Abstract
Web service applications are distributed processes that are composed of dynamically bounded services. In this paper, we give a definitive description of a framework for performing runtime monitoring of web service applications against behavioural correctness properties described as finite state automata. These properties specify forbidden and desired interactions between service partners. Finite execution traces of web service applications described in BPEL are checked for conformance at runtime. When violations are discovered, our framework automatically proposes adaptation strategies, in the form of plans, which users can select for execution. Our framework also allows verification of stated pre- and post-conditions of service partners and provides guarantees of correctness of the generated recovery plans.
Similar content being viewed by others
Notes
Formally, mixed properties are either finitary liveness properties or a mixture of finitary liveness and safety properties.
Foster’s translation includes partner, activity and variable names in the labels, in order to include traceability information, but we omit these in this paper for simplicity.
In [38], \(t_3\) and \(t_4\) are called \(t^{\mathtt{TBS }}_1\) and \(t^{\mathtt{TBS }}_2\), respectively.
References
van der Aalst WMP, Weske M (2005) Case handling: a new paradigm for business process support. Data Knowl Eng 53(2):129–162
Alur R, Henzinger TA (1998) Finitary fairness. ACM Trans Program Lang Syst 20:1171–1194
Ball T, Rajamani S (2001) The SLAM toolkit. In: Proceedings of 13th international conference on computer-aided verification (CAV’01). LNCS, vol 2102. Springer, Berlin, pp 260–264
Baresi L, Guinea S (2007) Dynamo and self-healing BPEL compositions (research demonstration). In: Proceedings of the 29th international conference on software engineering (ICSE’07). IEEE Computer Society (2007). Companion Volume, pp 69–70
Baresi L, Guinea S (2011) Self-supervising BPEL processes. IEEE Trans Softw Eng 37(2):247–263
Baresi L, Guinea S, Plebani P (2006) WS-Policy for service monitoring. In: 6th VLDB international workshop on technologies for E-services. LNCS, vol 3811. Springer, Berlin, pp 72–83
Baresi L, Pasquale L (2010) Adaptive goals for self-adaptive service compositions. In: Proceedings of the (2010) IEEE international conference on web services (ICWS ’10). IEEE Computer Society, Washington, DC, USA, pp 353–360
Berre DL, Parrain A (2012) SAT4J. http://www.sat4j.org/
Biancullia D, Ghezzi C (2012) DynamoAOP–user manual. http://plastic.isti.cnr.it/download/tools/dynamo-aop/dynamoaop-manual.pdf
Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Leino KRM, Poll E (2005) An overview of JML tools and applications. Int J Softw Tools Technol Transf 7:212–232
Carzaniga A, Gorla A, Perino N, Pezzè M (2010) Automatic workarounds for web applications. In: Proceedings of eighteenth international symposium on the foundations of, software engineering (FSE’10), pp 237–246
Carzaniga A, Gorla A, Pezzè M (2008) Healing web applications through automatic workarounds. Int J Softw Tools Technol Transf 10(6):493–502
Charfi A, Dinkelaker T, Mezini M (2009) A plug-in architecture for self-adaptive web service compositions. In: Proceedings of the (2009) IEEE international conference on web services (ICWS ’09). IEEE Computer Society, Washington, DC, USA, pp 35–42
Charfi A, Mezini M (2007) AO4BPEL: an aspect-oriented extension to BPEL. World Wide Web 10:309–344
Cheng BHC, de Lemos R, Garlan D, Giese H, Litoiu M, Magee J, Müller HA, Taylor R (2009) SEAMS 2009: Software engineering for adaptive and self-managing systems. In: 31st international conference on software engineering (ICSE’09), Companion Volume, pp 463–464
DISI-UniTN/FBK-IRST (2012) The MathSAT 5 SMT Solver. http://mathsat.fbk.eu
Dobson G (2006) Using WS-BPEL to implement software fault tolerance for web services. In: 32nd EUROMICRO conference on software engineering and advanced applications (EUROMICRO-SEAA’06), pp 126–133
Fikes R, Nilsson NJ (1971) STRIPS: a new approach to the application of theorem proving to problem solving. J Artif Intell 2(3/4):189–208
Foster H (2006) A rigorous approach to engineering web service compositions. PhD thesis, Imperial College
Foster H, Emmerich W, Kramer J, Magee J, Rosenblum D, Uchitel S (2007) Model checking service compositions under resource constraints. In: Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering (ESEC-FSE ’07). ACM, New York, pp 225–234
Fu X, Bultan T, Su J (2004) Analysis of interacting BPEL web services. In: Proceedings of the 13th international conference on, world wide web (WWW’04), pp 621–630
Fugini MG, Mussi E (2006) Recovery of faulty web applications through service discovery. In: Proceedings of the 1st SMR-VLDB workshop, matchmaking and approximate semantic-based retrieval: issues and perspectives. In: 32nd international conference on very large databases, pp 67–80
Gurfinkel A, Wei O, Chechik M (2006) Yasm: a software model-checker for verification and refutation. In: Proceedings of 18th international conference on computer-aided verification (CAV’06). LNCS, vol 170–174. Springer, Seattle, p 4144
Heckel R, Lohmann M (2005) Towards contract-based testing of web services. Electron Notes Theoret Comput Sci 116:145–156
Hinz S, Schmidt K, Stahl C (2005) Transforming BPEL to Petri nets. In: Proceedings of the 3rd international conference on business process management (BPM’05). LNCS, vol 3649. Springer, Berlin, pp 220–235
IBM (2012) WebSphere integration developer. http://www-01.ibm.com/software/integration/wid/
Inverardi P, Mostarda L, Tivoli M, Autili M (2005) Synthesis of correct and distributed adaptors for component-based systems: an automatic approach. In: Proceedings of the 20th international conference on automated software engineering (ASE’05). ACM, New York, pp 405–409
Kautz HA, Selman B (1999) Unifying SAT-based and graph-based planning. In: Proceedings of the 16th international joint conference on, artificial intelligence (IJCAI’99), pp 318–325
McDermott DV (2002) Estimated-regression planning for interactions with web services. In: Proceedings of the sixth international conference on artificial intelligence planning systems (AIPS ’02). AAAI, pp 204–211
McIlraith SA, Son TC (2002) Adapting golog for composition of semantic web services. In: Proceedings of the 8th international conference on principles and knowledge representation and reasoning (KR ’02). Morgan Kaufmann, San Francisco, pp 482–496
Meyer B (1992) Applying “design by contract”. Computer 25:40–51
Milner R (1989) Communication and concurrency. Prentice-Hall, New York
Narayanan S, McIlraith SA (2002) Simulation, verification and automated composition of web services. In: Proceedings of the 11th international conference on world wide web (WWW ’02). ACM, pp 77–88
Nicola RD, Vaandrager F (1995) Three logics for branching bisimulation. J ACM 42(2):458–487
OASIS (2012) Web Services Business Process Execution Language Version 2.0. http://docs.oasis-open.org/wsbpel/2.0/OS/wsbpel-v2.0-OS.html
Oracle (2012) Welcome to NetBeans. http://netbeans.org
Ouyang C, Verbeek E, van der Aalst WMP, Breutel S, Dumas M, ter Hofstede AHM (2007) Formal semantics and analysis of control flow in WS-BPEL. Sci Comput Program 67(2–3):162–198
Simmonds J (2011) Dynamic analysis of web services. Ph.D. thesis, University of Toronto, Toronto
Simmonds J, Ben-David S, Chechik M (2010) Guided recovery for web service applications. In: Proceedings of eighteenth international symposium on the foundations of, software engineering (FSE’10), pp 247–256
Simmonds J, Ben-David S, Chechik M (2010) Monitoring and recovery of web service applications. In: Ng JW, Chignell M, Cordy JR (eds) Smart internet. Lecture Notes in Computer Science, Springer, Berlin, pp 250–288
Simmonds J, Ben-David S, Chechik M (2010) Optimizing computation of recovery plans for BPEL applications. In: Proceedings of 2010 workshop on testing, analysis and verification of web software (TAV-WEB’10), pp 3–14
Simmonds J, Chechik M (2010) RuMoR: monitoring and recovery of BPEL applications. In: Proceedings of 25th IEEE/ACM international conference on, automated software engineering (ASE’10), pp 345–346
Simmonds J, Gan Y, Chechik M, Nejati S, O’Farrell B, Litani E, Waterhouse J (2009) Runtime monitoring of web service conversations. IEEE Trans Service Comput 2(3):223–244
Traverso P, Pistore M (2004) Automated composition of semantic web services into executable processes. In: Proceedings of the international semantic web conference (ISWC ’04), pp 380–394
W3C (2012) Semantic Web. http://www.w3.org/standards/semanticweb/
W3C (2012) Web Services Description Language (WSDL). http://www.w3.org/TR/wsdl
Yan Y, Poizat P, Zhao L (2010) Self-adaptive service composition through graphplan repair. In: IEEE international conference on web services (ICWS ’10), pp 624–627
Acknowledgments
Several people contributed to the ideas presented in this paper: Shiva Nejati, Yuan Gan and Jonathan Amir were involved in various aspects of defining and building the runtime monitoring framework. Various people at IBM CAS Toronto, specifically, Bill O’Farrell, Julie Watermark, Elena Litani and Leho Nigel, have been working with us over the years, and Bill is responsible for shaping this project into its present form, including the suggestion that we work on recovery from runtime failure. We are also grateful to members of the IFIP Working Group 2.9 for their helpful feedback on this work. This research has been funded by NSERC, IBM Toronto, MITACS Accelerate, UTFSM DGIP and by the Ontario Post-Doctoral Fellowship program. We also thank reviewers of this special issue for many helpful comments.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
This appendix gives additional background information on BPEL’s activities and variables. We also provide an overview of the WSCoL subset used in this article.
1.1 BPEL activities and variables
The basic BPEL activities for interacting with partner web services are \(<\)receive\(>, <\)invoke\(>\) and \(<\)reply\(>\), which are used to receive messages, execute web services and return values, respectively. Conditional activities are used to define the control flow of the application: \(<\)while\(>,\,<\)if\(>\) and \(<\)pick\(>\). The \(<\)while\(>\) and \(<\)if\(>\) activities model internal choice, as conditions are expressions over process variables. The \(<\)pick\(>\) activity is used to model external choice: the application waits for the first occurrence of one of several possible events (specified using \(<\)onMessage\(>\)), executing the activities associated to the corresponding event. The \(<\)pick\(>\) activity completes once these activities are completed.
The structural activities \(<\)sequence\(>\) and \(<\)flow\(>\) are used to specify sequential and parallel composition of the enclosed activities, respectively. \(<\)scope\(>\) is used to define nested activities. In IBM WebSphere Integration Developer v7, developers can also add \(<\)collaboration\(>\) scopes, inspired by the work on dynamic workflows [1], which can be used to alter the application logic at runtime.
The \(<\)assign\(>\) activity is used to update the values of variables. Assignment activities consist of multiple \(<\)copy\(>\) rules, each with their own \(<\)from\(>\) and \(<\)to\(>\) parts, representing the source and destination data, respectively. \(<\)copy\(>\) rules can include data modification expressions, e.g., \(<\)copy\(><\)from\(> \mathtt{\$ i + 1} <\)/from\(><\)to\(> \mathtt{\$ i} <\)/to\(>\,<\)/copy\(>\) increments the value of \(\$\mathtt{i }\) by one, but can also be simple assignments.
BPEL has both global and local variables. Global variables are available throughout the process, while local variables are only available within the \(<\)scope\(>\) in which they are defined. Variable types can be simple or complex XSD (XML Schema Definition) types, schema elements, or WSDL message types, declared using the keywords type, element and messageType, respectively. Multiple schema elements can refer to the same complex XSD type.
Figure 17a shows the definition of the simple and complex XSD types used by the \(\mathtt{{TAS}}\) application. For example, \(\mathtt{fromDate }\) and \(\mathtt{sourceCity }\) are of the simple XSD types \(\mathtt{xsd:int }\) and \(\mathtt{xsd:string }\), respectively. On the other hand, \(\mathtt{tTripData }\) is a complex XSD type and includes a reference to every simple type declared in the same figure. These type definitions are then available from the BPEL process by importing the XSD file in which they are defined.
WSDL message types define abstract messages that can serve as the input or output of an operation, and are thus defined in the corresponding WSDL file. WSDL messages consist of one or more \(<\)part\(>\) elements, where each \(<\)part\(>\) is associated with an existing XSD element. For example, as shown in Fig. 17b (copy of Fig. 5a), the message type \(\mathtt{in }\_\mathtt{bc }\), which is the input message for the \(\mathsf{bc}\) service, consists of three parts: \(\mathtt{city },\,\mathtt{fromDate }\) and \(\mathtt{toDate }\).
Once the necessary variable types are defined and imported, we can declare the required BPEL variables. Figure 17c (copy of Fig. 5b) shows the definition of three variables of the \(\mathtt{{TAS}}\) system: \(\mathtt{tripData },\,\mathtt{inputBookCar }\) and \(\mathtt{outputBookCar }\). The first variable is used to maintain the state of the application, while the second two are the input and output variables of the \(\mathsf{bc}\) service. We have defined similar input and output variables for the rest of the services used by the \(\mathtt{{TAS}}\) application.
1.2 WSCoL
The grammar of the WSCoL subset used in this article is given in Fig. 18, where \(\mathtt{identifier }\) represents a valid BPEL variable identifier and \(\mathtt{xpath }\_\mathtt{expr }\) represents a valid XPath expression. \( LIT \) and \( NUM \) are sets of BPEL literals and numbers, respectively, while \(\mathbf{true}, \mathbf{false}, \backslash \mathbf{forall}, \backslash \mathbf{exists}, \backslash \mathbf{avg}, \backslash \mathbf{sum}, \backslash \mathbf{product}, \backslash \mathbf{min}, \backslash \mathbf{max}, \backslash \mathbf{returnInt}, \backslash \mathbf{returnBool}\), and \(\backslash \mathbf{returnString}\) are terminal symbols. The full WSCoL grammar is available in [9].
In WSCoL, we can write predicates about the state of a BPEL process by accessing its internal variables using XPath expressions. For example, the expression \( \$\mathtt{tripData/carBookingNo }\) retrieves the car booking number for the current trip, where \(\mathtt{tripData }\) is the associated BPEL identifier and \(\mathtt{/carBookingNo }\) is the XPath expression pointing to the XSD type to be queried.
External data is accessed by invoking other web services. For example, the expression
returns the difference between the trip start and end dates as an integer. This is done by invoking the \(\mathtt{subtractDates }\) service with parameters \(\$\mathtt{tripData/fromDate }\) and \(\$\mathtt{tripData/toDate }\), corresponding to the trip start and end dates, respectively. The difference is stored in the variable \(\mathtt{//parameters/subtractDatesResult } \mathtt{/days }\), and the \(\mathtt{subtractDates }\) service definition is available in a preconfigured WSDL file.
The typical Boolean, relational and mathematical operators, as well as some pre-defined functions, are used to build more complex expressions. For example, the assertion
checks that the car booking number is at least four digits long and that the trip end date occurs after the trip start date.
Predicates on sets of variables are defined through the use of general quantifiers of the form \(( \mathtt{Q }~ \$\mathtt{V }~ \mathtt{in }~ \mathtt{R };~ \mathtt{C })\), where \(\mathtt{Q }\) is one of the quantifiers listed in Fig. 18, \(\mathtt{R }\) is an XPath expression that represents a set of finite nodes, \(\$\mathtt{V }\) is the identifier used to access each node, and \(\mathtt{C }\) is a WSCoL predicate.
For example, the predicate
checks that all the flights returned by a \(\mathsf{getFlights}\) service have the same destination city as the one stored in \(\$\mathtt{tripData }\).
Rights and permissions
About this article
Cite this article
Simmonds, J., Ben-David, S. & Chechik, M. Monitoring and recovery for web service applications. Computing 95, 223–267 (2013). https://doi.org/10.1007/s00607-012-0215-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00607-012-0215-y