4944a192

Dependability prediction of WS-BPEL service compositions using Petri net andtime series models∗

Yunni Xia †, Jian Ding, Xin Luo, Qingsheng ZhuSoftware Theory and Technology Chongqing Key Lab, Chongqing University, China, 400030

Abstract

Web services are emerging as a major technology fordeploying automated interactions between distributed andheterogeneous applications. To predict dependability ofcomposite service processes allows service users to decidewhether service process meets quantitative trustworthinessrequirement. Existing contributions for dependability pre-diction simply trust QoS information published in Service-Level-Agreement (SLA) or assume QoS of service activitiesto follow certain assumed distributions. These informa-tion and distributions are used as static model inputs intostochastic process models to obtain analytical results. In-stead, we consider QoS of service activities to be fluctuatingand introduce a dynamic framework to predict runtime de-pendability of service compositions built on WS-BPEL, em-ploying the Autoregressive-Moving-Average Model (ARMA)time series model and general stochastic Petri net model. Inthe case study of a real-world service composition sample,a comparison between existing approaches and our one ispresented and results suggest that our approach achieveshigher prediction accuracy and a better curve-fitting.

1 Introduction

Web Services are interfaces that describe a collection

of operations that are network-accessible through standard-

ized protocols, and whose features are described using a

standard XML-based language. The development of new

services through composition of existing ones has gained

considerable acceptance as a major means to integrate het-

erogeneous industrial applications and to realize B2B e-

commerce collaborations. Service Composition involves

the development of customized services often by discover-

ing, integrating, and executing existing services. One of the

most used and de facto composition standard is WS-BPEL

∗Supported by the NSCF Research Program of China under grant No.

61103036†[email protected]

(Business Process Execution Language for Web Services)

[1]. WS-BPEL employs the orchestration-based pattern that

specifies an executable process that involves message ex-

changes with other systems, such that the message exchange

sequences are controlled by the orchestration designer. WS-

BPEL defines an interoperable integration model that facil-

itates the expansion of automated process integration both

within and between businesses.

When deploying composite services, service providers

often commit service-level agreements (SLAs) with their

customers, which include performance and dependability

related metrics. For example, mean response time and ser-

vice dependability for each incoming request are guaran-

teed. It is therefore natural to directly trust and use SLA

parameters specified or QoS published by service providers

as model inputs to predict dependability of service compo-

sitions. However, SLA only provides a promised level that

QoS of services are supposed to achieve. This promised

level is unsuitable to be used as a direct barometer of actual

run-time QoS , which constantly fluctuates due to the dy-

namicness of environment (internet congestion, unexpected

connection latency, resource contention, etc.)

Some other contributions simply adopt the average-

based strategy in building architecture-based dependability

models. These studies share a common idea that they all

try to fit historical QoS data of activities into assumed dis-

tributions (deterministic, exponential, geometrical, or gen-

eral distributions) and employ these obtained distributions

as the model input into the static stochastic models (continu-

ous Markovian model, discrete Markovian model, or PERT

(Program Evaluation and Review Technique, [5]) mode,

etc.) to obtain the predicted dependability.

In general, both SLA-based and the architecture-based

models employ a static-model-input assumption. This

assumption ignores the run-time fluctuation of service

dependability and dynamicness of runtime environment.

Thus, one may find innegligible errors between the results

derived from these models and the actual runtime depend-

ability. Our aim in this paper is therefore the development of

a dynamic dependability prediction approach for WS-BPEL

processes, with special attention to the modeling of compo-

2013 IEEE Seventh International Symposium on Service-Oriented System Engineering

978-0-7695-4944-6/12 $26.00 © 2012 IEEE

DOI 10.1109/SOSE.2013.8

192

sitional patterns and dynamicness of service dependability

in runtime environment. The main innovation includes a

translation from WS-BPEL to the general stochastic Petri

net (GSPN for short) and an analytical dependability pre-

diction method based on the ARMA time-series model. In

the case study, we obtain experimental dependability data

of actual WS-BPEL processes and conduct a comparative

study. The comparison suggests that our dynamic predic-

tion model achieves higher prediction accuracy than exist-

ing approaches.

2 Related work

During the last decade, the QoS of web services and ser-

vice compositions has received a lot of attention in the re-

search community. Various studies discussed how to spec-

ify and estimate the QoS of composite web services ef-

fectively based on the aggregations of the QoS of its con-

stituent service activities or tasks. Various contributions

([6][7][8][9]) assume that each service activity has a deter-

ministic dependability and these deterministic value can be

easily derived from corresponding SLA documents. This

assumption simplifies the calculation of QoS. In this case,

a composite service can be modeled as a static PERT (Pro-

gram Evaluation and Review Technique, [5]) network with

deterministic edges and the service completion time can be

easily calculated as the longest execution path of the PERT

network. However, the assumption of deterministic depend-

ability is rarely satisfied in practice. This is because quali-

tative measures of web services are intrinsically probabilis-

tic. For instance, the response time for invoking a remote

service is usually probabilistic and depends on various un-

certain factors as the connection bandwidth, the stability of

remote connection, the load level of such service, the pos-

sibility of SOAP message loss, the existence of extra-long

delay, etc.

Instead of deterministic dependability, probabilistic and

stochastic models for dependability analysis are also intro-

duced. These approaches are based on the architecture-

based-software-reliability theories [23] and interpret con-

trol flow of service execution as stochastic processes. From

the architectural view, system dependability is decided by

the compositional pattern of activities, probabilistic distri-

butions of dependability of service activities, and branching

probabilities of nondeterministic constructs.

[10] is the seminal work in the literature of this kind.

This work extends the Structural-Workflow-Reduction

(SWR) models in [27] into the stochastic case. The cal-

culation repeatedly applies a reduction on various con-

structs (i.e., sequence, parallelism, selection, loop, and

fault-tolerance) until only one atomic task remains. This

study is for a general model of service compositions and is

not intended for any specific service composition standard.

Similar studies can be found in [15] and [16].

Recently, some architecture-based approaches dedicated

for WS-BPEL are also introduced. [13] proposes a method

to interpret BPEL descriptions into stochastic Petri net and

derives dependability estimates. However, its interpretation

method is coarse-grained and only considers sequential and

parallel patterns. Similar studies based on stochastic col-

ored Petri net can be found in [14].

[17] and [18] propose a translation method to map

BPEL-based service composition into CTMC chain and

derives closed form estimates of service completion dura-

tions. However, the translation only considers < switch >,

< while > and < flow > activities. A similar but better

approach is proposed in [19], where all structural activities

are modeled and analyzed.

Our earlier studies in [20][21] introduce translation-

based approaches to evaluating QoS of WS-BPEL and WS-

CDL processes. They are based on a series of translation

rules to map compositional patterns into QoS-equivalent

Petri nets.

[22] presents a translation from BPEL into SPN and an-

alyzes its dependability. Its translation covers all process

level elements of WS-BPEL. Its results are obtained in a

approximate way using WEBSPN tool (WEBSPN is based

on a discrete time approximation where continuous distribu-

tional functions are simplified through a discrete sampling

technique).

Although the assumption of probabilistic distribution

provides a more refined characterization of real dependabil-

ity of services than that of deterministic variables and ex-

ponential variables, it still has limitations. In deriving the

probability-distributional-functions (PDF) of QoS of ser-

vice activities, above studies simply employ the historical

empirical distribution as the actual PDF and assume such

PDF is capable of characterize even the future changes of

service dependability. In doing so, the cumulative ratio or

density of equaling a certain value is considered to be the

future rate of equaling such value, while ignoring the trend

and seasonality by which the historical dependability val-

ues increase or decrease. For example, the empirical PDF

of dependability of a service task may suggest a normal dis-

tribution. However, the empirical PDF may fails in captur-

ing the fact that the density of dependability value being low

increases, probably caused by the deteriorating connectivity

of network. By contrast, a time series analysis may reveal

the up-going trend and suggest a tailed distribution. In this

case, only a time-series-based prediction of future depend-

ability guarantees the correctness and accuracy.

193

3 Preliminaries

3.1 WS-BPEL

WS-BPEL [1] is an XML-based language that is stan-

dardized by OASIS to orchestrate multiple Web services for

building complex business processes. A WS-BPEL process

is composed of various activities including basic activities

and structured activities. The basic activities describe the el-

emental steps of business process behavior, such as receive,

reply, invoke, and assign. On the other hand, the structured

activities, such as sequence, flow, if, and while, encode the

control logic of a process and contain other basic and/or

structured activities recursively.

The structured activities are similar to the control con-

structs in the programming languages. For example, the

activities contained within a sequence structure will be ex-

ecuted sequentially. The activities contained within a flow

structure will be executed concurrently. In particular, the

synchronization among the concurrent activities within a

flow structure is provided using links. Each link connects a

source activity to a target activity and has an associated tran-

sition condition (a Boolean XPath expression). The transi-

tion condition determines whether a link is followed dur-

ing runtime. If the transition condition is not specified, the

value of the link is defined to be true and the link will be

followed.

3.2 General Stochastic Petri net

The General Stochastic Petri net (GSPN) is an extension

of Petri net, which is a graphical and mathematical tool used

for modeling and analyzing of the concurrent, parallel, syn-

chronous and asynchronous systems. The formal definitions

of Petri nets and GSPN are given as follows.

A Petri net (PN) is a quadruple (P, T, F,M0), where

P = {p1, p2..pk} is a finite set of places,T = {t1, t2..tm}is a finite set of transitions, F ⊆ (P ∗ T ) ∪ (T ∗ P ) is

a set of directed arcs and M0 = {m01,m02, ..m0k} is an

initial marking. The sets of input and output places for tran-

sition t are denoted by ∗t and t∗, respectively. The input

and output transitions for place p are denoted by ∗p and p∗.In a GSPN [2], we distinguish two different kinds of tran-

sitions, the timed (in blank) and immediate transitions (in

black color). The immediate transitions are combined with

firing probabilities and the timed transitions are combined

with an exponential firing rate.

3.3 The ARMA model

ARMA [3] model is a class of stochastic processes used

to analyze time series. The application of the ARMA

methodology for the study of time series analysis is due

to Box and Jenkins. ARMA models of order (p, q) can

be viewed as linear filters from the point of view of digi-

tal signal processing. The time structure of these filters is

the following models:

Zt = c+φ1Zt−1+ ...+φpZt−p−θ1εt−1− ...−θqεt−q+εt(1)

where c is a constant, p is the number of autoregres-

sive orders, q is the number of moving average orders, Z1,

Z2,....Zt−1 is observation at time t, Zt is the variable to

be predicted using previous samples of the time series, and

εt, εt−1,...,εt−q is a discrete white noise with zero mean

and variance. Four iterative steps must be followed in or-

der to construct ARMA(p, q) models as below: a) Series

stationarity; b) Model identification; c) Optimization and

selection; d) Model diagnostic checking.

4 Model translation of WS-BPEL

In this section, we provide translation rules to map BPEL

into GSPN. Since the syntax of BPEL is too vast, we restrict

it to a subset, only considering the elements directly related

with the flow of activity execution and the main aspects of

service composition. This translation captures the visible

behavior of the participants of a service composition and

their interactions.

4.1 Translation of basic activities

We start the translation with the basic activity. A basic

activity (like, for example, < invoke >, < assign >, <validate >, < empty >, and wait) is atomic and does not

contain any other activity.

Among those activities, only < invoke > is related to

the interaction with external services. < invoke > provides

the basic mechanism of remote invocation of external ser-

vices (specified in the corresponding WSDL documents).

A boolean join condition can be associated with this activ-

ity to determine whether the invocation is allowed. If the

condition evaluates to true, the invoking process sends the

SOAP message to the destination service with the request

and waits until a reply is received or a timeout has fired.

After a successful SOAP reply is received before the expi-

ration of the timer, the execution of the < invoke > activ-

ity is completed successfully. Since the SOAP connection

is subject to message loss and unexpected message delay,

< invoke > is considered to be unreliable and a SOAP

failure probability is supposed to be associated.

According to the discussion above, the < invoke > ac-

tivity is translated into the GSPN model given in Fig.1. In

this figure, the started and completed places indicate the

initial and completed states of the process, respectively. The

d invokee timed transition denotes the duration needed to

194

s t a r t e d

c o m p l e t e d

s o a p _ f f a i l e d

e x e c u t i o n _ d

t i m e r e x p i r e d

f i n i s h e d

a c t i v a t e d

t i m e o u t

i v k

c o m p l e t e

i v k _ f

d t e 1d t e 2

t i m e l y

Figure 1. Translation of the < invoke > activity

< a s s i g n > , < v a l i d a t e > , < e m p t y >

c o m p l e t e d s t a r t e d

< w a i t >

c o m p l e t e d s t a r t e d

Figure 2. Translation of other ba-sic activities

establish a successful SOAP connection with the operation

defined in the WSDL specification. timer denotes the time-

out duration. The j failure transition captures the fail-

ure of the join condition. Because the SOAP connections

are prone to failure (caused by message loss, for instance),

the soap err transition is used to capture the SOAP fail-

ure and it directly marks fault (in gray) to indicate the un-

successful invocation. If no SOAP failure occurs and the

SOAP delay exceeds the timeout duration, the invocation of

the WSDL operations is prevented and the fault place is

marked. Otherwise, the timeout transition is prevented and

the invocation of the external operations is permitted and

the finished place is marked. In this case, the operations

which implements the atomic process can either be faulty

(by firing the ivk f transition and marking the fault place)

or successful (by firing the complete transition and mark-

ing the completed place). Note that the dte1 and dte2 (dtestands for dead-token-elimination) transition ensure that no

dead token exists when the atomic process normally com-

pletes or fails.

< assign >, < validate >, < empty > and < wait >activities are used to assign values to variables, to validates

the state of variables, to do nothing and to wait for a period

of time. Those basic activities are relatively simple and con-

sidered to be faultless because they are locally carried out

and requires no connection with external services and need

no message receipt or sending. Moreover, the execution du-

ration for < assign >, < validate > and < empty >are considered to be negligible. Translation rules for those

activities are therefore given in Fig.2.

4.2 Translation of structural activities

We start this section by giving the translation rule of

< sequence >. Activities embedded in a < sequence >activity are executed sequentially. Figure.3 shows the corre-

sponding pattern. For simplicity, the sample in the figure is

assumed to have only two included inner activities, namely

A1 and A2 (can be basic activity or structured activities).

The activities inside a < flow > activity are executed

concurrently. The translation rule is given in Fig.4.

< switch > and < pick > activities both support con-

ditional routing between included activities but they are ac-

tually different in the way of branch decision. Each branch

of switch is associated with a local condition and branch

decision is totally driven by local variables or computa-

tion. Conditional selection of branches is modeled in a

probabilistic manner through a XOR-SPLIT manner. Each

branch is associated with a selection probability for further

dependability analysis.

On the other hand, each branch of < pick > activity can

associate an < onMessage > action to wait for a specific

message or an < onAlarm > action to wait for a period

of time, before included activity in the branch can really

start execution. It waits for exactly one message (through

an < onMessage > activity) or alarm event (through an

< onAlarm > activity)to occur. For each of the events

an activity is associated which is executed if the corre-

sponding event occurs. Based on the difference mentioned

above, translation rules of the two activities are given in

Fig.5 and Fig.6, respectively. Note that, it is assumed that

the < pick > example has an < onMessage > branch

(A1) and an < onAlarm > branch (A2). Similar to Fig.1

timed transition soap ok denotes the duration to success-

fully receive SOAP message, immediate transition sopa errdenotes SOAP error (due to message loss or unexpected

message delay). Timed transition wait denotes the waiting

duration of < onAlarm > (note that, since onAlarm re-

quires external SOAP messages, it is considered to be with-

out fault).

Fig.7 illustrates the translation rule for < if > activ-

ity. The < if > activity consists of a list of conditions and

195

A1s t a r t e d 1

c o m p l e t e d 1

f a u l t 1

A2s t a r t e d 2

c o m p l e t e d 2

f a u l t 2

s t a r t e d

f a u l t

Figure 3. Translation of the < sequence > activ-ity

A1s t a r t e d 1c o m p l e t e d 1

f a u l t 1

A2 c o m p l e t e d 2

f a u l t 2

s t a r t e d c o m p l e t e d

f a u l t s t a r t e d 2

Figure 4. Translation of the < flow > activity

A1s t a r t e d 1

c o m p l e t e d 1

f a u l t 1

A2s t a r t e d 2f a u l t 2

s t a r t e d

c o m p l e t e d

f a u l t

Figure 5. Translation of the < switch > activity

A1s t a r t e d 1c o m p l e t e d 1

f a u l t 1

A2s t a r t e d 2

c o m p l e t e d 2

f a u l t 2

s t a r t e d

c o m p l e t e d

f a u l t

s o a p _ o k

s o a p _ e r r

Figure 6. Translation of the < pick > activity

A1s t a r t e d 1

f a u l t 1

A2s t a r t e d 2f a u l t 2


f a u l t

i f

e l s e i f

A3f a u l t 3

s t a r t e d 3

e l s e

Figure 7. Translation of the if activity

list of activities. The conditions are checked sequentially.

If a condition evaluates to true, the corresponding activity

is executed and, after that activity finishes, completes the

< if > activity. The if activity encloses at least one ac-

tivity, an arbitrary number of < elseif > branches, and an

optional < else > branch. The conditions of the mandatory

activity and those of the < elseif > branches are checked

sequentially.

< while > and < repeatUntil > support repeated

execution of an embedded activity. Whereas the embed-

ded activity of the while activity is repeatedly executed

while a given expression holds, the activity embedded in the

< repeatUntil > activity is executed until an expression

holds. Consequently, inner activity in < while > can be

skipped (the condition initially evaluates to false) whereas

the inner activity in < repeatUntil > is executed at least

once. Translation rules for the two activity are illustrated in

Fig.8 and Fig.9.

The < forEach > activity allows to parallel or sequen-

tially process several instances of an embedded scope ac-

tivity. An integer counter is defined which is running from

a specified start counter value to a specified final counter

value (can be derived using static analysis on XPATH ex-

pressions [4]). The enclosed scope activity is then exe-

cuted according to the range of the counter sequentially or

in parallel. Since translation rules for sequential and parallel

< forEach > are very similar to those of < sequence >and < parallel >, they are omitted here.

5 Translating a WS-BPEL example

Based on the translation rules given above, this section

shows how a real-world WS-BPEL sample can be translated

into Petri nets. The sample is a purchase management pro-

cess and its structure is illustrated in Fig.10. The process

includes 8 < invoke > activities and is organized through

< sequence >, < flow >, < switch > and < while >constructs.

Based on the translation rules given in the previous sec-

tion, the sample can be mapped into the Petri net represen-

tation in Fig.11.

196

A1s t a r t e d 1

c o m p l e t e d 1

f a u l t 1

s t a r t e d

f a u l t

b a c k

s k i p

Figure 8. Translation of the < while > activity

A1s t a r t e d 1

c o m p l e t e d 1

f a u l t 1


f a u l t

s k i p

b a c k

Figure 9. Translation of the < repeatuntil > ac-tivity

S h o p s e l e c t i o n ( P 1)

s t a r t

< w h i l e > < s e q u e n c e >

P r o d u c t s V i e w i n g ( P 2)

P r o d u c t s S e l e c t i o n ( P 3 )

C o u n t i n g ( P 4)

< f l o w >

I n v e n t o r y c h e c k ( P 5)

< s e q u e n c e >

E l e c t r o n i c p a y m e n t

( P 6)

C a s h p a y m e n t

( P 7)

< s w i t c h >

S h i p p i n g m a n a g e m e n t ( P 8)

e n d

Figure 10. The purchase management process

d_invokee1

d_invokee2

d_invokee3

d_invokee4

d_invokee5

d_invokee6

d_invokee7

d_invokee8

soap_err1

soap_err2

soap_err3

soap_err4

soap_err5

soap_err6

soap_err7

soap_err8

j_failure1

j_failure2

j_failure3

j_failure4

j_failure5

j_failure6

j_failure7

j_failure8

ivk_f1

ivk_f2

ivk_f3

ivk_f4

ivk_f5

ivk_f6

ivk_f7

ivk_f8

Figure 11. The derived GSPN model

197

6 Predicting the firing rates and firing prob-abilities of the < invoke > activity

As discussed earlier, the < invoke > activity provides

the basic mechanism of service invocation and composition.

To predict the dependability of this activity, we first have to

predict the firing delays of its timed transitions and firing

probabilities of its immediate transitions.

Timed transitions correspond to two kinds of opera-

tions in the < invoke > activity, namely the timeout op-

eration and operations of executing invoked services (the

d invokee transition). The former always have invariable

delays (prescribed by system settings) and the latter usually

have nondeterministic delays. Instead of the static evalua-

tion of model inputs, we dynamically fit the historical data

of these nondeterministic delays into a time-series model

and predict the future firing rates using the ARMA method.

The prediction is implemented as follows.

For any d invokee transition, its empirical firing rate at

time t, can be obtained as

fr(t) =N∑

1≤i≤N,i∈N dl(t+ (i− 1)× intv)(2)

where dl(t) denotes measured execution duration for ex-

ternal service invocation at time t, N denotes the num-

ber of test samples with the time window, intv denotes

the time interval of samples. This equation suggests that

the firing rate can be calculated as the reciprocal of the

mean of the N delay samples within the time window of

[t, t+ (N − 1)× intv′].Thus, the firing rates measured at different times can be

described as a sequence of data with equal time intervals

FRt =

{fr(t− (p− 1)× intv), fr(t− (p− 2)× intv), ...., fr(t)}(3)

where p is the volume of the time-series, intv is the interval

of the time-series.

The prediction of the firing probabilities of the

j failure, soap err and ivk f immediate transitions are

carried out similarly and are therefore omitted for brevity.

7 Dependability predictionDependability is defined by IFIP WG-10.4 as ”the trust-

worthiness of a computing system which allows reliance to

be justifiably placed on the service it deliver”. For software

systems, there is no dependability definition universally ac-

cepted and employed. Dependability is often regarded as a

property or possibility for complex software systems to re-

main functionally normal when running or to successfully

accomplish a given task.

To study the dependability of ontology-based service

compositions, we borrow concepts from the architecture-

based-software-reliability theory [11]-[12], where the relia-

bility block diagrams (RBD) are often employed as a rep-

resentation of system architectures and quantitative model.

The elementary configurations of a RBD include the se-

quential, selective, repetitive and parallel routing patterns.

The dependability of the software architecture is therefore

decided by both dependabilities of individual activities and

the compositional patterns by which activities are orga-

nized. As for service compositions, we simply consider

the atomic processes in WS-BPEL processes as activities in

the RBD block diagrams. That is to say, the dependability

of the composite service is decided by both dependabilities

of individual atomic processes and their compositional pat-

terns. This allows us to view a composite service as a com-

bination of independent activities, which can be tackled and

analyzed in a decomposed manner.

We use process-normal-completion-probability

(PNCP ) as the metric of dependability. From the

GSPN view, PCNP denotes the probability that the

completed place of the outer-most process is marked and

no fault place is marked.

To calculate PNCP , we first have to calculate depend-

ability of < invoke > activity. Let P{fault} denote the

probability that place fault in Fig.1 is marked, the depend-

ability of the atomic process, DAP , can therefore be calcu-

lated as

DAP = 1− P{fault} (4)

According to earlier discussions, the fault place in Fig.1

can be marked for four reasons, namely the join failure

(by firing immediate transition j failure), the SOAP error

(by firing immediate transition soap err), the triggering of

timeout (by firing timeout), and faults of invoked external

services (by firing ivk f ). P{fault} is therefore calculated

as

P{fault} =pe(j failure) + (1− pe(j failure))pe(soap err)

+ (1− pe(j failure))(1− pe(soap err))× PTE

+ (1− pe(j failure))(1− pe(soap err))

× (1− PTE)× pe(ivk f)

(5)

where pe(j failure), pe(soap err) and pe(ivk f) denote

the predicted probabilities of firing j failure, soap err and

ivk f , respectively. PTE denotes the probability of trig-

gering timeout. PTE is calculated as

rob{to < delayi} ≈ e−fr(t)×to (6)

where to denotes the timeout threshold and fr(t) denotes

the predicted firing rate of the d invokee timed transition at

time t.

198

0 10 20 30 40 50 60 70 802

3

4

5

6

7

8

91st <invoke>2nd <invoke>3rd <invoke>4th <invoke>

Figure 12. Series of firing delays ofd invokee1−4

0 10 20 30 40 50 60 70 803.2

3.4

3.6

3.8

4

4.2

4.4

4.6

4.8

5

5.2

5th <invoke>6th <invoke>7th <invoke>8th <invoke>

Figure 13. Series of firing delays ofd invokee5−8

0 10 20 30 40 50 60 70 800.01

0.012

0.014

0.016

0.018

0.02

0.022


Figure 16. Series of failure rates of ivk f1−4

As mentioned before, < assign >, < wait >, <empty > and < validate > are considered to be faultless.

There dependabilities are therefore 1.

Dependability calculation of composite processes is eas-

ier. For example, the dependability of < sequence > activ-

ity in Fig.3, DSE, is

DSE = D1 ×D2 (7)

where D1,2 denote dependability of sub-activities A1,2.

Note that this equation also applies to the < flow >,< forEach > activities.

The dependability of the < if > activity, DIF , is de-

cided by dependabilities of its two branches and the proba-

bility for the associated boolean condition to be true. DIFis therefore calculated as the weighted dependabilities of

its branches. Note that this equation also applies to the

< switch > and < pick > activities.

DIF =

pe(branch1)×D1 + pe(branch2)×D2...

+ pe(branchn)×Dn

(8)

0 10 20 30 40 50 60 70 800.01

0.015

0.02

0.025


Figure 17. Series of failure rates of ivk f5−8

The dependability calculation of < while > activity

needs more effort. Their dependabilities are decided by

the dependability of the embedded activity and the num-

ber of repetitive executions. Let NRE denote the number

of repetitive cycles to achieve completion (by marking the

completed place in Fig.8), we have that the dependability

for < while >, DW , is calculated as the total probability

of

DW =∑

0≤i≤∞Di

1 × Prob{NRE = i} (9)

where Prob{NRE = i} denotes the probability that NREequals i. Since the theoretical distribution of NRE is dif-

ficult to evaluate (some studies suggest that the probability

of skipping repetition when every iteration ends can be ap-

proximately seen stable and the number of repetitive cycles

therefore follows the geometrical distribution and employ

the expectation of geometrical distribution in evaluating the

QoS of repetitive constructs, e.g., [24][25][26][27]), we can

approximately calculate Prob{NRE = i} as the occur-

rence rate of NRE equaling i based on the experimental

test or historical runtime logs. That is

Prob{NRE = i} ≈ frq(NRE equaling i)

NT(10)

199

0 10 20 30 40 50 60 70 800.01

0.015

0.02

0.025

0.03

0.035

0.04

0.045

0.05


Figure 14. Series of failure rates ofSOAP err1−4

0 10 20 30 40 50 60 70 800.01

0.015

0.02

0.025


Figure 15. Series of failure rates ofSOAP err5−8

where frq(NRE equaling i) denote the frequency of the

event of NRE equaling i and NT denotes the number of

experimental trials.

As discussed earlier, the < until > activity also sup-

ports the repetitive execution. However, it differs from

< while > because it tests the loop condition after the first

round of the execution of A1 finishes. That is to say that

the total round of executing A1 is the number of repetitive

execution of A1, NRE, plus the inevitable first round.

RRW =∑

0≤i≤∞Di+1

1 × Prob{NRE = i} (11)

Based on analysis above, the dependability of the entire

WS-BPEL process, PNCP , can therefore be calculated as

the dependability of the outermost activity.

8 Experiments and validation

To prove the feasibility and accuracy of our prediction

model, we conduct a case study based on the WS-BPEL

sample of Fig.10. The sample is executed using the Ac-tive BPEL engine and the runtime QoS data are collected

through the log files of the engine.

The WS-BPEL sample includes eight atomic <invoke > activities, which are responsible for remote in-

vocation of external services. For time-series-based analy-

sis, we obtain the series of SOAP delays for external ser-

vice invocation of the eight < invoke > activities, which

correspond to the firing delay series of the d invokee1−8

transitions in Fig.11. These series are illustrated in Fig.12-

13. The intervals for these series is 250ms. The timeout

threshold for all invoke activities is 800ms.

We also obtain the series of the probabilities of SOAP

failures and invocation failures, which correspond to the fir-

ing probabilities of the soap err1−8 and ivk f1−8 imme-

diate transitions. These series are illustrated in Fig.14-17.

0 10 20 30 40 50 60 70 800.75

0.76

0.77

0.78

0.79

0.8

0.81

0.82

0.83

0.84

0.85Real reliabilitiesARMA−based Predicted reliabilitiesArchitecture−based predicted reliabilities

Figure 18. The comparison of prediction re-sults

Note that the join conditions for the sample always evaluate

to true. pe(j failure1−8) are therefore always 0.

Using the Petri-net-based prediction model , we can pre-

dict the future DWP of the sample process. The predicted

DWP results are compared with the actual probabilities of

normal completion and the architecture-based prediction re-

sults in Fig.18. As can be seen, our approach achieves better

curve-fitting than the traditional the architecture-based pre-

diction model.

9 Conclusions

In this manuscript, we present a comprehensive depend-

ability prediction framework for WS-BPEL service compo-

200

sitions. This framework employs the ARMA time series

model to capture the qualitative fluctuation and predict fu-

ture QoS of service activities. The predicted future values

serve as model inputs into a translation model, which maps

WS-BPEL process into general stochastic Petri net. An an-

alytical method based on the derived Petri net is introduced

to predict future system dependability. In the case study

based on experimental results from a real-world WS-BPEL

service process, we conduct a comparative study with tradi-

tional QoS prediction models for service compositions and

show that our framework achieves better accuracy and char-

acterization of QoS fluctuations.

Based on the work of this paper, we are also considering

further studies given as follows.

• Developing tools for automatic translation for reliabil-

ity/dependability computation. It is hoped that a new

tool for automatic Petri-net-translation and reliability

analysis will be realized.

• Introducing methods to predict other metrics such

as performance, mobility, reputation, maintainability,

reusability, etc.

• Developing selection and scheduling algorithms.

Based on our framework, one can easily predict the

dependability of a given composite service process.

However, sometimes we are more interested to know

for a given process definition, how to choose from

many functionally identical but qualitatively different

services, and schedule those chosen services to achieve

the best reliability. We are developing selection and

scheduling algorithms based on our current models.

References

[1] https://www.oasis-open.org/committees/wsbpel/

[2] Gianfranco Balbo, ”Introduction to Generalized

Stochastic Petri Nets”, Proc. 7th International Schoolon Formal Methods for the Design of Computer, Com-munication, and Software Systems, pp. 83-131, May

2007.

[3] Makridakis, S., Wheelwrigth, S. C., and Hyndman,

R. J. : Forecasting methods and applications, Prentice

Hall, 1998, pp. 46-59.

[4] Moser S., Martens A., Gorlach K. Amme, and W.

Godlinski A., ”Advanced verification of distributed

WS-BPEL business processes incorporating CSSA-

based data ow analysis”, Proc. IEEE InternationalConference on Services Computing, pp.9-13, July

2007.

[5] D.G. Malcolm, J.H. Rooseboom, C.E. Clark, W. Fazer

Application of a technique for research and devel-

opment program evaluation, Operations Research, 7

(1959), pp. 646-669

[6] Jorge Cardoso, Amit P. Sheth, John A. Miller,

Jonathan Arnold and Krys Kochut: Quality of service

for workflows and web service processes. J. Web Sem.

1(3): 281-308 (2004)

[7] Michael Gillmann, Gerhard Weikum, Wolfgang Won-

ner: Workflow management with service quality guar-

antees. SIGMOD Conference 2002: 228-239

[8] M.C. Jaeger, G. Rojec-Goldmann, G. Muhl. QoS ag-

gregation for Web service composition using work-

flow patterns, in: Proceedings of IEEE 8th Interna-

tional Conference on Enterprise Distributed Object

Computing (EDOC04), 2004, pp. 149-159

[9] H.C. Wang, C.S. Lee, T.H. Ho, Combining subjective

and objective QoS factors for personalized Web ser-

vice selection, Expert Systems with Applications 32

(2) (2007) 571-584.

[10] San-Yih Hwang, Haojun Wang, Jian Tang, Jaideep

Srivastava: A probabilistic approach to modeling and

estimating the QoS of web-services-based workflows.

Inf. Sci. 177(23): 5484-5503 (2007)

[11] Swapna S. Gokhale, W. Eric Wong, Joseph Robert

Horgan, Kishor S. Trivedi: An analytical approach to

architecture-based software performance and reliabil-

ity prediction. Perform. Eval. 58(4): 391-412 (2004)

[12] Vibhu Saujanya Sharma, Kishor S. Trivedi: Quantify-

ing software performance, reliability and security: An

architecture-based approach. Journal of Systems and

Software 80(4): 493-509 (2007)

[13] Wen-jun Li, Xiao-jun Liang, Hua-mei Song, and

Xiao-cong Zhou, ”QoS-Driven Service Composition

Modeling with Extended Hierarchical CPN”, Proc.IEEE/IFIP Symposium on Theoretical Aspects of Soft-ware Engineering, pp.483-492, June 2007.

[14] PengCheng Xiong, Yushun Fan, and MengChu Zhou,

”QoS-Aware Web Service Configuration”, IEEETransactions on Systems, Man, and Cybernetics, PartA, vol.38, no.4, pp.888-895, July 2008.

[15] Paolo Bocciarelli, and Andrea D’Ambrogio, ”Model-

Driven Performability Analysis of Composite Web

Services”, Proc. Performance Evaluation: Metrics,Models and Benchmarks, SPEC International Perfor-mance Evaluation Workshop, pp.228-246, June 2008.

201

[16] Jiangxia Wu, and Fangchun Yang, ”A Model-Driven

Approach for QoS Prediction of BPEL Processes”,

Proc. International Conference on Service-OrientedComputing, pp.131-140, Dec. 2006.

[17] N. Sato, and Kishor S. Trivedi, ”Stochastic Modeling

of Composite Web Services for Closed-Form Analy-

sis of Their Performance and Reliability Bottlenecks”,

Proc. International Conference on Service-OrientedComputing, pp.107-118, Sep. 2007.

[18] Andrea D’Ambrogio, and Paolo Bocciarelli, ”A

model-driven approach to describe and predict the per-

formance of composite services”, Proc. Workshop ofsoftware performance, pp.78-89, Feb. 2007.

[19] Debdoot Mukherjee, Pankaj Jalote, and Mangala

Gowri Nanda, ”Determining QoS of WS-BPEL Com-

positions”. Proc. International Conference on Service-Oriented Computing, pp.378-393, Dec. 2008.

[20] Yunni Xia, Yi Liu, Ji Liu, Qingsheng Zhu: Modeling

and Performance Evaluation of BPEL Processes: A

Stochastic-Petri-Net-Based Approach. IEEE Transac-

tions on Systems, Man, and Cybernetics, Part A 42(2):

503-510 (2012)

[21] Yunni Xia, Gang Dai, Jia Li, Tianhao Sun, Qingsheng

Zhu: A model-driven approach to predicting depend-

ability of WS-CDL based service composition. Con-

currency and Computation: Practice and Experience

23(10): 1127-1145 (2011)

[22] Dario Bruneo, Salvatore Distefano, Francesco Longo

and Marco Scarpa, ”QoS Assessment of WS-BPEL

Processes through non-Markovian Stochastic Petri

Nets”, Proc. IEEE International Symposium on Par-allel and Distributed Processing, pp.1-12, April 2010.

[23] Swapna S. Gokhale, Kishor S. Trivedi. Reliablity pre-

diction and sensitivity analysis based on software ar-

chitecture. in Proc. 13th IEEE International Sympo-sium on Software Reliability Engineering 2002:64-78

[24] Yajuan Li, Chuang Lin, Quan-Lin Li: A simplified

framework for stochastic workflow networks. Com-

puters and Mathematics with Applications 56(10):

2700-2715 (2008)

[25] Swapna S. Gokhale, Kishor S. Trivedi: Analytical

Models for Architecture-Based Software Reliability

Prediction: A Unification Framework. IEEE Transac-

tions on Reliability 55(4): 578-590 (2006)

[26] Yunni Xia, Hanpin Wang, Wangsen Feng, Yu Huang:

QoS modeling and analysis of component-based soft-

ware systems: a stochastic approach. Concurrency and

Computation: Practice and Experience 20(12): 1359-

1385 (2008)

[27] Jorge Cardoso, Amit P. Sheth, John A. Miller,

Jonathan Arnold, Krys Kochut: Quality of service for

workflows and web service processes. J. Web Sem.

1(3): 281-308 (2004)

202

4944a192

Documents

Transcript of 4944a192