The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

*

The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

Service oriented computing and faultsA world where different services interactDynamically found and composedInteraction based on one-way and request-response invocationsSafe composition of services requires to deal with faultsNo guarentee on components behaviour because of loose couplingDisconnections, message losses, Approaches based on long running transactions and compensations

Error handlingA fault is an abnormal situation that forbids the continuation of an activityFaults should be managed so that the whole system reaches a consistent stateDifferent mechanisms are commonly usedFault handlers: specify how to recover from a faultTermination handlers: specify how to terminate an ongoing activity when reached by a fault from a parallel activityCompensation handlers: specify how to compensate a successfully terminated activity if requested for fault recovery

Formal modelsDifferent formal models have been proposed to analyze error handling in SOCInteraction based compensations, extending name passing calculi with operators for error handling Compensable flow composition, analyzing how compensations of simple activities are composedWe compare two models, one for each approachSOCK for interaction based compensationsSAGAs for compensable flow composition models

The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

SOCK (Service Oriented Computing Kernel)A calculus for modelling service oriented systemsStrongly inspired by current technologiesWSDL, WS-BPELImplemented by Joliebut featuring a formal LTS semanticsSOCK has three layers: behaviour, engine and systemError handling is managed at behaviour layer

Behaviour primitives

and assignment

Behaviour composition operators

From sequential languages From concurrent calculi

Error handling in SOCKError handling exploits fault/termination/compensation handlers Handlers can be installed and updated dynamically

At runtime the scope will also contain the active handlers: {P;H}q

The scope hierarchy

Throwing a faultq1q2(f,Q)Throw (f)(q2,T2)(q1,T1)A fault f is raised by Throw(f)

Throwing a faultq1q2(f,Q)(q2,T2)(q1,T1)fIt propagates upward andkills the traversedactivities

Throwing a faultT1q1T2q2(f,Q)fTermination handlersof parallel activitiesare executed

Throwing a faultT1q1T2q2QfThe fault handler for fis executed

Dynamic installation of handlersNew handlers update the old onesAllowed for fault and termination handlersAllows to keep the handler up-to-date as far as the activity progressesAvailable handlers are installed before any fault is managedAlways the most updated handler is used

Installing a fault/termination handlerInst(f,Q)

Installing a fault/termination handler(f,Q)

Compensation handlersAllow to undo the effect of a successfully terminated activityAre the last available termination handlersShould be activated explicitly by comp(q)Only other handlers can do it

Installing compensation handlersqqInst(q,Q)

Installing compensation handlersq(q,Q)Q terminatesq

Installing compensation handlers(q,Q)Handlers in qcan compensateq using comp(q)q

Faults and request-responsesIf a server is reached by a fault when processing a request-response, the fault is notified to the clientA request-response always sends a response, either normal or faultyAllows recovery from remote faultsA client always waits for the reply, even if reached by a local faultor(y,x,H) installs handlers in H only if a successful answer is received

The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

SAGAsA language for modelling compensable transactionsThe basic building blocks are compensable actions A%BThat can be composed in sequence and paralleland grouped into transactions

SAGAs semanticsSAGAs are equipped with a big-step semanticsObservations contain the names of activities completed with successThe final result of a SAGA can be : success of the SAGA : failure of the SAGA but success of the compensation : crash, i.e. failure of both the SAGA and its compensation

Atomic compensable activity A%BSucceeds with observation A if A succeedsCompensation B is installedFails with no observation if A failsNo compensation is installed

Sequential composition P;PSucceeds if P and P succeedThe observation is the sequential composition of observationsFails if P or P failIf P succeeds and P fails P should be compensatedIf the compensation succeeds the composition failsIf the compensation fails the composition crashesDifferent sequential activities are compensated in reverse order

Parallel composition P|PSucceeds if P and P succeedThe observation is the parallel composition of the observationsFails if any activity failsThe other is stoppedThe activities executed so far are compensatedIf the compensation succeeds the composition failsIf the compensation fails the composition crashesDifferent parallel activities are compensated in parallel

Nested SAGA {[P]}Succeeds if P succeeds or failsIf P succeeds the compensation is installedCrashes if P crashes

The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

Idea of the mappingActivities are implemented by remote servicesIf the activity succeeds, the service sends back a normal answerIf the activity fails, the service sends back a faultWe use fault f for failure of activities, c for crashesSAGAs are anonymous while SOCK scopes have unique namesWe give unique names to SAGAsFrom a SAGA we extract two componentsThe structure of the processThe structure of the compensations

Extracting the structure of compensations

Mapping basic activities

An activity is a scope containing a call to the corresponding service

If successful the compensation has to be installed

But a fault in the compensation should be treated as a crash

Composing basic activities

The mapping is homomorphic

Mapping SAGAs

A SAGA is a scope

In case of external fault the activities executed so far have to be compensated

In case of internal fault the activities executed so far have to be compensated, and no compensation should be installed

Behavioural correspondanceFrom the SOCK lts we extract an abstract LTS tracking only the successful answers from request-responsesA SAGA S has a big-step with observation O iff its translation can perform all the abstract LTSs compatible with O The SAGA result is or iff the translation performs no label throw(c) iff the translation performs a label throw(c)

ExampleConsider the SAGA

Suppose A, B and D succeed and C fails with observation A;BThen the translation has a computation whose LTS has no label throw(c) and with abstract LTS

The sagaThe world: faults and compensations in SOCThe weapon: SOCKThe treasure: SAGAsThe quest: a mappingConclusion: and all the activities were compensated

CommentsSAGAs can be used to program compensation policies in SOCKSOCK adds communication/distributionExploits automatic fault notificationSOCK allows to program other kinds of recoveryDifferent recovery policies for external faults and internal faultsCompensations can be composed in different orders

Future workComplete our questUnderstand relationship between different approaches to compensationsStatic vs dynamicHierarchical vs flat

The end