A-Priori Verification of Web Services with Abduction

A-Priori Verification of Web Services with Abduction

Marco Alberti1

Federico Chesani2

Marco Gavanelli1

Evelina Lamma1

Paola Mello2

Marco Montali2

1 ENDIF, Università di Ferrara2 DEIS, Università di Bologna

CILC'06, Bari, 27 giugno 2006


2

Motivation: Service Oriented Computing

Web services:– Defined by their behavioural interface– Simple stand-alone applications, or– Potential components of complex applications, by

Composition of web services:– As specified by a choreography

Will the web services comply to the choreography?



3

Choreographies vs. MAS protocols

Similarities (Baldoni et al., LNCS 3670):– Both define rules for collaboration among peers– Both express dependencies and constraints in

interactions– Both abstract away from internals, focusing on

interface Wide literature on MAS protocol verification Approach: apply MAS techniques to SOC

verification



4

In this talk: The AlLoWS framework

Abductive Logic Web-service Specification Language to specify choreographies and web

service interfaces (originally: interaction protocols and reactive agents), with an abductive semantics

Definition of conformance of a web service to a choreography

Abductive proof procedures to verify conformance



5

Representation of interactions

Interaction as exchange of messages. Messages format:

– mx(Sender, Receiver, Content)

Events: actual message exchanges– H(Message[,Time])

Expectations: desired message exchanges– E(Event[,Time])



6

Choreography Specification

Abductive triple <KBchor,εchor,ICchor>

ε: abducible signatures (events H and expectations Echor)

Choreography Knowledge Base: logic program with expectations in clause bodies

Choreography Integrity Constraints: implications relating events and expectations



7

Choreography example

KBchor

deadline(10).

ICchor

H(m1(X,Y),T1) /\ deadline(Td)

→ Echor(m2(Y,X),T2) /\ T2< T1 + Td

\/ Echor(m3(Y,X),T2) /\ T2< T1 + Td



8

Web Service specification

Abductive triple <KBws,εws,ICws>

ε: abducible signatures (events H and expectations Ews)

Web service Knowledge Base: logic program with expectations in clause bodies

Web service Integrity Constraints: implications relating events and expectations



9

Conformance

Our idea of conformance: a web service will comply to a choreography,provided that its peers comply too.

Feeble conformance: all expected events happen.

Strong conformance: all happened events are expected.



10

Possible interaction

A pair (HAP, EXP) that, together with the KB, entails the following:– a Goal (usually defines a needed event)– The integrity constraints– The web service being discussed follows its own

expectations about itself– The other peers follow the choreography

expectations about themselves



11

Feeble conformance

A possible history HAP is feeble conformant if there exists EXP that, together with joined KBs, entails:

- A goal- The integrity constraints (ICchor U ICws)

- Ews(X) H(X)

- Echor(X) H(X)

- <HAP,EXP> is a feeble conformant interaction if EXP is minimal w.r.t set inclusion

- A web service is feeble conformant if all the possible histories are feeble conformant



12

Strong conformance

A feeble conformant interaction <HAP,EXP> is also strong conformant if it entails the following:

H(mx(ws,R,C)) Echor(mx(ws,R,C))

H(mx(S,ws,C)) Ews(mx(S,ws,C))

A web service is strong conformant if all possible histories are strong conformant.



13

The SCIFF abductive proof procedure

Derived from Fung and Kowalski’s IFF– Originally applied to compliance verification in MAS

Properties:– Termination for acyclic programs– Soundness– Completeness

Generative version: g-SCIFF (events are abducible)– Applied to verification of protocol properties



14

Conformance verification

g-SCIFF

SCIFF

SCIFF

SCIFF

/\

FeebleConformance

PossibleInteractionHAP,EXP

Is HAPfeebleconformant?

StrongConformance

Are alleventsexpected?



15

Example: more capabilities

Choreography– H(m1(ws,X,C))→Echor(m2(X,ws,D))

Web service– H(m1(ws,X,C)) →Ews(m2(X,ws,D)) \/

Ews(m3(X,ws,D))

Result: feeble and strong conformant



16

Example: Missing Capability

Choreography– H(m1(ws,X,C)) → Echor(m2(X,ws,D)) \/

Echor(m3(X,ws,D)) Web service

– H(m1(ws,X,C)) → Ews(m2(X,ws,D)) Result: not feeble conformant Counterexample:

HAP = {H(m1(ws,a,c)),H(m3(a,ws,d))}



17

Example: Wrong reply

Choreography– H(m1(X,ws,C)) → Ews(m2(ws,X,D)) \/

Ews(m3(ws,X,D)) Web service

– H(m1(X,ws,C)) → Echor(m2(ws,X,D)) Result: non conformant Counterexample

HAP = {H(m1(a,ws,c)),H(m3(ws,a,d))}



18

Example: Predefined answer

Choreography– H(m1(X,ws,C)) → Echor(m2(ws,X,D)) \/

Echor(m3(ws,X,D))

Web service– H(m1(X,ws,C)) → Ews(m2(ws,X,D))

Result: feeble and strong conformant



19

Ongoing work

Is a uniform language good w.r.t expressiveness?

Automatic translation from graphical notations

Experimentation and (performance) comparison with other frameworks


Marco Alberti1

Federico Chesani2

Marco Gavanelli1

Evelina Lamma1

Paola Mello2

Marco Montali2

1 ENDIF, Università di Ferrara2 DEIS, Università di Bologna

Documents

A-Priori Verification of Web Services with Abduction