Verification of Service Composition

and Compensation By Using

Process Algebra

S. Ripon, F. Sultana, and F. Rahman

East West University, Bangladesh

5th International Conference on Network and Computing Technologies (ICNCT 2017)

20-22 Feb, 2017, Bali
Verification of Service Composition
and Compensation By Using
Process Algebra

S. Ripon, F. Sultana, and F. Rahman

East West University, Bangladesh

5th International Conference on Network and Computing Technologies (ICNCT 2017)

20-22 Feb, 2017, Bali
 S. Ripon, ICNCT'17
3
 S. Ripon, ICNCT'17
4
Web Services
• Web services (application services )
• usually including some combination of
programming and data, but possibly including
human resources as well

S. Ripon, ICNCT'17
• made available from a business's Web server
for Web users or other Web-connected
programs.

5
Web Services
• there are many services around the web,
each one, taken alone, has a limited
functionality.
• a single service may not sufficient to respond

S. Ripon, ICNCT'17
to the user's request
• often services can be combined through
services composition to achieve a specific
goal.
6
Web Services
• the notion of composite services is used as a
collection of services combined to achieve a user's
request.
• from a user perspective, this composition is

S. Ripon, ICNCT'17
considered as a simple service, even though it is
composed of several web services.

• Web service composition is the ability to aggregate

multiple services into a single composite service
• provide a certain functionality, which otherwise 7
cannot be provided by a single service.
Service Composition
Orchestration Choreography

S. Ripon, ICNCT'17
10
Service Composition
• Choreography: sequences and conditions under
which multiple cooperating independent agents
exchange messages to perform a task to achieve a
goal state.

S. Ripon, ICNCT'17
• Web services choreography concerns the
interactions of services with their users.
• Any user of a Web service, automated or otherwise,
is a client of that service.
• These users may, in turn, be other Web services,
applications, or human beings. 11
Service Composition
• Composite Web services aim to support
collaborations between business partners
• such collaborations typically require robust
transaction support.

S. Ripon, ICNCT'17
• classical ACID (Atomicity, Consistency, Isolation,
Durability) properties of relational databases are too
strict in a service-oriented environment involving
several autonomous business partners.
• proper compensation mechanisms need be taken
into consideration 12
Objectives
• Encode Service Choreography
• Composition of services and compensation
• Encode the composition into a suitable process
algebra

S. Ripon, ICNCT'17
• Composition Verification
• MSC to Transition diagram
• Deadlock detection
• Properties of composition and compensation
• Safety, liveness, etc.
13
 Compensation

S. Ripon, ICNCT'17
15
Compensation
• Compensation: an action taken to recover from
error in business transactions or cope with a
change of plan.
• the concept of compensation is more general

S. Ripon, ICNCT'17
than traditional database rollback.
• very important for handling failures in long
running transactions.
• installed for every committed activity in a long-
running transaction.
16
Compensating CSP
• Compensating CSP (cCSP) is a language defined
to model long running business transactions
within the framework of standard CSP process
algebra

S. Ripon, ICNCT'17
• To support failed transaction, compensation
operators are introduced.
• The processes are categorized into standard, and
compensable processes.
• A standard process does not have any compensation,
• compensation is part of a compensable process that is used to 17
compensate a failed transaction.
Compensating CSP

S. Ripon, ICNCT'17
18
Objective (revisit)
Encode Service Choreography
• Using a suitable process algebra
• Adopt cCSP mechanism

S. Ripon, ICNCT'17
Verify
• Service and Compensation composition

19
 Scenario

S. Ripon, ICNCT'17
20
Architectural View

S. Ripon, ICNCT'17
21
MSC (No Compensation)

S. Ripon, ICNCT'17
22
MSC (with Compensation)

S. Ripon, ICNCT'17
23
Represent in FSP
• Represent MSC into FSP notation
• Check transitions in LTSA (Labelled Transition
System Abalyser).

S. Ripon, ICNCT'17
24
Finite State Process (FSP)
• an algebraic notation to describe process models.
• can be used to model the transition of workflow
processes through a modeling tool Labeled Transition
System Analyzer (LTSA),

S. Ripon, ICNCT'17
• Models are described using state machines
• These are described textually as finite state
processes (FSP) and displayed and analyzed by the
LTSA analysis tool.

25
FSP
FSP consists of
• Action Prefix,
• Process Definition,

S. Ripon, ICNCT'17
• Choice,
• Indexed Processes
• Actions, Guarded Actions,
• Constant and Range Declarations,
• Variable Declaration, Process Alphabets and so
on. 26
LTSA - Labelled Transition System Analyser

• LTSA is a verification tool for concurrent systems. I

• Mechanically checks that the specification of a
concurrent system satisfies the properties required of its
behaviour.

S. Ripon, ICNCT'17
• LTSA supports specification animation to facilitate
interactive exploration of system behaviour.

27
Process definition

S. Ripon, ICNCT'17
28
FSP Processes

BUYER = (order->rcv_qt->reply->(send_b_ack->

S. Ripon, ICNCT'17
BUYER|send_b_nak->thrwb->END)).

29
 S. Ripon, ICNCT'17
BRK_PHASE1 = (rcv_order-> rfq_to_supp ->
rcv_qt_supp->select_qt->END).

30
Broker – Phase 2
REQ1 = (select_qt->send_qt_buyer->reply->END).
REQ2 = (select_qt->order_supp->reply->END).
REQ3 = (select_qt->req_loan->reply->END).

RCV1 = (reply->rcv_buyerack->END).

S. Ripon, ICNCT'17
RCV2 = (reply->rcv_suppack->END).
RCV3 = (reply->rcv_loanack->END).

||REQ = (REQ1||REQ2||REQ3).
||RCV = (RCV1||RCV2||RCV3).
||BRK_PHASE2 = (REQ||RCV).

||BROKER = (BRK_PHASE1||BRK_PHASE2). 31
 S. Ripon, ICNCT'17
32
Compensation Process for BROKER

• Broker’s Compensation Process completes in two

phases
• the compensation of Phase two of Broker Process then
• the compensation of Phase one of the Broker Process.

S. Ripon, ICNCT'17
• COMP_BRK is composed of two separate processes,
BRK_PHASE2_COMP and BRK_PHASE1_COMP.
||COMP_BRK =
(BRK_PHASE2_COMP||BRK_PHASE1_COMP).

33
Compensation Process of Broker’s Phase Two

• CMP_REQ1 = (thrwbrk->wdrw_buyer_qt->reqwdrwn->
END).
• CMP_REQ2 = (thrwbrk->wdrw_s_order->reqwdrwn->
END).

S. Ripon, ICNCT'17
• CMP_REQ3 = (thrwbrk->wdrw_l_req->reqwdrwn->
END).

• ||BRK_PHASE2_COMP =
(CMP_REQ1||CMP_REQ2||CMP_REQ3).

34
 S. Ripon, ICNCT'17
35
Compensation Process of Broker’s
Phase One
• BRK_PHASE1_COMP = (reqwdrwn->
cancel_qt_select->cancel_supp_qt_rcv->
cancel_rfq_to_supp->cancel_buyer_order->
END).

S. Ripon, ICNCT'17
36
 S. Ripon, ICNCT'17
37
Verification
• Verification of composition
• Compensation
• System

S. Ripon, ICNCT'17
38
Compensation Verification
• First stage of verification
• Check compensation of each process run when
required (e.g., interrupt thrown, failure)

S. Ripon, ICNCT'17
• a property process is defined for each process
• Property process and main process are run in parallel
• Interrupt is defined in the form of negative
acknowledgement.

39
Safety Property
• property SAFE_COMP_B = (send_b_nak->
cancel_rcv_qt->SAFE_COMP_B).
• property SAFE_COMP_S = (send_s_nak->
cancel_brk_order->SAFE_COMP_S).

S. Ripon, ICNCT'17
• property SAFE_COMP_L = (send_l_nak->
cancel_loan_req->SAFE_COMP_L).
• ||BSAFE = (BUYER||COMP_B||SAFE_COMP_B).
• ||SSAFE = (SUPPLIER||COMP_S||SAFE_COMP_S).
• ||LSAFE = (LOANSTAR||COMP_L||SAFE_COMP_L).
40
Compensation Process
• To check main compensation process
• Process is defined to ensure that when
interrupt is thrown from any of the four
processes, the respective compensation

S. Ripon, ICNCT'17
process will eventually run.
• All these processes are then run in parallel

41
Verify compensation process
• property SAFE_MSG_BRK = (msgb->thrwbrk->
SAFE_MSG_BRK |msgl->thrwbrk->
SAFE_MSG_BRK|msgs-> thrwbrk->SAFE_MSG_BRK).
• property SAFE_MSG_B = (msgs->thrwb->
SAFE_MSG_B|msgl-> thrwb->SAFE_MSG_B).

S. Ripon, ICNCT'17
• property SAFE_MSG_S = (msgb->thrws->
SAFE_MSG_S|msgl-> thrws->SAFE_MSG_S).
• property SAFE_MSG_L = (msgb->thrwl->
SAFE_MSG_L|msgs-> thrwl->SAFE_MSG_L).
• ||CMAIN_CHECK=(CMAIN||COMP_B||COMP_BRK||COMP_S
||COMP_L||SAFE_MSG_BRK||SAFE_MSG_B||SAFE_MSG_S
||SAFE_MSG_L).
42
System Composition
• Ensure that processes synchronize correctly at the
desired point.
• Define safety properties
• Properties along with system are run in parallel

S. Ripon, ICNCT'17
• Check the traces for violation of safety properties

43
System Composition
• property SAFE_SYSTEM = (rcv_order->
rcv_rfq-> rcv_qt_supp->select_qt->
SAFE_SYSTEM).
• property SAFE_REQ1 = (select_qt->

S. Ripon, ICNCT'17
rcv_qt-> SAFE_REQ1).
• property SAFE_REQ2 = (select_qt->
rcv_brk_order->SAFE_REQ2).
• property SAFE_REQ3 = (select_qt->
rcv_req-> SAFE_REQ3).

44
System Check
• ||MAINSYSTEM_CHECK =
(BUYER||BROKER||SUPPLIER||LOANSTAR||
SAFE_SYSTEM
• ||SAFE_REQ1||SAFE_REQ2||SAFE_REQ3)

S. Ripon, ICNCT'17
/{rcv_order/order, rcv_rfq/rfq_to_supp,
rcv_qt_supp/send_qt,
rcv_qt/send_qt_buyer,
rcv_req/req_loan,
rcv_brk_order/order_supp,
rcv_buyerack/send_b_ack,
rcv_loanack/send_l_ack,
45
rcv_suppack/send_s_ack}
 S. Ripon, ICNCT'17
46
Comparison: cCSP – FSP

S. Ripon, ICNCT'17
47
Conclusions
• Model service choreography and compensation.
• Compensation is defined as an integral part of each
transaction
• Composition of compensation and whole system are

S. Ripon, ICNCT'17
checked separately.
• Adopted the modeling concept from cCSP

48
Future Plan
• Examine all the other operators of cCSP
• Other complex choreography example
• Various safety and other properties

S. Ripon, ICNCT'17
• Check applicability of FSP as a tool support for
cCSP.

49
 S. Ripon, ICNCT'17
50