An Operational Semantics for Model Checking Long Running Transactions

Transcription

1 An Operational Semantics for Model Checking Long Running Transactions Hengbiao Yu, Zhenbang Chen, Ji Wang School of Computer, National University of Defense Technology, Changsha, China National Laboratory for Parallel and Distributed Processing, Changsha, China

2 Long Running Transactions Database Long-lived transactions ACID transactions SAGAS 1987, SIGMOD Compensation

3 Compensation

4 Compensation-based LRTs An activity has its compensation activity Use compensations in case of failures A relaxed atomicity and consistency a1 a2 a3 Failure b1 b2 b3

5 Service-Oriented Computing Services are world wide distributed Coordinate to accomplish a task Highly dynamic, not stable How to ensure consistency in case of a failure? Long running transactions

6 Compensation-based Programming in SOC Industrial service orchestration languages Compensation based fault handling Very flexible recovery mechanisms Fault Handler Compensation Handler WS-BPEL 2.0, OASIS Standard, 11 April 2007

7 Compensation-based Programming in SOC Industrial service orchestration languages Compensation based fault handling Very flexible recovery mechanisms Formal Languages ccsp, StAC, SAGAs Calculi, etc. Theoretical foundations

8 Compensating CSP A CSP variant for modeling LRTs Proposed by Butler et al., 2005 Two types of processes Standard & Compensable Composition operators Choice, sequence, interleaving, etc.

9 Extended ccsp P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Enabling the modeling of non-determinism, deadlock and livelock Stable-failures semantics Zhenbang Chen and Zhiming Liu. An Extended ccsp with Stable Failures Semantics. 7th International Colloquium on Theoretical Aspects of Computing (ICTAC 10), LNCS 6255, 2010.

10 Extended ccsp P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Failure-divergence semantics, refinement Zhenbang Chen, Zhiming Liu and Ji Wang. Failure-Divergence Refinement of Compensating Communicating Processes. 17th International Symposium on Formal Methods (FM 11), LNCS 6664, Zhenbang Chen, Zhiming Liu and Ji Wang. Failure-Divergence Semantics and Refinement of Long Running Transactions. Theoretical Computer Science (TCS), Vol 455, pp:31-65, 2012

11 Current Issue No operational semantics for extended ccsp There is one for ccsp No tool support for modeling and verification Animating Model checking...

12 What we have done in this paper An operational semantics for the extended ccsp Model checking problem w.r.t. regular properties A prototype tool built on PAT Modeling, animating and model checking

13 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Compensation Pair P e! P 0 P Q e! P 0 Q (e 2 ) P! 0 P Q! Q P!! 0 P Q!! skip (! 2 {!,?}) Example a1 b1 a1 skip b1 b 1

14 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Sequential Composition PP! P ^ QQ! e QQ 0 PP; QQ! e (e 2 ) h QQ 0,Pi PP! P ^ QQ! Q PP; QQ! (! 2 ) Q; P Example a1 b1 ; a2 b2 a1 skip b1 ; a2 b2 a2 skip b2, b1

15 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Nested Configuration QQ e! QQ 0 hqq, P i e! h QQ 0,Pi (e 2 ) QQ!! Q hqq, P i!! Q; P (! 2 ) Example a1 a1 b1 ; a2 b2 skip b1 ; a2 b2 skip b2, b1 a2 b2 ; b1

16 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Configuration Discussion a1 b1 ; (skip b2 ; a3 b3) a1 PP! P ^ QQ e! QQ 0 PP; QQ e! h QQ 0,Pi skip b1 ; (skip b2 ; a3 b3) (e 2 ) a3 skip b2 ; a3 b3 skip b3, b2 No rule exists in the before semantics a3 skip b1 ; (skip b2 ; a3 b3) skip b3, b2, b1 b3 ; b2 ; b1

17 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Parallel Composition PP e! PP 0 ^ QQ e! QQ 0 PP k QQ e! PP 0 k QQ 0 (e 2 ) PP!1! P ^ QQ!2! Q PP k QQ! 1k! 2! P k Q (! 1,! 2 2 ) Example (a1 b1 a2 b2) {a1,a2} deadlock

18 Operational Semantics P ::= a P ;P P u P P P P k P P \ P JRK P B P [PP] skip throw yield µp.f(p) PP ::= P P PP;PP PP u PP PP PP PP k PP PP PP PP \ PPJRK skipp throww yieldd µpp.ff (pp) Parallel Composition PP e! PP 0 ^ QQ e! QQ 0 PP k QQ e! PP 0 k QQ 0 (e 2 ) PP!1! P ^ QQ!2! Q PP k QQ! 1k! 2! P k Q (! 1,! 2 2 ) Example (a1 b1 a1 b2) {a1,a2} a1 (skip b1 skip b2) {a1,a2} b1 b2 {a1,a2}

19 Correspondence with FD Semantics A method for deriving FD semantics from operational semantics Theorem 1 Inspired by the method for CSP For a standard process P, the derived model according to the operational semantics is equal to the FD model of P. Basic idea of proof: induce the structures of processes

20 Correspondence with FD Semantics A method for deriving FD semantics from operational semantics Theorem 2 Inspired by the method for CSP For a compensable process PP, the derived model according to the operational semantics is equal to the FD model of PP.

21 Model Checking Problem General model checking problem with respect to regular properties Theorem 3 Given a standard process P of the extended ccsp and an FSM R, the language inclusion problem L(T(P)) L(R) is undecidable. Basic idea of proof: reduction from the halting problem of Minsky 2-counter machine

22 Tool Implementation Built on Process Analysis Toolkit (PAT) Extended ccsp parser Operational semantics Implementation Features Modeling environment, animating LTL model checking Refinement checking (only standard process)

23 Tool Screenshots

24 Conclusion An operational semantics for extended ccsp Correspondence with FD semantics Model checking problem discussion A tool for modeling and verifying LRTs Animating, LTL model checking Refinement checking

25 Next Step Refinement checking of compensable processes Model checking Algorithms Applications Business process verification: BPMN Service orchestration verification: WS-BPEL Recovery-oriented Computing

26 End Thank you!