Comparing%20Two%20Approaches%20to%20%20Compensable%20Flow%20Composition

1
Comparing Two Approaches to Compensable Flow
Composition
Roberto Bruni - Dipartimento di Informatica,
Università di Pisa
joint work with Michael Butler Carla
Ferreira Tony Hoare Hernán Melgratti Ugo Montanari
CONCUR 2005, San Francisco (CA) USA, 23-26 August
2005
2
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

3
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

4
Technological Scenario

• WS composition is an emerging paradigm for
  application integration within and across
  organization boundaries
• WS is primarily an integration technology and it
  must bridge the gap between technologists and
  business people
• each WS handles a specific task designed and
  built by technical people
• like a whole car engine, car frame, transmission
• tasks are combined by business people to solve
  business level problems
• like assembling the engine, the frame and the
  transmission without having to look at the many
  pieces within them
• Business collaborations can require long-running
  interactions
• a key issue in business processes languages
• Design of such business processes calls for
• graphical presentation
• rigorous mathematical foundations
• well-disciplined service composition principles
• modular implementation

5
Long-Running Transactions and Compensations

• When the transaction is long lasting and
  interactive, familiar automatic techniques of
  locking, check-pointing and rollback are not
  always adequate
• partial agreements can be reached and locally
  committed by parties
• to be confirmed on success
• to be compensated in case of failure
• to Compensate (Merriam-Webster OnLine)
• to neutralize the effect of - to supply an
  equivalent to - to provide with means of
  counteracting variation - to offset an error,
  defect, or undesired effect
• compensation is not rollback

6
Compensations Examples

• A client buys books in an on-line bookstore
• the bookstore debits client's account as the
  payment for the order
• the bookstore later realizes that one of the book
  in the client's order is out of print. To
  compensate the client for this problem
• the bookstore can credit back the account with
  the amount wrongfully debited and send an
  apologise letter
• Failures on credit checks can cause the abort of
  parallel activities, e.g.
• to unpackage the goods to be sent and to cancel
  the courier booking
• Late cancelling of hotel reservations can involve
  fees
• The most important fact Compensations have a
  cost!

7
Contribution

• Take two recent formalizations
• Discover the analogies / differences on their
  core fragment
• (hence the current title of the paper)
• Show that each presentation style can recover the
  semantics of the other formalization...
• (hence the original title Reconciling Two
  Approaches to Compensable Flow Composition)
• ...but they are not quite the same
• From the comparison Four Different Policies for
  Handling Compensable Concurrent Processes emerged
  (yet another possible title...)
• three already formalised a new one
• the four semantics form a partial order

8
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

9
A Coarse-Grain (Partial) View

• Two main approaches
• Interaction based Composition or Conversational
  Patterns
• services describe the ways they can be engaged in
  larger processes
• separately designed services interact to reach
  their goals

• Two main approaches
• Flow Composition or Hierarchical Patterns
• a process describes the control and data flows
  among WS
• a flow engine invokes the services according to
  the application logic

• A landscape of languages and techniques has
  emerged
• WSFL, BPML, WSCI, XLANG, BPEL4WS, BTP, WS-AT,
  WS-BP, ...
• continuously enriched with new proposals from
  different vendor coalitions
• a babel of ad hoc proposals for standard
• poorly disciplined provision of "accessory"
  features
• informal (textual) description of "behaviour"

• Formal models are needed
• to reason rigorously
• to find specification bugs
• to run simulations
• to ease verification

10
Orchestration Choreography

• Orchestration
• is about describing and executing a single view
  point model
• executable framework
• Choreography
• is about describing and guiding a global model
  (control is shared between domains that are
  responsible for their tasks)
• abstract discipline
• The entirely deliberate analogy is with
• the way in which skilled musicians and dancers
  co-ordinate their actions while carrying out
  predetermined instructions
• But the distinction can blur in many occasions

On Demand
11
Focus on Compensable Flows

• Independently developed
• Robust formalizations of compensable flow
  compositions with few key primitives
• more abstract than StAC and closer to the spirit
  of Process Algebras

Structured Activity Compensation (StAC)
too many similar constructs semantics not
entirely satisfactory several variants /
improvements
Butler, Ferreira, et al.
12
Flow Composition
A2
A3
A1
A4
A5
A1 ( (A2 A3) A5 ) A4
13
Transactional Flows
A2
A3
A1
A4
A5
A1 ( (A2 A3) A5 ) A4
14
Compensation Pairs
A2
A3
B2
B3
A1
A4
B1
B4
A5
B5
A1 B1 ( (A2 B2 A3 B3) A5 B5 )
A4 B4
15
Compensation Flow
A2
A3
B2
B3
A1
A4
B1
B4
A5
B5
A1 B1 ( (A2 B2 A3 B3) A5 B5 )
A4 B4
Note compensations are to be executed in reverse
order
forward flow
backward flow
16
cCSP Syntax

• Compensable processes
• PP,QQ P Q
• PP QQ
• PP QQ
• PP QQ
• SKIPP
• THROWW
• YIELDD

Standard processes P,Q A PP
P Q P Q P
Q SKIP THROW
YIELD P ? Q
(??) atomic action
transaction block
compensation pair
choice
sequential composition
parallel composition
normal termination
throw an interrupt
yield to an interrupt
interrupt handler
17
A Running Example
18
A Running Example
19
cCSP Running Example
PackOrder i?Items ( PackItem(i)
UnpackItem(i) )
FulfillOrder BookCourier CancelCourier
PackOrder
CreditCheck ( SKIPP
THROWW )
OrderTransaction ProcessOrder
ProcessOrder (AcceptOrder RestockOrder)
FulfillOrder
20
cCSP Denotational Trace Semantics

• each P is assigned a set of traces
• set of special events ? ? ? ?, !, ?
  (disjoint from ?)
• traces p,q,... are ?-event-terminated sequences
  of actions in ?. Three possible shapes
• ?A,B,...,?? trace leading to normal termination
• ?A,B,...,!? trace leading to interrupt throw
• ?A,B,...,?? trace leading to interrupt yield
• pq denotes concatenation
• Note unlike CSP, prefix traces are not
  considered
• each PP is assigned a set of trace-pairs (p,q)
  where
• p is the forward trace
• q is the corresponding compensation trace

21
cCSP Semantics Basic Processes Sequential Cmp
A trace ?A,?? performs an atomic event and
ends ok SKIP trace ??? terminates
successfully THROW trace ?!? raises an
interrupt YIELD trace ??? , ??? either
yields to an interrupt or ends ok P Q trace
pq p?P ? q?Q where p??? q pq p??? q
p??? if ? ? ?
22
cCSP SemanticsParallel Composition

• Processes running in parallel synchronise
• on joint termination
• or on joint interruption

P Q trace r r?pq ? p?P ? q?Q
where p??1? q??2? r??1?2? r?int(p,q)

int(p,??) int(??,p) p int(?A?p,?B?q)
?A?r r?int(p,?B?q) ?
?B?r r?int(?A?p,q)
23
cCSP Semantics Transaction Block and
Compensation Pairs
PP trace p??? (p???,p')?PP ?
pp' (p?!?,p')?PP P Q trace pq p?P
? q?Q ? (???,???) where p??? q
(p???,q) p??? q (p???,???) if ? ? ? SKIPP
trace SKIP SKIP THROWW trace THROW
SKIP YIELDD trace YIELDD SKIP
24
cCSP Semantics Compensable Sequential and
Parallel
PP QQ trace xy x?PP ? y?QQ where
(p???,p') (q,q') (pq,q'p') (p???,p')
(q,q') (p???,p') if ? ? ? PP QQ trace z
z?xy ? x?PP ? y?QQ where (p,p') (q,q')
(r,r') r?pq ? r'?p'q'
25
cCSP Core Fragment

• Compensable processes
• PP,QQ A B
• PP QQ
• PP QQ
• PP QQ
• SKIPP
• THROWW
• YIELDD

Standard processes P,Q A PP
P Q P Q P
Q SKIP THROW
YIELD P ? Q
atomic action
transaction block
compensation pair
choice
sequential composition
parallel composition
normal termination
throw an interrupt
yield to an interrupt
interrupt handler
26
Sagas Core Fragment

• Processes
• P,Q 0
• A B
• P?Q
• P?Q
• P Q
• P Q
• S
• try S with P
• try S or P
• S P

nil
compensation pair

• Any action can succeed or fail
• THROW and YIELD are not explicit in the language
• big-step SOS semantics
• two different compensation policies devised for
  parallel processes

internal choice
discriminator
sequential composition
parallel composition
nesting
interrupt handler
Sagas S,T P
forward recovery
transaction block
programmable compensation
27
Naive Sagas SOS Semantics

• An activity A either
• commits (A ? )
• aborts (A ? )

28
Revised Sagas SOS Semantics

• An activity A either
• commits (A ? )
• aborts (A ? )

• A process P in ? either
• commits (
  )
• aborts (
  ) forced abort
• fails (
  ) forced fail
• ß, ß are installed compensations

?
? ltP,ßgt ?? lt ,ßgt
?
?
? ltP,ßgt ?? lt ,ßgt
?
?
? ltP,ßgt ?? lt ,ßgt
?

29
Sagas Running Example
PackOrder i?Items ( PackItem(i)
UnpackItem(i) )
FulfillOrder BookCourier CancelCourier
PackOrder
CreditCheck ( SKIPP
THROWW )
OrderTransaction ProcessOrder
ProcessOrder (AcceptOrder RestockOrder)
FulfillOrder
30
(Sequential) Sagas Semantics
?
0
? ltP,0gt ?? lt , ßgt
?
? lt0,ßgt ?? lt , ßgt
(zero)
(saga)
?
?
? P ??
?
?
On Demand
31
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

32
Sagas vs cCSP I

• Trace models
• interleaving in cCSP (centralized flavour)
• concurrent in Sagas (distributed flavour)
• Executions of activities
• always successful in cCSP
• dependent on the context ? in Sagas
• Failures
• raised by primitive THROW in cCSP
• raised by activities that fail in ? in Sagas
• Yielding to interrupt
• both explicit and implicit in cCSP
• only implicit in Sagas

33
Sagas vs cCSP II

• Abnormal termination
• successful compensation and abnormal termination
  of a transaction block are silent to parent
  processes in cCSP
• but not in Sagas
• where e.g. try S or P can be introduced
• Adequacy results
• via self-cancelling in cCSP
• simple and intuitive but imprecise
• via complex adequacy theorems in Sagas
• more precise but less intuitive
• Compensation policy of parallel processes
• coordinated interruption in cCSP
• no interruption but distributed compensation in
  Sagas naive
• distributed interruption in Sagas revised

34
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

35
Encoding cCSPseq and Sagasseq

• Each cCSPseq process defines
• a Sagasseq process
• a particular scenario of execution ?
• _ cCSPseq ? Sagasseq ? ?
• Each Sagasseq process defines
• a set of cCSPseq processes PP
• one for each particular scenario of execution ?
• _ _ Sagasseq ? ? ? cCSPseq

36
Correspondence

• Let PP ? P , ? ?
• If , then ??? traces PP
• where ??? is obtained by removing all subscripts
  from the activities in ?
• Let P ? PP
• If , then ??? traces PP
• Remark ? is uniquely determined

?
? P ??
?
?
? P ??
?
37
Encoding cCSPseq in Sagasseq

• A subtlety all activities must have different
  names
• An auxiliary function is used to rename
  activities in PP
• _ _ cCSPseq ? N? Sagasseq ? ?
• PP PP 0
• AB s ? AsBs , As ? , Bs ? ?
• SKIPP s ? 0 , ? ?
• YIELDD s ? 0 , ? ?
• THROWW s ? Ts , Ts ? ?
• PP1PP2 s ? P1P2 , ?1 ? ?2 ?
• where PPi s.i ? Pi , ?i ?

On Demand
38
Encoding Sagasseq in cCSPseq

• 0 ? SKIPP
• A A ? ,? A
• A A ? ,? THROWW
• AB A ? , B ? ,? AB
• AB A ? , ? THROWW
• P1P2 ? P1 ? P2 ?
• Note The encoding for compensation pairs is
  defined only if B commits, because THROW is not
  allowed as compensation

On Demand
39
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

40
Expected Encoding

• PP1PP2 s ? P1P2 , ?1 ? ?2 ?
• where PPi s.i ? Pi , ?i ?
• P1P2 ? P1 ? P2 ?
• Unfortunately the semantic correspondence does
  not work properly in this case!

41
Coordinated Interruption

• The difference can be nicely illustrated in terms
  of semantic equivalence
• A A B B THROWW traces
• (AB) (AB)
• (AA) (BB)
• SKIP ? (AA) ? (BB) ? (AB)(AB)
• SKIP ? (AA) ? (BB) ? (AA)(BB)

naive Sagas
cCSP
revised Sagas
Processes can be stopped when siblings abort, but
their compensations is activated only when all
are stopped
42
Parallel Sagas in cCSP
B1
Bj
Bn
B1
Bj
A1
A2
A1
C1
Ck
Cm
C1
Ck
Cm
A1 B1Bj-1Bj-1B1 A1
A1 ((B1Bj-1)C1) ((Bj-1B1)C1) A1

A1 ((B1Bj-1)(C1Cm)) ((Bj-1B1)(Cm
C1)) A1
43
No Interruption and Distributed Compensation

• The difference can be nicely illustrated in terms
  of semantic equivalence
• A A B B THROWW traces
• (AB) (AB)
• (AA) (BB)
• SKIP ? (AA) ? (BB) ? (AB)(AB)
• SKIP ? (AA) ? (BB) ? (AA)(BB)

naive Sagas
cCSP
revised Sagas
Processes execute until completion, then they
can compensate, without waiting for the
completion of their siblings
44
Parallel Sagas Naïvely
B1
Bj
Bn
B1
Bj
A1
A2
A1
C1
Ck
Cm
C1
Ck
Cm
A1(B1Bj-1Bj-1B1 C1CmCmC1)A1
45
Distributed Interruption

• The difference can be nicely illustrated in terms
  of semantic equivalence
• A A B B THROWW traces
• (AB) (AB)
• (AA) (BB)
• SKIP ? (AA) ? (BB) ? (AB)(AB)
• SKIP ? (AA) ? (BB) ? (AA)(BB)

naive Sagas
cCSP
revised Sagas
Processes can be interrupted and their
compensations can be activated without waiting
for the completion of their siblings
46
Parallel Sagas Revised
B1
Bj
Bn
B1
Bj
A1
A2
A1
C1
Ck
Cm
C1
Ck
Cm
A1(B1Bj-1Bj-1B1 0)A1
A1(B1Bj-1Bj-1B1 C1C1)A1

A1(B1Bj-1Bj-1B1 C1CmCmC1)A1
47
No Interruption and Centralised Compensation

• The difference can be nicely illustrated in terms
  of semantic equivalence
• A A B B THROWW traces
• (AB) (AB)
• (AA) (BB)
• SKIP ? (AA) ? (BB) ? (AB)(AB)
• SKIP ? (AA) ? (BB) ? (AA)(BB)

NEW!
naive Sagas
cCSP
revised Sagas
Processes execute until completion, then they are
all compensated if some abort
48
Relating Emerged Policies
naive Sagas
NEW!
?
Sagaspar1 / cCSPpar1
Sagaspar2 / cCSPpar2
?
?
?
Sagaspar3 / cCSPpar3
Sagaspar4 / cCSPpar4
cCSP
revised Sagas
49
cCSPpari, Sagaspari and Correspondence

• cCSPpar1 no yielding
• cCSPpar2 only parallel yielding
• cCSPpar4 also parallel yielding
• Sagaspar1
• only three outcomes of Sagaspar2 (commit, abort,
  fail)
• different set of SOS rules
• Sagaspar3
• outcomes of Sagaspar1 plus "forced termination"
• rules of Sagaspar1 plus an additional one
• Correspondence
• par1 correspondence as for the sequential case
• par2, par3, par4 slightly rephrased (no unique ?)

On Demand
50
cCSPpar1 No Yielding
A B trace pq p?A ? q?B ? (???,???)
trace (?A,??,?B,??) ? (???,???)
YIELDD trace SKIPP trace (???,???) ,
(???,???) THROWW trace (?!?,???) ,
(???,???) p??1? q??2? r??1?2?
r?int(p,q) ? ?1,?2 ??,!
On Demand
51
cCSPpar2 Only Parallel Yielding
A B trace pq p?A ? q?B ? (???,???)
trace (?A,??,?B,??) ? (???,???)
YIELDD trace SKIPP trace (???,???) ,
(???,???) THROWW trace (?!?,???) ,
(???,???) (p???,p')(q???,q') (r???,
???) r????pp'qq' ?
(r???,r'???) r?int(p,q) ? r'??? int(p',q')
(p??1?,p')(q??2?,q') (r??1?2?,???)
r????pp'qq' (p,p') (q,q') (r,r')
r?pq ? r'?p'q'
On Demand
52
cCSPpar4 Also Parallel Yielding
(p???,p')(q???,q') (r???, ???)
r????pp'qq' ?
(r???,r'???) r?int(p,q) ? r'??? int(p',q')
(p??1?,p')(q??2?,q') (r??1?2?,???)
r????pp'qq' (p,p') (q,q') (r,r')
r?pq ? r'?p'q'
On Demand
53
Roadmap

• Introduction
• Background
• cCSP
• Sagas
• Informal Discussion
• Sequential Sagas
• Parallel Sagas
• Concluding Remarks Future Work

54
Some Concluding Remarks

• cCSP and Sagas
• abstract away from low-level computations
• can be easily extended
• independent from the coordination mechanisms that
  implement the primitives
• Allow to reason about program properties
• adequacy
• process equivalence
• correctness of implementation
• Our research has been valuable in deepening our
  understanding of the phenomenon of compensable
  parallel transactions and the range of available
  design options

55
Implementation Issues JSaga

• Design as well-formed flow diagrams or
• as processes in a suitable language or
• as corresponding (validated) XML document
• Automatic generation of coordination wrappers
• for invoking involved services in a sound way
• for managing commitments and compensations

Sagas Markup Language
Sagas Testing Environment (STE)
Java Transactional Layer (JTL)
Java Sagas Layer (JSL)
Java Signal Core Layer (JSCL)
56
Future Goal Fully Bridge the Gap between cCSP
and Sagas

• Extend the comparison to advanced features
• nesting
• message passing
• joint transactions
• action refinement
• Implementation toolkit

57
References

• Theoretical foundations for compensations in flow
  composition languages
• R. Bruni, H. Melgratti, U. Montanari (Proc.
  POPL'05)
• Models and languages for global computing
  transactions
• H. Melgratti (PhD Thesis, Univ. of Pisa, 2005)
• A trace semantics for long-running transactions
• M. Butler, C. Ferreira, T. Hoare (Proc. 25 Years
  of CSP)
• Executable Semantics for Compensating CSP
• M. Butler, S. Ripon (Proc. WS-FM 2005)
• From Theory to Practice in Transactional
  Composition of Web Services (Proc. WS-FM 2005)
• R. Bruni, G. Ferrari, H. Melgratti, U. Montanari,
  D. Strollo, E. Tuosto
• JSagas Tutorial at WS-FM 2005
• D. Strollo, N. Zappone

58

• THANKS!
• QUESTIONS?