Tecnologie per servizi web: WSDL, WSFL - PowerPoint PPT Presentation

About This Presentation
Title:

Tecnologie per servizi web: WSDL, WSFL

Description:

Roberto Bruni. Dipartimento di Informatica ... Roberto Bruni _at_ IMT Lucca. 23 March 2005. Models and Languages for. Coordination ... Butler, Carla Ferreira, ... – PowerPoint PPT presentation

Number of Views:156
Avg rating:3.0/5.0
Slides: 57
Provided by: RB2
Category:
Tags: wsdl | wsfl | bruni | carla | per | servizi | tecnologie | web

less

Transcript and Presenter's Notes

Title: Tecnologie per servizi web: WSDL, WSFL


1
Models and Languages for Coordination and
Orchestration IMT- Institutions Markets
Technologies - Alti Studi Lucca
Formal Languages for Flow Composition and
Compensation cCSP
Roberto Bruni Dipartimento di Informatica
Università di Pisa
2
Motivation
  • Key issues in business processes languages for WS
  • WS Composition, Orchestration, Choreography
  • WS Transactions
  • Interesting for both Academy and Industry
  • A plethora of ad hoc proposals for standard
  • poorly disciplined provision of "accessory"
    features
  • Design of business processes calls for
  • rigorous mathematical foundations
  • clean, elegant semantics
  • well-disciplined service composition principles
  • modular implementation

3
Flow Diagrams meet Process Description Languages
  • Many proposals to describe business processes
    unambiguously
  • XML-based
  • WSFL, XLANG, WSCI, BPEL4WS
  • Extensions of known mobile calculi
  • committed Join, ?t-calculus, web?-calculus
  • Flow-based
  • Compensating CSP (Butler, Hoare, Ferreira)
  • previously Structured Activity Compensation
    (StAC)
  • Sagas Calculus (Bruni, Melgratti, Montanari)

4
Long-Running Transactions (L-RT)
  • A L-RT is
  • an interactive component of a distributed system
    which must be executed as if it were a single
    atomic action
  • In principle (high-level abstraction)
  • it should not be interrupted or fail in the
    middle
  • and it must not be interleaved with other atomic
    actions of other concurrently executing
    components of the system
  • In practice (implementors viewpoint)
  • it is not easy to keep the illusion alive in
    (mobile, concurrent) distributed interactive
    systems!
  • external interactions may require undo of
    committed activities
  • because the transaction is interactive, familiar
    automatic techniques of check-pointing and
    rollback are no longer adequate / applicable
  • the illusion of atomicity for a LRT is achieved
    with the aid of compensation actions supplied by
    the programmer

5
Compensations
  • In long lasting negotiations partial agreements
    can be reached and locally committed by parties
  • to be compensated in case of failure
  • to be published / confirmed on success
  • Formal models are needed
  • to discover specification bugs
  • to reason rigorously
  • to run simulations
  • to ease verification

6
Compensations (Merriam-Webster OnLine)
  • To Compensate
  • to neutralize the effect of
  • to supply an equivalent to
  • to provide with means of counteracting variation
  • to offset an error, defect, or undesired effect
  • The most important fact
  • Compensations have a cost!

7
Compensations Examples I
  • A client buys books in an on-line bookstore
  • the bookstore debits client's account as the
    payment for the book order
  • the bookstore later realizes that one of the book
    in the client's order is out of print
  • to compensate the client for this problem,
  • the bookstore can credit the account with the
    amount wrongfully debited
  • and send a letter apologising for their mistake

8
Compensations Examples II
  • Late cancelling of hotel reservations can involve
    payment of fees
  • Failures on credit checks can cause the abort of
    parallel activities (which can be partially
    completed) e.g.
  • to unpackage the goods to be sent
  • to cancel the courier booking
  • Statements of politicians typically require an
    unbounded number of nested compensations

9
Sagas
  • Compensation is important when a system cannot
    control everything, such as when interaction with
    other agents (including humans) is involved
  • Garcia-Molina and Salem exploit the concept of
    compensation to define the notion of a saga
  • a saga partitions a L-RT into a sequence of
    several smaller sub-transactions, where each of
    the sub-transactions has an associated
    compensation
  • If one of the sub-transactions in the sequence
    aborts, the compensation associated with those
    committed sub-transactions is executed in the
    reverse order

10
Flow Composition
A2
A3
A1
A4
A5
11
Transactional Flows
A2
A3
A1
A4
A5
12
Compensation Activities
A2
A3
B2
B3
A1
A4
B1
B4
A5
B5
13
Compensation Flow
14
Nested Flow Diagrams
A2
A3
B2
B3
A1
A4
B1
B4
P
15
Approaches
  • Interaction based Composition, Conversational
    Patterns or Global Model
  • Services describe the ways they can be engaged in
    a larger process
  • Flow Composition or Hierarchical Patterns
  • Similar to workflow systems a process describes
    the flow of both control and data among WS

16
The Road to Compensating CSP
  • First use of process algebras for modeling
    compensations
  • StAC (Structured Activity Compensation)
  • by Michael Butler, Carla Ferreira et al.
  • poorly disciplined, several variants /
    improvements along the years
  • Compensating CSP
  • by Michael Butler, Carla Ferreira, Tony Hoare
  • robust formalization of compensable flow
    compositions
  • closer to the spirit of Process Algebras
  • few key primitives
  • inspired by BPEL
  • and to the independently developed saga calculus

17
Compensating CSP Ingredients
  • Alphabet of observable actions ?
  • ranged by A,B,...
  • Set of special events ? ?, !, ?
  • ranged by ?
  • ? disjoint from ?
  • Interactive processes
  • Standard processes
  • ranged by P,Q,...
  • Compensable processes
  • ranged by PP,QQ,...

18
Compensating CSP Syntax
  • Compensable processes
  • PP,QQ P Q
  • PP QQ
  • PP QQ
  • PP QQ
  • SKIPP
  • THROWW
  • YIELDD

Standard processes P,Q A PP
P Q P Q P
Q SKIP THROW
YIELD P ? Q
atomic action
transaction block
compensation pair
choice
sequential composition
parallel composition
normal termination
throw an interrupt
yield to an interrupt
interrupt handler
19
Compensating CSP Example
PackOrder i?Items ( PackItem(i)
UnpackItem(i) )
FulfillOrder BookCourier CancelCourier
PackOrder
CreditCheck ( Ok SKIPP
NotOk THROWW )
OrderTransaction ProcessOrder
ProcessOrder (AcceptOrder RestockOrder)
FulfillOrder
20
Compensating CSPSemantics
  • Denotational Trace Semantics
  • defined in a compositional style
  • each standard process is assigned a set of traces
  • traces are ranged over by p,q,...
  • they are ?-event-terminated sequences of actions
  • ex. ?A,B,??
  • each compensable process is assigned a set of
    trace-pairs (p,q) where
  • p is the forward trace
  • q is the corresponding compensation trace

21
Compensating CSPOrdinary Traces
  • All traces for standard processes have three
    possible shapes
  • ?A,B,??
  • trace leading to normal termination
  • ?A,B,!?
  • trace leading to interrupt throw
  • ?A,B,??
  • trace leading to interrupt yield
  • pq denotes the trace obtained by juxtaposition
  • ex. ?A? ?B,?? ?A,B,?? ?A,B? ???
  • Note
  • unlike trace semantics for CSP, prefix traces are
    not considered

22
Trace SemanticsAtomic Actions
For any A?? we define A trace ?A,?? (The
process performs a single atomic event and
terminates successfully)
23
Trace SemanticsSkip
SKIP trace ??? (SKIP immediately
terminates successfully)
24
Trace SemanticsThrow
THROW trace ?!? (THROW immediately raises
an interrupt)
25
Trace SemanticsYield
YIELD trace ??? , ??? (YIELD can either
yield to a raised interrupt or terminate)
26
Trace SemanticsChoice
For any standard processes P and Q P Q trace
P ? Q (The semantics for choice is the union of
the possible traces of P and Q)
27
Trace SemanticsSequential Composition
For any standard processes P and Q P Q trace
pq p?P ? q?Q where the sequential
operator is defined on traces by p??? q
pq p??? q p??? if ? ? ?
28
SECOND HOMEWORKProve or Disprove That
For any standard processes P,Q,R,S P(QR) trace
(PQ)(PR) (PQ)R trace (PR)(QR) (PQ)(RTH
ROW) trace PQ (PQ)R trace (PQ)R PSKIP
trace P SKIPP trace P PTHROW trace
THROW THROWP trace THROW YIELDYIELD trace
YIELD
29
Playful Digression10 Advanced Proof Methods I
  • Proof by obviousness
  • "The proof is so clear that it need not be
    mentioned."
  • Proof by lack of sufficient time
  • "Because of the time constraint, I leave the
    proof to you."
  • Proof by general agreement
  • "All in favor?. . . "
  • Proof by majority rule
  • Only to be used if general agreement is
    impossible
  • Proof by accident
  • "Hey, what have we here?!"

30
Playful Digression10 Advanced Proof Methods II
  • Proof by authority
  • "Well, Don Knuth says it's true, so it must be!"
  • Proof by intuition
  • "I just have this gut feeling. . ."
  • Proof by intimidation
  • "Don't be stupid of course it's true."
  • Proof by terror
  • When intimidation fails ...
  • Proof by deception
  • "Now everyone turn their backs. . ."

31
Trace SemanticsInterrupt Handler
For any standard processes P and Q P ? Q trace
p?q p?P ? q?Q where the interrupt handling
is defined on traces by p?!? ? q pq p??? ? q
p??? if ? ? !
32
Trace SemanticsUseful Laws for Interrupt
For any standard processes P,Q,R (P ? Q) ? R
trace P ? (Q ? R) SKIP ? P trace SKIP
YIELD ? P trace YIELD THROW ? P trace P
33
Compensating CSP A Limitation
  • Synchronous execution of observable actions is
    not supported (yet)
  • Concurrency modeled by interleaving
  • Processes running in parallel can synchronise
    only
  • on joint termination
  • or on joint interruption
  • The kind of synchronization is decided by just
    looking at the terminal events of parallel traces
  • it is convenient to define an operator for
    deriving the joint terminal event

34
Compensating CSP Joint Terminal Event
Let ?1 and ?2 be the terminal events of two
parallel traces Their joint terminal event ?1?2
is defined by
?1
?2
?1?2
( is commutative)
!
!
!
!
?
!
!
?
!
?
?
?
?
?
?
?
?
?
35
Trace SemanticsParallel Composition
For any standard processes P and Q P Q trace
r r?pq ? p?P ? q?Q where p??1? q??2?
r??1?2? r?int(p,q) int(p,??) int(??,p)
p int(?A?p,?B?q) ?A?r r?int(p,?B?q)
? ?B?r r?int(?A?p,q)
36
Trace SemanticsUseful Laws for Parallel
For any standard processes P,Q,R P Q trace Q
P (P Q) R trace P (Q R)
37
Under Which Circumstances?
P Q trace PQ QP THROW (YIELD P)
trace THROW PTHROW
38
Trace-Pair SemanticsCompensable Choice
For any compensable processes PP and QQ PP QQ
trace PP ? QQ (The semantics for choice is the
union of the possible traces of PP and QQ)
39
Trace-Pair SemanticsCompensable Parallel
For any compensable processes PP and QQ PP QQ
trace z z?xy ? x?PP ? y?QQ where (p,p')
(q,q') (r,r') r?pq ? r'?p'q'
40
Trace-Pair SemanticsCompensable Sequential
For any compensable processes PP and QQ PP QQ
trace xy x?PP ? y?QQ where (p???,p')
(q,q') (pq,q'q) (p???,p') (q,q') (p???,p')
if ? ? ?
41
Trace-Pair SemanticsCompensation Pair
For any standard processes P and Q P Q trace
pq p?P ? q?Q ? (???,???) where p???
q (p???,q) p??? q (p???,???) if ? ? ?
42
Trace-Pair SemanticsCompensable Basic Processes
SKIPP trace SKIP SKIP THROWW trace THROW
SKIP YIELDD trace YIELDD SKIP
43
Trace-Pair SemanticsTransaction Block
For any compensable process PP PP trace pp'
(p?!?,p')?PP ? p???
(p???,p')?PP
44
Trace-Pair SemanticsOther Useful Laws
For any composable processes PPQQ and for any
standard processes P,Q PP QQ trace QQ
PP (PP QQ) RR trace PP (QQ RR) (PP
QQ) RR trace PP (QQ RR) PP SKIPP trace
PP trace SKIPP PP THROWW PP trace
THROWW YIELDD (P Q) trace (P Q)
45
THIRD HOMEWORK
Evaluate the semantics of THROWW trace ???
YIELDD trace ??? A A' B B' trace
??? Prove that if P,P',Q,Q' terminate
successfully, neither raising nor yielding to
interrupts, then PP' QQ' THROWW
trace SKIP (PP') (QQ')
(PQ)(P'Q')
46
Is the Semantics Adequate?
  • Formal definitions can
  • lead to conceptual clarifications
  • make emerge submersed aspects
  • give insights for language design
  • The semantics we have seen
  • is compositional, simple and intuitive
  • models forward and backward flows
  • Is it the appropriate one?
  • Does it match our intuition?
  • Any other option available?

47
Semantics vs Intuition
  • Expectations
  • if no interrupt is raised a "maximal" forward
    flow should be executed
  • if an interrupt is raised,
  • all previously-completed activities are
    compensated
  • no consequent activities are executed within that
    transaction
  • if an interrupt is raised during the backward
    flow?
  • what else?
  • How can we reasonably conclude that the semantics
    is "correct"?

48
Some Ideas I
  • P? p??? p????P ? P
  • A successful trace is
  • either a forward trace with possibly many
    successful transactions
  • PP? p??? (p???,q)?PP
  • or a trace with possibly many successfully
    compensated transactions
  • PP? pq??? (p?!?,q???)?PP

49
Some Ideas II
  • Theory of "cancellation"
  • each (forward) A has a compensating (backward) A
  • AA is "essentially" SKIP
  • but AA is not SKIP
  • Theory of "independence"
  • independent actions can occur in either order
  • ex. parallel actions AB
  • independency, written ? ? ???, is symmetric
  • unlike cancelling
  • independency can be exploited to bring A and A
    closer

50
Some Ideas III
  • Abstract effect
  • A annihilates A
  • if we remove all such pairs from a trace, we are
    left with an abstract residual A(s)
  • it gives the meaningful actions performed
  • Take s?? and define recursively
  • A(s) A(pqr)
  • if s p?A?q?A?r and ?B?q. B ? A
  • A(s) s
  • otherwise

51
Example Cancellation
Assume A ? B, then A(?A, B, C, C, A, B,
??) A(?A, B, A, B, ??)
A(?A, A, ??)
A(? ? ?)
? ? ?
52
Adequacy Criterion I
  • When considering PP one would like that
  • for any p?PP?
  • if p is a forward trace, then A(p) p
  • if p is a compensated trace, then A(p) ? ? ?
  • this is equivalent to require that
  • ? p?PP? . A(p) p
  • ? p?PP? . A(p) ? ? ?
  • Is this assumption strong enough?
  • If we know that it holds for PP, what can we say
    about PP THROWW ?

53
Adequacy Criterion II
  • PP is called self-cancelling, written S(PP) if
  • ? (p???,p'??'?) ?PP . A(pp'??'?) ? ? ?
  • In other words,
  • we must guarantee that in any execution of PP,
    even partial ones, the installed compensation is
    able to cancel the actions executed so far
  • We can then prove interesting properties
  • ex. S(PP) implies A(PPTHROWW) trace SKIP
  • where A(.) is extended element-wise to set of
    traces

54
A Well-Behaving Fragment
  • We would like to characterize syntactically a
    fragment of compensable processes guaranteeing
    the self-cancelling property
  • it is easy to check that
  • S(SKIPP), S(THROWW) and S(YIELDD)
  • if S(PP) and S(QQ), then S(PPQQ)
  • if S(PP) and S(QQ), then S(PPQQ)
  • But what can we say about PPQQ ?
  • And what about PQ?

55
Restriction on Parallel
  • When trying to prove that
  • if S(PP) and S(QQ), then S(PPQQ)
  • a difficulty emerges due to interleaving
  • in the resulting traces A and A from PP are
    interleaved with actions from QQ
  • and vice versa
  • To prove the thesis we must assume that
  • A?B for all A in PP and B in QQ

56
Restriction on Compensation Pairs
  • PQ provides
  • nesting of compensations
  • programmable compensations
  • These features are indeed complex ones
  • their foundations are under investigation
  • A safe assumption is
  • allowing only AA in place of PQ
  • Then S(AA) trivially holds
Write a Comment
User Comments (0)
About PowerShow.com