Analysis of Communication Models in Web Service Compositions Marco Pistore University of Trento Joint work with Raman Kazhamiakin.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:
A-Priori Verification of Web Services with Abduction Marco Alberti 1 Federico Chesani 2 Marco Gavanelli 1 Evelina Lamma 1 Paola Mello 2 Marco Montali 2.
Fakultät für informatik informatik 12 technische universität dortmund SDL Peter Marwedel TU Dortmund, Informatik 12 Graphics: © Alexandra Nolte, Gesine.
1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Requirements Diagrams With UML Models
1 Verification of Parameterized Systems Reducing Model Checking of the Few to the One. E. Allen Emerson, Richard J. Trefler and Thomas Wahl Junaid Surve.
OOAD – Dr. A. Alghamdi Mastering Object-Oriented Analysis and Design with UML Module 3: Requirements Overview Module 3 - Requirements Overview.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering.
Toward an Agent-Based and Context- Oriented Approach for Web Services Composition IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 17, NO. 5,
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
1 Chapter 4 The while loop and boolean operators Samuel Marateck ©2010.
Executional Architecture
Summer SOC July 2 nd – July 7 th Aniketos platform: Design of a trustworthy composite service 1.
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 31 Slide 1 Service-centric Software Engineering 1.
Modeling Main issues: What do we want to build How do we write this down.
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Knowledge Based Synthesis of Control for Distributed Systems Doron Peled.
1 Intention of slide set Inform WSMOLX of what is planned for Choreography & Orhestration in DIP CONTENTS Terminology Clarification / what will be described.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
A. Bucchiarone / Pisa/ 30 Jan 2007 Dynamic Software Architectures for Global Computing Antonio Bucchiarone PhD Student – IMT Graduate School Piazza S.
Reasoning Tasks and Mediation on Choreography and Orchestration in WSMO Michael Stollberg WIW 2005, June 6-7, Innsbruck, Austria.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
IBM WebSphere survey Kristian Bisgaard Lassen. University of AarhusIBM WebSphere survey2 Tools  WebSphere Application Server Portal Studio Business Integration.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara
TRAVEL RESERVATION SYSTEM USING WEB SERVICES COMPOSITION LANGUAGE
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
1 Ivan Lanese Computer Science Department University of Bologna Italy Streaming Services in SSCC Joint work with Francisco Martins, Vasco Vasconcelos and.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Rebecca Modeling Language Mahdieh Ahmadi Verification of Reactive Systems March 2014.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
1 The CeNTIE project is supported by the Australian Government through the Advanced Networks Program of the Department of Communications, Information Technology.
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.
Refining middleware functions for verification purpose Jérôme Hugues Laurent Pautet Fabrice Kordon
95-843: Service Oriented Architecture 1 Master of Information System Management Service Oriented Architecture Lecture 7: BPEL Some notes selected from.
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
BPEL Business Process Engineering Language A technology used to build programs in SOA architecture.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
16/11/ Web Services Choreography Requirements Presenter: Emilia Cimpian, NUIG-DERI, 07April W3C Working Draft.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)
A Mediated Approach towards Web Service Choreography Michael Stollberg, Dumitru Roman, Juan Miguel Gomez DERI – Digital Enterprise Research Institute
Qusay H. Mahmoud CIS* CIS* Service-Oriented Computing Qusay H. Mahmoud, Ph.D.
Modelling and Analysis of Time-related Properties in Web Service Compositions Raman KazhamiakinParitosh K. PandyaMarco Pistore
Wscomp An Approach for the Automated Composition of BPEL Processes Annapaola Marconi ITC–irst / University of Trento Joint work.
Developing a Framework for Simulation, Verification and Testing of SDL Specifications Olga Shumsky Lawrence Henschen Northwestern University
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Winter 2007SEG2101 Chapter 121 Chapter 12 Verification and Validation.
SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.
1 Seminar on SOA Seminar on Service Oriented Architecture BPEL Some notes selected from “Business Process Execution Language for Web Services” by Matjaz.
Model Checking Early Requirements Specifications in Tropos Presented by Chin-Yi Tsai.
1 modeling BPEL4WS composition for verification: communication models Theoretical level : message alphabet over queues Practical level : number of queues.
Maurice H. ter Beek (ISTI–CNR, Pisa, Italy)
Analysis of Communication Models in Web Service Compositions Marco Pistore University of Trento Joint work with Raman Kazhamiakin.
Service-centric Software Engineering
Model Checking for an Executable Subset of UML
CSSSPEC6 SOFTWARE DEVELOPMENT WITH QUALITY ASSURANCE
Presentation transcript:

Analysis of Communication Models in Web Service Compositions Marco Pistore University of Trento Joint work with Raman Kazhamiakin and Luca Santuari

WWW'06 - Edinburgh Context ASTRO projectASTRO project service compositionsProvide tools that support the design and execution of service compositions WS-BPELComponent services are stateful and long-running (e.g., WS-BPEL services) formal verificationOne of the techniques provided by ASTRO is formal verification correctness of the composition behaviorFormal check of the correctness of the composition behavior InteractionInteraction mechanisms are complex and implementation-dependent Complex queues and message management mechanisms Scenarios with message overpasses and losses are possible Diversity of implementations communication modelsNecessity to define an appropriate formal communication models Tradeoff between expressiveness and complexity of the analysis 1

WWW'06 - Edinburgh Motivating example 3

WWW'06 - Edinburgh Motivating example: Virtual Travel Agency Provide combined flight and hotel booking service HotelFlightIntegrate separate Hotel and Flight booking services BPELParticipants are represented with their BPEL specifications VTA User Hotel Flight Request Ack/NAck Offer/NA Ticket Flight Request Flight Offer/NA Flight Ack/Nack Flight Ticket Hotel Request Hotel Offer/NA Hotel Ack/Nack Hotel Ticket 3

WWW'06 - Edinburgh VTA Processes 4 User VTA Hotel Flight

WWW'06 - Edinburgh Composition Properties synchronizableThe composition is synchronizable At any moment of time only one component emits a message The receiver is immediately ready to consume the message Synchronous communication model synchronizeComponents synchronize on shared actions Efficient reasoning techniques Universally used in verification tools for web service compositions adequateThe synchronous communication model is adequate for synchronizable compositions The presence of queues in the implementation does not add new behaviors Not applicable to the wide range of systems cancellationE.g. cancellation scenarios 5

WWW'06 - Edinburgh VTA Processes – Cancellation invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (Ticket) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.Ticket) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) 6 User VTA Flight

WWW'06 - Edinburgh VTA Processes – Cancellation Deadlock? invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (Ticket) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.Ticket) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) 6 User VTA Flight

WWW'06 - Edinburgh VTA Processes – Cancellation Deadlock? No! invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (Ticket) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.Ticket) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) 6 User VTA Flight

WWW'06 - Edinburgh invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (Ticket) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.Ticket) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) VTA Processes – Cancellation 6 User VTA Flight

WWW'06 - Edinburgh Composition Properties The synchronous communication model is violated The concurrent emission of messages is possible in the same time point: F.Cancel and F.Ticket The real execution is correct non-blockingEngines support non-blocking message emissions and message queues In the scenario, all message are eventually consumed, and cancellation is performed correctly adequate communication modelAn adequate communication model is needed to formally verify this scenario! AsynchronousorderedAsynchronous ordered communication model timeEmission and reception of a message do not have to happen at the same time orderThe order of message emission and the order of message reception between two processes should be the same (no message overpass) Intuitively: an ordered queue between each pair of processes 7

WWW'06 - Edinburgh VTA Processes – Complex Cancellation invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (NO) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.NO) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) receive (Ticket) receive (F.Ticket) invoke (NO) invoke (F.NO) 8 User VTA Flight

WWW'06 - Edinburgh VTA Processes – Complex Cancellation invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (NO) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.NO) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) receive (Ticket) receive (F.Ticket) invoke (NO) invoke (F.NO) Deadlock? No! 8 User VTA Flight

WWW'06 - Edinburgh VTA Processes – Complex Cancellation invoke (Ack) receive (Ticket) on message (Ack) invoke (F.Ack) receive (F.Ack) on message (F.Cancel) on alarm invoke (F.Ticket) case (No Cancel) case (Cancel) invoke (Cancel) on message (YES) on message (NO) on message (Cancel) invoke (F.Cancel) on message (F.YES) on message (F.NO) invoke (YES) invoke (Ticket)... receive (F.Cancel) invoke (F.YES) receive (Ticket) receive (F.Ticket) invoke (NO) invoke (F.NO) 8 User VTA Flight

WWW'06 - Edinburgh Composition Properties 9 The ordered communication model is violated The order of emissions of messages F.Ticket and F.NO is different from the order of receptions The real execution is be correct Engines support message overpasses In the scenario, all message are eventually consumed, and cancellation is performed correctly adequate communication modelAlso in this case, an adequate communication model is needed to model and formally verify this scenario! Asynchronous unorderedAsynchronous unordered communication model No restrictions on the message order Intuitively, one queue for each message type (very similar to real implementations)

WWW'06 - Edinburgh Our approach set ofcommunication modelsDefine a set of communication models Different levels of complexity Different interaction mechanisms Common framework adequateGiven a certain composition scenario determine an adequate communication model Represents all real executions of the composition Preserves behavioral properties IncrementalIncremental analysis process From simpler to complex communication models Check if the communication model is adequate w.r.t. the scenario If yes, perform the formal verification against this model 2

WWW'06 - Edinburgh Our approach: formal definitions Three main ingredients: Component services are formally modeled as State Transition Systems The modalities of the communications are formalized as a Communication Model The composite behavior of the component services according to a specific communication model is formally described as a Global State Transition System 2

WWW'06 - Edinburgh From BPEL to STS State Transition SystemState Transition System Σ = S,S 0,I,O,R where statesS – finite set of states initialS 0 – set of initial states inputI – set of input actions outputO – set of output actions transition – transition relation receive (F.Request) case (Not Available) case (Available) invoke (F.NA) invoke (F.Offer) on message (F.NAck) on message (F.Ack) invoke (F.Ticket) PROCESS Flight STATES {Start, switch_IsAvailable, OUT_FNA, SUCCESSS,…} INPUT FRequest, FNAck, FAck OUTPUT FNA, FOffer, FTicket INIT state = Start TRANS Start – [IN FRequest] -> switch_IsAvailable switch_IsAvailable – [TAU] -> OUT_FNA switch_IsAvailable – [TAU] -> OUT_FOffer … 11

WWW'06 - Edinburgh Communication Model A communication model Δ is defined by a set of queuesQ 1, Q 2, …, Q n where each queue Q i has associated: A set of messages M i A (finite or infinite) bound B i on the messages it can contain Synchronous communication model: A single queue with bound 1 Ordered asynchronous communication model: One unbounded queue for (the messages exchanged between) each pair of services Unordered asynchronous communication model: One unbounded queue for each message type 12

WWW'06 - Edinburgh Communication Model A communication model Δ is defined by a set of queuesQ 1, Q 2, …, Q n where each queue Q i has associated: A set of messages M i A (finite or infinite) bound B i on the messages it can contain Other communication models are possible: One queue per process (locally ordered model): see paper Mixed synchronous and asynchronous communications (e.g., manage only tickets/cancellations as asynchronous communications) Mixed bounded/unbounded queues … 12

WWW'06 - Edinburgh Global State Transition System 12 A Global State Transition System (GSTS): defines the composite behavior of the system. is parametric wrt a communication model Δ A GSTS is a tuple G = GS,GS 0,A,T, where: GS are the global states; each state has the form gs = (, ), where: s i is the state of the i-th component STS q j describes the content of the j-th queue GS 0 are the initial global states A are the input-output actions T GS x A x GS is the transition relation

WWW'06 - Edinburgh GSTS: transitions 12 The transition relation T GS x A x GS is defined as follows: If the i-th STS performs an output: update the status of the STS add the emitted message to the associated queue If the i-th STS performs an input: consume a message from the associated queue (the queue has to be non-empty!) update the status of the STS If the i-th STS performs a TAU action: update the status of the STS

WWW'06 - Edinburgh Translation Implementation W1....WnW1....Wn Component Services BPEL2STS Translation Σ1....ΣnΣ1....Σn STS Composition STS to NuSMV/Spin Global STS Communication Model NuSMV/Spin Validity Analysis Validity Counterexample Property Counterexample VERIFICATION Valid Verification Properties 16

WWW'06 - Edinburgh Experiments Instances of VTA Case Study Different communication models Different verification properties: deadlock, LTL properties (F User.state = SUCCESS) ((F Hotel.state = SUCCESS) & F (Flight.state = SUCCESS)) 17 Example 1Sync.0.5 sec1 sec (Valid)0.5 sec Example 2Sync.2 sec4 sec (Invalid) Ordered4 sec3 sec (Valid)3 sec2 sec Example 3Sync.4 sec5 sec (Invalid) Ordered8 sec7 sec (Invalid) Unordered11 sec6 sec (Valid)5 sec4 sec InstanceModelTranslationValidityDeadlockLTL

WWW'06 - Edinburgh Conclusions unified frameworkAn unified framework for the analysis of Web service compositions under different communication models is presented validation verificationThe framework allows for validation of the composition against communication model and for verification of the valid composition toolA prototype tool based on the framework is implemented Future works: dataBetter support for data (application of knowledge level and abstraction based reasoning techniques) ConformanceWS-BPELWS-CDLConformance problem: verify a WS-BPEL process against a WS-CDL choreography specification 18

WWW'06 - Edinburgh Any question ? 19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.