Towards verification of computation orchestration

Recently, a promising programming model called Orc has been proposed to support a structured way of orchestrating distributed Web Services. Orc is intuitive because it offers concise constructors to manage concurrent communication, time-outs, priorities, failure of Web Services or communication and so forth. The semantics of Orc is precisely defined. However, there is no automatic verification tool available to verify critical properties against Orc programs. Our goal is to verify the orchestration programs (written in Orc language) which invoke web services to achieve certain goals. To investigate this problem and build useful tools, we explore in two directions. Firstly, we define a Timed Automata semantics for the Orc language, which we prove is semantically equivalent to the operational semantics of Orc. Consequently, Timed Automata models are systematically constructed from Orc programs. The practical implication is that existing tool supports for Timed Automata, e.g., Uppaal, can be used to simulate and model check Orc programs. An experimental tool has been implemented to automate this approach. Secondly, we start with encoding the operational semantics of Orc language in Constraint Logic Programming (CLP), which allows a systematic translation from Orc to CLP. Powerful constraint solvers like CLP(R) are then used to prove traditional safety properties and beyond, e.g., reachability, deadlock-freeness, lower or upper bound of a time interval, etc. Counterexamples are generated when properties are not satisfied. Furthermore, the stepwise execution traces can be automatically generated as the simulation steps. The two different approaches give an insight into the verification problem of Web Service orchestration. The Timed Automata approach has its merits in visualized simulation and efficient verification supported by the well developed tools. On the other hand, the CPL approach gives better expressiveness in both modeling and verification. The two approaches complement each other, which gives a complete solution for the simulation and verification of Computation Orchestration

Injecting continuous time execution into service-oriented computing

Service-Oriented Computing is a computing paradigm that utilizes services as fundamental elements to support rapid, low-cost development of distributed applications in heterogeneous environments. In Service-Oriented Computing, a service is defined as an independent and autonomous piece of functionality which can be described, published, discovered and used in a uniform way. SENSORIA Reference Modeling Language is developed in the IST-FET integrated project. It provides a formal abstraction for services at the business level. Hybrid systems arise in embedded control when components that perform discrete changes are coupled with components that perform continuous processes. Normally, the discrete changes can be modeled by finite-state machines and the continuous processes can be modeled by differential equations. In an abstract point of view, hybrid systems are mixtures of continuous dynamics and discrete events. Hybrid systems are studied in different research areas. In the computer science area, a hybrid system is modeled as a discrete computer program interacting with an analog environment. In this thesis, we inject continuous time execution into Service-Oriented Computing by giving a formal abstraction for hybrid systems at the business level in a Service-Oriented point of view, and develop a method for formal verifications. In order to achieve the first part of this goal, we make a hybrid extension of Service-Oriented Doubly Labeled Transition Systems, named with Service-Oriented Hybrid Doubly Labeled Transition Systems, make an extension of the SENSORIA Reference Modeling Language and interpret it over Service-Oriented Hybrid Doubly Labeled Transition Systems. To achieve the second part of this goal, we adopt Temporal Dynamic Logic formulas and a set of sequent calculus rules for verifying the formulas, and develop a method for transforming the SENSORIA Reference Modeling Language specification of a certain service module into the respective Temporal Dynamic Logic formulas that could be verified. Moreover, we provide a case study of a simplified small part of the European Train Control System which is specified and verified with the approach introduced above. We also provide an approach of implementing the case study model with the IBM Websphere Process Server, which is a comprehensive Service-Oriented Architecture integration platform and provides support for the Service Component Architecture programming model. In order to realize this approach, we also provide functions that map models specified with the SENSORIA Reference Modeling Language to Websphere Process Server applications

Designing Trustworthy Autonomous Systems

The design of autonomous systems is challenging and ensuring their trustworthiness can have different meanings, such as i) ensuring consistency and completeness of the requirements by a correct elicitation and formalization process; ii) ensuring that requirements are correctly mapped to system implementations so that any system behaviors never violate its requirements; iii) maximizing the reuse of available components and subsystems in order to cope with the design complexity; and iv) ensuring correct coordination of the system with its environment.Several techniques have been proposed over the years to cope with specific problems. However, a holistic design framework that, leveraging on existing tools and methodologies, practically helps the analysis and design of autonomous systems is still missing. This thesis explores the problem of building trustworthy autonomous systems from different angles. We have analyzed how current approaches of formal verification can provide assurances: 1) to the requirement corpora itself by formalizing requirements with assume/guarantee contracts to detect incompleteness and conflicts; 2) to the reward function used to then train the system so that the requirements do not get misinterpreted; 3) to the execution of the system by run-time monitoring and enforcing certain invariants; 4) to the coordination of the system with other external entities in a system of system scenario and 5) to system behaviors by automatically synthesize a policy which is correct

Models for Trustworthy Service and Process Oriented Systems

Service and process-oriented systems promise to provide more effective business and work processes and more flexible and adaptable enterprise IT systems. However, the technologies and standards are still young and unstable, making research in their theoretical foundations increasingly important. Our studies focus on two dichotomies: the global/local views of service interactions, and their imperative/declarative specification. A global view of service interactions describes a process as a protocol for interactions, as e.g. an UML sequence diagram or a WS-CDL choreography. A local view describes the system as a set of processes, e.g. specified as a mipi-calculus or WS-BPEL process, implementing each participant in the process. While the global view is what is usually provided as specification, the local view is a necessary step towards a distributed implementation. If processes are defined imperatively, the control flow is defined explicitly, e.g. as a sequence or flow graph of interactions/commands. In a declarative approach processes are described as a collection of conditions they should fulfill in order to be considered correct. The two approaches have evolved rather independently from each other. Our thesis is that we can provide a theoretical framework based on typed concurrent process and concurrent constraint calculi for the specification, analysis and verification of service and process oriented system designs which bridges the global and local view and combines the imperative and declarative specification approaches, and can be employed to increase the trust in the developed systems. This article describes our main motivations, results and future research directions

Efficient online monitoring of web-service SLAs

If an organization depends on the service quality provided by another organization it often enters into a bilateral service level agreement (SLA), which mitigates outsourcing risks by associating penalty payments with poor service quality. Once these agreements are entered into, it becomes necessary to monitor their conditions, which will commonly relate to timeliness, reliability and request throughput, at runtime. We show how these conditions can be translated into timed automata. Acceptance of a timed word by a timed automaton can be decided in quadratic time and because the timed automata can operate while messages are exchanged at runtime there is effectively only a linear run-time overhead. We present an implementation to derive on-line monitors for web services automatically from SLAs using an Eclipse plugin. We evaluate the efficiency and scalability of this approach using a large-scale case study in a service-oriented computational grid

Model checking concurrent and real-time systems : the PAT approach

Ph.DDOCTOR OF PHILOSOPH

Finite State Automata As Conceptual Model for e-Service

Recently, a plethora of languages for modeling and specifying different facets of e-Services have been proposed, and some of them provide constructs for representing time. Time is needed in many contexts to correctly capture the dynamics of transactions and of composability between e-Services. However, to the best of our knowledge, all the proposed languages for representing e-Service behavior and temporal constraints lack both a clear semantics and an underlying conceptual model. In this paper, we propose a conceptual representation of e-Service behavior, taking time constraints into account, and a new XML-based language, namely WSTL (WEB SERVICE TRANSITION LANGUAGE), that integrates well with standard languages in order to completely specify e-Services. In particular, WSTL allows for specifying an e-Service starting from its conceptual representation, in a straightforward way