How Process Algebra Can Contribute to the Formal Development of
Transcript of How Process Algebra Can Contribute to the Formal Development of
![Page 1: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/1.jpg)
Málaga, Spain, March 2006
How Process Algebra Can Contribute to theFormal Development of Web Services
Gwen Salaün, VASY, INRIA Rhône-Alpes
joint work with Daniela Berardi, Lucas Bordeaux, Antonella Chirichiello,Andrea Ferrara, Massimo Mecella, Marco Schaerf
. – p.1/31
![Page 2: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/2.jpg)
An introductive example
Organization of a trip (airplane tickets, room booking,exhibitions, shows, etc) delegated to interacting WSs
ws
ws
ws
ws
ws
ws
ws
internet
request
. – p.2/31
![Page 3: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/3.jpg)
Formal methods for web services
WSs are distributed processes which communicatethrough the exchange of messages
one central question is to make them working togetherto perform a given task
WSs and their interaction are best described usingbehavioural description languages
we privilege abstract and formal languages to use in asecond step existing verification tools
several candidates, e.g. transition system models (LTS,Mealy automata, Petri nets)
we advocate the use of process algebra (PA) asdescription means
. – p.3/31
![Page 4: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/4.jpg)
Overview of the approach
concrete layerabstract layer
++
J2EE, .NET...)
(BPEL Process Manager,
Development environment
(BPEL, JAVA...)
Executable Code
(CWB−NC, CADP, SPIN ...)
Editing and reasoning tools
Promela, Pi−calculus...)
(CCS, CSP, LOTOS,
Process Algebrarefinement
mapping
reverse engineering inte
rface
(WS
DL
, W
S−
CD
L...)
. – p.4/31
![Page 5: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/5.jpg)
Outline
Describing WSs using PA
Automated reasoning on WSs
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.5/31
![Page 6: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/6.jpg)
Outline
Describing WSs using PAWhat is a process algebra?Specifying web services as processesComposing web services
Automated reasoning on WSs
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.5/31
![Page 7: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/7.jpg)
What is a process algebra? CCS
basic entities: input/output actions (request and ’confirm)
basic constructs:sequence a.P
nondetermistic choice P+Q
parallel composition
� � �� � �� ��
restriction
� � � � � �� � � � �
� for hidden actions, esp. result of a synchronization
termination using
�
and recursive call P
operational semantics: possible evolutions of a process
�� � �
� � �� � �� � � � � �� ��� � � � � �
�� �
� �� � � � �� ��� � � � � � �� �
� ��� � � � � �
��� � �
. – p.6/31
![Page 8: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/8.jpg)
Specifying web services as processes
WSs are essentially processes
PAs are an unambiguous way to represent suchbehaviours
processes can describe the body of WSs or theirinterfaces
levels of abstraction to have a more faithfulrepresentation of a service, e.g. data (LOTOS) ormobility ( �-calculus) (++ wrt Automata-based Models)
PAs are compositional notations, then adequate tocompose services (++)
description of real-size problems thanks to textualnotations (++)
. – p.7/31
![Page 9: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/9.jpg)
Specifying web services as processes
A classical example of communication between a store andseveral suppliers
buy!tau
Store
ok?
nok? request?
refuse! accept!
Supplier
. – p.8/31
![Page 10: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/10.jpg)
Specifying web services as processes
A classical example of communication between a store andseveral suppliers
proc Store =
’buy. ( ok.nil + nok.Store )+ t.nil
proc Supplier =
request.( ’refuse.Supplier + ’accept.Supplier )
. – p.8/31
![Page 11: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/11.jpg)
Composing WSs: choreography
choreography is the problem of guaranteeing that WSscan interact properly
this problem is especially tricky when independentlydeveloped services are put together
it typically involves situations where the design ofservices is fixed and their implementation private
then, services are viewed through their interfaces(encoded using PA)
automated tools are needed to perform compatibilitychecks
. – p.9/31
![Page 12: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/12.jpg)
Composing WSs: choreography
Store
Supplier
Supplier
Supplierreceptionemission
buy
refuseaccept
. – p.10/31
![Page 13: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/13.jpg)
Composing WSs: choreography
Parallel compositions and restriction sets are used todescribe interactions between a store and several suppliers
*** synchronization set
set restSetC =
�
request, refuse, accept
�
*** composition of 1 store and 3 suppliers
proc SystemC =
(
Store [request/buy, refuse/nok, accept/ok] |
Supplier | Supplier | Supplier
)
�
restSetC
. – p.10/31
![Page 14: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/14.jpg)
Composing WSs: orchestration
orchestration aims at developing a new service usingexisting ones
the role of the new service (orchestrator) is to managesome existing services by exchanging messages withthem
abstract descriptions in PA can be used in two ways:during the design stage (abst. � conc.)for reverse engineering purposes (abst. � conc.)
automated reasoning is useful to validate theorchestrator service
. – p.11/31
![Page 15: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/15.jpg)
Composing WSs: orchestration
For instance, iterating the request on both suppliers, andterminating if a positive answer is received or both suppliersreply negatively.
nokok req2
req1
ref1acc1
ref2acc2
receptionemission
Store
Supplier
Supplierbuy
Orchest
. – p.12/31
![Page 16: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/16.jpg)
Composing WSs: orchestration
proc Orchest = buy.Orch1
proc Orch1 = ’req1. ( acc1.’ok.nil + ref1.Orch2 )
proc Orch2 = ’req2. ( acc2.’ok.nil + ref2.’nok.nil )
set restSetO = *** synchronization set
{buy, ok, nok, req1, req2, acc1, acc2, ref1, ref2}
*** we rename channels of the two suppliers
proc SystemO =
(
Store
| Supplier [req1/request, ref1/refuse, acc1/accept]
| Supplier [req2/request, ref2/refuse, acc2/accept]
| Orchest
) \ restSetO
. – p.13/31
![Page 17: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/17.jpg)
Outline
Describing WSs using PA
Automated reasoning on WSs
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.14/31
![Page 18: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/18.jpg)
Outline
Describing WSs using PA
Automated Reasoning on WSsVerifying propertiesVerifying equivalencesVerifying compatibility
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.14/31
![Page 19: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/19.jpg)
Automated reasoning on web services
formally-grounded languages enable one to useautomated tools to check that a system matches itsrequirements and works properly
these tools can helpchecking that a service satisfies desirable properties– e.g. the property that the system will never reachsome unexpected state
checking that two processes are equivalent –typically one abstract process expresses thespecification of the problem, while the other is acomposition of services as a possible solution
checking compatibility of services then ensuringcorrect interactions
. – p.15/31
![Page 20: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/20.jpg)
Verifying properties
properties of interest in concurrent systems typicallyinvolve reasoning on the possible scenarii that thesystem can go through
established formalism for expressing such properties isgiven by temporal logics
the most noticeable classes of properties are:safety properties, which state that an undesirablesituation will never ariseliveness properties, which state that something goodmust happen
. – p.16/31
![Page 21: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/21.jpg)
Verifying equivalences
two processes are considered to be equivalent if theyare indistinguishable from the viewpoint of an externalobserver
trace equivalence: they produce the same set of traces
observational equivalence is a more appropriate notionof process equivalence
a a
b c
a
b c
tau(B)(A)
bc
b c
strong bisimulation too restrictive: strict matching of the
� actions
. – p.17/31
![Page 22: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/22.jpg)
When are two WSs compatible?
compatibility: ensuring that WSs will be able to interactproperly
substitutability: replacing one WS by another withoutintroducing flaws
it depends not only on static properties but also on theirdynamic behaviour (service interface)
compatibility checking can be automated (CADP, SPIN)if defined in a sufficient formal way
. – p.18/31
![Page 23: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/23.jpg)
Compatibility 1: opposite behaviours
Two services are compatible if they have oppositebehaviours (observational equivalence)
reply!reply!
info?order?reply?info!order!
. – p.19/31
![Page 24: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/24.jpg)
Compatibility 2: unspecified receptions
Two services are compatible if they have no unspecifiedreceptions
ack!ack?
search?
order?order!
. – p.20/31
![Page 25: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/25.jpg)
Compatibility 3: one-path existence
Two services are compatible if there is at least oneexecution leading to a pair of final states
ack!
ack?
search?
order?
alarm!
order!
. – p.21/31
![Page 26: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/26.jpg)
Outline
Describing WSs using PA
Automated reasoning on WSs
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.22/31
![Page 27: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/27.jpg)
LOTOS/CADP for Web Services
in some cases, a less abstract level of description isneeded
LOTOS and CADP to abstractly describe and reason onWSs handling data
negotiation is a typical example of services involvingdata (prices, products, stocks)
clients and providers have to reach an agreementbeneficial to all of them
involved aspects: variables, constraints, exchangedinformation, strategies
. – p.23/31
![Page 28: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/28.jpg)
LOTOS in a nutshell
abstract data types: sorts, operations, generators,axioms
. – p.24/31
![Page 29: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/29.jpg)
LOTOS in a nutshell
type BasicNaturalNumber is
sorts Nat
opns 0 (*! constructor *) : -> Nat
Succ (*! constructor *) : Nat -> Nat
+ : Nat, Nat -> Nat
eqns
forall m, n : Nat
ofsort Nat
m + 0 = m;
m + Succ(n) = Succ(m) + n;endtype
. – p.24/31
![Page 30: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/30.jpg)
LOTOS in a nutshell
abstract data types: sorts, operations, generators,axioms
basic LOTOS: gates, exit, g;B, [],
� � � �� � �� � � � � �� � � �
cc; exit
[]
(
bb; inter; exit
|[inter]|
inter; aa; exit)
. – p.24/31
![Page 31: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/31.jpg)
LOTOS in a nutshell
abstract data types: sorts, operations, generators,axioms
basic LOTOS: gates, exit, g;B, [],
� � � �� � �� � � � � �� � � �
full LOTOS: g!V, g?X:S, [boolexp]
�
B
cc; exit
[]
(
bb; inter?y:Nat; ([y>2] -> cc; exit)
|[inter]|
inter!5; aa; exit)
. – p.24/31
![Page 32: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/32.jpg)
LOTOS in a nutshell
abstract data types: sorts, operations, generators,axioms
basic LOTOS: gates, exit, g;B, [],
� � � �� � �� � � � � �� � � �
full LOTOS: g!V, g?X:S, [boolexp]
�
B
the CADP toolbox:input notations (LOTOS, LTSs)an open environment OPEN/CAESAR, in particularEVALUATOR an on-the-fly model-checkerBISIMULATOR: on-the-fly equivalence/preorderchecking... � http://www.inrialpes.fr/vasy/cadp/
. – p.24/31
![Page 33: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/33.jpg)
Negotiation case: specification
request?ref
reply!b
commC?p
orderorder
commC!p
orderorder
commP?p commP!p
refusal refusal refusal refusal
Client Provider
reply?b
request!ref
. – p.25/31
![Page 34: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/34.jpg)
Negotiation case: specification
process NegotiateC [order, refusal, commC, commP]
(curp: Nat, inv: Inv, computfct: Comp): exit(Bool) :=
commP?p:Nat; (* the provider proposes a value *)
(
[conform(p, inv)] -> order; exit(true) (* agreement *)
[]
[not(conform(p, inv))] -> refusal;
NegotiateC[order, refusal, commC, commP]
(curp, inv, computfct)
)
[] (* the client proposes a value *)
( [conform(curp, inv)] -> commC!curp;
(
order; exit(true) (* agreement *)
[]
refusal; NegotiateC[...]
(compute(curp, computfct), inv, computfct)
)
) . – p.26/31
![Page 35: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/35.jpg)
Negotiation case: verification
verification to ensure a correct processing of thenegotiation rounds
simulation, absence of deadlocks, temporal properties(eg. <true*."ORDER"> true)
Participants States Trans. P1 P2 P3
(1c & 1p) 32 47 3.84s 2.15s 2.21s
(1c & 7p) 17,511 42,848 4.64s 27.70s 27.35s
(1c & 10p) 145,447 374,882 5.10s 1326.94s 1313.16s
(2c & 4p) 300,764 944,394 5.31s 117.41s 117.79s
. – p.27/31
![Page 36: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/36.jpg)
Mapping LOTOS <–> BPEL
LOTOS BPEL
message, portType, operation,gates + offers partnerLinkType (WSDL),
and receive, reply, invoke (BPEL)
termination ’exit’ end of the main sequence
sequence ’;’ sequence
choice ’[]’ pick and switch
parallel composition ’
� �� �
� �’ interacting WSs
recursive call new instantiation or while
datatypes and operations XML Schema, DBs, XPath, etcguards case of switch
. – p.28/31
![Page 37: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/37.jpg)
Outline
Describing WSs using PA
Automated reasoning on WSs
Application: negotiating WSs using LOTOS/CADP
Concluding remarks
. – p.29/31
![Page 38: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/38.jpg)
Concluding remarks
WSs are an emerging and promising area involvingimportant technological challenges
PAs offer adequate notations and tools to describe,compose and reason on WSs at an abstract level
Perspectives:
service description: adequate level of description,interface extraction, conformance
composition of WSs: compatibility, automation,adaptation
systematic mapping between abstract and concretedescription levels
. – p.30/31
![Page 39: How Process Algebra Can Contribute to the Formal Development of](https://reader031.fdocuments.us/reader031/viewer/2022020702/61fb12712e268c58cd59d24e/html5/thumbnails/39.jpg)
Main references
(1) G. Salaün, L. Bordeaux and M. Schaerf. Describing andReasoning on Web Services using Process Algebra.Proc. of ICWS’04, IEEE CSP, p. 43–51. Extendedversion to appear in the IJBPIM journal.
(2) G. Salaün, A. Ferrara and A. Chirichiello. Negotiationamong Web Services using LOTOS/CADP. Proc. ofECOWS’04, LNCS 3250, SV, p. 198–212.
(3) L. Bordeaux, G. Salaün, D. Berardi and M. Mecella.When are two Web Services Compatible? Proc. ofTES’04, LNCS 3324, SV, p. 15–28.
(4) A. Chirichiello and G. Salaün. Encoding AbstractDescriptions into Executable Web Services: Towards aFormal Development. In Proc. of WI’05, IEEE CSP, p.457–463.
. – p.31/31