1 Ivan Lanese Computer Science Department University of Bologna Italy Towards a Unifying Theory for Web Services Composition Manuel Mazzara Faculty of Computer Science Free University of Bozen - Bolzano Italy

Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

Web services l Set of standards for programming applications by orchestrating services –Heterogeneous –Bound at runtime –Loosely coupled l Many industrial proposals to deal with web services orchestration –WSFL (IBM): graph-oriented –XLANG (Microsoft): block-structured –WS-BPEL (OASIS): tries to unify both

WS-BPEL l The most credited candidate to become the standard for web services composition l Workflow-based programming language l Allows for a mixture of block and graph-structured process models –We are mostly interested in the first style l It is expressive at the price of being complex

Error handling l An important aspect of web services orchestration l Many things can go wrong in a web service execution –Broken connections –Server crashes –Unsatisfied requirements l Usually treated by transactions l ACID transactions –From database field –If a transaction commits then its complete effect is granted –If a transaction fails all its effects are annulled

Long-running transactions l ACID transactions not practical in SOC –Web services are loosely coupled –Transactions can last long-time (e.g., shipping good) –Some actions cannot be simply undone (e.g., message communication) l Non ACID transactions are usually called long-running l Based on the idea of compensations –If a transaction fails then execute the compensation for it –Should be explicitly programmed since application-dependent »Send annul communication to partners »Ask for refunding »Mark order as no more valid

Transactions in WS-BPEL l WS-BPEL has three different mechanisms for error handling –fault handling, compensation handling, event handling l Able to deal with many possibilities l Complex and difficult to use l Informal and unclear documentation

Towards formal methods l Need of a formal framework –To provide a clear and rigorous semantics –To prove properties of web services composition –Following the SENSORIA approach l We start from π-calculus –Many languages (included WS-BPEL) claim being based on it (but the connection is not always evident) l We add a transaction operator to easily deal with error handling

Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

Web π ∞ l Extension of asynchronous π-calculus –To deal with asynchronous communications among loose coupled web services l With an operator of transaction to deal with compensations l Originally proposed as the timed language Webπ [Laneve, Zavattaro FOSSACS’05] l We are interested in the untimed version

Web π ∞ syntax Execute P. If a message arrives at x then start executing Q instead

The semantics l We give a reduction semantics –Structural congruence + reduction rules l Weak barbed congruence as abstract semantics –Barbs allow to observe basic process behaviours –Weak to abstract from internal activities –Congruence to ensure preservation under composition »Two equivalent web services remain equivalent also when composed in two complex business processes

Structural congruence l Standard rules for parallel composition and restriction

Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit hj 0 ; Q ji x ´ 0

Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit l Flattening of workunit nesting [different e.g. w.r.t. c- join] hj 0 ; Q ji x ´ 0 hjhj P ; Q ji y j R ; S ji x ´ hj P ; Q ji y jhj R ; S ji x

Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit l Flattening of workunit nesting [different e.g. w.r.t. c- join] l Messages can float away hj 0 ; Q ji x ´ 0 hjhj P ; Q ji y j R ; S ji x ´ hj P ; Q ji y jhj R ; S ji x hj z e u j P ; Q ji x ´ z e u jhj P ; Q ji x

Reduction rules l Standard rules for communication x i e v j P i 2 I x i ( e u i ) : P i ! P i © e v = e u i ª x e v j ! x ( e u ) : P ! P © e v = e u ª j ! x ( e u ) : P

Reduction rules l Standard rules for communication l Rule for transaction abort only if P contains only (and at least one) inputs x i e v j P i 2 I x i ( e u i ) : P i ! P i © e v = e u i ª x e v j ! x ( e u ) : P ! P © e v = e u ª j ! x ( e u ) : P x jhj P ; Q ji x ! ( y ) hj Q ; 0 ji y

Weak barbed congruence l Barbs: P ↓ x if P contains a message with subject x l Weak reduction: P  Q if P has a sequence of reductions leading to Q l Weak barb: P  x if P  P’↓ x l Barbed bisimulation: relation S such that P S Q implies –If P ↓ x then Q  x –If P → P’ then Q  Q’ and P’ S Q’ l Barbed congruence ≈: largest barbed bisimulation that is also a congruence

Properties of barbed congruence l Good abstraction of process behaviour l Preserved by composition l Problem: difficult to compute –Requires quantification over all contexts l Solution: using an auxiliary labeled semantics that implies barbed congruence and is easier to compute

Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

Labeled semantics l Most rules as in standard late π-calculus l Special rules to deal with transactions l Predicate inp(P): true if P contains at least an input l Function xtr(P): extracts messages and transactions inside P

Deriving a suitable abstract semantics l We use weak asynchronous bisimilarity –Labels must be matched but … –An action μ can be matched by a sequence τ…τ μ τ…τ (weak) –An input can be matched by a τ which leaves the message available (asynchronous) l Weak asynchronous bisimilarity is not a congruence l Closed bisimilarity: closed under inp and xtr l Closed bisimilarity is a congruence l Closed bisimilarity implies barbed congruence –Useful tool to prove behavioural equivalence

Example: compensations reducibility

l Compensations can always be reduced to a single output if x’,y fresh l Proved using closed bisimulation hj P ; Q ji x ¼ ( x 0 ; y )( hj P ;x 0 ji x jhj x 0 () : Q ; 0 ji y )

Example: compensations reducibility l Compensations can always be reduced to a single output if x’,y fresh l Proved using closed bisimulation l The following relation is a closed bisimulation l Note: property not valid in a strong or timed setting hj P ; Q ji x ¼ ( x 0 ; y )( hj P ;x 0 ji x jhj x 0 () : Q ; 0 ji y )

Other applications

l Properties of web services composition can be proved –Decoupling of a service body l Webπ ∞ has been used to formalize a simplification of BPEL recovery framework [Lucchi, Mazzara JLAP] hj ! z ( u ) : P j Q ;v ji x ¼ ( y )( hj ! z ( u ) : P ;y ji x jhj Q j ( w ) w ( u ) ;v ji y )

Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

Conclusions l Webπ ∞ is a suitable formal framework –For reasoning about transactions –Able to treat WS-BPEL l Labeled semantics makes it practically usable to prove properties of web services transactions l Next step: applying the same techniques to calculi for services –SCC, SSCC, COWS, … –To speak about, e.g., protocol termination in presence of transactions

Related work l Webπ: extension of Webπ ∞ with time –Similar semantic properties but different aim –Allows to use timeouts l C-join: extends join instead of π –The nesting of transactions matters –When transactions interact are merged l Compensating CSP: extends CSP –Analyze the composition of compensations –No synchronization nor mobility

End of talk hj ! ques t i on ( u ) : i f u = ca l cu l i t h en ques t i onans e l se x; ques t i onmanue l : un i b z : i t ji x