µOz [16]. However, to figure out how to make a general programming language reversible, the interplay between re- versibility and many common language features has still to be understood. In particular, none of the reversible calculi in the literature features tuple-based communication: they all consider channel-based communication. This paper studies reversibility in the context of µKLAIM [10], a formal language based on distributed tuple spaces derived from the coordination language KLAIM [8]. µKLAIM contrasts on two main points with all the languages whose causal-consistent reversible semantics has been studied in the literature. First, it features localities. Second, it uses tuple-based communication as the interaction paradigm, sup- ported by five primitives. Primitives out and in respectively insert tuples into and remove them from tuple spaces. Primi- tives eval, to execute a process on a possibly remote location, and newloc, creating a new location, support distribution. Finally, µKLAIM features the primitive read, which reads a tuple without consuming it. This last primitive allows con- current processes to access a shared resource while staying independent, thus undoing the actions of one of them has no impact on the others. This behavior, common when manip- ulating shared data structures, e.g. in software transactional memories, cannot be programmed using only in and out primitives, nor using channel-based communications, since the resulting causal structure would be different. In this paper, we first study uncontrolled reversibility (Section III), i.e. we define how a process executes forward or backward, but not when it is supposed to do so. This produces a clean algebraic setting, suitable to prove in a simple way properties of our reversibility mechanism. In particular, we show that reversible µKLAIM (RµKLAIM for short) is causally consistent (Theorem 1), and that its forward computations correspond to µKLAIM computations (Lemmas 2 and 3). However, uncontrolled reversibility is not suitable for programming error recovery activities. In fact, it does not provide a mechanism to trigger a backward computation in case of error: backward actions are always enabled. Even more, a RµKLAIM process may always diverge by doing and undoing the same action forever. To solve this problem, we build on top of RµKLAIM a lan- guage with controlled reversibility, CRµKLAIM (Section IV). CRµKLAIM computation normally proceeds forward, but the programmer may ask for a rollback using a dedicated roll op- erator. The roll operator undoes a given past action, and all its consequences, but it does not affect independent actions. The roll operator is based on the uncontrolled reversibility mech- anism, but it is much more suitable to exploit reversibility for programming actual reliable applications. We put CRµKLAIM at work on a practical example about franchising (Section V). Proofs of main results are collected in Appendix. From the practical perspective, we believe that the formal approach proposed in this paper is a further step towards the sound development of a real-world reversible language for programming distributed systems. Its main benefit with respect