A calculus for modeling and analyzing conversations in service-oriented computing

Dissertação apresentada para a obtenção do Grau de Doutor em Informática pela Universidade Nova de Lisboa, Faculdade de Ciências e TecnologiaThe service-oriented computing paradigm has motivated a large research effort in the past few years. On the one hand, the wide dissemination of Web-Service technology urged for the development of standards, tools and formal techniques that contributed for the design of more reliable systems. On the other hand, many of the problems presented in the study of service-oriented applications find an existing work basis in well-established research fields, as is the case of the study of interaction models that has been an active field of research in the last couple of decades. However, there are many new problems raised by the service-oriented computing paradigm in particular that call for new concepts, dedicated models and specialized formal analysis techniques. The work presented in this dissertation is inserted in such effort, with particular focus on the challenges involved in governing interaction in service-oriented applications. One of the main innovations introduced by the work presented here is the way in which multiparty interaction is handled. One reference field of research that addresses the specification and analysis of interaction of communication-centric systems is based on the notion of session. Essentially, a session characterizes the interaction between two parties, a client and a server,that exchange messages between them in a sequential and dual way. The notion of session is thus particularly adequate to model the client/server paradigm, however it fails to cope with interaction between several participants, a scenario frequently found in real service-oriented applications. The approach described in this dissertation improves on the state of the art as it allows to model and analyze systems where several parties interact, while retaining the fundamental flavor of session-based approaches, by relying on a novel notion of conversation: a simple extension of the notion of session that allows for several parties to interact in a single medium of communication in a disciplined way, via labeled message passing. The contributions of the work presented in this dissertation address the modeling and analysis of service-oriented applications in a rigorous way: First, we propose and study a formal model for service-oriented computing, the Conversation Calculus, which, building on the abstract notion of conversation, allows to capture the interactions between several parties that are relative to the same service task using a single medium of communication. Second, we introduce formal analysis techniques, namely the conversation type system and progress proof system that can be used to ensure, in a provably correct way and at static verification time (before deploying such applications), that systems enjoy good properties such as “the prescribed protocols will be followed at runtime by all conversation participants”(conversation fidelity)and “the system will never run into a stuck state” (progress). We give substantial evidence that our approach is already effective enough to model and type sophisticated service-based systems, at a fairly high level of abstraction. Examples of such systems include challenging scenarios involving simultaneous multiparty conversations, with concurrency and access to local resources, and conversations with a dynamically changing and unanticipated number of participants, that fall out of scope of previous approaches.Fundação para a Ciência e Tecnologia - PhD Scholarship SFRH/BD/23760/200

CaSPiS: A Calculus of Sessions, Pipelines and Services

Service-oriented computing is calling for novel computational models and languages with well disciplined primitives for client-server interaction, structured orchestration and unexpected events handling. We present CaSPiS, a process calculus where the conceptual abstractions of sessioning and pipelining play a central role for modelling service-oriented systems. CaSPiS sessions are two-sided, uniquely named and can be nested. CaSPiS pipelines permit orchestrating the flow of data produced by different sessions. The calculus is also equipped with operators for handling (unexpected) termination of the partner’s side of a session. Several examples are presented to provide evidence of the flexibility of the chosen set of primitives. One key contribution is a fully abstract encoding of Misra et al.’s orchestration language Orc. Another main result shows that in CaSPiS it is possible to program a “graceful termination” of nested sessions, which guarantees that no session is forced to hang forever after the loss of its partner

SCC: A Service Centered Calculus

We seek for a small set of primitives that might serve as a basis for formalising and programming service oriented applications over global computers. As an outcome of this study we introduce here SCC, a process calculus that features explicit notions of service definition, service invocation and session handling. Our proposal has been influenced by Orc, a programming model for structured orchestration of services, but the SCC’s session handling mechanism allows for the definition of structured interaction protocols, more complex than the basic request-response provided by Orc. We present syntax and operational semantics of SCC and a number of simple but nontrivial programming examples that demonstrate flexibility of the chosen set of primitives. A few encodings are also provided to relate our proposal with existing ones

Combining behavioural types with security analysis

Today's software systems are highly distributed and interconnected, and they increasingly rely on communication to achieve their goals; due to their societal importance, security and trustworthiness are crucial aspects for the correctness of these systems. Behavioural types, which extend data types by describing also the structured behaviour of programs, are a widely studied approach to the enforcement of correctness properties in communicating systems. This paper offers a unified overview of proposals based on behavioural types which are aimed at the analysis of security properties

PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software

Paphos, Cyprus. March 201

A Graphical Approach to Progress for Structured Communication in Web Services

We investigate a graphical representation of session invocation interdependency in order to prove progress for the pi-calculus with sessions under the usual session typing discipline. We show that those processes whose associated dependency graph is acyclic can be brought to reduce. We call such processes transparent processes. Additionally, we prove that for well-typed processes where services contain no free names, such acyclicity is preserved by the reduction semantics. Our results encompass programs (processes containing neither free nor restricted session channels) and higher-order sessions (delegation). Furthermore, we give examples suggesting that transparent processes constitute a large enough class of processes with progress to have applications in modern session-based programming languages for web services.Comment: In Proceedings ICE 2010, arXiv:1010.530

A Calculus for Orchestration of Web Services

Service-oriented computing, an emerging paradigm for distributed computing based on the use of services, is calling for the development of tools and techniques to build safe and trustworthy systems, and to analyse their behaviour. Therefore, many researchers have proposed to use process calculi, a cornerstone of current foundational research on specification and analysis of concurrent, reactive, and distributed systems. In this paper, we follow this approach and introduce CWS, a process calculus expressly designed for specifying and combining service-oriented applications, while modelling their dynamic behaviour. We show that CWS can model all the phases of the life cycle of service-oriented applications, such as publication, discovery, negotiation, orchestration, deployment, reconfiguration and execution. We illustrate the specification style that CWS supports by means of a large case study from the automotive domain and a number of more specific examples drawn from it

Service discovery and negotiation with COWS

To provide formal foundations to current (web) services technologies, we put forward using COWS, a process calculus for specifying, combining and analysing services, as a uniform formalism for modelling all the relevant phases of the life cycle of service-oriented applications, such as publication, discovery, negotiation, deployment and execution. In this paper, we show that constraints and operations on them can be smoothly incorporated in COWS, and propose a disciplined way to model multisets of constraints and to manipulate them through appropriate interaction protocols. Therefore, we demonstrate that also QoS requirement specifications and SLA achievements, and the phases of dynamic service discovery and negotiation can be comfortably modelled in COWS. We illustrate our approach through a scenario for a service-based web hosting provider

Session Types as Generic Process Types

Behavioural type systems ensure more than the usual safety guarantees of static analysis. They are based on the idea of "types-as-processes", providing dedicated type algebras for particular properties, ranging from protocol compatibility to race-freedom, lock-freedom, or even responsiveness. Two successful, although rather different, approaches, are session types and process types. The former allows to specify and verify (distributed) communication protocols using specific type (proof) systems; the latter allows to infer from a system specification a process abstraction on which it is simpler to verify properties, using a generic type (proof) system. What is the relationship between these approaches? Can the generic one subsume the specific one? At what price? And can the former be used as a compiler for the latter? The work presented herein is a step towards answers to such questions. Concretely, we define a stepwise encoding of a pi-calculus with sessions and session types (the system of Gay and Hole) into a pi-calculus with process types (the Generic Type System of Igarashi and Kobayashi). We encode session type environments, polarities (which distinguish session channels end-points), and labelled sums. We show forward and reverse operational correspondences for the encodings, as well as typing correspondences. To faithfully encode session subtyping in process types subtyping, one needs to add to the target language record constructors and new subtyping rules. In conclusion, the programming convenience of session types as protocol abstractions can be combined with the simplicity and power of the pi-calculus, taking advantage in particular of the framework provided by the Generic Type System.Comment: In Proceedings EXPRESS/SOS 2014, arXiv:1408.127