Title: Model Checking Approaches for Web Service Verification
1Model Checking Approaches for Web Service
Verification
- Hidayet Ozgur Sanli
- hedo_at_asu.edu
2Contents
- Motivation
- Whats model checking?
- Model checking tools
- Model-Based Verification of Web Service
Compositions - Verification of Web Service Flows with
Model-Checking Techniques - Conclusions
- References
3Motivation
- Service aggregation
- Combining existing web services
- Robustness against requirements change
- Flow description is used for expressing how
various web services should be composed - Faulty flow descriptions is not desirable since
tremendous amount of shared network resources are
consumed - Runtime verification of compositions for
properties such as deadlocks and usability
assessment of partnered services is needed
4Motivation (contd)
Control flow
Data flow
Late Binding in Web Service Composition
5Motivation (contd)
Ticket Order as a composite web service
6Whats model checking? 1
- Model checking is a method to algorithmically
verify finite state systems formally - Model checking is to verify that, the model,
often deriving from a hardware or software
design, satisfies a logical specification
(determining the truth of formulas) - The model is usually expressed as a directed
graph with nodes, representing states of the
system, and edges represent possible alterations
of the state
7What is model checking? (contd)
- Requirements for model checking
- Modelling language to describe the system
- Specification language to formulate properties
- Calculus/Algorithm to verify specification
- Automated model checkers traverse all reachable
system states - Many practical applications
- Communication Protocols
- Electrical Circuits
- Digital Controllers
8What is model checking? (contd)
- Correctness properties
- Safety
- Nothing bad ever happens
- Formalized using state invariants (execution
never reaches a bad state) - Liveness
- Something good eventually happens
- Formalized using temporal logic
- (always)
- ltgt (eventually)
- () (next cycle)
- (-) (previous cycle)
- U (strong until)
9What is model checking? (contd)
- (signalA 1 -gt ()signalB 0)
- It is always the case that signalA equals one
implies signalB equals zero on the next cycle - (signalA 1 -gt (-)signalB 0)
- It is always the case that signalA equals one
implies signalB equals zero on the previous cycle - ltgt(signalA1()()signalBlt2)
- Eventually, if signalA is equal to one, and then
two cycles and always after that, signalB is less
than 2
10Model Checking Tools (SPIN)
- The most popular model checker (ACM Software
Award) - Automata based model checker
- System is described as programs in the Promela
language which is close to a real programming
language - Finite state model is generated from the Promela
description automatically - System described as a collection of concurrent
processes - Processes communicate and synchronize via message
channels and global variables
11Model Checking Tools (contd)
- Promela
- Macro definitions
- define NBUF 1
- Symbolic constants
- inputtype LOW, MEDIUM, HIGH
- Synchronous message channel
- chan sender NBUF of short
- Process Instances
- active proctype Receiver()
- Sending messages
- receiver!MSG0
- Receiving messages
- sender?ACK0
12Model Checking Tools (contd)
Alternating Bit Protocol in Promela
13Model Checking Tools (contd)
- Promela code is used to generate Labelled
Transition System (LTS) - SWITCH OFF,
- OFF (on -gt ON) ,
- ON (off -gt OFF).
14Model-Based Verification of Web Service
Compositions 2
- A Comparison based Verification Approach
- Use Labelled Transition System Analyzer (LTSA)
and Message Sequence Charts (MSC) of UML to
capture desired user workflow behavior - Write BPEL4WS implementation
- Generate BPEL4WS model in FSP for use within LTSA
- Use LTSA model checker to detect possible
scenarios that the model supports but undefined
by user - Examine trace results of the FSP model checking
and iterate tracing until no violations
deadlocks discovered.
15Model-Based Verification of Web Service
Compositions (contd)
Model Based Verification Architecture
16Model-Based Verification of Web Service
Compositions (contd)
Layers of modeling abstraction and implementations
17Model-Based Verification of Web Service
Compositions (contd)
- Specification is created as part of requirements
consisting the upper two layers - The workflow is implemented by the software team
focusing on the lower two layers - FSP representation forms the bridge between
specification and implementation - Model checking is done on the design and
implementation models using trace equivalence
18Model-Based Verification of Web Service
Compositions (contd)
Market Place Context Diagram
19Model-Based Verification of Web Service
Compositions (contd)
Seller
Market Place
Buyer
offer product
require product
Model the composition using LTSA-MSC scenarios
20Model-Based Verification of Web Service
Compositions (contd)
LTSA tool provides a translation mechanism to
convert scenarios to FSP
21Model-Based Verification of Web Service
Compositions (contd)
BPEL4WS Process Token Groups
22Model-Based Verification of Web Service
Compositions (contd)
Conversion table for BPEL4WS structured and
concurrent groups to Promela
23Model-Based Verification of Web Service
Compositions (contd)
Verification Process Map
for BPEL4WS Compositions
24Verification of Web Service Flows with
Model-Checking Techniques 3,4
Verification Process Map
for WSFL based compositions
25Verification of Web Service Flows with
Model-Checking Techniques
A
Deadlocked Flow Model
26Verification of Web Service Flows with
Model-Checking Techniques
Promela Process
corresponding to a WSFL activity
27Verification of Web Service Flows with
Model-Checking Techniques
- Wait loop
- Checks all the channels of the incoming control
flows and waits until all the channels have
definite values - Join Step
- Reads out all logical values from the control
channels and evaluates the join condition - Materialize Step
- Extracts the necessary data from the input links
- Perform Step
- Kicks the service provider entry
- Call Exit Step
- Checks exit condition of activity for
re-execution of Perform Step - Control Step
- Computes information that will flow along the
output control links - Propagate Step
- Propagates information along all the output links
of both control and data
28Verification of Web Service Flows with
Model-Checking Techniques
Dead Path
Elimination
29Conclusion
- Current web composition workflow languages
lacks verifications testing aspect - Model checking technique is useful for web
services testing - Recent work in verification of web services is
transformation-based to make use of existing
tools.
30References
- 1 J. Magee and J. Kramer, Concurrency State
Models and Java Programs, John Wiley, 1999 - 2 H. Foster, S. Uchitel, J. Magee, J. Kramer,
Model-based verification of web service
compositions, Proceedings of 18th IEEE
International Conference on Automated Software
Engineering, 6-10, Oct 2003 ,Pages152 161 - 3 S. Nakajima Model-Checking Verification for
Reliable Web Services, OOPSLA 2002 Workshop on
Object-Oriented Web Services, Nov 2002. - 4 S. Nakajima Verification of Web Services
Flows with Model-Checking Techniques, Proc. Cyber
World 2002, pp. 378-385 (November 2002).