Presentation is loading. Please wait.

Presentation is loading. Please wait.

WSAT A Tool for Formal Analysis of Web Services Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "WSAT A Tool for Formal Analysis of Web Services Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara."— Presentation transcript:

1 WSAT A Tool for Formal Analysis of Web Services Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara {fuxiang,bultan,su}@cs.ucsb.edu

2 Web Services Loosely coupled, interaction through standardized interfaces Standardized data transmission via XML Asynchronous messaging Platform independent (.NET, J2EE) Data Type Service Composition Message BPEL4WS Web Service Standards Implementation Platforms Microsoft.Net, Sun J2EE WSDL SOAP XML Schema XML WSCI Interaction

3 Challenges in Verification of Web Services Distributed nature, no central control –How do we model the global behavior? –How do we specify the global properties? Asynchronous messaging introduces undecidability in analysis –How do we check the global behavior? –How do we enforce the global behavior? XML data manipulation –How do we specify XML messages? –How do we verify properties related to data?

4 Outline Web Service Composition Model –Conversations: Capturing Global Behaviors Top-Down vs. Bottom-Up Specification and Verification –Realizability vs. Synchronizability XML messaging –MSL, XPath –Translation to Promela Web Service Analysis Tool Conclusions and Future Work

5 !register ?reject ?accept ?report !ack !cancel ?bill Investor ?register !reject !accept !request ?ack ?cancel !bill Stock Broker Firm ?request ?terminate Research Dept. !report acc req reg rep ack Composite Web Services !terminate bil ter Watcher rep acc bil regack reqter

6 Conversation Protocols 1 23 4 6 5 78 10 9 1211 register reject terminate accept request report ack request report ack cancel billcancel bill terminate A conversation is a sequence of messages the watcher sees during an execution [Bultan, Fu, Hull, Su WWW’03] Conversation Protocol: An automaton that accepts the desired conversation set SAS conversation protocol

7 Conversation Protocol A  B:msg1 B  A:msg2 B  C:msg3C  B:msg4 B  C:msg5 G(msg1  F(msg3  msg5)) ? LTL property !msg1 ?msg2 Peer A ?msg1 !msg2 !msg5 !msg3 ?msg4 Peer B ?msg3 !msg4 Peer C Peer APeer BPeer C msg1 msg2, msg6 msg3, msg5 msg4 Conversation Schema Input Queue... Virtual Watcher ?msg6 B  A:msg6 !msg6 ?msg5 G(msg1  F(msg3  msg5)) ? LTL property Composite Web Service

8 Top-Down Approach Conversation protocol specifies the global communication behavior –How do we implement the peers? Project the global protocol to each peer –By dropping unrelated messages for each peer Are there conditions which ensure the equivalence? Conversations generated by the composed behavior of the projected services Conversations specified by the conversation protocol  ?

9 Realizability Problem Not all conversation protocols are realizable! A  B: m1 C  D: m2 Conversation protocol !m1 ?m1 !m2 ?m2 Peer APeer BPeer CPeer D m2 m1 Conversation “ m2 m1 ” will be generated by any legal peer implementation which follows the protocol Projection of the conversation protocol to the peers This protocol fails Lossless join condition

10 Another Non-Realizable Protocol m3 m1 m2 m1 m2 m3 A  B: m1 A  C: m3 B  A: m2 A B C m1m2m3 Watcher AB C BA, C B  A: m2 A  B: m1 This protocol fails Autonomous condition

11 Yet Another Non-Realizable Protocol m1 m2 m1 m2 A  B: m1 C  A: m2 A B C m1m2 Watcher AB C This protocol fails Synchronous compatible condition

12 Realizability Problem Three sufficient conditions for realizability [Fu, Bultan, Su, CIAA’03, TCS] –Lossless join: Conversation set should be equivalent to the join of its projections to each peer –Synchronous compatible: When the projections of the conversation protocol are executed with synchronous communication semantics, there should not be a state where a peer is ready to send a message while the corresponding receiver is not ready to receive –Autonomous: Each peer should be able to make a deterministic decision on whether to send or to receive or to terminate

13 Bottom-Up Approach We know that analyzing conversations of composite web services is difficult due to asynchronous communication The question is, can we identify composite web services where asynchronous communication does not create a problem?

14 Three Examples, Example 1 ?r 1 !a 1 !a 2 ?r 2 ?e requesterserver !r 2 ?a 1 ?a 2 !e !r 1 Conversation set is regular: (r 1 a 1 | r 2 a 2 )* eConversation set is regular: (r 1 a 1 | r 2 a 2 )* e During all the executions queues are bounded r 1, r 2 a 1, a 2 e

15 Example 2 !r 1 !r 2 ?a 1 ?a 2 !e ?r 1 !a 1 !a 2 ?r 2 ?e r 1, r 2 a 1, a 2 requesterserver e Conversation set is not regularConversation set is not regular Queues are not bounded

16 Example 3 r 1, r 2 a 1, a 2 requesterserver e !r 1 !r !r 2 ?a !e ?r 1 ?r!a ?e ?r 2 Conversation set is regular: (r 1 | r 2 | r a)* eConversation set is regular: (r 1 | r 2 | r a)* e Queues are not bounded

17 Three Examples queue length # of states in thousands Verification of Examples 2 and 3 are difficult even if we bound the queue length How can we distinguish Examples 1 and 3 (with regular conversation sets) from 2? –Synchronizability Analysis

18 Synchronizability Analysis A composite web service is synchronizable, if its conversation set does not change when asynchronous communication is replaced with synchronous communication A composite web service is synchronizable, if it satisfies the synchronous compatible and autonomous conditions [Fu, Bultan, Su WWW’04]

19 Are These Conditions Too Restrictive? Problem SetSizeSynchronizable? SourceName#msg#states#trans. ISSTA’04SAS91215yes IBM Conv. Support Project CvSetup444yes MetaConv446no Chat245yes Buy556yes Haggle858no AMAB81015yes BPEL spec shipping233yes Loan666yes Auction9910yes Collaxa. com StarLoan677yes Cauction576yes

20 BPEL to GFSA Guarded automata GFSA to Promela (bounded queue) BPEL Web Services Promela Synchronizability Analysis GFSA to Promela (synchronous communication) Intermediate Representation Conversation Protocol Front End Realizability Analysis Guarded automaton skip GFSA parser success fail GFSA to Promela (single process, no communication) success fail AnalysisBack End (bottom-up) (top-down) Verification Languages Web Service Analysis Tool (WSAT) Demonstration Saturday or anytime you find me with my laptop

21 Guarded Automata Model Uses XML messages Uses MSL for declaring message types –MSL (Model Schema Language) is a compact formal model language which captures core features of XML Schema Uses XPath expressions for guards –XPath is a language for writing expressions (queries) that navigate through XML trees and return a set of answer nodes

22 SAS Guarded Automata Topdown { Schema{ PeerList{ Investor, Broker, ResearchDept }, TypeList{ Register... Accept... }, MessageList{ register{ Investor -> Broker : Register }, accept{ Broker -> Investor : Accept },... } }, GProtocol{ States{ s1,s2,s3,s4,s5,s6,s7,s8,s9,s10,s11,s12 }, InitialState{ s1 }, FinalStates{ s4 }, TransitionRelation{ t1{ s1 -> s2 : register, Guard{ true } }, t2{ s2 -> s5 : accept, Guard{ true => $accept[//orderID := $register//orderID] } },... }

23 An XML Document and Its Tree VIP01 0001 0002 0425 investorID Register VIP01 requestList 00010002 payment accountNum 0425 stockID

24 An MSL Type Declaration and an Instance Register[ investorID[string], requestList[ stockID[int]{1,3} ], payment[ creditCardNum[int] | accountNum[int] ] VIP01 0001 0002 0425

25 MSL to Promela Example Register[ investorID[string], requestList[ stockID[int]{1,3} ], payment[ creditCardNum[int] | accountNum[int] ] typedef t1_investorID{ mtype stringvalue;} typedef t2_stockID{int intvalue;} typedef t3_requestList{ t2_stockID stockID [3]; int stockID_occ; } typedef t4_accountNum{int intvalue;} typedef t5_creditCard{int intvalue;} mtype {m_accountNum, m_creditCard} typedef t6_payment{ t4_accountNum accountNum; t5_creditCard creditCard; mtype choice; } typedef Register{ t1_investorID investorID; t3_requestList requestList; t6_payment payment; }

26 XPath Expressions //payment/* returns the node labeled accountNum /Register/requestList/stockID/int returns the nodes labeled 0001 and 0002 //stockID[int > 1]/int returns the node labeled 0002 investorID Register VIP01 requestList 00010002 payment accountNum 0425 stockID

27 FOR (i1,1,3) EMPTY IF (cond) SET (bRes1,0) IF (bRes1) IF (i2==i3) IF (bRes2) EMPTY SET (bRes2,0) SET (bRes1,1) $register // stockID / [int()>5] / [position() = last()] / int() cond  v_register.requestlist.stockID[i1] > 5 Sequence Insert 1 5 5 5 6 INC (i2) SET (i2,1) XPath to Promela

28 $request//stockID=$register//stockID[int()>5][position()=last()] /* result of the XPath expression */ bool bResult = false; /* results of the predicates 1, 2, and 1 resp. */ bool bRes1, bRes2, bRes3; /* index, position(), last(), index, position() */ int i1, i2, i3, i4, i5; i2=1; /* pre-calculate the value of last(), store in i3 */ i4=0; i5=1; i3=0; do :: i4 < v_register.requestList.stockID_occ -> /* compute first predicate */ bRes3 = false; if :: v_register.requestList.stockID[i4].intvalue>5 -> bRes3 = true :: else -> skip fi; if :: bRes3 -> i5++; i3++; :: else -> skip fi; i4++; :: else -> break; od;

29 $request//stockID=$register//stockID[int()>5][position()=last()] i1=0; do :: i1 bRes1 = false; if :: v_register.requestList.stockID[i1].intvalue>5 -> bRes1 = true :: else -> skip fi; if :: bRes1 -> bRes2 = false; if :: (i2 == i3) -> bRes2 = true; :: else -> skip fi; if :: bRes2 -> if :: (v_request.stockID.intvalue == v_register.requestList.stockID[i1].intvalue) -> bResult = true; :: else -> skip fi :: else -> skip fi; i2++; :: else -> skip fi; i1++; :: else -> break; od;

30 Model Checking Using Promela Error in SAS conversation protocol t14{ s8 -> s12 : bill, Guard{ $request//stockID = $register//stockID [position() = last()] => $bill[ //orderID := $register//orderID ] } Repeating stockID will cause error One can only discover these kinds of errors by analysis of XPath expressions

31 Related Work Conversation specification –IBM Conversation support project http://www.research.ibm.com/convsupport/ –Conversation support for business process integration [Hanson, Nandi, Kumaran EDOCC’02] Realizability problem –Realizability of Message Sequence Charts (MSC) [Alur, Etassami, Yannakakis ICSE’00, ICALP’01]

32 Related Work Verification of web services –Simulation, verification, composition of web services using a Petri net model [Narayanan, McIlraith WWW’02] –Using MSC to model BPEL web services which are translated to labeled transition systems and verified using model checking [Foster, Uchitel, Magee, Kramer ASE’03] –Model checking Web Service Flow Language specifications using SPIN [Nakajima ICWE’04] –BPEL verification using a process algebra model and Concurrency Workbench [Koshkina, van Breugel TAV- WEB’04]

33 Future Work Other input languages in the front end –WSCI, OWL-S Other verification tools at the back end –SMV, Action Language Verifier Symbolic representations for XML data Abstraction for XML data and XML data manipulation

34 Translator for bottom-up specifications Guarded automata Translation with bounded queue Synchronizability Analysis Translation with synchronous communication Intermediate Representation Conversation Protocols Front End Realizability Analysis Guarded automaton skip Translator for top-down specifications success fail Translation with single process, no communication success fail AnalysisBack End BPEL Web Service Specification Languages WSCI Promela SMV Action Language Verification Languages... Automated Abstraction Future Work

Download ppt "WSAT A Tool for Formal Analysis of Web Services Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara."

Similar presentations

Model Checking XML Manipulating Software Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara

Model Checking XML Manipulating Software Xiang Fu Tevfik Bultan Jianwen Su Department of Computer Science University of California, Santa Barbara
Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.

Generating test cases specifications for BPEL compositions of web services using SPIN José García-Fanjul, Javier Tuya, and Claudio de la Riva Pointner.
Web Service Architecture

Web Service Architecture
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
21.10.02ES Seminar1 Communicating Transaction Processes P.S. Thiagarajan National University of Singapore Joint Work with: Abhik Roychoudhury; ……

ES Seminar1 Communicating Transaction Processes P.S. Thiagarajan National University of Singapore Joint Work with: Abhik Roychoudhury; ……
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.

Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
1 University of Pennsylvania Grigoris Karvounarakis February 2004 Conversation Specification: A New Approach to Design and Analysis of E- Service Composition.

1 University of Pennsylvania Grigoris Karvounarakis February 2004 Conversation Specification: A New Approach to Design and Analysis of E- Service Composition.
CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Verification of Navigation Models with the Spin Model Checker Instructor: Tevfik Bultan.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
Introduction to WSDL presented by Xiang Fu. Source WSDL 1.1 specification WSDL 1.1 specification –http://www.w3.org/TR/wsdl WSDL 1.2 working draft WSDL.

Introduction to WSDL presented by Xiang Fu. Source WSDL 1.1 specification WSDL 1.1 specification – WSDL 1.2 working draft WSDL.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.

Formal verification in SPIN Karthikeyan Bhargavan, Davor Obradovic CIS573, Fall 1999.
CS 290C: Formal Models for Web Software Lectures 14: Formal Modeling and Analysis of Orchestration and Choreography Specifications Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lectures 14: Formal Modeling and Analysis of Orchestration and Choreography Specifications Instructor: Tevfik Bultan.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Type System, March 12, 2002 - 1 Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.

Type System, March 12, Data Types and Behavioral Types Yuhong Xiong Edward A. Lee Department of Electrical Engineering and Computer Sciences University.
Web Ontology Language for Service (OWL-S). Introduction OWL-S –OWL-based Web service ontology –a core set of markup language constructs for describing.

Web Ontology Language for Service (OWL-S). Introduction OWL-S –OWL-based Web service ontology –a core set of markup language constructs for describing.
A Tool for Choreography Analysis Using Collaboration Diagrams Tevfik Bultan University of California Santa Barbara Xiang Fu Hofstra University Chris Ferguson.

A Tool for Choreography Analysis Using Collaboration Diagrams Tevfik Bultan University of California Santa Barbara Xiang Fu Hofstra University Chris Ferguson.

Similar presentations

Ads by Google