1. 1 Ivan Lanese Computer Science Department University of Bologna Italy Behavioural Theory at Work: Program Transformations in a Service-centred Calculus Joint work with Luis Cruz-Filipe, Francisco Martins, Antonio Ravara and Vasco Vasconcelos Univerisities of Lisbon, Portugal

2. Roadmap l A Service-Centred Calculus l Behavioral theory l Program transformations l Conclusions

3. Roadmap l A Service-centred Calculus l Behavioural theory l Program transformations l Conclusions

4. Service Oriented Computing (SOC) l SOC is a main paradigm to program distributed applications –Based on the composition of dynamically discovered services l Allows integration of services from different companies l Has to deal with interoperability, dynamicity, security, Quality of Service, reconfiguration…

5. Why a Service-Centred Calculus? l Formal methods are necessary to master the complexity of SOC l Process calculi allow to easily experiment with different primitives… –To find out the best ways to manage services l … and formally prove results about systems –E.g. that service compositions behave as expected l Important to have services as first-level entities –For a direct modelling –For a direct exploitation of analysis results

6. Stream-based Service Centred Calculus l There is no agreement on which is the best set of primitives to model SOC l We propose SSCC, a calculus based on sessions and streams l Strongly related to CaSPiS [talk from Bruni] l SSCC provides operators for –Defining and invoking services –Describing conversations (sessions) between services –Orchestrating complex service systems

7. SSCC syntax P :: = P j Q ( ºa ) P 0 rec X : P X 9 > > > > = > > > > ; S t an d ar d opera t ors a ) P a ( P ¾ S erv i ces v : P ( x ) P ¾ C onversa t i ons s t ream P as f i n Q f ee d v : P f ( x ) : P 9 = ; O rc h es t ra t i on

8. SSCC services l Services are defined by their name a and their protocol P l Service definition and service invocation are symmetric l Invocation and definition interact creating two session endpoints executing their respective protocols l Sessions are not available when programming –Only runtime construct a ) P j a ( Q ! ( ºr )( r B P j r C Q )

9. SSCC conversations l Sessions can exchange information via input and output l We can imagine to extend conversations with all the typical session constructs (e.g., choice) ( ºr )( r B v : P j r C ( x ) Q ) ! ( ºr )( r B P j r C Q [ v = x ])

10. Orchestrating SSCC services l We propose the stream construct –Induces a clear style of programming –Good tradeoff between expressive power and structured communication l P and Q are concurrently executing l f is a communication stream (i.e., a queue) from P to Q l P can feed values inside f (feed v.P’) –Non blocking –Values stored in the nearest stream (anonymous) l Q can read values from f (f(x).Q’) –Blocking –Reads from stream f s t ream P as f i n Q

11. A stream at work s t ream f ee d v : P as f = hi i n f ( x ) : Q ! s t ream P as f = h v i i n f ( x ) : Q ! s t ream P as f = hi i n Q [ v = x ]

12. Orchestrating 3 services l Invoke services a and b and use their results to invoke c s t ream ( a ( ( x ) f ee d x ) j ( b ( ( y ) f ee d y ) as f = hi i n f ( z ) : f ( w ) : c ( z : w : ( t ) f ee d t

13. Useful macros l Direct communications b * v : P, s t ream b ( v : f ee d ² as f i n f ( z ) : P b + ( x ) P, s t ream b ) ( z ) : f ee d z as f i n f ( x ) : P

14. Roadmap l A Service-centred Calculus l Behavioural theory l Program transformations l Conclusions

15. Why a behavioural theory? l To understand the relationships between the different operators l To be able to reason axiomatically on systems l To be able to prove the correctness of program transformations and optimizations

16. Which behavioural theory? l We consider the classic bisimilarity approach –We have an LTS semantics –Processes should be able to mimik each other labelled transitions l We choose full (substitution-closed) bisimilarity –Strong bisimilarity ~ f for more basic transformations –Weak bisimilarity ≈ f allows optimizations »Abstracts away internal actions ≈ ≡ '

17. A compositionality result l Strong and weak full bisimilarity are congruences –Capture the corresponding contextual equivalences –Axioms can be applied to subterms –Transformations can be applied to arbitrarily complex systems l The congruence result does not hold for strong/weak plain bisimilarity (as for π) l We will present some useful axioms –We are not interested in a complete axiomatization

18. Structural congruence is a bisimulation l Standard rules for parallel composition, restriction and recursion l Additional scope extension rules r. ( ºa ) P ´ ( ºa )( r. P )

19. Session axioms l Different sessions are independent l Terminated sessions can be garbage collected ( º r ) D [[ r. 0 ; r / 0 ]] » f D [[ 0 ; 0 ]] i f D d oesno t b i n d rr. ( s. Q j P ) » f s. Q j r. P i f s 6 = r

20. Stream axioms (1) l Stream = parallel composition + communication l Terminated streams can be garbage collected s t ream P as f i n Q » f P j Q i ff = 2 f n ( Q ) an d P d oesno t con t a i n f ee d s t ream 0 as f i n P » f P i ffd oesno t occur i n P s t ream P as f i n ( Q j Q 0 ) » f ( s t ream P as f i n Q ) j Q 0 i ff = 2 f n ( Q 0 )

21. Stream axioms (2) l Uncatched feeds are τ steps l Different streams are independent s t ream P as f i ns t ream P 0 as g i n Q » f s t ream P 0 as g i ns t ream P as f i n Q i ff 6 = g s t ream P as f i n 0 ¼ f P f f ee d v : Q ! Q g

22. Sessions vs streams l Feeds are unaffected by sessions l Session outputs are unaffected by streams l More in general s t ream v j P as f i n Q » f v j s t ream P as f i n Q s t ream R j P as f i n Q » f R j s t ream P as f i n Q i f R con t a i nsno f ee d s r. ( f ee d v j P ) » f f ee d v j r. P r. ( Q j P ) » f Q j r. P i f Q con t a i nsnosess i on i npu t / ou t pu t

23. Roadmap l A Service-centred Calculus l Behavioural theory l Program transformations l Conclusions

24. Object-oriented interaction pattern l UML sequence diagrams show the exchange of messages among components of a complex system… l …but have no session information

25. Session-oriented interaction pattern l There are two sessions: –r between A and B –s between B and C l There are local communications in B

26. The session-oriented pattern in SSCC l The pattern can be implemented in SSCC l Communications between different sessions in B exploit auxiliary services SC, ( º b ; c )( A j B j C ) A, b ( w : ( y ) P B, ( º b 1 ; b 2 )( B 1 j B 2 ) C, c ) ( x ) v : S B 1, b ) ( x ) b 1 * x : b 2 + ( y ) y : Q B 2, c ( b 1 + ( x ) x : ( y ) b 2 * y : R :

27. Optimization: using a subsession

28. The subsession pattern in SSCC l Now the SSCC implementation is: l A and C are as before l Two auxiliary communications have been eliminated l Two are still used E, b ) ( x )( º b 1 )( c ( x : ( y ) b 1 * y : R j b 1 + ( y ) y : Q ) SC 0, ( º b ; c )( A j E j C )

29. Is the program transformation correct? l The two diagrams can be proved full weak bisimilar l The proof exploits: –Standard coinductive techniques –Congruence –Some axioms (session independence, garbage collection) l Since full weak bisimilarity is a congruence the optimization can be applied in any context

30. Introducing streams l We can use a stream to avoid the remaining auxiliary communications l Correctness proof similar to the previous one SC 0, ( º b ; c )( A j G j C ) G, b ) ( x ) s t ream c ( x : ( y ) f ee d y : R as f i n f ( y ) : y : Q

31. Breaking sessions l Current technologies (e.g. WSDL, BPEL) does not provide sessions –Only request and request/response primitives –Correspond to sessions with fixed protocol l Useful to break sessions in smaller pieces –A long session may correspond to a sequence of request/responses –Next request/response name sent as continuation

32. Breaking sessions example Request-response

33. Breaking sessions correctness l Arbitrary sessions can not be broken preserving the semantics –Difficult to deal with parallel composition l Sequential conversations can be broken –The transformation is correct w.r.t. weak full bisimilarity –We have a type system ensuring sequentiality

34. Roadmap l A Service-centred Calculus l Behavioural theory l Program transformations l Conclusions

35. Conclusions l SSCC can model session-based communication patterns l Behavioural theory allows to work axiomatically on patterns l Complex program transformations can be specified and proved correct

36. Future work l On program transformations –Develop a methodology to drive the application of transformations –Apply them to more complex case studies l On SSCC –Further understand its behavioral theory –Add kill and compensation primitives l On types for SSCC –Type systems for deadlock freedom and progress –Type systems for termination

37. End of talk s t ream i van ( ques t i on : ( x ) : f ee d x as f i n f ( x ) : t h i n k