Download presentation
Presentation is loading. Please wait.
Published byFlorence Cummings Modified over 8 years ago
1
Mario Bravetti http://cs.unibo.it/~bravetti Department of Computer Science University of Bologna INRIA research team FOCUS Choreography Projection and Contract Refinement Joint work with: Ivan Lanese, Gianluigi Zavattaro
2
Plan of the Global and Local Choreography Contract-based service discovery A dynamic update mechanism Conclusion Plan of the Talk
3
Web Service Choreography Description Language Describe the interaction among the combined services from a top abstract view Choreography (e.g. WS-CDL) Top abstract view of whole system: each action is a communication involving two of its participants Orchestration (e.g. WS-BPEL) One Party detailed view of the system that orchestrates a part of it by sending (to other parties) & receiving messages
4
Similar to UML Sequence Diagrams
5
WS-CDL Global view of service interactions Buyer Seller Bank
6
WS-CDL Global view of service interactions Buyer Seller Request Bank
7
WS-CDL Global view of service interactions Buyer Seller PayDescr Request Offer Bank
8
WS-CDL Global view of service interactions Buyer Seller PayDescr Request Offer Bank Payment
9
WS-CDL Global view of service interactions Buyer Seller PayDescr Request Offer Bank Payment Confirm Receipt
10
WS-CDL Request Buyer Seller ; (Offer Seller Buyer | PayDescr Seller Bank ) ; Payment Buyer Bank ; (Confirm Bank Seller | Receipt Bank Buyer )
11
Projection of the Choreography on the Single Participants Buyer: Invoke(Request)@Seller;Receive(Offer); Invoke(Payment)@Bank;Receive(Receipt) Seller: Receive(Request); (Invoke(Offer)@Buyer | Invoke(PayDescr)@Bank); Receive(Confirm) Bank: Receive(PayDescr);Receive(Payment); (Invoke(Receipt)@Buyer | Invoke(Confirm)@Seller)
12
Well Formed WS-CDL specifications Can we always project a WS-CDL specification in an equivalent one? Which kind of equivalences are preserved?
13
A Formal Model for WS-CDL A global choreography language: H ::=a r s | 1 | 0 | H;H | H+H | H|H | H*
14
A Formal Model for WS-CDL A global choreography language: H ::=a r s | 1 | 0 | H;H | H+H | H|H | H* r invokes the operation a of s Successful termination Unsuccessful termination
15
A Formal Model for WS-CDL A global choreography language: H ::=a r s | 1 | 0 | H;H | H+H | H|H | H* Choice Sequence Parallel Repetition
16
A Formal Model for orchestrations A language for orchestrations: P ::=a | a r | 1 | 0 | P;P | P+P | P|P | P* S ::= [P] r | S|S
17
A Formal Model for orchestrations A language for orchestrations: P ::=a | a r | 1 | 0 | P;P | P+P | P|P | P* S ::= [P] r | S|S receive on a Successful termination Unsuccessful termination invoke a at r
18
A Formal Model for orchestrations Choice Sequence Parallel Repetition A language for orchestrations: P ::=a | a r | 1 | 0 | P;P | P+P | P|P | P* S ::= [P] r | S|S
19
A Formal Model for orchestrations A language for orchestrations: P ::=a | a r | 1 | 0 | P;P | P+P | P|P | P* S ::= [P] r | S|S Behaviour of participant r Parallel composition of participants
20
The “canonical” projection Projection [[ H ]] t of choreography H to participant t a s if t=r [[ a r s ]] t =aif t=s 1otherwise [[H;H’]] t =[[H]] t ; [[H’]] t [[H|H’]] t =[[H]] t | [[H’]] t [[H+H’]] t =[[H]] t + [[H’]] t [[H*]] t =[[H]] t *
21
Example Consider the global choreography: a r s ; b t u Projection: [ a s ;1] r | [ a;1 ] s | [ 1;b u ] t | [ 1;b ] u Are the two choreographies equivalent? NO But, if r=t…. YES [ a s ; b u ] r | [ a;1 ] s | [ 1;b ] u
22
Asynchronous communication Reconsider the example assuming asynchronous communication [ a s ; b u ] r | [ a ] s | [ b ] u Communication on a starts before communication on b but could finish after What we should observe? Send, Receive, both, …?
23
A lattice of possible observation criteria SenderReceiver Sender-receiver Synchronous
24
A lattice of possible observation criteria SenderReceiver Sender-receiver Synchronous Assuming synchronous communication: observe either send or receive
25
A lattice of possible observation criteria SenderReceiver Sender-receiver Synchronous Assuming asynchronous communication: observe send
26
A lattice of possible observation criteria SenderReceiver Sender-receiver Synchronous Assuming asynchronous communication: observe receive
27
A lattice of possible observation criteria SenderReceiver Sender-receiver Synchronous Assuming asynchronous communication: observe send and observe receive
28
What about the previous example? Reconsider the example a r s ; b r u [ a s ; b u ] r | [ a ] s | [ b ] u OK: for synchronous and sender NO: for receiver, sender-receiver
29
Main results For each observation criterion: Sufficient conditions (connectedness, unique point of choice, and causality safe) that guarantee that a global choreography is equivalent to the projected one
30
Unique point of choice In a choice H+H’ The sender of the initial transitions in H and in H’ is always the same The roles in H and in H’ are the same Example: if we drop the second condition (a r s + b r t ); c s t [ ( a s +b t );1] r | [ (a+1);c t ] s | [ (1+b);c ] t
31
Which equivalence between global and local choreographies? Synchronous equivalence: global transitions are matched by synchronous local transitions Sender equivalence: global transitions are matched by local sends, local receives are abstracted away weak w.r.t. local receive transitions Receiver equivalence: global transitions are matched by local receives, global sends are abstracted away weak w.r.t. local send transitions Sender-Receiver equivalence: both conditions above
32
Example: Receiver equivalence Global choreography: a r s ; b t s Local choreography: [ a s ] r | [ a;b ] s | [ b s ] t The two systems are receiver equivalent
33
Plan of the Global and Local Choreography Contract-based service discovery A dynamic update mechanism Conclusion Plan of the Talk
34
Contracts Contract: service “behavioural interface” correct sequences of invoke and receive as in an orchestration (role of a coreography) just finite-state labeled transition systems with successful termination Contract: abstract service description Service public registry
35
Contract Compliance Verification of correctness of service composition based on their contracts: successful interaction i.e. no deadlock / termination reached Contract: abstract service description Service … Contract: abstract service description Service … public registry Reciprocal invocations
36
Service Compliance: Formally Services are compliant if the following holds for their composition P : P --->* P’ implies that there exist P’’ and P’’’ s.t. P’ --->* P’’ ---> P’’’ i.e. every computation can be extended to reach successful completion of all services termination under fairness assumption τ √ τ
37
Example: compliant services The following pairs of services are compliant: C 1 = a+b+cC 2 = a + b C 1 = a;bC 2 = a | b C 1 = (a; b )* C 2 = a;( b;a )*;b
38
… Choreography Compliance-Preserving Contract Refinement ! Contract public registry Contract public registry Service … Reciprocal invocations Contract Part. 1 Contract Part. n … refines compliance preserved by refinement compliant by construction projection
39
… Choreography First Relation: Contract Refinement Contract public registry Contract public registry Service … Reciprocal invocations Contract Part. 1 Contract Part. n … refines compliance preserved by refinement compliant by construction
40
Formally: Subcontract Preorder C sub-contracts of C subcontract preorder Preorder ≤ between contracts C : C’ ≤ C means C’ is a subcontract of C
41
Definition of Preorder Induced from Independent Refinement C 1 C 2 C n Given a set of compliant contracts is a set of compliant contracts subcontract preorder sub-contracts of C 2 … sub-contracts of C 1 sub-contracts of C n C’ 1 C’ 2 C’ n … …
42
No maximal subcontract preorder … in general Consider the system: [ a ] | [ a ] we could have one preorder ≤ 1 for which a + c.0 ≤ 1 a and one preorder ≤ 2 for which a + c.0 ≤ 2 a but no subcontract preorder could have a + c.0 ≤ a Consequence: no independent refinement!
43
Maximal pre-order It exists changing some assumptions: Limiting the considered services (output persistence) Strengthening the notion of compliance (strong compliance) Moving to asynchronous communication (e.g. via message queues)
44
Output persistence Output persistence means that given a process state P: If P has an output action on a and P-->P’ with different from output on a, then also P’ has an output on a This holds, for instance, in WS-BPEL Outputs cannot resolve the pick operator for external choices (the decision to execute outputs is taken internally)
45
Example Given the choreography: Request Alice Bob ; (Accept Bob Alice + Reject Bob Alice ) The following services can be retrieved: [τ;Request Bob ;(Accept+Reject)] Alice | [Request;(τ;Accept Alice +τ;Reject Alice )] Bob
46
Example Given the choreography: Request Alice Bob ; (Accept Bob Alice + Reject Bob Alice ) The following services can be retrieved: [τ;Request Bob ;(Accept+Reject)] Alice | [Request;(τ;Accept Alice +τ;Reject Alice )] Bob [τ;Request Bob ;(Accept+Reject+Retry)] Alice | [Request;(τ;Accept Alice +τ;Reject Alice )] Bob
47
Example Given the choreography: Request Alice Bob ; (Accept Bob Alice + Reject Bob Alice ) The following services can be retrieved: [τ;Request Bob ;(Accept+Reject)] Alice | [Request;(τ;Accept Alice +τ;Reject Alice )] Bob [τ;Request Bob ;(Accept+Reject+Retry)] Alice | [Request;(τ;Accept Alice +τ;Reject Alice )] Bob [τ;Request Bob ;(Accept+Reject+Retry)] Alice | [Request;τ;Accept Alice ] Bob
48
“Standard” Contract Compliance Example: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3
49
“Standard” Contract Compliance Example: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3
50
“Standard” Contract Compliance Example: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3
51
“Standard” Contract Compliance Example: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3
52
Let us give a more careful look: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3 5252 Alternatives to Standard Compliance: Strong Compliance
53
Let us give a more careful look: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3
54
Let us give a more careful look: S 1 : invoke(a);invoke(b) S 2 : receive(a);invoke(c) S 3 : receive(c);receive(b) S1S1 S2S2 S3S3 Strong compliance requires that the receptors should be always ready These services are not strongly compliant !! Alternatives to Standard Compliance: Strong Compliance
55
Example: strong compliant services The following pairs of services are strong compliant: C 1 = a+b+cC 2 = a + b C 1 = a;bC 2 = a | b C 1 = (a; b )* C 2 = a;( b;a )*;b
56
Example: strong compliant services The following pairs of services are strong compliant: C 1 = a+b+cC 2 = a + b C 1 = a;bC 2 = a | b C 1 = (a; b )* C 2 = a;( b;a )*;b
57
“Strong” refinement It allows also refinement on names already in the interface: Receive(a);(Receive(b)+Receive(a)) ≤ Receive(a);Receive(b)
58
Summary of Results Refinement with knowledge about other initial contracts limited to I/O actions (enough to guarantee that refinements that extend the interface are included) “normal” compliance: Uncostrained contracts: maximal relation does not exist Contracts where outputs are internally chosen (output persistence): maximal relation exists and “I” knowledge is irrelevant Output persistent contracts where outputs are directed to a location: maximal relation exists and “I/O” knowledge is irrelevant strong compliance: Uncostrained contracts (where output are directed to a location): maximal relation exists and “I/O” knowledge is irrelevant queue-based compliance: Uncostrained contracts (where output are directed to a location): maximal relation exists and “I/O” knowledge is irrelevant
59
Summary of Results Sound characterization in terms of fair testing [RV] With respect to testing: both system and test must succeed Much coarser: all non-controllable systems are equivalent
60
Plan of the Global and Local Choreography Contract-based service discovery A dynamic update mechanism Conclusion Plan of the Talk
61
Updatable processes/contracts How to model updatable processes? Eg. services which receive workflow from the environment in order to interact with it internal “adaptable/mutable” subparts of cloud behaviour By extending a process calculus with updatable parts a[P] and update actions/primitives a{U}, where U is
62
Example Consider the running system: if the following update is performed: the system becomes:
63
Compliance analysis Compliance contract analysis can be used: to detect if several systems correctly interact by composing their behavioural contracts to assess a behavioural contract is internally correct (for complex systems, e.g., cloud) Decidability separation results depending on fragments of the language (update power/dynamic topology) [forte-fmoods 2011]
64
Plan of the Global and Local Choreography Contract-based service discovery A dynamic update mechanism Conclusion Plan of the Talk
65
Future work Contracts with operators for process interruption and compensation The contract language becomes partially undecidable
66
Related work Carbone, Honda, Yoshida Global and End-point calculus similar to our WS-CDL and BPEL4Chor Only some of our observation criteria are considered Stronger conditions for projection
67
Related work Fu, Bultan, Su Service systems with message queues similar to ours Observe the send event as in our sender observation criterion No refinement
68
Related work Padovani et al. Contracts described with an ad-hoc transition system (reminiscent of acceptance tree) The absence of maximal subcontract relation solved either with explicit interfaces of filters (cut the additional actions of the refinements)
69
Related work van der Aalst et al. Contracts described with open workflow nets (similar to petri nets) Same notion of compliance Same definition of subcontract as maximal refinement that preserves compliance Characterization of the refinement for processes without “loops” (make the system infinite due to message queues)
70
References N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Coordination’06. I. Lanese, C. Guidi, F. Montesi, and G. Zavattaro. Bridging the Gap Between Interaction- and Process-oriented Choreographies. In SEFM’08. M. Bravetti and G. Zavattaro. Contract based Multi-party Service Composition. In FSEN’07. (full version in Fundamenta Informaticae) M. Bravetti and G. Zavattaro. Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In SC’07. M. Bravetti and G. Zavattaro. A Theory for Strong Service Compliance. In Coordination’07. (full version in MSCS) M. Bravetti and G. Zavattaro. Contract Compliance and Choreography Conformance in the presence of Message Queues.In WS-FM’08 C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro. SOCK: a Calculus for Service Oriented Computing. In ICSOC’06. F. Montesi, C. Guidi, and G. Zavattaro. Orchestrating Services in JOLIE. In ECOWS’07. C. Guidi, I. Lanese, F. Montesi, and G. Zavattaro. On the Interplay Between Fault Handling and Request-response Service Invocations. In ACSD’08. C. Guidi, F. Montesi, I. Lanese, and G. Zavattaro. Dynamic Fault-handling for Service Oriented Applications. In ECOWS’08. M. Bravetti and G. Zavattaro. On the Expressive Power of Process Interruption and Compensation. In WS-FM’08
71
References N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Coordination’06. I. Lanese, C. Guidi, F. Montesi, and G. Zavattaro. Bridging the Gap Between Interaction- and Process-oriented Choreographies. In SEFM’08. M. Bravetti and G. Zavattaro. Contract based Multi-party Service Composition. In FSEN’07. (full version in Fundamenta Informaticae) M. Bravetti and G. Zavattaro. Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In SC’07. M. Bravetti and G. Zavattaro. A Theory for Strong Service Compliance. In Coordination’07. (full version in MSCS) M. Bravetti and G. Zavattaro. Contract Compliance and Choreography Conformance in the presence of Message Queues.In WS-FM’08 C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro. SOCK: a Calculus for Service Oriented Computing. In ICSOC’06. F. Montesi, C. Guidi, and G. Zavattaro. Orchestrating Services in JOLIE. In ECOWS’07. C. Guidi, I. Lanese, F. Montesi, and G. Zavattaro. On the Interplay Between Fault Handling and Request-response Service Invocations. In ACSD’08. C. Guidi, F. Montesi, I. Lanese, and G. Zavattaro. Dynamic Fault-handling for Service Oriented Applications. In ECOWS’08. M. Bravetti and G. Zavattaro. On the Expressive Power of Process Interruption and Compensation. In WS-FM’08
72
References N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Coordination’06. I. Lanese, C. Guidi, F. Montesi, and G. Zavattaro. Bridging the Gap Between Interaction- and Process-oriented Choreographies. In SEFM’08. M. Bravetti and G. Zavattaro. Contract based Multi-party Service Composition. In FSEN’07. (full version in Fundamenta Informaticae) M. Bravetti and G. Zavattaro. Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In SC’07. M. Bravetti and G. Zavattaro. A Theory for Strong Service Compliance. In Coordination’07. (full version in MSCS) M. Bravetti and G. Zavattaro. Contract Compliance and Choreography Conformance in the presence of Message Queues.In WS-FM’08 C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro. SOCK: a Calculus for Service Oriented Computing. In ICSOC’06. F. Montesi, C. Guidi, and G. Zavattaro. Orchestrating Services in JOLIE. In ECOWS’07. C. Guidi, I. Lanese, F. Montesi, and G. Zavattaro. On the Interplay Between Fault Handling and Request-response Service Invocations. In ACSD’08. C. Guidi, F. Montesi, I. Lanese, and G. Zavattaro. Dynamic Fault-handling for Service Oriented Applications. In ECOWS’08. M. Bravetti and G. Zavattaro. On the Expressive Power of Process Interruption and Compensation. In WS-FM’08
73
References N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Coordination’06. I. Lanese, C. Guidi, F. Montesi, and G. Zavattaro. Bridging the Gap Between Interaction- and Process-oriented Choreographies. In SEFM’08. M. Bravetti and G. Zavattaro. Contract based Multi-party Service Composition. In FSEN’07. (full version to appear in Fundamenta Informaticae) M. Bravetti and G. Zavattaro. Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In SC’07. M. Bravetti and G. Zavattaro. A Theory for Strong Service Compliance. In Coordination’07. (full version to appear in MSCS) M. Bravetti and G. Zavattaro. Contract Compliance and Choreography Conformance in the presence of Message Queues.In WS-FM’08 C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro. SOCK: a Calculus for Service Oriented Computing. In ICSOC’06. F. Montesi, C. Guidi, and G. Zavattaro. Orchestrating Services in JOLIE. In ECOWS’07. C. Guidi, I. Lanese, F. Montesi, and G. Zavattaro. On the Interplay Between Fault Handling and Request-response Service Invocations. In ACSD’08. C. Guidi, F. Montesi, I. Lanese, and G. Zavattaro. Dynamic Fault-handling for Service Oriented Applications. In ECOWS’08. M. Bravetti and G. Zavattaro. On the Expressive Power of Process Interruption and Compensation. In WS-FM’08
74
References N. Busi, R. Gorrieri, C. Guidi, R. Lucchi, and G. Zavattaro. Choreography and Orchestration Conformance for System Design. In Coordination’06. I. Lanese, C. Guidi, F. Montesi, and G. Zavattaro. Bridging the Gap Between Interaction- and Process-oriented Choreographies. In SEFM’08. M. Bravetti and G. Zavattaro. Contract based Multi-party Service Composition. In FSEN’07. (full version to appear in Fundamenta Informaticae) M. Bravetti and G. Zavattaro. Towards a Unifying Theory for Choreography Conformance and Contract Compliance. In SC’07. M. Bravetti and G. Zavattaro. A Theory for Strong Service Compliance. In Coordination’07. (full version to appear in MSCS) M. Bravetti and G. Zavattaro. Contract Compliance and Choreography Conformance in the presence of Message Queues.In WS-FM’08 C. Guidi, R. Lucchi, R. Gorrieri, N. Busi, and G. Zavattaro. SOCK: a Calculus for Service Oriented Computing. In ICSOC’06. F. Montesi, C. Guidi, and G. Zavattaro. Orchestrating Services in JOLIE. In ECOWS’07. C. Guidi, I. Lanese, F. Montesi, and G. Zavattaro. On the Interplay Between Fault Handling and Request-response Service Invocations. In ACSD’08. C. Guidi, F. Montesi, I. Lanese, and G. Zavattaro. Dynamic Fault-handling for Service Oriented Applications. In ECOWS’08. M. Bravetti and G. Zavattaro. On the Expressive Power of Process Interruption and Compensation. In WS-FM’08
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.