View
213
Download
0
Embed Size (px)
Citation preview
1
Ivan LaneseComputer Science Department
University of BolognaItaly
Behavioural Theory for SSCC
Joint work with Luis Cruz-Filipe, Francisco Martins, Antonio Ravara and Vasco Vasconcelos
Univerisities of Lisbon, Portugal
Stream-based Service Centred Calculus
SSCC is a calculus for modelling services based on sessions and streams
One of the Sensoria core calculi– Follows the same thread of SCC and CaSPiS
SSCC provides operators for– Defining and invoking services
– Describing conversations (sessions) between services
– Orchestrating complex service systems
SSCC syntax
P ::= P jQ(ºa)P0recX :PX
9>>>>=
>>>>;
Standard operators
a ) Pa ( P
¾
Services
v:P(x)P
¾Conversations
streamP asf inQfeedv:Pf (x):P
9=
;Orchestration
SSCC services
Services are defined by their name a and their protocol P Service definition and service invocation are symmetric Invocations and definitions interact creating two session
endpoints executing their respective protocols
Sessions are not available when programming– Only runtime construct
a ) P ja ( Q ! (ºr)(r B P jr C Q)
SSCC conversations
Sessions can exchange information via input and output
We can imagine to extend conversations with all the typical session constructs (e.g., choice)
(ºr)(r B v:P jr C (x)Q) ! (ºr)(r B P jr C Q[v=x])
Orchestrating SSCC services
We propose the stream construct– Induces a clear style of programming– Good tradeoff between expressive power and structured
communication P and Q are concurrently executing f is a communication stream (i.e., a queue) from P to Q P can feed values inside f (feed v.P’)
– Non blocking – Values stored in the nearest stream
Q can read values from f (f(x).Q’)– Blocking– Reads from stream f
streamP asf inQ
A stream at work
streamfeedv:P asf = hi inf (x):Q! streamP asf = hvi inf (x):Q
! streamP asf = hi inQ[v=x]
Orchestrating 3 services
Invoke services a and b and use their results to invoke c
stream(a ( (x)feedx)j(b( (y)feedy)
asf = hi inf (z):f (w):c ( z:w:(t)feedt
Useful macros
Direct communications
b* v:P ,streamb( v:feed ² asf inf (z):P
b+(x)P ,streamb) (z):feedzasf inf (x):P
Why a behavioural theory?
To understand the relationships between the different operators
To be able to reason axiomatically on systems To be able to prove the correctness of program
transformations and optimizations
Which behavioural theory?
We consider the classic bisimilarity approach– Processes should be able to mimik each other labelled
transitions
We have labels for session communications, service invocations, feeds, reads from stream, internal actions…
We choose full (substitution-closed) bisimilarity– Strong bisimilarity ~f for more basic transformations
– Weak bisimilarity ≈f allows optimizations» Abstracts away internal actions
≈≡'
A compositionality result
Strong and weak full bisimilarity are congruences– Capture the corresponding contextual equivalences
– Axioms can be applied to subterms
– Transformations can be applied to arbitrarily complex systems
The congruence result does not hold for strong/weak plain bisimilarity
We will present some useful axioms– We are not interested in a complete axiomatization
Structural congruence is a bisimulation
stream(º a)P asf =~v inQ ´ (º a)(streamP asf =~v inQ)if a =2 fn(Q) [ Set(~v)
streamP asf =~v in(º a)Q ´ (º a)(streamP asf =~v inQ)if a =2 fn(P ) [ Set(~v)
r ./ (º a)P ´ (º a)(r ./ P )
Standard rules for parallel composition, restriction and recursion
Additional scope extension rules
Session axioms
Different sessions are independent
Terminated sessions can be garbage collected(º r)D[[r . 0;r / 0]]» f D[[0;0]] if D does not bind r
r ./ (s ./ Qj P)» f s ./ Qj r ./ P if s 6= r
Stream axioms (1)
Stream = parallel composition + communication
Terminated streams can be garbage collected
streamP asf inQ» f P jQif f =2 fn(Q) and P does not contain feed
stream0asf inP » f P if f does not occur in P
streamP asf in(Q jQ0) » f(streamP asf inQ) jQ0 if f =2 fn(Q0)
Stream axioms (2)
Uncatched feeds are τ steps
Different streams are independent
streamP asf instreamP 0asg inQ» fstreamP 0asg instreamP asf inQ if f 6= g
streamP asf in0¼f P f feedv:Q ! Qg
Sessions vs streams
Feeds are unaffected by sessions
Session outputs are unaffected by streams
More in general
r ./ (feedvj P )» f feedvj r ./ P
streamvj P asf inQ» f vj streamP asf inQ
r ./ (Q j P ) » f Q j r ./ Pif Q contains no session input/ outputstreamR jP asf inQ» f R j streamP asf inQ
if R contains no feeds
Object-oriented interaction pattern
UML sequence diagrams show the exchange of messages among components of a complex system…
…but have no session information
Session-oriented interaction pattern
There are two sessions:– r between A and B
– s between B and C
There are local communications in B
The session-oriented pattern in SSCC
The pattern can be implemented in SSCC
Communications between different sessions in B
exploit auxiliary services
SC, (ºb;c) ( A j B j C)A , b( w:(y)P B , (º b1;b2) ( B1 j B2 )
C , c ) (x)v:SB1 , b) (x)b1 * x:b2 +(y)y:Q
B2 , c ( b1 +(x)x:(y)b2 * y:R:
The subsession pattern in SSCC
Now the SSCC implementation is:
A and C are as before
Two auxiliary communications have been eliminated
Two are still used
E , b) (x)(º b1)(c ( x:(y)b1 * y:R j b1 +(y)y:Q)
SC0 , (º b;c) ( A j E j C )
Is the program transformation correct?
The two diagrams can be proved full weak bisimilar
The proof exploits:
– Standard coinductive techniques
– Congruence
– Some axioms (session independence, garbage collection)
Since full weak bisimilarity is a congruence the
optimization can be applied in any context
Introducing streams
We can use a stream to avoid the remaining auxiliary communications
Correctness proof similar to the previous one
SC0 , (º b;c) ( A j G j C )G , b) (x)
streamc( x:(y)feedy:R as f in f (y):y:Q
Breaking sessions
Current technologies does not provide sessions– Only request and request/response primitives
– Correspond to sessions with fixed protocol
Useful to break sessions in smaller pieces– A long session may correspond to a sequence of
request/responses
– Next request/response name sent as continuation
Arbitrary sessions can not be broken preserving the semantics– Correct for all sequential sessions
– Sequentiality can be proved using a type system
Conclusions
SSCC can model session-based communication patterns Behavioural theory allows to work axiomatically on
patterns Complex program transformations can be specified and
proved correct
Future work
On program transformations– Develop a methodology to drive the application of
transformations
– Apply to other case studies
On SSCC– Further understanding its behavioral theory
– Add kill and compensation primitives
On types– Type systems for deadlock freedom
– Type systems for termination