A Local Logic for Realizability in Web Service Choreographies

Web service choreographies specify conditions on observable interactions among the services. An important question in this regard is realizability: given a choreography C, does there exist a set of service implementations I that conform to C ? Further, if C is realizable, is there an algorithm to construct implementations in I ? We propose a local temporal logic in which choreographies can be specified, and for specifications in the logic, we solve the realizability problem by constructing service implementations (when they exist) as communicating automata. These are nondeterministic finite state automata with a coupling relation. We also report on an implementation of the realizability algorithm and discuss experimental results.Comment: In Proceedings WWV 2014, arXiv:1409.229

A correct-by-construction model for asynchronously communicating systems

The design and verification of distributed software systems is often hindered by their ever-increasing complexity and their asynchronous operational semantics. This article considers choreography specifications for distributed systems to reduce that complexity. We use labelled state-transitions systems as ground model for both choreographies and the corresponding distributed systems. Based on Event-B method, we propose a stepwise correct-by-construction model to build asynchronous distributed systems which a priori realise their choreographies. We rely on a sufficient and necessary realisability condition and we apply several refinement steps w.r.t. that condition to generate the distributed peers. The first refinement returns peer behaviours obtained by synchronous projection. The previously computed system is then refined into its asynchronous version using unbounded FIFO buffers. We prove, thanks to invariant preservation, that a sequence of exchanged messages is preserved at each refinement step. We provide a formalised proof of a realisability algorithm for deterministic choreographies. Besides that, our contribution is twofold: the approach is a priori and the problackposed solution scales up to any number of peers communicating with each other

Stability of Asynchronously Communicating Systems

Recent software is mostly constructed by reusing and composing existing components. Software components are usually stateful and therefore described using behavioral models such as finite state machines. Asynchronous communication is a classic interaction mechanism used for such software systems. However, analysing communicating systems interacting asynchronously via reliable FIFO buffers is an undecidable problem. A typical approach is to check whether the system is bounded, and if not, the corresponding state space can be made finite by limiting the presence of communication cycles in behavioral models or by fixing buffer sizes. In this paper, we focus on infinite systems and we do not restrict the system by imposing any arbitrary bounds. We introduce a notion of stability and prove that once the system is stable for a specific buffer bound, it remains stable whatever larger bounds are chosen for buffers. This enables us to check certain properties on the system for that bound and to ensure that the system will preserve them whatever larger bounds are used for buffers. We also prove that computing this bound is undecidable but show how we succeed in computing these bounds for many typical examples using heuristics and equivalence checking

Towards correct Evolution of Conversation Protocols

Distributed software systems change dynamically due to the evolution of their environment and/or requirements, their internal designing policies, and/or their specification bugs which must be fixed. Hence, checking system changes must be run continuously. Such systems are usually composed of distributed software entities (called peers) interacting with each other through message exchanges, and this is to fulfil a common goal. The goal is often specified by a conversation protocol (CP), i.e. sequences of sent messages. If there exists a set of peers implementing CP, then CP is said to be realisable. In this paper, we propose a stepwise approach for checking whether an evolution, i.e. adding and/or removing messages and/or peers, can be applied to a CP that was realisable before updating it.We define a set of correct evolution patterns and we suggest an algebra of CP evolution. Our approach ensures that CP evolution preserves the realisability condition

Correctness of services and their composition

We study correctness of services and their composition and investigate how the design of correct service compositions can be systematically supported. We thereby focus on the communication protocol of the service and approach these questions using formal methods and make contributions to three scenarios of SOC.Wir studieren die Korrektheit von Services und Servicekompositionen und untersuchen, wie der Entwurf von korrekten Servicekompositionen systematisch unterstützt werden kann. Wir legen dabei den Fokus auf das Kommunikationsprotokoll der Services. Mithilfe von formalen Methoden tragen wir zu drei Szenarien von SOC bei

Correctness of services and their composition

We study correctness of services and their composition and investigate how the design of correct service compositions can be systematically supported. We thereby focus on the communication protocol of the service and approach these questions using formal methods and make contributions to three scenarios of SOC.Wir studieren die Korrektheit von Services und Servicekompositionen und untersuchen, wie der Entwurf von korrekten Servicekompositionen systematisch unterstützt werden kann. Wir legen dabei den Fokus auf das Kommunikationsprotokoll der Services. Mithilfe von formalen Methoden tragen wir zu drei Szenarien von SOC bei

Final CHOReOS Architectural Style and its Relation with the CHOReOS Development Process and IDRE

This is Part b of Deliverable D1.4, which specifies the final CHOReOS architectural style, that is, the types of components, connectors, and configurations that are composed within the Future Internet of services, as enabled by the CHOReOS technologies developed in WP2 to WP4 and integrated in the WP5 IDRE. The definition of the CHOReOS architectural style is especially guided by the objective of meeting the challenges posed by the Future Internet, i.e.: (i) the ultra large base of services and of consumers, (ii) the high heterogeneity of the services that get composed, from the ones offered by tiny things to the ones hosted on powerful cloud computing infrastructures, (iii) the increasing predominance of mobile consumers and services, which take over the original fixed Inter- net, and (iv) the required awareness of, and related adaptation to, the continuous environmental changes. Another critical challenge posed by the Future Internet is that of security, trust and privacy. However, the study of technologies dedicated to enforcing security, privacy and trust is beyond the scope of the CHOReOS project; instead, state of the art technologies and possibly latest results from projects focused on security solutions are built upon for the development of CHOReOS use cases -if and when needed-. The CHOReOS architectural style that is presented in this deliverable refines the definition of the early style introduced in Deliverable D1.3. Key features of the CHOReOS architectural elements are as follows: (1) The CHOReOS service-based components are technology agnostic and allow for the abstraction of the large diversity of Future Internet services, and particularly traditional Business services as well as Thing-based services; a key contribution of the component formalization lies in the inference of service abstractions that allows grouping services that are functionally similar in a systematic way, and thereby contributes to facing the ULS of the Future Internet together with dealing with system adaptation through service substitution. (2) The CHOReOS middleware-layer connectors span the variety of interaction paradigms, both discrete and continuous, which are used in today's increasingly complex distributed systems, as opposed to enforcing a single interaction paradigm that is commonly undertaken in traditional SOA; a central contribution of the connector formalization is the introduction of a multi-paradigm connector type, which not solely allows having highly heterogeneous services composed in the Future Internet but also having those heterogeneous services interoperating even if based on distinct interaction paradigms. (3) The CHOReOS coordination protocols introduce the third and last type of architectural elements char- acterizing the CHOReOS style. They specifically define the structure and behavior of service-oriented systems within the Future Internet as the fully distributed composition of services, i.e., choreographies; the key contribution of the work lies in a systematic model-based solution to choreography realizability, which synthesizes dedicated coordination delegates that govern the coordination of services

Automated verification of automata communicating via FIFO and bag buffers

International audienceThis article presents new results for the automated verification of automata communicating asynchronously via FIFO or bag buffers. The analysis of such systems is possible by comparing bounded asynchronous compositions using equivalence checking. When the composition exhibits the same behavior for a specific buffer bound, the behavior remains the same for larger bounds. This enables one to check temporal properties on the system for that bound and this ensures that the system will preserve them whatever larger bounds are used for buffers. In this article, we present several decidability results and a semi-algorithm for this problem considering FIFO and bag buffers, respectively, as communication model. We also study various equivalence notions used for comparing the bounded asynchronous systems