1. 1 Ivan Lanese Computer Science Department University of Bologna Italy Towards a Unifying Theory for Web Services Composition Manuel Mazzara Faculty of Computer Science Free University of Bozen - Bolzano Italy

2. Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

3. Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

4. Web services l Set of standards for programming applications by orchestrating services –Heterogeneous –Bound at runtime –Loosely coupled l Many industrial proposals to deal with web services orchestration –WSFL (IBM): graph-oriented –XLANG (Microsoft): block-structured –WS-BPEL (OASIS): tries to unify both

5. WS-BPEL l The most credited candidate to become the standard for web services composition l Workflow-based programming language l Allows for a mixture of block and graph-structured process models –We are mostly interested in the first style l It is expressive at the price of being complex

6. Error handling l An important aspect of web services orchestration l Many things can go wrong in a web service execution –Broken connections –Server crashes –Unsatisfied requirements l Usually treated by transactions l ACID transactions –From database field –If a transaction commits then its complete effect is granted –If a transaction fails all its effects are annulled

7. Long-running transactions l ACID transactions not practical in SOC –Web services are loosely coupled –Transactions can last long-time (e.g., shipping good) –Some actions cannot be simply undone (e.g., message communication) l Non ACID transactions are usually called long-running l Based on the idea of compensations –If a transaction fails then execute the compensation for it –Should be explicitly programmed since application-dependent »Send annul communication to partners »Ask for refunding »Mark order as no more valid

8. Transactions in WS-BPEL l WS-BPEL has three different mechanisms for error handling –fault handling, compensation handling, event handling l Able to deal with many possibilities l Complex and difficult to use l Informal and unclear documentation

9. Towards formal methods l Need of a formal framework –To provide a clear and rigorous semantics –To prove properties of web services composition –Following the SENSORIA approach l We start from π-calculus –Many languages (included WS-BPEL) claim being based on it (but the connection is not always evident) l We add a transaction operator to easily deal with error handling

10. Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

11. Web π ∞ l Extension of asynchronous π-calculus –To deal with asynchronous communications among loose coupled web services l With an operator of transaction to deal with compensations l Originally proposed as the timed language Webπ [Laneve, Zavattaro FOSSACS’05] l We are interested in the untimed version

12. Web π ∞ syntax Execute P. If a message arrives at x then start executing Q instead

13. The semantics l We give a reduction semantics –Structural congruence + reduction rules l Weak barbed congruence as abstract semantics –Barbs allow to observe basic process behaviours –Weak to abstract from internal activities –Congruence to ensure preservation under composition »Two equivalent web services remain equivalent also when composed in two complex business processes

14. Structural congruence l Standard rules for parallel composition and restriction

15. Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit hj 0 ; Q ji x ´ 0

16. Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit l Flattening of workunit nesting [different e.g. w.r.t. c- join] hj 0 ; Q ji x ´ 0 hjhj P ; Q ji y j R ; S ji x ´ hj P ; Q ji y jhj R ; S ji x

17. Structural congruence l Standard rules for parallel composition and restriction l Commit of a workunit l Flattening of workunit nesting [different e.g. w.r.t. c- join] l Messages can float away hj 0 ; Q ji x ´ 0 hjhj P ; Q ji y j R ; S ji x ´ hj P ; Q ji y jhj R ; S ji x hj z e u j P ; Q ji x ´ z e u jhj P ; Q ji x

18. Reduction rules l Standard rules for communication x i e v j P i 2 I x i ( e u i ) : P i ! P i © e v = e u i ª x e v j ! x ( e u ) : P ! P © e v = e u ª j ! x ( e u ) : P

19. Reduction rules l Standard rules for communication l Rule for transaction abort only if P contains only (and at least one) inputs x i e v j P i 2 I x i ( e u i ) : P i ! P i © e v = e u i ª x e v j ! x ( e u ) : P ! P © e v = e u ª j ! x ( e u ) : P x jhj P ; Q ji x ! ( y ) hj Q ; 0 ji y

20. Weak barbed congruence l Barbs: P ↓ x if P contains a message with subject x l Weak reduction: P  Q if P has a sequence of reductions leading to Q l Weak barb: P  x if P  P’↓ x l Barbed bisimulation: relation S such that P S Q implies –If P ↓ x then Q  x –If P → P’ then Q  Q’ and P’ S Q’ l Barbed congruence ≈: largest barbed bisimulation that is also a congruence

21. Properties of barbed congruence l Good abstraction of process behaviour l Preserved by composition l Problem: difficult to compute –Requires quantification over all contexts l Solution: using an auxiliary labeled semantics that implies barbed congruence and is easier to compute

22. Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

23. Labeled semantics l Most rules as in standard late π-calculus l Special rules to deal with transactions l Predicate inp(P): true if P contains at least an input l Function xtr(P): extracts messages and transactions inside P

24. Deriving a suitable abstract semantics l We use weak asynchronous bisimilarity –Labels must be matched but … –An action μ can be matched by a sequence τ…τ μ τ…τ (weak) –An input can be matched by a τ which leaves the message available (asynchronous) l Weak asynchronous bisimilarity is not a congruence l Closed bisimilarity: closed under inp and xtr l Closed bisimilarity is a congruence l Closed bisimilarity implies barbed congruence –Useful tool to prove behavioural equivalence

25. Example: compensations reducibility

26. l Compensations can always be reduced to a single output if x’,y fresh l Proved using closed bisimulation hj P ; Q ji x ¼ ( x 0 ; y )( hj P ;x 0 ji x jhj x 0 () : Q ; 0 ji y )

27. Example: compensations reducibility l Compensations can always be reduced to a single output if x’,y fresh l Proved using closed bisimulation l The following relation is a closed bisimulation l Note: property not valid in a strong or timed setting hj P ; Q ji x ¼ ( x 0 ; y )( hj P ;x 0 ji x jhj x 0 () : Q ; 0 ji y )

28. Other applications

29. l Properties of web services composition can be proved –Decoupling of a service body l Webπ ∞ has been used to formalize a simplification of BPEL recovery framework [Lucchi, Mazzara JLAP] hj ! z ( u ) : P j Q ;v ji x ¼ ( y )( hj ! z ( u ) : P ;y ji x jhj Q j ( w ) w ( u ) ;v ji y )

30. Roadmap l Transactions in SOC l Webπ ∞ as a model for SOC l How to compute process equivalence l Conclusions

31. Conclusions l Webπ ∞ is a suitable formal framework –For reasoning about transactions –Able to treat WS-BPEL l Labeled semantics makes it practically usable to prove properties of web services transactions l Next step: applying the same techniques to calculi for services –SCC, SSCC, COWS, … –To speak about, e.g., protocol termination in presence of transactions

32. Related work l Webπ: extension of Webπ ∞ with time –Similar semantic properties but different aim –Allows to use timeouts l C-join: extends join instead of π –The nesting of transactions matters –When transactions interact are merged l Compensating CSP: extends CSP –Analyze the composition of compensations –No synchronization nor mobility

33. End of talk hj ! ques t i on ( u ) : i f u = ca l cu l i t h en ques t i onans e l se x; ques t i onmanue l : mazzara @ un i b z : i t ji x