25/10/11 1

Toward Design, Modelling and analysis of Dynamic Workflow Reconfiguration

A Process Algebra Perspective

M. Mazzara, F. Abouized, N. Dragoni and A. Battacharyya

WSFM’11 8th International Workshop

on Web Services and Formal Method1/9/2011, Clermont-Ferrand, France

25/10/11 2

Contributors

(Just) some of the most important people to thank for their research inputs over the last few years…

Cliff Jones, Alexander Romanovsky, Paolo Missier, Vasa Curcin,Jeremy Bryans, Gudmund Grov, Massimo Strano, Michele Mazzucco,

Kamarul Abdul Basit, Carl Gamble, Richard Payne, Mario Bravetti, Cosimo Laneve, Roberto Lucchi, Claudio Guidi, Ivan Lanese…

Anirban Bhattacharyya - Newcastle University, UK John Fitzgerald - Newcastle University, UK Faisal Abouzaid - Ecole Polytechnique de Montreal, Canada Nicola Dragoni - Technical University of Denmark Mu Zhou - Technical University of Denmark Koji Hasebe, University of Tsukuba, Japan Juan Carlos Polanco Aguilar, University of Tsukuba, Japan

25/10/11 3

Introduction and open issues

Requirements on formalisms and synopsis

A novel formalism

Workflow Reconfiguration Modelling/Verification

Implementation

Discussion

Agenda

25/10/11 4

The “story” I am going to tell you…

I describe the requirements a formalism for dynamic reconfiguration should meet

I analyze well-known formalisms against these requirements and we make a synopsis

I discover how just a few of these requirements are met by these formalisms

I discuss how the “ideal formalism” should look like

I explain why it is not possible to achieve this now

I introduce a novel formalism which copes well

I show working examples of this

25/10/11 5

Research on reconfiguration is vast

Service reconfiguration is not extensively researched yet

Computational models

Formalisms

Methods

Tools

Overlapping modes are relevant in the services context

especially when high traffic is involved

Research on reconfigurable systems

Overlapping Modes

configuration 1

configuration 2

• Case 1

configuration 2

configuration 1

dynamic reconfiguration transactions

• Case 2

configuration 2

configuration 1

normal transactions

dynamic reconfiguration transactions

interactions (functional/temporal)• Case 3

25/10/11 7

Keeping an eye on the real world…

“Man has such a predilection for systems and abstract deductions that he is ready

to distort the truth intentionally, he is ready to deny the evidence of his

senses only to justify his logic”

(Fyodor Dostoyevsky)

25/10/11 8

Performing an instantaneous mode change in a distributed system is unrealistic…

global state at a specific instant might be undefined

… and waiting for the reconfiguration to be performed is not always acceptable

e.g. services with very high traffic

…when making sensible assumptions

25/10/11 9

Vocabulary

Location Layer

Application Layer

Objects

Nodes

Links

Connected by

Components Connectors

Hosted on

Channels

Formal methods applications

25/10/11 11

Formalisms for Dynamic Reconfiguration

The ideal formalism is one able to model all the aspects of reconfiguration and to work for the analysis

25/10/11 12

Simple Harmonic Motion

In the domain of continuous phenomena differential equations are the paradigm

The differential equation for simple harmonic motion elegantly describes all the aspects in a single equation

25/10/11 13

The Ideal Formalism

what is being changed

the change the rules

Simple Harmonic Motion

25/10/11 14

But…

…the formal elegance and power of differential equations took just thousands of

years to develop!

We cannot spend so long thinking!!!

25/10/11 16

A novel formalism

25/10/11 17

Messages can include channel names Sending an address and expecting a reply to that address Output capability (MS Biztalk)

received names used as subjects of outputs only Input capability ( -calculus)

received names used as the subject of inputs as well

Reconfiguration features in π-calculi

π

25/10/11 18

Language Syntax Semantics Pragmatics/examples

Interaction Synchronization/message passing Mobility/reconfigurability

Foundational model

25/10/11 19

Webπ∞ syntax

25/10/11 20

Semantics

“There are no facts, only interpretations”

(Friedrich Nietzsche)

25/10/11 21

Workflow Reconfiguration

25/10/11 22

Dynamic reconfiguration of an office workflow

Order processing in a large/medium-sized organisation High traffic of order has to be processed

Change of procedure (reconfiguration)

Billing is performed before shipping Sequence instead concurrency

Case study

BPMN design

25/10/11 24

π-calculus modeling

Old region

New region

webπ∞ modeling

Elements involved In triggering

the new region

Elements of the old region

25/10/11 26

Abstractions

Workunits and event handlers are used to model the reconfiguration in a smart way

Workunits bound the identified regions (old and new) Event raising is exploited to trigger the change

The floating law (structural congruence) allows asynchronous outputs in a workunit to freely escape the workunit itself

25/10/11 27

Requirements

During (and after) the transition phase:

The acceptability of an order should not be affected by the change in procedure

All accepted orders must be billed and shipped, then archived

All orders accepted after the change in procedure must be processed according to the new procedure

25/10/11 28

Verification

Equational reasoning is inadequate for reconfiguration

What we have: Requirements specified in pi-logic Model checking in HAL Problem with state explosion!

What we need: PROMELA description of the workflow reconfiguration Requirements described in LTL SPIN for model checking

25/10/11 29

WS-BPEL Implementation: questions

WS-BPEL has not been designed for dynamic reconfiguration

has been used to encode WS-BPEL

Reconfiguration has been shown to work with

Can the basic mechanisms of the WS-BPEL recovery framework support dynamic reconfiguration ?

Webπ∞

Webπ∞

25/10/11 30

WS-BPEL Implementation: principles

Three basic principles have been followed:

3. The regions to be reconfigured have to be represented by BPEL scope

5. Each BPEL scope (i.e. region) will be associated with termination and event handlers

7. An event triggers the new configuration terminating the old one

25/10/11 31

Discussion of the case study

25/10/11 32

Workunits offer an efficient solution

Floating laws cope well with reconfiguration activities

Equational reasoning is inadequate for reconfiguration

Lack of tool support -calculus is instead supported by verification tools TyPiCal HAL, etc…

Wepi has to be intended as a a front end for modelling with the the pi-calculus as the verication bytecode

Webπ vs π-calculus

π

25/10/11 33

Conclusions (1)

The standard notion of correctness used in process algebras is congruence based on bisimulation.

Congruence is not always applicable for verifying the correctness of models

For example, the requirements of the case study are not all expressible as congruencies between processes

25/10/11 34

Conclusions (2)

It is easier to model workflow reconfiguration in Webpi than in the asynchronous pi-calculus

Modelling would be even easier in a synchronous version of Webpi

Model checking is more widely applicable than equational reasoning based on congruencies for verifying workflow reconfiguration

25/10/11 35

Analysis of requirements

Synopsis of formalisms

Development of ad-hoc formalisms

Application to modeling and verification of case studies

Implementation of workflow reconfiguration in WS-BPEL

Major Contributions

25/10/11 36

Questions?

"Did science promise happiness? I do not believe it. It promised truth, and the question is to know if we will ever

make happiness with truth." (Emile Zola)