1 formal languages for flow composition and compensation: sagas roberto bruni dipartimento di...

1

Formal Languages for Flow Composition and Compensation: Sagas

Roberto BruniDipartimento di Informatica Università di Pisa

Models and Languages for Coordination and Orchestration

IMT- Institutions Markets Technologies - Alti Studi Lucca

2

Roberto Bruni @ IMT Lucca 12 April 2005


InstitutionsMarketsTechnologies

IMT

cCSP and Sagas Independently from cCSP a similar

calculus has been devised in Pisa inspired by sagas (rather than BPEL4WS) different compensation policies for parallel

processes any action can succeed or fail

THROW and YIELD are not explicit in the language

big-step SOS semantics

3




IMT

Outline Sequential Sagas

Graphical representation Syntax Big Step Semantics Adequacy results

Parallel Sagas Nested Sagas Additional features Comparison with cCSP Implementation issues

4




IMT

Sequential Sagas: Syntax

Accept OrderRefuse Order

Update CreditRefund Money

Prepare OrderUpdate Stock

S = { AO%RO ; UC%RM ; PO%US }

(Step) X ::= 0 | A | A%B(Process) P ::= X | P;P(Saga) S ::= { P }

5




IMT

Sequential Sagas: Semantics Preliminaries I

Syntactic sugar inert compensations are immaterial

A A%0 sequential composition is associative

( P;Q ) ; R P ; ( Q;R ) 0 is the identity for sequential

composition 0;P P;0 P

6




IMT

Sequential Sagas: Semantics Preliminaries II

An activity A either commits (A ) aborts (A )

= {A1 ,…, An }

7




IMT

Sequential Sagas: SemanticsPreliminaries III

A saga S = { P } under either commits ( ) aborts ( ) fails ( )

is the observable flow

S

S

S

*

8




IMT

A process P under either commits ( ) aborts ( ) fails ( )

aborts = successfully compensated ß, ß’ are the installed compensations

Sequential Sagas: Semantics

<P,ß> < ,ß’>

<P,ß> < , 0>

<P,ß> < , 0>

*

9




IMT


(f-cmp)A , <A%B,ß> < , 0>

<ß,0> < , 0>

*

(saga) <P,0> < , ß>

{P}

<0,ß> < , ß>

0(zero)

A , <A%B, ß> < , B;ß>

A(s-act)

(s-cmp)A , <A%B,ß> < , 0>

<ß,0> < , 0>

10




IMT


(a-step’) <P;Q,ß> < ,0>

<P,ß> < , 0>

(a-step’’) <P,ß> < , 0>

<P;Q,ß> < ,0>

*

*

(s-step) <Q,ß’’> < ,ß’>

’ <P,ß> < ,ß’’>

<P;Q, ß> < ,ß’>

;’

11




IMT

Sequential Sagas: Adequacy

S

and = A1;…;An

A1 Aj Ak An

S

and = A1;…;Ak-1;Bk-1;…;B1

A1 Aj Ak An

BjB1

S

and = A1;…;Ak-1;Bk-1;…;Bj+1

A1 Aj Ak An

BjB1

*

12




IMT

Parallel Sagas: Syntax

S = { AO%RO ; UC%RM | PO%US }

(Step) X ::= 0 | A | A%B(Process) P ::= X | P;P | P|P(Saga) S ::= { P }




13




IMT

Parallel Sagas: NaïvelyB1 Bj Bn

C1 Ck Cm

A1 A2

B’1 B’j

A’1

C’1 C’k C’m

A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;…;Cm;C’m;…;C’1);A’1

14




IMT

Parallel Sagas: Revised

A1;(B1;…;Bj-1;B’j-1;…;B’1 | 0);A’1

A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;C’1);A’1

…

A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;…;Cm;C’m;…;C’1);A’1

B1 Bj Bn

C1 Ck Cm

A1 A2

B’1 B’j

A’1

C’1 C’k C’m

15




IMT

Digression:Parallel Sagas in cCSP

A1; B1;…;Bj-1;B’j-1;…;B’1 ;A’1

A1; ((B1;…;Bj-1)|C1) ; ((B’j-1;…;B’1)|C’1) ;A’1

…

A1; ((B1;…;Bj-1)|(C1;…;Cm)) ; ((B’j-1;…;B’1)|(C’m;…;C’1)) ;A’1

B1 Bj Bn

C1 Ck Cm

A1 A2

B’1 B’j

A’1

C’1 C’k C’m

16




IMT

Sequential Sagas: Semantics Preliminaries I

Syntactic sugar parallel composition is AC1

A A%0 ( P;Q ) ; R P ; ( Q;R ) 0;P P;0 P ( P|Q ) | R P | ( Q|R ) P | 0 P P | Q Q | P

17




IMT

<P,ß> < , 0>

A process P under either commits ( ) aborts ( ) fails ( ) is forced to abort ( ) is forced to fail ( )

is the observable concurrent flow

<P,ß> < , 0>

<P,ß> < , 0>

<P,ß> < , 0>

Parallel Sagas: SemanticsPreliminaries II

<P,ß> < ,ß’>

*

*

18




IMT

Parallel Sagas: Semantics I

(saga)

(forced-abt’) <P,ß> < ,0>

<ß, 0> < , 0>

(forced-abt’’) <P,ß> < ,0>

<ß, 0> < , 0>

*

{ , , } * <P,0> <, ß>

{P}

19




IMT

<P,0> < ,ß’>

Parallel Sagas: SemanticsII

(s-par) <Q,0> < ,ß’’>

’

<P|Q, ß> < ,ß’|ß’’; ß>

|’

20




IMT

Parallel Sagas: SemanticsIII

<Q,0> <2,0>

’ <P,0> <1,0>

<P|Q, ß> < 1 2 , 0>

|’;

(c-par’)

<ß,0> < ,0>

1, 2 { , }

*

*

* *

***** * *

21




IMT

Parallel Sagas: SemanticsIV

(c-par’’)

*

*

* *

***** * *

<Q,0> <2,0>

’ <P,0> <1,0>

<P|Q, ß> < 1 2 , 0>

|’;

<ß,0> < ,0>

1, 2 { , }

*

22




IMT

Parallel Sagas: SemanticsV

<Q,0> <2 ,0>

’ <P,0> <1,0>

<P|Q, ß> < 1 2 , 0>

|’

(f-par)

1 { , }

2 { , , , }

**

**

*

*

* *

***** * *

23




IMT

Parallel Sagas: Adequacy ICompletion

24




IMT

Parallel Sagas: Adequacy IISuccessful Compensation

25




IMT

Parallel Sagas: Adequacy III

Failed Compensation

26




IMT

Nested Sagas: Graphically




Add Points

Subtract Points

27




IMT

Nested Sagas: Syntax

(Step) X ::= 0 | A | A%B | S (Process) P ::= X | P;P | P|P(Saga) S ::= { P }

28




IMT

Nested Sagas: Syntax

S { AO%RO ; UC%RM | PO%US | {AP%SP} }




Add Points

Subtract Points

29




IMT

Nested Sagas: Semantics I(sub-cmt) <P,0> < , ß’>

<{P},ß> < , ß’;ß>

(sub-abt) <P,0> < , 0>

<{P},ß> < , ß>

(sub-fail) <P,0> < , 0>

<{P},ß> < , 0>

ß’ acts as default compensation

*

*

30




IMT

Nested Sagas: SemanticsII

(sub-forced-1)

(sub-forced-2’)

<P,0> < , 0>

*

<{P},ß> < , 0> *

(sub-forced-2’’)

{ , } *

<ß,0> <,0>

<P,0> < ,0>

<{P}, ß> < ,0>

;*

<ß,0> < ,0>

<P,0> < ,0>

<{P}, ß> < ,0>

;

31




IMT

Nested Sagas: Adequacy ICompletion

32




IMT

Nested Sagas: AdequacyII

Successful Compensation

33




IMT

Failed Compensation

Nested Sagas: AdequacyIII

34




IMT

Additional Features Exception handling try S with P

Used to catch crashes during backward computation Forward recovery strategies try S or P

Can be used to retry or to improve activities P is tried when S aborts and is successfully compensated

Fully programmable compensations S%P More expressive than default compensation (sub-cmt)

Choices: Discriminator PQ Choices: Internal PQ Data dependencies AB

Valid executions must satisfy dependency constraints

35




IMT

Sagas vs cCSP I Executions of activities

always successful in cCSP dependent on the context in Sagas

Failures raised by primitive THROW in cCSP raised by activities that fail in in Sagas

Yielding to interrupt both explicit and implicit in cCSP only implicit in Sagas

36




IMT

Sagas vs cCSP II Abnormal termination

successful compensation and abnormal termination of a transaction block are silent to parent processes in cCSP

but not in Sagas where e.g. try S or P can be introduced

Adequacy results via self-cancelling in cCSP

simple and intuitive but imprecise via complex adequacy theorems in Sagas

more precise but less intuitive, can give more insights

37




IMT

Sagas vs cCSP III Trace models

interleaving in cCSP (centralized) concurrent in Sagas (more distributed)

Compensation policy of parallel processes coordinated interruption in cCSP no interruption but distributed

compensation in Sagas naive distributed interruption in Sagas revised

38




IMT

More on Compensation Policies for Parallel Processes

The difference can be nicely illustrated in terms of semantic equivalence [ A % A° | B % B° | THROWW ] =traces

1. (A|B) ; (A°|B°)2. (A;A°) | (B;B°)3. SKIP + (A;A°) + (B;B°) + (A|B);(A°|B°)4. SKIP + (A;A°) + (B;B°) + (A;A°)|(B;B°)

cCSP

revised Sagas

naive Sagas

1 2

3 4

39




IMT

Implementation Methodology

GOAL: Automatic generation of the “coordination code” from a description of a composed WS design as

well-formed flow diagrams or as processes in a suitable language

automatic generation of coordination wrappers

for invoking involved services in a sound way for managing commitments and compensations

40




IMT

Java Transactional Web Services (JTWS) Java Signal Core Layer (JSCL) Java Transactional Layer (JTL)

JTWS Approach

41




IMT

JTWS and JSCL JTWS tailored to long running transactions

JTWS is based on signal exchanges, publish/subscribe, event notification

JSCL gives a minimal set of functionalities for creation/dismissal of new signal types

signal emitters / handlers as services describing connections between components

asynchronous / synchronous typed, peer-to-peer, unidirectional

broadcast and bidirectional just requires additional links management of flow sessions

42




IMT

JTL Specialized kind of JTWS component

API for (paradigms of) connectors only a minimal subset of signals is

considered three signals can encode compensable

transactions onInvoke onRollBack onCommit

43




IMT

JTL Transactional Component

WS1

iRb

In

iCt

Out

oRb

oCt

WS2

WS1 % WS2

links are dynamicallyestablished depending on the internal state

44




IMT

JTL Sequence

In Out

iRb

iCt

oRb

oCt

JTL1 ; JTL2

45




IMT

Some Concluding Remarks cCSP and Sagas

abstract away from low-level computations can be easily extended independent from the coordination

mechanisms that implement the primitives Allow to reason about program

properties adequacy process equivalence correctness of implementation

46




IMT

References A trace semantics for long-running transactions

(Proc. 25 Years of CSP) M. Butler, C. Ferreira, T. Hoare

Theoretical foundations for compensations in flow composition languages (Proc. POPL'05)

R. Bruni, H. Melgratti, U. Montanari Models and languages for global computing

transactions (PhD Thesis, Univ. of Pisa, 2005) H. Melgratti

Composizionalità di transazioni e Web Services nell'ambito della telefonia mobile (MSc Thesis 2005)

D. Strollo

1 formal languages for flow composition and compensation: sagas roberto bruni dipartimento di...

Documents

imt lucca

orchestration sequential

sstep slide

orchestration ccsp

sequential composition

formal languages

pisa models

p p0 p slide