580 likes | 598 Views
This paper discusses two approaches to compensable flow composition in long-running transactions and presents a comparison of their core fragment semantics. It also explores the challenges and opportunities in the design and implementation of business collaborations using web services.
E N D
Roberto Bruni - Dipartimento di Informatica, Università di Pisa joint work with Michael Butler Carla Ferreira Tony Hoare Hernán Melgratti Ugo Montanari Comparing Two Approaches to Compensable Flow Composition CONCUR 2005, San Francisco (CA) USA, 23-26 August 2005
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
Technological Scenario • WS composition is an emerging paradigm for application integration within and across organization boundaries • WS is primarily an integration technology and it must bridge the gap between technologists and business people • each WS handles a specific taskdesigned and built by technical people • like a whole car engine, car frame, transmission • tasks arecombinedby business peopleto solve business level problems • like assembling the engine, the frame and the transmission without having to look at the many pieces within them • Business collaborations can require long-running interactions • a key issue in business processes languages • Design of such business processes calls for • graphical presentation • rigorous mathematical foundations • well-disciplined service composition principles • modular implementation Comparing Two Approaches to Compensable Flow Composition
Long-Running Transactions and Compensations • When the transaction is long lasting and interactive, familiar automatic techniques of locking, check-pointing and rollback are not always adequate • partial agreements can be reached and locally committed by parties • to be confirmed on success • to be compensated in case of failure • to Compensate (Merriam-Webster OnLine) • to neutralize the effect of - to supply an equivalent to - to provide with means of counteracting variation - to offset an error, defect, or undesired effect • compensation is not rollback Comparing Two Approaches to Compensable Flow Composition
Compensations: Examples • A client buys books in an on-line bookstore • the bookstore debits client's account as the payment for the order • the bookstore later realizes that one of the book in the client's order is out of print. To compensate the client for this problem: • the bookstore can credit back the account with the amount wrongfully debited and send an apologise letter • Failures on credit checks can cause the abort of parallel activities, e.g. • to unpackage the goods to be sent and to cancel the courier booking • Late cancelling of hotel reservations can involve fees • The most important fact:Compensations have a cost! Comparing Two Approaches to Compensable Flow Composition
Contribution • Take two recent formalizations • Discover the analogies / differences on their core fragment • (hence the current title of the paper) • Show that each presentation style can recover the semantics of the other formalization... • (hence the original title: ReconcilingTwo Approaches to Compensable Flow Composition) • ...but they are not quite the same: • From the comparison Four Different Policies for Handling Compensable Concurrent Processesemerged (yet another possible title...) • three already formalised + a new one • the four semantics form a partial order Comparing Two Approaches to Compensable Flow Composition
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
CHOREOGRAPHY Graphical Design (Diagram enthusiasts) Compensable Flows (PA enthusiasts) FORMAL INFORMAL StAC WS Standards (XML enthusiasts) cCSP cJoin (Pisa) t (Bologna) web (Bologna) Interaction Patterns (PC enthusiasts) Sagas Calculus ORCHESTRATION A Coarse-Grain (Partial) View • Two main approaches • Interaction based Composition or Conversational Patterns • services describe the ways they can be engaged in larger processes • separately designed services interact to reach their goals • Two main approaches • Flow Composition or Hierarchical Patterns • a process describes the control and data flows among WS • a flowengine invokes the services according to the application logic • A landscape of languages and techniques has emerged • WSFL, BPML, WSCI, XLANG, BPEL4WS, BTP, WS-AT, WS-BP, ... • continuously enriched with new proposals from different vendor coalitions • a babel of ad hoc proposals for standard • poorly disciplined provision of "accessory" features • informal (textual) description of "behaviour" • Formal models are needed • to reason rigorously • to find specification bugs • to run simulations • to ease verification Comparing Two Approaches to Compensable Flow Composition
Orchestration &Choreography • Orchestration • is about describing and executing a single view point model • executable framework • Choreography • is about describing and guiding a global model (control is shared between domains that are responsible for their tasks) • abstract discipline • The entirely deliberate analogy is with • the way in which skilled musicians and dancers co-ordinate their actions while carrying out predetermined instructions • But the distinction can blur in many occasions On Demand Comparing Two Approaches to Compensable Flow Composition
Sagas Calculi (Sagas) Compensating CSP (cCSP) inspired by SAGAS inspired by BPEL Bruni, Melgratti, Montanari Butler, Ferreira, Hoare Focus on Compensable Flows • Independently developed • Robust formalizations of compensable flow compositions with few key primitives • more abstract than StAC and closer to the spirit of Process Algebras Structured Activity Compensation (StAC) too many similar constructs semantics not entirely satisfactory several variants / improvements Butler, Ferreira, et al. Comparing Two Approaches to Compensable Flow Composition
Flow Composition A2 A3 A1 A4 A5 A1; ( (A2; A3) | A5 ) ; A4 Comparing Two Approaches to Compensable Flow Composition
Transactional Flows A2 A3 A1 A4 A5 [ A1 ; ( (A2 ; A3) | A5 ) ; A4] Comparing Two Approaches to Compensable Flow Composition
CompensationPairs A2 A3 B2 B3 A1 A4 B1 B4 A5 B5 [ A1 % B1 ; ( (A2 % B2 ; A3 %B3) | A5 % B5 ) ; A4 %B4 ] Comparing Two Approaches to Compensable Flow Composition
Compensation Flow A2 A3 B2 B3 A1 A4 B1 B4 A5 B5 [ A1 % B1 ; ( (A2 % B2 ; A3 %B3) | A5 % B5 ) ; A4 %B4 ] Note: compensations are to be executed in reverse order forward flow backward flow Comparing Two Approaches to Compensable Flow Composition
cCSP: Syntax Standard processes P,Q ::= A | [PP] | P + Q | P ; Q | P | Q | SKIP | THROW | YIELD | P Q Compensable processes PP,QQ::=P%Q |PP + QQ |PP ; QQ |PP | QQ |SKIPP |THROWW |YIELDD () atomic action transaction block compensation pair choice sequential composition parallel composition normal termination throw an interrupt yield to an interrupt interrupt handler Comparing Two Approaches to Compensable Flow Composition
A RunningExample Comparing Two Approaches to Compensable Flow Composition
A RunningExample Comparing Two Approaches to Compensable Flow Composition
cCSP: RunningExample PackOrder = |iItems ( PackItem(i)%UnpackItem(i) ) FulfillOrder = BookCourier%CancelCourier | PackOrder | CreditCheck ; (SKIPP + THROWW ) OrderTransaction = [ ProcessOrder ] ProcessOrder = (AcceptOrder%RestockOrder) ; FulfillOrder Comparing Two Approaches to Compensable Flow Composition
cCSP: Denotational Trace Semantics • each P is assigned a set of traces • set of special events = { , !, ? } (disjoint from ) • traces p,q,... are -event-terminated sequences of actions in . Three possible shapes: • A,B,..., trace leading to normal termination • A,B,...,! trace leading to interrupt throw • A,B,...,? trace leading to interrupt yield • pq denotes concatenation • Note: unlike CSP, prefix traces are not considered • each PP is assigned a set of trace-pairs (p,q) where • p is the forward trace • q is the corresponding compensation trace Comparing Two Approaches to Compensable Flow Composition
cCSP Semantics: Basic Processes & Sequential Cmp A =trace { A, }performs an atomic event and ends ok SKIP =trace { }terminates successfully THROW =trace { ! }raises an interrupt YIELD =trace {? ,}either yields to an interrupt or ends ok P ; Q =trace { p;q | pP qQ } where p ; q = pq p ; q = p if Comparing Two Approaches to Compensable Flow Composition
joint terminal event 1 2 1&2 ! ! ! ! ? ! ! ! ? ? ? ? ? cCSP Semantics:Parallel Composition P | Q =trace { r | rp||q pP qQ } where p1 || q2 = { r1&2 | rint(p,q) } • Processes running in parallel synchronise • on joint termination • or on joint interruption int(p,) = int(,p) = {p} int(Ap,Bq) = { Ar | rint(p,Bq) } { Br | rint(Ap,q) } Comparing Two Approaches to Compensable Flow Composition
cCSP Semantics: Transaction Block and Compensation Pairs [PP] =trace { p | (p,p')PP } { pp' | (p!,p')PP } P %Q =trace{ p%q | pP qQ } { (?,) } where p % q = (p,q) p % q = (p,)if SKIPP =trace SKIP % SKIP THROWW =trace THROW % SKIP YIELDD =trace YIELDD % SKIP Comparing Two Approaches to Compensable Flow Composition
cCSP Semantics:Compensable Sequential and Parallel PP ; QQ =trace { x;y | xPP yQQ } where (p,p') ; (q,q') = (pq,q';p') (p,p') ; (q,q') = (p,p')if PP | QQ =trace { z | zx||y xPP yQQ } where (p,p') || (q,q') = { (r,r') | rp||q r'p'||q' } Comparing Two Approaches to Compensable Flow Composition
cCSP: Core Fragment Standard processes P,Q ::= A | [PP] | P + Q | P ; Q | P | Q | SKIP | THROW | YIELD | P Q Compensable processes PP,QQ::=A%B | PP + QQ |PP ; QQ |PP | QQ |SKIPP |THROWW |YIELDD atomic action transaction block compensation pair choice sequential composition parallel composition normal termination throw an interrupt yield to an interrupt interrupt handler Comparing Two Approaches to Compensable Flow Composition
Sagas: Core Fragment Processes P,Q::= 0 |A %B | PQ | PQ |P ; Q |P | Q | S | try S with P | try S or P | S %P nil compensation pair • Any action can succeed or fail • THROW and YIELD are not explicit in the language • big-step SOS semantics • two different compensation policies devised for parallel processes internal choice discriminator sequential composition parallel composition nesting interrupt handler Sagas S,T ::= [P] forward recovery transaction block programmable compensation Comparing Two Approaches to Compensable Flow Composition
A scenario • = {A1 ,…, An } • A saga S in either • commits ( ) • aborts ( ) • fails ( ) • is the observable concurrentflow • abort = successfully compensated S S S * • A processPineither • commits ( ) • aborts ( ) • fails ( ) • ß, ß’ are installed compensations <P,ß> < ,ß’> <P,ß> < ,ß’> <P,ß> < ,ß’> * NaiveSagas: SOS Semantics • An activity A either • commits (A ) • aborts (A ) Comparing Two Approaches to Compensable Flow Composition
A scenario • = {A1 ,…, An } • A saga S in either • commits ( ) • aborts ( ) • fails ( ) • is the observable concurrentflow • abort = successfully compensated S S S * * Revised Sagas: SOS Semantics • An activity A either • commits (A ) • aborts (A ) • A processPineither • commits ( ) • aborts ( ) + forced abort • fails ( ) + forced fail • ß, ß’ are installed compensations <P,ß> < ,ß’> <P,ß> < ,ß’> <P,ß> < ,ß’> * Comparing Two Approaches to Compensable Flow Composition
Sagas: RunningExample PackOrder = |iItems ( PackItem(i) % UnpackItem(i) ) FulfillOrder = BookCourier % CancelCourier | PackOrder | CreditCheck ; (SKIPP + THROWW ) OrderTransaction = [ ProcessOrder ] ProcessOrder = (AcceptOrder % RestockOrder) ; FulfillOrder Comparing Two Approaches to Compensable Flow Composition
<P,ß> < , 0> <ß,0> < , 0> (a-step’’) (f-cmp) * <P;Q,ß> < ,0> A , <A%B,ß> < , 0> * * A (s-act) A , <A%B, ß> < , B;ß> <ß,0> < , 0> (s-cmp) A , <A%B,ß> < , 0> (a-step’) <P,ß> < , 0> ’ <P,ß> < ,ß’’> <Q,ß’’> < ,ß’> <P;Q,ß> < ,0> (s-step) ;’ <P;Q, ß> < ,ß’> (Sequential) Sagas: Semantics 0 <P,0> < , ß> (zero) <0,ß> < , ß> (saga) [P] On Demand Comparing Two Approaches to Compensable Flow Composition
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
Sagas vs cCSP I • Trace models • interleaving in cCSP (centralizedflavour) • concurrent in Sagas (distributed flavour) • Executions of activities • always successful in cCSP • dependent on the context in Sagas • Failures • raised by primitive THROW in cCSP • raised by activities that fail in in Sagas • Yielding to interrupt • both explicit and implicit in cCSP • only implicit in Sagas Comparing Two Approaches to Compensable Flow Composition
Sagas vs cCSP II • Abnormal termination • successful compensation and abnormal termination of a transaction block are silent to parent processes in cCSP • but not in Sagas • where e.g. try S or P can be introduced • Adequacy results • via self-cancelling in cCSP • simple and intuitive but imprecise • via complex adequacy theorems in Sagas • more precise but less intuitive • Compensation policy of parallel processes • coordinated interruption in cCSP • no interruption but distributed compensation in Sagas naive • distributed interruption in Sagas revised Comparing Two Approaches to Compensable Flow Composition
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
Encoding cCSPseqand Sagasseq • Each cCSPseqprocess defines: • a Sagasseq process • a particular scenario of execution • [ _ ] : cCSPseq Sagasseq • Each Sagasseqprocess defines: • a set of cCSPseq processes PP • one for each particular scenario of execution • [ _ ]_ : Sagasseq cCSPseq Comparing Two Approaches to Compensable Flow Composition
Correspondence • Let[ PP ] = P , • If , then =traces [PP] • where is obtained by removing all subscripts from the activities in • Let[ P ] = PP • If , then =traces [PP] • Remark: is uniquely determined {P} {P} Comparing Two Approaches to Compensable Flow Composition
Encoding cCSPseq in Sagasseq • A subtlety: all activities must have different names • An auxiliary function is used to rename activities in PP • [ _ ]_ : cCSPseq N* Sagasseq • [ PP ] = [ PP ]0 • [ A%B ]s = As%Bs , {As , Bs } • [ SKIPP ]s = 0 , • [YIELDD]s = 0 , • [ THROWW ]s = Ts , {Ts } • [ PP1;PP2]s = P1;P2 , 1 2 • where [ PPi ]s.i = Pi , i On Demand Comparing Two Approaches to Compensable Flow Composition
Encoding Sagasseq in cCSPseq • [ 0 ] =SKIPP • [ A ] A , =A • [ A ] A , =THROWW • [ A%B ] A , B , =A%B • [ A%B ] A , =THROWW • [ P1;P2] =[ P1] ; [ P2] • Note: The encoding for compensation pairs is defined only if B commits, because THROW is not allowed as compensation On Demand Comparing Two Approaches to Compensable Flow Composition
Roadmap • Introduction • Background • cCSP • Sagas • Informal Discussion • Sequential Sagas • Parallel Sagas • Concluding Remarks & Future Work Comparing Two Approaches to Compensable Flow Composition
Expected Encoding • [ PP1|PP2]s = P1|P2 , 1 2 • where [ PPi ]s.i = Pi , i • [ P1|P2] =[ P1] | [ P2] • Unfortunately the semantic correspondence does not work properly in this case! Comparing Two Approaches to Compensable Flow Composition
Coordinated Interruption • The difference can be nicely illustrated in terms of semantic equivalence • [ A % A° | B % B° | THROWW ] =traces • (A|B) ; (A°|B°) • (A;A°) | (B;B°) • SKIP (A;A°) (B;B°) (A|B);(A°|B°) • SKIP (A;A°) (B;B°) (A;A°)|(B;B°) naive Sagas cCSP revised Sagas Processes can be stopped when siblings abort, but their compensations is activated only when all are stopped Comparing Two Approaches to Compensable Flow Composition
Parallel Sagas in cCSP B1 Bj Bn B’1 B’j A1 A2 A’1 C1 Ck Cm C’1 C’k C’m A1; B1;…;Bj-1;B’j-1;…;B’1 ;A’1 A1; ((B1;…;Bj-1)|C1) ; ((B’j-1;…;B’1)|C’1) ;A’1 … A1; ((B1;…;Bj-1)|(C1;…;Cm)) ; ((B’j-1;…;B’1)|(C’m;…;C’1)) ;A’1 Comparing Two Approaches to Compensable Flow Composition
No Interruption and Distributed Compensation • The difference can be nicely illustrated in terms of semantic equivalence • [ A % A° | B % B° | THROWW ] =traces • (A|B) ; (A°|B°) • (A;A°) | (B;B°) • SKIP (A;A°) (B;B°) (A|B);(A°|B°) • SKIP (A;A°) (B;B°) (A;A°)|(B;B°) naive Sagas cCSP revised Sagas Processes execute until completion, then they can compensate, without waiting for the completion of their siblings Comparing Two Approaches to Compensable Flow Composition
Parallel Sagas: Naïvely B1 Bj Bn B’1 B’j A1 A2 A’1 C1 Ck Cm C’1 C’k C’m A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;…;Cm;C’m;…;C’1);A’1 Comparing Two Approaches to Compensable Flow Composition
Distributed Interruption • The difference can be nicely illustrated in terms of semantic equivalence • [ A % A° | B % B° | THROWW ] =traces • (A|B) ; (A°|B°) • (A;A°) | (B;B°) • SKIP (A;A°) (B;B°) (A|B);(A°|B°) • SKIP (A;A°) (B;B°) (A;A°)|(B;B°) naive Sagas cCSP revised Sagas Processes can be interrupted and their compensations can be activated without waiting for the completion of their siblings Comparing Two Approaches to Compensable Flow Composition
Parallel Sagas: Revised B1 Bj Bn B’1 B’j A1 A2 A’1 C1 Ck Cm C’1 C’k C’m A1;(B1;…;Bj-1;B’j-1;…;B’1 | 0);A’1 A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;C’1);A’1 … A1;(B1;…;Bj-1;B’j-1;…;B’1 | C1;…;Cm;C’m;…;C’1);A’1 Comparing Two Approaches to Compensable Flow Composition
No Interruption and Centralised Compensation • The difference can be nicely illustrated in terms of semantic equivalence • [ A % A° | B % B° | THROWW ] =traces • (A|B) ; (A°|B°) • (A;A°) | (B;B°) • SKIP (A;A°) (B;B°) (A|B);(A°|B°) • SKIP (A;A°) (B;B°) (A;A°)|(B;B°) NEW! naive Sagas cCSP revised Sagas Processes execute until completion, then they are all compensated if some abort Comparing Two Approaches to Compensable Flow Composition
Relating Emerged Policies naive Sagas NEW! Sagaspar1 / cCSPpar1 Sagaspar2 / cCSPpar2 Sagaspar3 / cCSPpar3 Sagaspar4 / cCSPpar4 cCSP revised Sagas Comparing Two Approaches to Compensable Flow Composition
cCSPpari, Sagaspari and Correspondence • cCSPpar1: no yielding • cCSPpar2: only parallel yielding • cCSPpar4: also parallel yielding • Sagaspar1 • only three outcomes of Sagaspar2 (commit, abort, fail) • different set of SOS rules • Sagaspar3 • outcomes of Sagaspar1 plus "forced termination" • rules of Sagaspar1 plus an additional one • Correspondence • par1: correspondence as for the sequential case • par2, par3, par4: slightly rephrased (no unique ) On Demand Comparing Two Approaches to Compensable Flow Composition
cCSPpar1: No Yielding A%B =trace{ p%q | pA qB } { (?,) } =trace{ (A,,B,) } { (?,) } YIELDD =traceSKIPP =trace { (,) , (?,)} THROWW =trace { (!,) , (?,)} p1 || q2 = { r1&2 | rint(p,q) 1,2{,!} } On Demand Comparing Two Approaches to Compensable Flow Composition