Dependable Composition of Web Services and Process Calculi

Manuel MazzaraNewcastle University

1. Process Calculi and their Equivalences reconfigurability in the pi-calculus equivalences/bisimulation

2. Dependable Composition of WS WS and standards BPEL composition Recovery

3. Process calculi and BPEL unification of Recovery Framework

Agenda

Process Calculi and their Equivalences

Language syntax semantics pragmatics

Interaction message passing mobility reconfigurability

What is a “process calculus”?

Messages can include channel names (pi-calculus) Sending an address expecting a reply to that address

output capability (MS Biztalk)a received name will be used as the subject of outputs only

input capability (π-calculus) a received name will be used as the subject of inputs

Reconfigurability

Functions identical outputs for identical inputs

What about interactive programs?bisimulation programs exhibiting the same behaviour

Equivalences

Web Services vs. BEV Services

50p

Push “tea”

Serve teaPush “coffee”

50p

Serve coffee

50p

Push “tea”

Serve teaPush “coffee”

50p

Serve coffee

50p

IMPLEMENTATIONSPECIFICATION

Milner’s CCS famous example

These two BEV services accept the same message-sequences

50p.tea tea50p.50p.coffe coffee

Are they the same?message-sequences can be inadequate

Essence of bisimulation attention to possibilities still available at each state

Message-sequences

50p

Push “tea”

Serve teaPush “coffee”

50p

Serve coffee

SPECIFICATION

50p

Push “tea”

Serve teaPush “coffee”

50p

Serve coffee

50p

IMPLEMENTATION

Look at this state

This state in the specification has two possibilities:50p

“tea”

There is no matching state in the implementation

The implementation fails bisimulation

What is wrong?

A new implementation

50p

Push “tea”

Serve teaPush “coffee”

50p

Serve coffee

SPECIFICATION

50p

50p

private dialog with Illy, Lavazza, Segafredo, Breda

NEW IMPLEMENTATION

Push “tea”

Serve teaPush “coffee”

Serve coffee

Engagement in a private dialog with providers

at the end it still emits the coffee

Internal states

same external possibilities of the specification

Now it is fine!

Dependable Composition of Web Services

WS Background

BPEL for WS Composition

XML (workflow) “programming language”

Standard (11 April

2007)

A process consists of a set of (nested) activities

Basic activityreceive and send messagesassign values to variables

composition is stateful signal faults

Structured activitiessequential, parallelconditional looping

BPEL Activities

SOAP is employed as an XML messaging protocolSOAP is not compulsory in SOA anywaymessage level

WS-Reliability (OASIS)dependability added to the unreliable Internet channel of

communication

WS-Security (OASIS)specifies mechanisms to provide integrity and confidentiality

of SOAP messages

Dependability in WS (standards)

Fault Forecasting

Fault Tolerance

Fault Removal

Fault Prevention

Dependable Composition

not standardised

At the level of single At the level of single services by domain-services by domain-specific techniquesspecific techniques

Oracle BPEL process Oracle BPEL process manager/Biztalk… manager/Biztalk… provide no supportprovide no support

Contracts Contracts conformanceconformanceDeadlock Safety…Deadlock Safety…

stochastic stochastic Petri nets?Petri nets?

recoveryrecovery

Recovery in WS

ACIDity is not possible when transactions last long periods and cross administrative domains

atomicity has to be relaxed isolation has to be relaxed

no “perfect” roll-back explicit compensation

WS-BPEL: scopeBasic Units Basic Units

of Workof Work

WS-BPEL: fault handlerFailuresFailuresManagementManagement

WS-BPEL: compensationPartialPartialRoll-backRoll-back

BPEL Recovery Framework (1)

Fault Handler (FH) forwards error recovery reacts to events occurring during the normal execution catch blocks for explicitly thrown faults

generally returned by an invoke activity possibly thrown from inside the process itself

scopes are abnormally terminated when FH is invoked

Compensation Handler (CH) backwards error recovery installed when the body successfully terminates application-specific rollback

get back to a state where execution can continue available for another activity requiring an undo

BPEL Recovery Framework (2)

Process Calculi and BPEL

Formal Methods?

BPEL process

?

BPEL process ?

≈

Bisimulation

?

The Unifying Theory

Two ways to interact:

Event raisingAsynchronous message passing

Reduction Semantics

Understanding of the OS ACTIVE BPEL semantics It “should” implement the standard BPEL

Definition of the BPEL encoding

BPEL Encoding

Description of how the BPEL activites can be represented in the calculus

Use of the continuation passing style technique

BPEL Encoding (only basic activities)

Work UnitBasic Units Basic Units

of Workof Work

Event HandlerFailuresFailuresManagementManagement

Event HandlerPartialPartialRoll-backRoll-back

Unified Recovery Framework

BPEL process

π process

BPEL process π process

≈

Use of Bisimulation

Semantics only for a subset of the BPEL activitiesEncoding hardly readableTimed theory not fully developed (timed transactions)Explosion of states when encoding examples due to

signaling of the end of each activity

Efficient Analysis of BPEL 2.0 Processes Using pi-Calculus

Weidlich, M.; Decker, G.; Weske, M.

Some feedback about this work

Contacts

Manuel.Mazzara@newcastle.ac.ukManuel.Mazzara@newcastle.ac.uk

www.cs.ncl.ac.uk/people/manuel.mazzarawww.cs.ncl.ac.uk/people/manuel.mazzara          +44-(0)-191-222-5154+44-(0)-191-222-5154               

www.linkedin.com/in/manuelmazzarawww.linkedin.com/in/manuelmazzara