Laura Bocchi

A Calculus for Long-Running Transactions

We study long-running transactions in open component-based distributed applications, such as Web Services platforms. Long-running transactions describe time-extensive activities that involve several distributed components. Henceforth, in case of failure, it is usually not possible to restore the initial state, and firing a compensation process is preferable. Despite the interest of such transactional mechanisms, a formal modeling of them is still lacking. In this paper we address this issue by designing an extension of the asynchronous π-calculus with long-running transactions (and sequences) – the πt -calculus. We study the practice of πt-calculus, by discussing few paradigmatic examples, and its theory, by defining a semantics and providing a correct encoding of πt-calculus into asynchronous π-calculus.

A theory of design-by-contract for distributed multiparty interactions

Design by Contract (DbC) promotes reliable software development through elaboration of type signatures for sequential programs with logical predicates. This paper presents an assertion method, based on the π-calculus with full recursion, which generalises the notion of DbC to multiparty distributed interactions to enable effective specification and verification of distributed multiparty protocols. Centring on global assertions and their projections onto endpoint assertions, our method allows clear specifications for typed sessions, constraining the content of the exchanged messages, the choice of sub-conversations to follow, and invariants on recursions. The paper presents key theoretical foundations of this framework, including a sound and relatively complete compositional proof system for verifying processes against assertions.

A Formal Approach to Service Component Architecture

We report on a formal framework being developed within the SENSORIA project for supporting service-oriented modelling at high levels of abstraction, i.e. independently of the hosting middleware and hardware platforms, and the languages in which services are programmed. More specifically, we give an account of the concepts and techniques that support the composition model of SENSORIA, i.e. the mechanisms through which complex applications can be put together from simpler components, including modelling primitives for the orchestration of components and the definition of external interfaces.

Monitoring Networks through Multiparty Session Types

In large-scale distributed infrastructures, applications are realised through communications among distributed components. The need for methods for assuring safe interactions in such environments is recognized, however the existing frameworks, relying on centralised verification or restricted specification methods, have limited applicability. This paper proposes a new theory of monitored π-calculus with dynamic usage of multiparty session types (MPST), offering a rigorous foundation for safety assurance of distributed components which asynchronously communicate through multiparty sessions. Our theory establishes a framework for semantically precise decentralised run-time enforcement and provides reasoning principles over monitored distributed applications, which complement existing static analysis techniques. We introduce asynchrony through the means of explicit routers and global queues, and propose novel equivalences between networks, that capture the notion of interface equivalence, i.e. equating networks offering the same services to a user. We illustrate our static-dynamic analysis system with an ATM protocol as a running example and justify our theory with results: satisfaction equivalence, local/global safety and transparency, and session fidelity.

Specifying and Composing Interaction Protocols for Service-Oriented System Modelling

We present and discuss a formal, high-level approach to the specification and composition of interaction protocols for service-oriented systems. This work is being developed within the SENSORIA project as part of a language and formal framework supporting the modelling of complex services at the business level, i.e. independent of the underlying platform and the languages in which services are programmed and deployed. Our approach is based on a novel language and logic of interactions, and a mathematical semantics of composition based on graphs. We illustrate our approach using a case study provided by Telecom Italia, one of our industrial partners in the project.

Asynchronous distributed monitoring for multiparty session enforcement

We propose a formal model of runtime safety enforcement for largescale, cross-language distributed applications with possibly untrusted endpoints. The underlying theory is based on multiparty session types with logical assertions (MPSA), an expressive protocol specification language that supports runtime validation through monitoring. Our method starts from global specifications based on MPSAs which the participants should obey. Distributed monitors use local specifications, projected from global specifications, to detect whether the interactions are well-behaved, and take appropriate actions, such as suppressing illegal messages. We illustrate the design of our model with examples from real-world distributed applications. We prove monitor transparency, communication conformance, and global session fidelity in the presence of possibly unsafe endpoints.

Algebraic semantics of service component modules

We present a notion of module acquired from developing an algebraic framework for service-oriented modelling. More specifically, we give an account of the notion of module that supports the composition model of the SENSORIA Reference Modelling Language (SRML). The proposed notion is independent of the logic in which properties are expressed and components are programmed. Modules in SRML are inspired in concepts proposed for Service Component Architecture (SCA) and Web Services, as well the modules that have been proposed for Algebraic Specifications, namely by H. Ehrig and F. Orejas, among others; they include interfaces for required (imported) and provided (exported) services, as well as a number of components (body) whose orchestrations ensure how given behavioural properties of the provided services are guaranteed assuming that the requested services satisfy required properties.

An abstract model of service discovery and binding

We propose a formal operational semantics for service discovery and binding. This semantics is based on a graph-based representation of the configuration of global computers typed by business activities. Business activities execute distributed workflows that can trigger, at run time, the discovery, ranking and selection of services to which they bind, thus reconfiguring the workflows that they execute. Discovery, ranking and selection are based on compliance with required business and interaction protocols and optimisation of quality-of-service constraints. Binding and reconfiguration are captured as algebraic operations on configuration graphs. We also discuss the methodological implications that this model framework has on software engineering using a typical travel-booking scenario. To the best of our knowledge, our approach is the first to provide a clear separation between service computation and discovery/instantiation/binding, and to offer a formal framework that is independent of the SOA middleware components that act as service registries or brokers, and the protocols through which bindings and invocations are performed.

Compositional nested long running transactions

Web Services offer a widespread standard for making services available on the Internet. Of particular interest is the possibility of composing existing distributed services to create new complex ones. Existing research has already studied long running transactions within a formal context. In this other research, compensations are just partly compositional: a transaction’s failure triggers the compensation of immediately enclosed transactions, but not those of nested transactions. In this paper we formally model a more compositional protocol with the asynchronous pi calculus. The resulting behavior is similar to that of the Business Transaction Protocol of OASIS [1], which also has arbitrary nesting.

Timed Multiparty Session Types

We propose a typing theory, based on multiparty session types, for modular verification of real-time choreographic interactions. To model real-time implementations, we introduce a simple calculus with delays and a decidable static proof system. The proof system ensures type safety and time-error freedom, namely processes respect the prescribed timing and causalities between interactions. A decidable condition on timed global types guarantees time-progress for validated processes with delays, and gives a sound and complete characterisation of a new class of CTAs with general topologies that enjoys progress and liveness.