Abstract
Compensating CSP (cCSP) is an extension to CSP for modeling long running transactions (LRTs). In our work, we extended the original cCSP with the ability of modeling non-determinism, deadlock and livelock. Until now, there is only a failure-divergence semantics for the extended cCSP, and there is no model checking or animating tool for it. In this paper, we present an operational semantics for model checking the extended cCSP. We prove that the general problem of model checking the extended cCSP with respect to regular properties is undecidable. Using the operational semantics, we have implemented an animator and a prototype model checker for the extended cCSP based on the platform Process Analysis Toolkit (PAT). In addition, a case study is given to demonstrate the tool.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alves, A., Arkin, A., Askary, S., Bloch, B., Curbera, F., Goland, Y., Kartha, N., Sterling, König, D., Mehta, V., Thatte, S., van der Rijn, D., Yendluri, P., Yiu, A.: Web services business process execution language version 2.0. OASIS Committee Draft, May 2006
Bocchi, L., Laneve, C., Zavattaro, G.: A calculus for long-running transactions. In: Najm, E., Nestmann, U., Stevens, P. (eds.) FMOODS 2003. LNCS, vol. 2884, pp. 124–138. Springer, Heidelberg (2003)
Bruni, R., Melgratti, H.C., Montanari, U.: Theoretical foundations for compensations in flow composition languages. In: Proceedings of POPL 2005, pp. 209–220. ACM Press (2005)
Butler, M., Ferreira, C.: An operational semantics for StAC, a language for modelling long-running. In: De Nicola, R., Ferrari, G.-L., Meredith, G. (eds.) COORDINATION 2004. LNCS, vol. 2949, pp. 87–104. Springer, Heidelberg (2004)
Butler, M., Hoare, S.T., Ferreira, C.: A trace semantics for long-running transactions. In: Abdallah, A.E., Jones, C.B., Sanders, J.W. (eds.) Communicating Sequential Processes. LNCS, vol. 3525, pp. 133–150. Springer, Heidelberg (2005)
Butler, M., Ripon, S.: Executable semantics for compensating CSP. In: Bravetti, M., Kloul, L., Zavattaro, G. (eds.) EPEW/WS-EM 2005. LNCS, vol. 3670, pp. 243–256. Springer, Heidelberg (2005)
Chen, Z., Liu, Z.: An extended cCSP with stable failures semantics. In: Cavalcanti, A., Deharbe, D., Gaudel, M.-C., Woodcock, J. (eds.) ICTAC 2010. LNCS, vol. 6255, pp. 121–136. Springer, Heidelberg (2010)
Chen, Z., Liu, Z., Wang, J.: Failure-divergence refinement of compensating communicating processes. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 262–277. Springer, Heidelberg (2011)
Chen, Z., Liu, Z., Wang, J.: Failure-divergence semantics and refinement of long running transactions. Theor. Comput. Sci. 455, 31–65 (2012)
Emmi, M., Majumdar, R.: Verifying compensating transactions. In: Cook, B., Podelski, A. (eds.) VMCAI 2007. LNCS, vol. 4349, pp. 29–43. Springer, Heidelberg (2007)
Garcia-Molina, H., Salem, K.: SAGAS. In: Proceedings of SIGMOD 1987, pp. 249–259. ACM Press (1987)
Gray, J., Reuter, A.: Transaction Processing: Concepts and Techniques. Morgan Kaufmann, San Mateo (1993)
Kucera, A., Mayr, R.: Simulation preorder over simple process algebras. Inf. Comput. 173(2), 184–198 (2002)
Laneve, C., Zavattaro, G.: Foundations of web transactions. In: Sassone, V. (ed.) FOSSACS 2005. LNCS, vol. 3441, pp. 282–298. Springer, Heidelberg (2005)
Little, M.C.: Transactions and web services. Commun. ACM 46(10), 49–54 (2003)
Lugiez, D., Schnoebelen, P.: The regular viewpoint on PA-processes. Theor. Comput. Sci. 274(1–2), 89–115 (2002)
Minsky, M.L.: Computation: Finite and Infinite Machines. Prentice-Hall, Englewood Cliffs (1967)
Papazoglou, M.P., Traverso, P., Dustdar, S., Leymann, F.: Service-oriented computing: state of the art and research challenges. IEEE Comput. 40(11), 38–45 (2007)
Ramalingam, G., Vaswani, K.: Fault tolerance via idempotence. In: Proceedings of POPL 2013, pp. 249–262. ACM Press (2013)
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall PTR, Upper Saddle River (1997)
Sun, J., Liu, Y., Dong, J.S., Pang, J.: PAT: towards flexible verification under fairness. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 709–714. Springer, Heidelberg (2009)
Thatte, S.: XLANG web services for business process design (2001)
Vaz, C., Ferreira, C.: On the analysis of compensation correctness. J. Log. Algebr. Program. 81(5), 585–605 (2012)
Acknowledgments
This research is supported in part by grants from the National NSFC projects (Nos. 61103013 and 61120106006), the National 973 project 2014CB340703, and the Specialized Research Fund for the Doctoral Program of Higher Education 20114307120015. The authors would like to thank the anonymous reviewers for their suggestions that help to improve the paper. Furthermore, we would like to appreciate the help from Yang Liu and Manchun Zheng in PAT group during our tool development.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
1.1 Proof of Theorem 3
Theorem 3. Given a standard process \({P}\) of the extended cCSP and an FSM \({R}\), the language inclusion problem \({L(T(P)) \subseteq L(R)}\) is undecidable.
Proof
The problem can be reduced to the halting problem of Minsky 2-counter machine that is known to be undecidable [17]. The basic idea of the reduction is to construct a standard process \({P}\) and an FSM \({R}\) for a 2-counter machine \({M}\). \({P}\) models the behavior of \({M}\) with respect the memory constraint but without regard to the control constraint of \({M}\). \({R}\) models the control behavior of \({M}\) but disregards the memory constraint, and accepts all the traces of \({M}\) that are not halted. Therefore, \({L(T(P)) \subseteq L(R)}\) iff \({M}\) does not halt, which implies the problem is undecidable in general.
Hence, we need to give how to construct the process and the FSM. Let \({M}\) be a 2-counter machine with \({n}\) numbered instructions:
where \({ins_i {\in } \{ (c_k {:=} c_k + 1 ; \mathbf{goto }\ j), (\mathbf{if }\ (c_k = 0)\ \mathbf{goto }\ j ; (c_k {:=} c_k - 1 ; \mathbf{goto }\ l)) \}}\), \({k{\in }\{1, 2\}}\), \({1 \le j, l \le n}\) and \({1 \le i \le n - 1}\).
The construction of the extended cCSP process \({P}\) is as follows, where \({k \in \{1, 2\}}\).
In the above construction, \({inc_{k}}\), \({dec_{k}}\) and \({zero_{k}}\) represent the events of increasing, decreasing and zeroing the \({k}\)-th counter, respectively. \({C_1}\) and \({C_2}\) are the processes that try to increase or decrease the first counter and the second counter, respectively. After executing each terminated trace of \({C_k}\), the corresponding counter is decreased by one. During the execution of \({C_k}\), the memory constraint of the corresponding counter is preserved, i.e., the counter is no less than 1 if it is set to 2 at the beginning of executing \({C_k}\). \({Z_k}\) is the process that tries to keep the content of the \({k}\)th counter to be zero. Thus, the evolving of the processes \({C_k}\) and \({Z_k}\) is consistent with the memory constraint of \({M}\). The process \({P}\) models the 2-counter machine that the initial values of first counter and second counter are \({m_1}\) and \({m_2}\), respectively, where \({C^{m_k}_{k}}\) is the sequential composition of \({m_k}\) copies of \({C_k}\).
According to the instructions of \({M}\), we can construct the FSM \({R {=} (\varSigma , S, s_0, \delta , F)}\), where \({\varSigma }\) is the alphabet set and \({\varSigma = \{inc_k, dec_k, zero_k \mid k \in \{1, 2\}\}}\), \({S}\) is the state set and \({S = \{s_i \mid 1\le i \le n\} \cup \{s_{n+1}\}}\), \({s_0}\) is the initial state, i.e., \({s_1}\) in \({S}\), \({\delta : S {\times } \varSigma {\rightarrow } S }\) is the transition function, \({F}\) is the final state set and \({F = S \setminus \{s_{n}\}}\). For each construction, we can add the transitions as follows, where \({k\in \{1, 2\}}\).
Then, we complete \({R}\) by adding a self-transition to \({s_{n+1}}\) for each element in \({\varSigma }\), i.e., \({\forall a\in \varSigma \bullet \delta (s_{n+1}, a)= s_{n+1} }\). Finally, for each state \({s}\) except \({s_n}\), if there does not exist a transition for an element \({a}\) in \({\varSigma }\) (\({\not \exists s_1\in S \bullet \delta (s, a) = s_1}\)), we add a transition from \({s}\) to \({s_{n+1}}\) with the label as \({a}\) to \({\delta }\), i.e., \({\delta (s, a) = s_{n+1}}\). Thus, the FSM \({R}\) is constructed according to the control constraints of \({M}\), and \({R}\) accepts the trace any prefix of which is not a halted trace of \({M}\), because there is no transition from \({s_n}\) to \({s_{n+1}}\), and \({s_n}\) is not a final state.
According to the above constructions, we next prove “\({L(T(P)) \subseteq L(R)}\) iff \({M}\) does not halt”. Instead of proving it directly, we prove “\({L(T(P)) \nsubseteq L(R)}\) iff \({M}\) halts”.
-
If \({M}\) halts, then there exists a trace \({s}\) produced by a halted execution of \({M}\), which is accepted by \({T(P)}\), because \({P}\) satisfies the memory constraints. However, according to the construction of \({R}\), \({s}\) is not accepted by \({R}\). Thus, \({L(T(P)) \nsubseteq L(R)}\).
-
If \({L(T(P)) \nsubseteq L(R)}\), then there exists a trace \({s}\) accepted by \({T(P)}\), but \({s}\) is not accepted by \({R}\). According to the construction of \({R}\), there must exist \({s_t}\) that is a prefix of \({s}\) and \({s_t}\) can reach the state \({s_n}\) in the state set \({S}\) of \({R}\), i.e., \({M}\) can reach the last instruction (\({halt}\)) via \({s_t}\). Also, because \({s}\) is accepted by \({T(P)}\), the execution of \({s_t}\) satisfies the memory constraint. Thus, \({M}\) has a halting execution, i.e., \({M}\) halts.
In total, we can have \({L(T(P)) \subseteq L(R)}\) iff \({M}\) does not halt. Therefore, according to the undecidable result of 2-counter machine [17], the problem \({L(T(P)) \subseteq L(R)}\) is undecidable in general. \(\square \)
Rights and permissions
Copyright information
© 2014 Science and Engineering Faculty
About this paper
Cite this paper
Yu, H., Chen, Z., Wang, J. (2014). An Operational Semantics for Model Checking Long Running Transactions. In: Tuosto, E., Ouyang, C. (eds) Web Services and Formal Methods. WS-FM 2013. Lecture Notes in Computer Science(), vol 8379. Springer, Cham. https://doi.org/10.1007/978-3-319-08260-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-08260-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-08259-2
Online ISBN: 978-3-319-08260-8
eBook Packages: Computer ScienceComputer Science (R0)