Towards a formal study of automatic failure recovery in protocol-based web service composition

Abstract

In the protocol-based Web service composition, the runtime unavailability of component services may result in a failed execution of the composite. In literature, multiple recovery heuristics have been proposed. This work provides a formal study and focuses on the complexity issues of the recovery problem in the protocol-based Web service composition. A recovery is a process responsible of migrating the failed execution into an alternative execution of the composite that still has the ability to reach a final state. The alternative execution is called a recovery execution. Following failure occurrence, several recovery executions may be available. The problem of finding the best recovery execution(s) is called the recovery problem. Several criteria may be used to determine the best recovery execution(s). In this work, we define the best recovery execution as the one which is attainable from the failed execution with a maximal number of invisible compensations with respect to the client. We assume that all transitions are compensatable. For a given recovery execution, we prove that the decision problem associated with computing the number of invisibly compensated transitions is NP-complete, and thus, we conclude that deciding of the best recovery execution is in \(\Sigma _2^P\).

Appendix: Delegator cleaning

In order to create a cleaned version of \(D({A_{T}}, R)=\langle \Sigma _D, S_D, s^{D}_{0}, F_D, \lambda _D , delegates_D \rangle \), we use the cleaning Algorithm 1. The resulting delegator, denoted \(D'(A_{T}, R) = \langle \Sigma _D, S_{D'},s^{D'}_{0}, F_{D'}, \lambda _{D'} , delegates_D\rangle \), will be used in the recovery process when looking for alternatives to the failed execution. Indeed, it reduces the search space by putting out executions not leading to final states.

Let IT denotes the set of invalid transitions on the delegator, then Algorithm 1 essentially goes through two steps:

• Lines 2 \(\rightarrow \) 3: We create an initial cleaned delegator. It is a copy of the original delegator except for the set of transitions, i.e., \(\lambda _{D'}\leftarrow \lambda _D{\setminus } IT\).

• Line 4: All transitions of \(\lambda _{D'}\) that can no more serve to reach a final state are removed using the Procedure Clean. We based on the following property: Each transition which the arrival state has no successors and does not belong to final states should be removed. To deal with loops and cycles, each state s is set to visited when calling Clean\((s)\). However, the state s may be successor to other states belonging to branches not yet traversed. Therefore, the state s is reset to \(nonvisited\) at the end of each call to Clean\((s)\).

In Algorithm 1, \(succ(s)\) and \(pred(s)\) denote, respectively, the set of all successors and predecessors of a state \(s\in S_D. succ_i(s)\) and \(pred_i(s)\) are, respectively, the ith successor and the ith predecessor of s. Both automata corresponding to the initial and the cleaned delegators are given by their adjacency matrix. The set \(F_{D'}\) is a binary table where each state i receives 1 if \(i\in F_{D'}\) and receives 0 otherwise. Therefore, the worst-case computational complexity of the Algorithm 1 is \(O(|\lambda _{D'}|)\). This corresponding to the complexity of the depth-first traversing of \(D'(A_{T}, R)\).