toward design, modelling and analysis of dynamic workflow reconfiguration: a process algebra...
TRANSCRIPT
25/10/11 1
Toward Design, Modelling and analysis of Dynamic Workflow Reconfiguration
A Process Algebra Perspective
M. Mazzara, F. Abouized, N. Dragoni and A. Battacharyya
WSFM’11 8th International Workshop
on Web Services and Formal Method1/9/2011, Clermont-Ferrand, France
25/10/11 2
Contributors
(Just) some of the most important people to thank for their research inputs over the last few years…
Cliff Jones, Alexander Romanovsky, Paolo Missier, Vasa Curcin,Jeremy Bryans, Gudmund Grov, Massimo Strano, Michele Mazzucco,
Kamarul Abdul Basit, Carl Gamble, Richard Payne, Mario Bravetti, Cosimo Laneve, Roberto Lucchi, Claudio Guidi, Ivan Lanese…
Anirban Bhattacharyya - Newcastle University, UK John Fitzgerald - Newcastle University, UK Faisal Abouzaid - Ecole Polytechnique de Montreal, Canada Nicola Dragoni - Technical University of Denmark Mu Zhou - Technical University of Denmark Koji Hasebe, University of Tsukuba, Japan Juan Carlos Polanco Aguilar, University of Tsukuba, Japan
25/10/11 3
Introduction and open issues
Requirements on formalisms and synopsis
A novel formalism
Workflow Reconfiguration Modelling/Verification
Implementation
Discussion
Agenda
25/10/11 4
The “story” I am going to tell you…
I describe the requirements a formalism for dynamic reconfiguration should meet
I analyze well-known formalisms against these requirements and we make a synopsis
I discover how just a few of these requirements are met by these formalisms
I discuss how the “ideal formalism” should look like
I explain why it is not possible to achieve this now
I introduce a novel formalism which copes well
I show working examples of this
25/10/11 5
Research on reconfiguration is vast
Service reconfiguration is not extensively researched yet
Computational models
Formalisms
Methods
Tools
Overlapping modes are relevant in the services context
especially when high traffic is involved
Research on reconfigurable systems
Overlapping Modes
configuration 1
configuration 2
• Case 1
configuration 2
configuration 1
dynamic reconfiguration transactions
• Case 2
configuration 2
configuration 1
normal transactions
dynamic reconfiguration transactions
interactions (functional/temporal)• Case 3
25/10/11 7
Keeping an eye on the real world…
“Man has such a predilection for systems and abstract deductions that he is ready
to distort the truth intentionally, he is ready to deny the evidence of his
senses only to justify his logic”
(Fyodor Dostoyevsky)
25/10/11 8
Performing an instantaneous mode change in a distributed system is unrealistic…
global state at a specific instant might be undefined
… and waiting for the reconfiguration to be performed is not always acceptable
e.g. services with very high traffic
…when making sensible assumptions
25/10/11 9
Vocabulary
Location Layer
Application Layer
Objects
Nodes
Links
Connected by
Components Connectors
Hosted on
Channels
Formal methods applications
25/10/11 11
Formalisms for Dynamic Reconfiguration
The ideal formalism is one able to model all the aspects of reconfiguration and to work for the analysis
25/10/11 12
Simple Harmonic Motion
In the domain of continuous phenomena differential equations are the paradigm
The differential equation for simple harmonic motion elegantly describes all the aspects in a single equation
25/10/11 13
The Ideal Formalism
what is being changed
the change the rules
Simple Harmonic Motion
25/10/11 14
But…
…the formal elegance and power of differential equations took just thousands of
years to develop!
We cannot spend so long thinking!!!
25/10/11 16
A novel formalism
25/10/11 17
Messages can include channel names Sending an address and expecting a reply to that address Output capability (MS Biztalk)
received names used as subjects of outputs only Input capability ( -calculus)
received names used as the subject of inputs as well
Reconfiguration features in π-calculi
π
25/10/11 18
Language Syntax Semantics Pragmatics/examples
Interaction Synchronization/message passing Mobility/reconfigurability
Foundational model
25/10/11 19
Webπ∞ syntax
25/10/11 20
Semantics
“There are no facts, only interpretations”
(Friedrich Nietzsche)
25/10/11 21
Workflow Reconfiguration
25/10/11 22
Dynamic reconfiguration of an office workflow
Order processing in a large/medium-sized organisation High traffic of order has to be processed
Change of procedure (reconfiguration)
Billing is performed before shipping Sequence instead concurrency
Case study
BPMN design
25/10/11 24
π-calculus modeling
Old region
New region
webπ∞ modeling
Elements involved In triggering
the new region
Elements of the old region
25/10/11 26
Abstractions
Workunits and event handlers are used to model the reconfiguration in a smart way
Workunits bound the identified regions (old and new) Event raising is exploited to trigger the change
The floating law (structural congruence) allows asynchronous outputs in a workunit to freely escape the workunit itself
25/10/11 27
Requirements
During (and after) the transition phase:
The acceptability of an order should not be affected by the change in procedure
All accepted orders must be billed and shipped, then archived
All orders accepted after the change in procedure must be processed according to the new procedure
25/10/11 28
Verification
Equational reasoning is inadequate for reconfiguration
What we have: Requirements specified in pi-logic Model checking in HAL Problem with state explosion!
What we need: PROMELA description of the workflow reconfiguration Requirements described in LTL SPIN for model checking
25/10/11 29
WS-BPEL Implementation: questions
WS-BPEL has not been designed for dynamic reconfiguration
has been used to encode WS-BPEL
Reconfiguration has been shown to work with
Can the basic mechanisms of the WS-BPEL recovery framework support dynamic reconfiguration ?
Webπ∞
Webπ∞
25/10/11 30
WS-BPEL Implementation: principles
Three basic principles have been followed:
3. The regions to be reconfigured have to be represented by BPEL scope
5. Each BPEL scope (i.e. region) will be associated with termination and event handlers
7. An event triggers the new configuration terminating the old one
25/10/11 31
Discussion of the case study
25/10/11 32
Workunits offer an efficient solution
Floating laws cope well with reconfiguration activities
Equational reasoning is inadequate for reconfiguration
Lack of tool support -calculus is instead supported by verification tools TyPiCal HAL, etc…
Wepi has to be intended as a a front end for modelling with the the pi-calculus as the verication bytecode
Webπ vs π-calculus
π
25/10/11 33
Conclusions (1)
The standard notion of correctness used in process algebras is congruence based on bisimulation.
Congruence is not always applicable for verifying the correctness of models
For example, the requirements of the case study are not all expressible as congruencies between processes
25/10/11 34
Conclusions (2)
It is easier to model workflow reconfiguration in Webpi than in the asynchronous pi-calculus
Modelling would be even easier in a synchronous version of Webpi
Model checking is more widely applicable than equational reasoning based on congruencies for verifying workflow reconfiguration
25/10/11 35
Analysis of requirements
Synopsis of formalisms
Development of ad-hoc formalisms
Application to modeling and verification of case studies
Implementation of workflow reconfiguration in WS-BPEL
Major Contributions
25/10/11 36
Questions?
"Did science promise happiness? I do not believe it. It promised truth, and the question is to know if we will ever
make happiness with truth." (Emile Zola)