4944a192
-
Upload
james-smith -
Category
Documents
-
view
9 -
download
2
description
Transcript of 4944a192
Dependability prediction of WS-BPEL service compositions using Petri net andtime series models∗
Yunni Xia †, Jian Ding, Xin Luo, Qingsheng ZhuSoftware Theory and Technology Chongqing Key Lab, Chongqing University, China, 400030
Abstract
Web services are emerging as a major technology fordeploying automated interactions between distributed andheterogeneous applications. To predict dependability ofcomposite service processes allows service users to decidewhether service process meets quantitative trustworthinessrequirement. Existing contributions for dependability pre-diction simply trust QoS information published in Service-Level-Agreement (SLA) or assume QoS of service activitiesto follow certain assumed distributions. These informa-tion and distributions are used as static model inputs intostochastic process models to obtain analytical results. In-stead, we consider QoS of service activities to be fluctuatingand introduce a dynamic framework to predict runtime de-pendability of service compositions built on WS-BPEL, em-ploying the Autoregressive-Moving-Average Model (ARMA)time series model and general stochastic Petri net model. Inthe case study of a real-world service composition sample,a comparison between existing approaches and our one ispresented and results suggest that our approach achieveshigher prediction accuracy and a better curve-fitting.
1 Introduction
Web Services are interfaces that describe a collection
of operations that are network-accessible through standard-
ized protocols, and whose features are described using a
standard XML-based language. The development of new
services through composition of existing ones has gained
considerable acceptance as a major means to integrate het-
erogeneous industrial applications and to realize B2B e-
commerce collaborations. Service Composition involves
the development of customized services often by discover-
ing, integrating, and executing existing services. One of the
most used and de facto composition standard is WS-BPEL
∗Supported by the NSCF Research Program of China under grant No.
61103036†[email protected]
(Business Process Execution Language for Web Services)
[1]. WS-BPEL employs the orchestration-based pattern that
specifies an executable process that involves message ex-
changes with other systems, such that the message exchange
sequences are controlled by the orchestration designer. WS-
BPEL defines an interoperable integration model that facil-
itates the expansion of automated process integration both
within and between businesses.
When deploying composite services, service providers
often commit service-level agreements (SLAs) with their
customers, which include performance and dependability
related metrics. For example, mean response time and ser-
vice dependability for each incoming request are guaran-
teed. It is therefore natural to directly trust and use SLA
parameters specified or QoS published by service providers
as model inputs to predict dependability of service compo-
sitions. However, SLA only provides a promised level that
QoS of services are supposed to achieve. This promised
level is unsuitable to be used as a direct barometer of actual
run-time QoS , which constantly fluctuates due to the dy-
namicness of environment (internet congestion, unexpected
connection latency, resource contention, etc.)
Some other contributions simply adopt the average-
based strategy in building architecture-based dependability
models. These studies share a common idea that they all
try to fit historical QoS data of activities into assumed dis-
tributions (deterministic, exponential, geometrical, or gen-
eral distributions) and employ these obtained distributions
as the model input into the static stochastic models (continu-
ous Markovian model, discrete Markovian model, or PERT
(Program Evaluation and Review Technique, [5]) mode,
etc.) to obtain the predicted dependability.
In general, both SLA-based and the architecture-based
models employ a static-model-input assumption. This
assumption ignores the run-time fluctuation of service
dependability and dynamicness of runtime environment.
Thus, one may find innegligible errors between the results
derived from these models and the actual runtime depend-
ability. Our aim in this paper is therefore the development of
a dynamic dependability prediction approach for WS-BPEL
processes, with special attention to the modeling of compo-
2013 IEEE Seventh International Symposium on Service-Oriented System Engineering
978-0-7695-4944-6/12 $26.00 © 2012 IEEE
DOI 10.1109/SOSE.2013.8
192
sitional patterns and dynamicness of service dependability
in runtime environment. The main innovation includes a
translation from WS-BPEL to the general stochastic Petri
net (GSPN for short) and an analytical dependability pre-
diction method based on the ARMA time-series model. In
the case study, we obtain experimental dependability data
of actual WS-BPEL processes and conduct a comparative
study. The comparison suggests that our dynamic predic-
tion model achieves higher prediction accuracy than exist-
ing approaches.
2 Related work
During the last decade, the QoS of web services and ser-
vice compositions has received a lot of attention in the re-
search community. Various studies discussed how to spec-
ify and estimate the QoS of composite web services ef-
fectively based on the aggregations of the QoS of its con-
stituent service activities or tasks. Various contributions
([6][7][8][9]) assume that each service activity has a deter-
ministic dependability and these deterministic value can be
easily derived from corresponding SLA documents. This
assumption simplifies the calculation of QoS. In this case,
a composite service can be modeled as a static PERT (Pro-
gram Evaluation and Review Technique, [5]) network with
deterministic edges and the service completion time can be
easily calculated as the longest execution path of the PERT
network. However, the assumption of deterministic depend-
ability is rarely satisfied in practice. This is because quali-
tative measures of web services are intrinsically probabilis-
tic. For instance, the response time for invoking a remote
service is usually probabilistic and depends on various un-
certain factors as the connection bandwidth, the stability of
remote connection, the load level of such service, the pos-
sibility of SOAP message loss, the existence of extra-long
delay, etc.
Instead of deterministic dependability, probabilistic and
stochastic models for dependability analysis are also intro-
duced. These approaches are based on the architecture-
based-software-reliability theories [23] and interpret con-
trol flow of service execution as stochastic processes. From
the architectural view, system dependability is decided by
the compositional pattern of activities, probabilistic distri-
butions of dependability of service activities, and branching
probabilities of nondeterministic constructs.
[10] is the seminal work in the literature of this kind.
This work extends the Structural-Workflow-Reduction
(SWR) models in [27] into the stochastic case. The cal-
culation repeatedly applies a reduction on various con-
structs (i.e., sequence, parallelism, selection, loop, and
fault-tolerance) until only one atomic task remains. This
study is for a general model of service compositions and is
not intended for any specific service composition standard.
Similar studies can be found in [15] and [16].
Recently, some architecture-based approaches dedicated
for WS-BPEL are also introduced. [13] proposes a method
to interpret BPEL descriptions into stochastic Petri net and
derives dependability estimates. However, its interpretation
method is coarse-grained and only considers sequential and
parallel patterns. Similar studies based on stochastic col-
ored Petri net can be found in [14].
[17] and [18] propose a translation method to map
BPEL-based service composition into CTMC chain and
derives closed form estimates of service completion dura-
tions. However, the translation only considers < switch >,
< while > and < flow > activities. A similar but better
approach is proposed in [19], where all structural activities
are modeled and analyzed.
Our earlier studies in [20][21] introduce translation-
based approaches to evaluating QoS of WS-BPEL and WS-
CDL processes. They are based on a series of translation
rules to map compositional patterns into QoS-equivalent
Petri nets.
[22] presents a translation from BPEL into SPN and an-
alyzes its dependability. Its translation covers all process
level elements of WS-BPEL. Its results are obtained in a
approximate way using WEBSPN tool (WEBSPN is based
on a discrete time approximation where continuous distribu-
tional functions are simplified through a discrete sampling
technique).
Although the assumption of probabilistic distribution
provides a more refined characterization of real dependabil-
ity of services than that of deterministic variables and ex-
ponential variables, it still has limitations. In deriving the
probability-distributional-functions (PDF) of QoS of ser-
vice activities, above studies simply employ the historical
empirical distribution as the actual PDF and assume such
PDF is capable of characterize even the future changes of
service dependability. In doing so, the cumulative ratio or
density of equaling a certain value is considered to be the
future rate of equaling such value, while ignoring the trend
and seasonality by which the historical dependability val-
ues increase or decrease. For example, the empirical PDF
of dependability of a service task may suggest a normal dis-
tribution. However, the empirical PDF may fails in captur-
ing the fact that the density of dependability value being low
increases, probably caused by the deteriorating connectivity
of network. By contrast, a time series analysis may reveal
the up-going trend and suggest a tailed distribution. In this
case, only a time-series-based prediction of future depend-
ability guarantees the correctness and accuracy.
193
3 Preliminaries
3.1 WS-BPEL
WS-BPEL [1] is an XML-based language that is stan-
dardized by OASIS to orchestrate multiple Web services for
building complex business processes. A WS-BPEL process
is composed of various activities including basic activities
and structured activities. The basic activities describe the el-
emental steps of business process behavior, such as receive,
reply, invoke, and assign. On the other hand, the structured
activities, such as sequence, flow, if, and while, encode the
control logic of a process and contain other basic and/or
structured activities recursively.
The structured activities are similar to the control con-
structs in the programming languages. For example, the
activities contained within a sequence structure will be ex-
ecuted sequentially. The activities contained within a flow
structure will be executed concurrently. In particular, the
synchronization among the concurrent activities within a
flow structure is provided using links. Each link connects a
source activity to a target activity and has an associated tran-
sition condition (a Boolean XPath expression). The transi-
tion condition determines whether a link is followed dur-
ing runtime. If the transition condition is not specified, the
value of the link is defined to be true and the link will be
followed.
3.2 General Stochastic Petri net
The General Stochastic Petri net (GSPN) is an extension
of Petri net, which is a graphical and mathematical tool used
for modeling and analyzing of the concurrent, parallel, syn-
chronous and asynchronous systems. The formal definitions
of Petri nets and GSPN are given as follows.
A Petri net (PN) is a quadruple (P, T, F,M0), where
P = {p1, p2..pk} is a finite set of places,T = {t1, t2..tm}is a finite set of transitions, F ⊆ (P ∗ T ) ∪ (T ∗ P ) is
a set of directed arcs and M0 = {m01,m02, ..m0k} is an
initial marking. The sets of input and output places for tran-
sition t are denoted by ∗t and t∗, respectively. The input
and output transitions for place p are denoted by ∗p and p∗.In a GSPN [2], we distinguish two different kinds of tran-
sitions, the timed (in blank) and immediate transitions (in
black color). The immediate transitions are combined with
firing probabilities and the timed transitions are combined
with an exponential firing rate.
3.3 The ARMA model
ARMA [3] model is a class of stochastic processes used
to analyze time series. The application of the ARMA
methodology for the study of time series analysis is due
to Box and Jenkins. ARMA models of order (p, q) can
be viewed as linear filters from the point of view of digi-
tal signal processing. The time structure of these filters is
the following models:
Zt = c+φ1Zt−1+ ...+φpZt−p−θ1εt−1− ...−θqεt−q+εt(1)
where c is a constant, p is the number of autoregres-
sive orders, q is the number of moving average orders, Z1,
Z2,....Zt−1 is observation at time t, Zt is the variable to
be predicted using previous samples of the time series, and
εt, εt−1,...,εt−q is a discrete white noise with zero mean
and variance. Four iterative steps must be followed in or-
der to construct ARMA(p, q) models as below: a) Series
stationarity; b) Model identification; c) Optimization and
selection; d) Model diagnostic checking.
4 Model translation of WS-BPEL
In this section, we provide translation rules to map BPEL
into GSPN. Since the syntax of BPEL is too vast, we restrict
it to a subset, only considering the elements directly related
with the flow of activity execution and the main aspects of
service composition. This translation captures the visible
behavior of the participants of a service composition and
their interactions.
4.1 Translation of basic activities
We start the translation with the basic activity. A basic
activity (like, for example, < invoke >, < assign >, <validate >, < empty >, and wait) is atomic and does not
contain any other activity.
Among those activities, only < invoke > is related to
the interaction with external services. < invoke > provides
the basic mechanism of remote invocation of external ser-
vices (specified in the corresponding WSDL documents).
A boolean join condition can be associated with this activ-
ity to determine whether the invocation is allowed. If the
condition evaluates to true, the invoking process sends the
SOAP message to the destination service with the request
and waits until a reply is received or a timeout has fired.
After a successful SOAP reply is received before the expi-
ration of the timer, the execution of the < invoke > activ-
ity is completed successfully. Since the SOAP connection
is subject to message loss and unexpected message delay,
< invoke > is considered to be unreliable and a SOAP
failure probability is supposed to be associated.
According to the discussion above, the < invoke > ac-
tivity is translated into the GSPN model given in Fig.1. In
this figure, the started and completed places indicate the
initial and completed states of the process, respectively. The
d invokee timed transition denotes the duration needed to
194
s t a r t e d
c o m p l e t e d
s o a p _ f f a i l e d
e x e c u t i o n _ d
t i m e r e x p i r e d
f i n i s h e d
a c t i v a t e d
t i m e o u t
i v k
c o m p l e t e
i v k _ f
d t e 1d t e 2
t i m e l y
Figure 1. Translation of the < invoke > activity
< a s s i g n > , < v a l i d a t e > , < e m p t y >
c o m p l e t e d s t a r t e d
< w a i t >
c o m p l e t e d s t a r t e d
Figure 2. Translation of other ba-sic activities
establish a successful SOAP connection with the operation
defined in the WSDL specification. timer denotes the time-
out duration. The j failure transition captures the fail-
ure of the join condition. Because the SOAP connections
are prone to failure (caused by message loss, for instance),
the soap err transition is used to capture the SOAP fail-
ure and it directly marks fault (in gray) to indicate the un-
successful invocation. If no SOAP failure occurs and the
SOAP delay exceeds the timeout duration, the invocation of
the WSDL operations is prevented and the fault place is
marked. Otherwise, the timeout transition is prevented and
the invocation of the external operations is permitted and
the finished place is marked. In this case, the operations
which implements the atomic process can either be faulty
(by firing the ivk f transition and marking the fault place)
or successful (by firing the complete transition and mark-
ing the completed place). Note that the dte1 and dte2 (dtestands for dead-token-elimination) transition ensure that no
dead token exists when the atomic process normally com-
pletes or fails.
< assign >, < validate >, < empty > and < wait >activities are used to assign values to variables, to validates
the state of variables, to do nothing and to wait for a period
of time. Those basic activities are relatively simple and con-
sidered to be faultless because they are locally carried out
and requires no connection with external services and need
no message receipt or sending. Moreover, the execution du-
ration for < assign >, < validate > and < empty >are considered to be negligible. Translation rules for those
activities are therefore given in Fig.2.
4.2 Translation of structural activities
We start this section by giving the translation rule of
< sequence >. Activities embedded in a < sequence >activity are executed sequentially. Figure.3 shows the corre-
sponding pattern. For simplicity, the sample in the figure is
assumed to have only two included inner activities, namely
A1 and A2 (can be basic activity or structured activities).
The activities inside a < flow > activity are executed
concurrently. The translation rule is given in Fig.4.
< switch > and < pick > activities both support con-
ditional routing between included activities but they are ac-
tually different in the way of branch decision. Each branch
of switch is associated with a local condition and branch
decision is totally driven by local variables or computa-
tion. Conditional selection of branches is modeled in a
probabilistic manner through a XOR-SPLIT manner. Each
branch is associated with a selection probability for further
dependability analysis.
On the other hand, each branch of < pick > activity can
associate an < onMessage > action to wait for a specific
message or an < onAlarm > action to wait for a period
of time, before included activity in the branch can really
start execution. It waits for exactly one message (through
an < onMessage > activity) or alarm event (through an
< onAlarm > activity)to occur. For each of the events
an activity is associated which is executed if the corre-
sponding event occurs. Based on the difference mentioned
above, translation rules of the two activities are given in
Fig.5 and Fig.6, respectively. Note that, it is assumed that
the < pick > example has an < onMessage > branch
(A1) and an < onAlarm > branch (A2). Similar to Fig.1
timed transition soap ok denotes the duration to success-
fully receive SOAP message, immediate transition sopa errdenotes SOAP error (due to message loss or unexpected
message delay). Timed transition wait denotes the waiting
duration of < onAlarm > (note that, since onAlarm re-
quires external SOAP messages, it is considered to be with-
out fault).
Fig.7 illustrates the translation rule for < if > activ-
ity. The < if > activity consists of a list of conditions and
195
A1s t a r t e d 1
c o m p l e t e d 1
f a u l t 1
A2s t a r t e d 2
c o m p l e t e d 2
f a u l t 2
s t a r t e d
f a u l t
Figure 3. Translation of the < sequence > activ-ity
A1s t a r t e d 1c o m p l e t e d 1
f a u l t 1
A2 c o m p l e t e d 2
f a u l t 2
s t a r t e d c o m p l e t e d
f a u l t s t a r t e d 2
Figure 4. Translation of the < flow > activity
A1s t a r t e d 1
c o m p l e t e d 1
f a u l t 1
A2s t a r t e d 2f a u l t 2
s t a r t e d
c o m p l e t e d
f a u l t
Figure 5. Translation of the < switch > activity
A1s t a r t e d 1c o m p l e t e d 1
f a u l t 1
A2s t a r t e d 2
c o m p l e t e d 2
f a u l t 2
s t a r t e d
c o m p l e t e d
f a u l t
s o a p _ o k
s o a p _ e r r
Figure 6. Translation of the < pick > activity
A1s t a r t e d 1
f a u l t 1
A2s t a r t e d 2f a u l t 2
s t a r t e d c o m p l e t e d
f a u l t
i f
e l s e i f
A3f a u l t 3
s t a r t e d 3
e l s e
Figure 7. Translation of the if activity
list of activities. The conditions are checked sequentially.
If a condition evaluates to true, the corresponding activity
is executed and, after that activity finishes, completes the
< if > activity. The if activity encloses at least one ac-
tivity, an arbitrary number of < elseif > branches, and an
optional < else > branch. The conditions of the mandatory
activity and those of the < elseif > branches are checked
sequentially.
< while > and < repeatUntil > support repeated
execution of an embedded activity. Whereas the embed-
ded activity of the while activity is repeatedly executed
while a given expression holds, the activity embedded in the
< repeatUntil > activity is executed until an expression
holds. Consequently, inner activity in < while > can be
skipped (the condition initially evaluates to false) whereas
the inner activity in < repeatUntil > is executed at least
once. Translation rules for the two activity are illustrated in
Fig.8 and Fig.9.
The < forEach > activity allows to parallel or sequen-
tially process several instances of an embedded scope ac-
tivity. An integer counter is defined which is running from
a specified start counter value to a specified final counter
value (can be derived using static analysis on XPATH ex-
pressions [4]). The enclosed scope activity is then exe-
cuted according to the range of the counter sequentially or
in parallel. Since translation rules for sequential and parallel
< forEach > are very similar to those of < sequence >and < parallel >, they are omitted here.
5 Translating a WS-BPEL example
Based on the translation rules given above, this section
shows how a real-world WS-BPEL sample can be translated
into Petri nets. The sample is a purchase management pro-
cess and its structure is illustrated in Fig.10. The process
includes 8 < invoke > activities and is organized through
< sequence >, < flow >, < switch > and < while >constructs.
Based on the translation rules given in the previous sec-
tion, the sample can be mapped into the Petri net represen-
tation in Fig.11.
196
A1s t a r t e d 1
c o m p l e t e d 1
f a u l t 1
s t a r t e d
f a u l t
b a c k
s k i p
Figure 8. Translation of the < while > activity
A1s t a r t e d 1
c o m p l e t e d 1
f a u l t 1
s t a r t e d c o m p l e t e d
f a u l t
s k i p
b a c k
Figure 9. Translation of the < repeatuntil > ac-tivity
S h o p s e l e c t i o n ( P 1)
s t a r t
< w h i l e > < s e q u e n c e >
P r o d u c t s V i e w i n g ( P 2)
P r o d u c t s S e l e c t i o n ( P 3 )
C o u n t i n g ( P 4)
< f l o w >
I n v e n t o r y c h e c k ( P 5)
< s e q u e n c e >
E l e c t r o n i c p a y m e n t
( P 6)
C a s h p a y m e n t
( P 7)
< s w i t c h >
S h i p p i n g m a n a g e m e n t ( P 8)
e n d
Figure 10. The purchase management process
d_invokee1
d_invokee2
d_invokee3
d_invokee4
d_invokee5
d_invokee6
d_invokee7
d_invokee8
soap_err1
soap_err2
soap_err3
soap_err4
soap_err5
soap_err6
soap_err7
soap_err8
j_failure1
j_failure2
j_failure3
j_failure4
j_failure5
j_failure6
j_failure7
j_failure8
ivk_f1
ivk_f2
ivk_f3
ivk_f4
ivk_f5
ivk_f6
ivk_f7
ivk_f8
Figure 11. The derived GSPN model
197
6 Predicting the firing rates and firing prob-abilities of the < invoke > activity
As discussed earlier, the < invoke > activity provides
the basic mechanism of service invocation and composition.
To predict the dependability of this activity, we first have to
predict the firing delays of its timed transitions and firing
probabilities of its immediate transitions.
Timed transitions correspond to two kinds of opera-
tions in the < invoke > activity, namely the timeout op-
eration and operations of executing invoked services (the
d invokee transition). The former always have invariable
delays (prescribed by system settings) and the latter usually
have nondeterministic delays. Instead of the static evalua-
tion of model inputs, we dynamically fit the historical data
of these nondeterministic delays into a time-series model
and predict the future firing rates using the ARMA method.
The prediction is implemented as follows.
For any d invokee transition, its empirical firing rate at
time t, can be obtained as
fr(t) =N∑
1≤i≤N,i∈N dl(t+ (i− 1)× intv)(2)
where dl(t) denotes measured execution duration for ex-
ternal service invocation at time t, N denotes the num-
ber of test samples with the time window, intv denotes
the time interval of samples. This equation suggests that
the firing rate can be calculated as the reciprocal of the
mean of the N delay samples within the time window of
[t, t+ (N − 1)× intv′].Thus, the firing rates measured at different times can be
described as a sequence of data with equal time intervals
FRt =
{fr(t− (p− 1)× intv), fr(t− (p− 2)× intv), ...., fr(t)}(3)
where p is the volume of the time-series, intv is the interval
of the time-series.
The prediction of the firing probabilities of the
j failure, soap err and ivk f immediate transitions are
carried out similarly and are therefore omitted for brevity.
7 Dependability predictionDependability is defined by IFIP WG-10.4 as ”the trust-
worthiness of a computing system which allows reliance to
be justifiably placed on the service it deliver”. For software
systems, there is no dependability definition universally ac-
cepted and employed. Dependability is often regarded as a
property or possibility for complex software systems to re-
main functionally normal when running or to successfully
accomplish a given task.
To study the dependability of ontology-based service
compositions, we borrow concepts from the architecture-
based-software-reliability theory [11]-[12], where the relia-
bility block diagrams (RBD) are often employed as a rep-
resentation of system architectures and quantitative model.
The elementary configurations of a RBD include the se-
quential, selective, repetitive and parallel routing patterns.
The dependability of the software architecture is therefore
decided by both dependabilities of individual activities and
the compositional patterns by which activities are orga-
nized. As for service compositions, we simply consider
the atomic processes in WS-BPEL processes as activities in
the RBD block diagrams. That is to say, the dependability
of the composite service is decided by both dependabilities
of individual atomic processes and their compositional pat-
terns. This allows us to view a composite service as a com-
bination of independent activities, which can be tackled and
analyzed in a decomposed manner.
We use process-normal-completion-probability
(PNCP ) as the metric of dependability. From the
GSPN view, PCNP denotes the probability that the
completed place of the outer-most process is marked and
no fault place is marked.
To calculate PNCP , we first have to calculate depend-
ability of < invoke > activity. Let P{fault} denote the
probability that place fault in Fig.1 is marked, the depend-
ability of the atomic process, DAP , can therefore be calcu-
lated as
DAP = 1− P{fault} (4)
According to earlier discussions, the fault place in Fig.1
can be marked for four reasons, namely the join failure
(by firing immediate transition j failure), the SOAP error
(by firing immediate transition soap err), the triggering of
timeout (by firing timeout), and faults of invoked external
services (by firing ivk f ). P{fault} is therefore calculated
as
P{fault} =pe(j failure) + (1− pe(j failure))pe(soap err)
+ (1− pe(j failure))(1− pe(soap err))× PTE
+ (1− pe(j failure))(1− pe(soap err))
× (1− PTE)× pe(ivk f)
(5)
where pe(j failure), pe(soap err) and pe(ivk f) denote
the predicted probabilities of firing j failure, soap err and
ivk f , respectively. PTE denotes the probability of trig-
gering timeout. PTE is calculated as
rob{to < delayi} ≈ e−fr(t)×to (6)
where to denotes the timeout threshold and fr(t) denotes
the predicted firing rate of the d invokee timed transition at
time t.
198
0 10 20 30 40 50 60 70 802
3
4
5
6
7
8
91st <invoke>2nd <invoke>3rd <invoke>4th <invoke>
Figure 12. Series of firing delays ofd invokee1−4
0 10 20 30 40 50 60 70 803.2
3.4
3.6
3.8
4
4.2
4.4
4.6
4.8
5
5.2
5th <invoke>6th <invoke>7th <invoke>8th <invoke>
Figure 13. Series of firing delays ofd invokee5−8
0 10 20 30 40 50 60 70 800.01
0.012
0.014
0.016
0.018
0.02
0.022
1st <invoke>2nd <invoke>3rd <invoke>4th <invoke>
Figure 16. Series of failure rates of ivk f1−4
As mentioned before, < assign >, < wait >, <empty > and < validate > are considered to be faultless.
There dependabilities are therefore 1.
Dependability calculation of composite processes is eas-
ier. For example, the dependability of < sequence > activ-
ity in Fig.3, DSE, is
DSE = D1 ×D2 (7)
where D1,2 denote dependability of sub-activities A1,2.
Note that this equation also applies to the < flow >,< forEach > activities.
The dependability of the < if > activity, DIF , is de-
cided by dependabilities of its two branches and the proba-
bility for the associated boolean condition to be true. DIFis therefore calculated as the weighted dependabilities of
its branches. Note that this equation also applies to the
< switch > and < pick > activities.
DIF =
pe(branch1)×D1 + pe(branch2)×D2...
+ pe(branchn)×Dn
(8)
0 10 20 30 40 50 60 70 800.01
0.015
0.02
0.025
5th <invoke>6th <invoke>7th <invoke>8th <invoke>
Figure 17. Series of failure rates of ivk f5−8
The dependability calculation of < while > activity
needs more effort. Their dependabilities are decided by
the dependability of the embedded activity and the num-
ber of repetitive executions. Let NRE denote the number
of repetitive cycles to achieve completion (by marking the
completed place in Fig.8), we have that the dependability
for < while >, DW , is calculated as the total probability
of
DW =∑
0≤i≤∞Di
1 × Prob{NRE = i} (9)
where Prob{NRE = i} denotes the probability that NREequals i. Since the theoretical distribution of NRE is dif-
ficult to evaluate (some studies suggest that the probability
of skipping repetition when every iteration ends can be ap-
proximately seen stable and the number of repetitive cycles
therefore follows the geometrical distribution and employ
the expectation of geometrical distribution in evaluating the
QoS of repetitive constructs, e.g., [24][25][26][27]), we can
approximately calculate Prob{NRE = i} as the occur-
rence rate of NRE equaling i based on the experimental
test or historical runtime logs. That is
Prob{NRE = i} ≈ frq(NRE equaling i)
NT(10)
199
0 10 20 30 40 50 60 70 800.01
0.015
0.02
0.025
0.03
0.035
0.04
0.045
0.05
1st <invoke>2nd <invoke>3rd <invoke>4th <invoke>
Figure 14. Series of failure rates ofSOAP err1−4
0 10 20 30 40 50 60 70 800.01
0.015
0.02
0.025
5th <invoke>6th <invoke>7th <invoke>8th <invoke>
Figure 15. Series of failure rates ofSOAP err5−8
where frq(NRE equaling i) denote the frequency of the
event of NRE equaling i and NT denotes the number of
experimental trials.
As discussed earlier, the < until > activity also sup-
ports the repetitive execution. However, it differs from
< while > because it tests the loop condition after the first
round of the execution of A1 finishes. That is to say that
the total round of executing A1 is the number of repetitive
execution of A1, NRE, plus the inevitable first round.
RRW =∑
0≤i≤∞Di+1
1 × Prob{NRE = i} (11)
Based on analysis above, the dependability of the entire
WS-BPEL process, PNCP , can therefore be calculated as
the dependability of the outermost activity.
8 Experiments and validation
To prove the feasibility and accuracy of our prediction
model, we conduct a case study based on the WS-BPEL
sample of Fig.10. The sample is executed using the Ac-tive BPEL engine and the runtime QoS data are collected
through the log files of the engine.
The WS-BPEL sample includes eight atomic <invoke > activities, which are responsible for remote in-
vocation of external services. For time-series-based analy-
sis, we obtain the series of SOAP delays for external ser-
vice invocation of the eight < invoke > activities, which
correspond to the firing delay series of the d invokee1−8
transitions in Fig.11. These series are illustrated in Fig.12-
13. The intervals for these series is 250ms. The timeout
threshold for all invoke activities is 800ms.
We also obtain the series of the probabilities of SOAP
failures and invocation failures, which correspond to the fir-
ing probabilities of the soap err1−8 and ivk f1−8 imme-
diate transitions. These series are illustrated in Fig.14-17.
0 10 20 30 40 50 60 70 800.75
0.76
0.77
0.78
0.79
0.8
0.81
0.82
0.83
0.84
0.85Real reliabilitiesARMA−based Predicted reliabilitiesArchitecture−based predicted reliabilities
Figure 18. The comparison of prediction re-sults
Note that the join conditions for the sample always evaluate
to true. pe(j failure1−8) are therefore always 0.
Using the Petri-net-based prediction model , we can pre-
dict the future DWP of the sample process. The predicted
DWP results are compared with the actual probabilities of
normal completion and the architecture-based prediction re-
sults in Fig.18. As can be seen, our approach achieves better
curve-fitting than the traditional the architecture-based pre-
diction model.
9 Conclusions
In this manuscript, we present a comprehensive depend-
ability prediction framework for WS-BPEL service compo-
200
sitions. This framework employs the ARMA time series
model to capture the qualitative fluctuation and predict fu-
ture QoS of service activities. The predicted future values
serve as model inputs into a translation model, which maps
WS-BPEL process into general stochastic Petri net. An an-
alytical method based on the derived Petri net is introduced
to predict future system dependability. In the case study
based on experimental results from a real-world WS-BPEL
service process, we conduct a comparative study with tradi-
tional QoS prediction models for service compositions and
show that our framework achieves better accuracy and char-
acterization of QoS fluctuations.
Based on the work of this paper, we are also considering
further studies given as follows.
• Developing tools for automatic translation for reliabil-
ity/dependability computation. It is hoped that a new
tool for automatic Petri-net-translation and reliability
analysis will be realized.
• Introducing methods to predict other metrics such
as performance, mobility, reputation, maintainability,
reusability, etc.
• Developing selection and scheduling algorithms.
Based on our framework, one can easily predict the
dependability of a given composite service process.
However, sometimes we are more interested to know
for a given process definition, how to choose from
many functionally identical but qualitatively different
services, and schedule those chosen services to achieve
the best reliability. We are developing selection and
scheduling algorithms based on our current models.
References
[1] https://www.oasis-open.org/committees/wsbpel/
[2] Gianfranco Balbo, ”Introduction to Generalized
Stochastic Petri Nets”, Proc. 7th International Schoolon Formal Methods for the Design of Computer, Com-munication, and Software Systems, pp. 83-131, May
2007.
[3] Makridakis, S., Wheelwrigth, S. C., and Hyndman,
R. J. : Forecasting methods and applications, Prentice
Hall, 1998, pp. 46-59.
[4] Moser S., Martens A., Gorlach K. Amme, and W.
Godlinski A., ”Advanced verification of distributed
WS-BPEL business processes incorporating CSSA-
based data ow analysis”, Proc. IEEE InternationalConference on Services Computing, pp.9-13, July
2007.
[5] D.G. Malcolm, J.H. Rooseboom, C.E. Clark, W. Fazer
Application of a technique for research and devel-
opment program evaluation, Operations Research, 7
(1959), pp. 646-669
[6] Jorge Cardoso, Amit P. Sheth, John A. Miller,
Jonathan Arnold and Krys Kochut: Quality of service
for workflows and web service processes. J. Web Sem.
1(3): 281-308 (2004)
[7] Michael Gillmann, Gerhard Weikum, Wolfgang Won-
ner: Workflow management with service quality guar-
antees. SIGMOD Conference 2002: 228-239
[8] M.C. Jaeger, G. Rojec-Goldmann, G. Muhl. QoS ag-
gregation for Web service composition using work-
flow patterns, in: Proceedings of IEEE 8th Interna-
tional Conference on Enterprise Distributed Object
Computing (EDOC04), 2004, pp. 149-159
[9] H.C. Wang, C.S. Lee, T.H. Ho, Combining subjective
and objective QoS factors for personalized Web ser-
vice selection, Expert Systems with Applications 32
(2) (2007) 571-584.
[10] San-Yih Hwang, Haojun Wang, Jian Tang, Jaideep
Srivastava: A probabilistic approach to modeling and
estimating the QoS of web-services-based workflows.
Inf. Sci. 177(23): 5484-5503 (2007)
[11] Swapna S. Gokhale, W. Eric Wong, Joseph Robert
Horgan, Kishor S. Trivedi: An analytical approach to
architecture-based software performance and reliabil-
ity prediction. Perform. Eval. 58(4): 391-412 (2004)
[12] Vibhu Saujanya Sharma, Kishor S. Trivedi: Quantify-
ing software performance, reliability and security: An
architecture-based approach. Journal of Systems and
Software 80(4): 493-509 (2007)
[13] Wen-jun Li, Xiao-jun Liang, Hua-mei Song, and
Xiao-cong Zhou, ”QoS-Driven Service Composition
Modeling with Extended Hierarchical CPN”, Proc.IEEE/IFIP Symposium on Theoretical Aspects of Soft-ware Engineering, pp.483-492, June 2007.
[14] PengCheng Xiong, Yushun Fan, and MengChu Zhou,
”QoS-Aware Web Service Configuration”, IEEETransactions on Systems, Man, and Cybernetics, PartA, vol.38, no.4, pp.888-895, July 2008.
[15] Paolo Bocciarelli, and Andrea D’Ambrogio, ”Model-
Driven Performability Analysis of Composite Web
Services”, Proc. Performance Evaluation: Metrics,Models and Benchmarks, SPEC International Perfor-mance Evaluation Workshop, pp.228-246, June 2008.
201
[16] Jiangxia Wu, and Fangchun Yang, ”A Model-Driven
Approach for QoS Prediction of BPEL Processes”,
Proc. International Conference on Service-OrientedComputing, pp.131-140, Dec. 2006.
[17] N. Sato, and Kishor S. Trivedi, ”Stochastic Modeling
of Composite Web Services for Closed-Form Analy-
sis of Their Performance and Reliability Bottlenecks”,
Proc. International Conference on Service-OrientedComputing, pp.107-118, Sep. 2007.
[18] Andrea D’Ambrogio, and Paolo Bocciarelli, ”A
model-driven approach to describe and predict the per-
formance of composite services”, Proc. Workshop ofsoftware performance, pp.78-89, Feb. 2007.
[19] Debdoot Mukherjee, Pankaj Jalote, and Mangala
Gowri Nanda, ”Determining QoS of WS-BPEL Com-
positions”. Proc. International Conference on Service-Oriented Computing, pp.378-393, Dec. 2008.
[20] Yunni Xia, Yi Liu, Ji Liu, Qingsheng Zhu: Modeling
and Performance Evaluation of BPEL Processes: A
Stochastic-Petri-Net-Based Approach. IEEE Transac-
tions on Systems, Man, and Cybernetics, Part A 42(2):
503-510 (2012)
[21] Yunni Xia, Gang Dai, Jia Li, Tianhao Sun, Qingsheng
Zhu: A model-driven approach to predicting depend-
ability of WS-CDL based service composition. Con-
currency and Computation: Practice and Experience
23(10): 1127-1145 (2011)
[22] Dario Bruneo, Salvatore Distefano, Francesco Longo
and Marco Scarpa, ”QoS Assessment of WS-BPEL
Processes through non-Markovian Stochastic Petri
Nets”, Proc. IEEE International Symposium on Par-allel and Distributed Processing, pp.1-12, April 2010.
[23] Swapna S. Gokhale, Kishor S. Trivedi. Reliablity pre-
diction and sensitivity analysis based on software ar-
chitecture. in Proc. 13th IEEE International Sympo-sium on Software Reliability Engineering 2002:64-78
[24] Yajuan Li, Chuang Lin, Quan-Lin Li: A simplified
framework for stochastic workflow networks. Com-
puters and Mathematics with Applications 56(10):
2700-2715 (2008)
[25] Swapna S. Gokhale, Kishor S. Trivedi: Analytical
Models for Architecture-Based Software Reliability
Prediction: A Unification Framework. IEEE Transac-
tions on Reliability 55(4): 578-590 (2006)
[26] Yunni Xia, Hanpin Wang, Wangsen Feng, Yu Huang:
QoS modeling and analysis of component-based soft-
ware systems: a stochastic approach. Concurrency and
Computation: Practice and Experience 20(12): 1359-
1385 (2008)
[27] Jorge Cardoso, Amit P. Sheth, John A. Miller,
Jonathan Arnold, Krys Kochut: Quality of service for
workflows and web service processes. J. Web Sem.
1(3): 281-308 (2004)
202