Download - Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)
![Page 1: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/1.jpg)
Sylvain Hallé
Sylvain Hallé
Model-Based Simulation of SOAP WebServices From Temporal Logic Specifications
Université du Québec à ChicoutimiCANADA
NOSHOW
Fonds de recherchesur la natureet les technologies
CRSNGNSERC
![Page 2: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/2.jpg)
Sylvain Hallé
A motivating scenario
SHOW
![Page 3: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/3.jpg)
Sylvain Hallé
A motivating scenario
$
NOINC
![Page 4: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/4.jpg)
Sylvain Hallé
A motivating scenario
?
NOINC
![Page 5: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/5.jpg)
Sylvain Hallé
?
A motivating scenario
NOINC
![Page 6: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/6.jpg)
Sylvain Hallé
!
A motivating scenario
NOINC
![Page 7: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/7.jpg)
Sylvain Hallé
!
?
A motivating scenario
NOINC
![Page 8: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/8.jpg)
Sylvain Hallé
!
?
A motivating scenario
NOINC
Web service Web client
Interaction
![Page 9: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/9.jpg)
Sylvain Hallé
A motivating scenario
NOINC
![Page 10: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/10.jpg)
Sylvain Hallé
We want to do, as automatically as possible...
A motivating scenario
...impersonate the client, send test sequences to the service
?Check if service does whatwe expect/understand
...impersonate the service, generate responses to the client
?Environment closedÞ model checking possible
DRIVER STUB
SHOW
![Page 11: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/11.jpg)
Sylvain Hallé
Some reasons for creating a stub:
·Test a cilent under development,without performing real actions onthe actual service
·Provide a closed environment for model checking
·Alternative to sandboxes: the stub's responses areunder the developer's control
A motivating scenario
STUB
SHOW
![Page 12: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/12.jpg)
Sylvain Hallé
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456 789
</CartID>
<ItemID> </ItemID><ItemID> </ItemID><ItemID> </ItemID>
...
Request message in format:
· Nested elements · Many occurrences of the same element name · Flexible structure
XML
SHOW
![Page 13: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/13.jpg)
Sylvain Hallé
Requests and responses form a
...
transaction
A SOAP web service
SHOW
![Page 14: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/14.jpg)
Sylvain Hallé
<ItemSearch>
</ItemSearch> <Term>abc</Term>
A SOAP web service
Requests and responses form a
...
transaction
NOINC
![Page 15: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/15.jpg)
Sylvain Hallé
<ItemSearch>
</ItemSearch> <Term>abc</Term>
<ItemSearchResponse>
</ItemSearchResponse>
<Items>
</Items>
123 456<ItemID> </ItemID><ItemID> </ItemID>
...
A SOAP web service
Requests and responses form a
...
transaction
NOINC
![Page 16: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/16.jpg)
Sylvain Hallé
<ItemSearch>
</ItemSearch> <Term>abc</Term>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456 789
</CartID>
<ItemID> </ItemID><ItemID> </ItemID><ItemID> </ItemID>
...
<ItemSearchResponse>
</ItemSearchResponse>
<Items>
</Items>
123 456<ItemID> </ItemID><ItemID> </ItemID>
...
A SOAP web service
Requests and responses form a
...
transaction
NOINC
![Page 17: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/17.jpg)
Sylvain Hallé
<ItemSearch>
</ItemSearch> <Term>abc</Term>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456 789
</CartID>
<ItemID> </ItemID><ItemID> </ItemID><ItemID> </ItemID>
...
<ItemSearchResponse>
</ItemSearchResponse>
<Items>
</Items>
123 456<ItemID> </ItemID><ItemID> </ItemID>
...
A SOAP web service
Requests and responses form a
...
transaction
NOINC
![Page 18: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/18.jpg)
Sylvain Hallé
Requests and responses form a
...
...but not allsequences arevalid!
transaction
<ItemSearch>
</ItemSearch> <Term>abc</Term>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456 789
</CartID>
<ItemID> </ItemID><ItemID> </ItemID><ItemID> </ItemID>
...
<ItemSearchResponse>
</ItemSearchResponse>
<Items>
</Items>
123 456<ItemID> </ItemID><ItemID> </ItemID>
...
A SOAP web service
NOINC
![Page 19: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/19.jpg)
Sylvain Hallé
<ItemSearch>
</ItemSearch> <Term>abc</Term>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456 789
</CartID>
<ItemID> </ItemID><ItemID> </ItemID><ItemID> </ItemID>
...
<ItemSearchResponse>
</ItemSearchResponse>
<Items>
</Items>
123 456<ItemID> </ItemID><ItemID> </ItemID>
...
A SOAP web service
1. Cart operations must begin with a CartCreate message
SHOW
![Page 20: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/20.jpg)
Sylvain Hallé
A SOAP web service
SHOW
![Page 21: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/21.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
A SOAP web service
NOINC
![Page 22: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/22.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
NOINC
![Page 23: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/23.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID456
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
NOINC
![Page 24: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/24.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID456
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
NOINC
![Page 25: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/25.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID456
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
2. Once a cart is created, the same CartID must be passedin all requests and responses
NOINC
![Page 26: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/26.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
SHOW
![Page 27: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/27.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
. . .
NOINC
![Page 28: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/28.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
. . .
NOINC
![Page 29: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/29.jpg)
Sylvain Hallé
<CartCreate></CartCreate>
<CartCreateResponse>
</CartCreateResponse> ID123<CartID> </CartID>
A SOAP web service
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123 456
</CartID>
<ItemID> </ItemID><ItemID> </ItemID>
...
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
. . .
3. The same item cannot be added via CartAdd twice tothe same shopping cart
NOINC
![Page 30: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/30.jpg)
Sylvain Hallé
The real service's behaviour follows constraints on:
1. of operations only2. Parameter only3. at the same time
How can we create a realistic stub thatfollows these constraints?
Sequencesvalues
Both
Challenge
SHOW
![Page 31: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/31.jpg)
Sylvain Hallé
Current solutions
: create web servicesmock
SHOW
![Page 32: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/32.jpg)
Sylvain Hallé
Current solutions
Problem
Responses are
messages
.
hard-coded
SHOW
![Page 33: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/33.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 34: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/34.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 35: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/35.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 36: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/36.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 37: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/37.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 38: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/38.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages
.
hard-coded
NOINC
![Page 39: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/39.jpg)
Sylvain Hallé
Current solutions
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAddResponse <CartID> <Items>
</Items>
ID123
123
</CartID>
<ItemID> </ItemID>
< >
</CartAdd>
CartAdd <CartID> <Items>
</Items>
ID123
456
</CartID>
<ItemID> </ItemID>
Problem
Responses are
messages: for each request type, same response every time!
.
hard-coded
?!?
NOINC
![Page 40: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/40.jpg)
Sylvain Hallé
Current solutions
Other way: program a realistic stub in a programming language
SHOW
![Page 41: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/41.jpg)
Sylvain Hallé
Other way: program a realistic stub in a programming language
struct
if
else
;
( .item ( .id)
XML(
m_cart
m_cartm_itemadd
return "<
Current solutions
NOINC
![Page 42: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/42.jpg)
Sylvain Hallé
LTL-FO+
and
: extension of LTL with quantifiers on messageparameters (Hallé & Villemaire, IEEE Trans. on Services Computing 2011)
Can be used to express constraints on sequences of messages their values
For example, constraint 2:
(" CartCreateResponse/CartID/x : (" CartAddResponse/CartID/y : x=y))
...detailed semantics in the paper!
.
.
.
GX G
Specification of service behaviour
SHOW
![Page 43: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/43.jpg)
Sylvain Hallé
Using LTL-FO+ as the specification language, producing a webservice stub becomes an application of LTL-FO+
Given...
·A pre-existing trace of requests·An LTL-FO+ formula
Produce:
·An extension of the trace (by one message) that the formula
satisfiabilitysolving
satisfies
Problem
SHOW
![Page 44: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/44.jpg)
Sylvain Hallé
A model checker can find a trace of a formula,if there is one
Create a Kripke structure whose first n transitions areunique (and correspond to the pre-existing trace)
Don't give any constraints for the (n+1)-th state
Run the model checker on that system with thenegated specification
The counter-example found gives us a possibleextension of the existing trace
* S. Hallé, WS-FM 2010
counter-example
.
.
.
.
Initial solution*
SHOW
![Page 45: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/45.jpg)
Sylvain Hallé
Don't rely on external tools, devise an algorithm to produce sequences from a formula
Interpret on sequences of messages......as to produce sequences of messages
The trick: decompose the formula into a tree of
directly
assertionsdirections
nodes
New solution
SHOW
sub-formulas thatmust be true now
sub-formulas that mustbe true next time
= conditions onthe current message
to generate
= conditions onthe remainder of the
transaction
![Page 46: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/46.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
SHOW
![Page 47: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/47.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
![Page 48: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/48.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
Create a message thatfulfills j
![Page 49: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/49.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
Create a message thatfulfills j
And next time, makesure that G j holds
![Page 50: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/50.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
"j must holdin the nextmessage"
Create a message thatfulfills j
And next time, makesure that G j holds
![Page 51: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/51.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
"j must holdin the nextmessage"
Create a message thatfulfills j (No condition on
current message)
And next time, makesure that G j holds
![Page 52: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/52.jpg)
Sylvain Hallé
Decomposition rules for some operators:
Decomposition rules
NOINC
"j must holdin every message"
"j must holdin the nextmessage"
Create a message thatfulfills j (No condition on
current message)
And next time, makesure that G j holds Next time, make
sure that j holds
![Page 53: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/53.jpg)
Sylvain Hallé
Multiple branches = alternatives
SHOW
Decomposition rules
![Page 54: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/54.jpg)
Sylvain Hallé
Multiple branches = alternatives
NOINC
Decomposition rules
"j must holdeventually"
In the currentmessage... In a future
message...
![Page 55: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/55.jpg)
Sylvain Hallé
SHOW
Example: G (a ® b)X
G (a ® b)X ?
a, X b G (a ® b)X?
a G (a ® b), bX?
Øa G (a ® b)X?
a ® bX G (a ® b)X?
Decomposition rules
![Page 56: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/56.jpg)
Sylvain Hallé
NOSHOW
Example: G (a ® b)X
G (a ® b)X ?
a, X b G (a ® b)X?
a G (a ® b), bX?
Øa G (a ® b)X?
a ® bX G (a ® b)X?
- Create a message that fulfills Øa
- Next time (a ® b)must hold
G X
Decomposition rules
![Page 57: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/57.jpg)
Sylvain Hallé
NOSHOW
Example: G (a ® b)X
G (a ® b)X ?
a, X b G (a ® b)X?
a G (a ® b), bX?
Øa G (a ® b)X?
a ® bX G (a ® b)X?
- Create a message that fulfills Øa
- Next time (a ® b)must hold
G X
- Create a message that fulfills a
- Next time (a ® b)and b must hold
G X
Decomposition rules
![Page 58: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/58.jpg)
Sylvain Hallé
SHOW
Once we exhaust the decomposition rules to apply...
a G (a ® b), bX?
Øa G (a ® b)X?
- Create a message that fulfills Øa
- Next time (a ® b)must hold
G X
- Create a message that fulfills a
- Next time (a ® b)and b must hold
G X
Decomposition rules
![Page 59: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/59.jpg)
Sylvain Hallé
Once we exhaust the decomposition rules to apply...
...we pick (arbitrarily) one of the alternatives
NOINC
- Create a message that fulfills a
- Next time (a ® b)and b must hold
G X
a G (a ® b), bX?
Decomposition rules
![Page 60: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/60.jpg)
Sylvain Hallé
Once we exhaust the decomposition rules to apply...
...we pick (arbitrarily) one of the alternatives andcreate a message based on the conditions
NOINC
- Create a message that fulfills a
- Next time (a ® b)and b must hold
G X
a G (a ® b), bX?
Decomposition rules
a
![Page 61: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/61.jpg)
Sylvain Hallé
Once we exhaust the decomposition rules to apply...
...we pick (arbitrarily) one of the alternatives andcreate a message based on the conditions
NOINC
a G (a ® b), bX?
G (a ® b), bX ?
Decomposition rules
a
The right-hand side conditions become the starting base for thenext message to produce
![Page 62: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/62.jpg)
Sylvain Hallé
The decomposition rule for the existential quantifier creates values inside messages
p
pÅ
Values inside messages
SHOW
![Page 63: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/63.jpg)
Sylvain Hallé
The decomposition rule for the existential quantifier creates values inside messages
p
pÅ
Values inside messages
"There exists an x atthe end of path p such
that j(x) is true"
NOINC
![Page 64: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/64.jpg)
Sylvain Hallé
The decomposition rule for the existential quantifier creates values inside messages
p
pÅ
Values inside messages
"There exists an x atthe end of path p such
that j(x) is true"
"Add some value b ati
the end of path p"
NOINC
![Page 65: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/65.jpg)
Sylvain Hallé
The decomposition rule for the existential quantifier creates values inside messages
p
pÅ
Values inside messages
"There exists an x atthe end of path p such
that j(x) is true"
"Add some value b ati
the end of path p""Make sure that
true when x=b "ij(x) is
NOINC
![Page 66: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/66.jpg)
Sylvain Hallé
The decomposition rule for the existential quantifier creates values inside messages
...and repeat this for all possible values of bi
p
pÅ
Values inside messages
"There exists an x atthe end of path p such
that j(x) is true"
"Add some value b ati
the end of path p""Make sure that
true when x=b "ij(x) is
NOINC
![Page 67: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/67.jpg)
Sylvain Hallé
The decomposition rule for the universal quantifier ranges over values that are present in the message + potentially new values
p
pÅ
Values inside messages
SHOW
![Page 68: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/68.jpg)
Sylvain Hallé
The decomposition rule for the universal quantifier ranges over values that are present in the message + potentially new values
p
pÅ
Values inside messages
"All values x at theend of path p are such
that j(x) is true"
NOINC
![Page 69: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/69.jpg)
Sylvain Hallé
The decomposition rule for the universal quantifier ranges over values that are present in the message + potentially new values
p
pÅ
Values inside messages
"Let S = set of all valuesi
already added at the endof path p + any number of
other values"
"All values x at theend of path p are such
that j(x) is true"
NOINC
![Page 70: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/70.jpg)
Sylvain Hallé
The decomposition rule for the universal quantifier ranges over values that are present in the message + potentially new values
p
pÅ
Values inside messages
"Let S = set of all valuesi
already added at the endof path p + any number of
other values"
"Make sure that true for all values in S "i
j(x) is
"All values x at theend of path p are such
that j(x) is true"
NOINC
![Page 71: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/71.jpg)
Sylvain Hallé
Conditions may add up and contradict themselves
pÅpÅØ
Values inside messages
SHOW
![Page 72: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/72.jpg)
Sylvain Hallé
Conditions may add up and contradict themselves
pÅpÅØ
Values inside messages
NOINC
"Value b must be ati
the end of path p"
![Page 73: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/73.jpg)
Sylvain Hallé
Conditions may add up and contradict themselves
pÅpÅØ
Values inside messages
NOINC
"Value b must be ati
the end of path p""Value b must not be ati
the end of path p"
![Page 74: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/74.jpg)
Sylvain Hallé
Conditions may add up and contradict themselves
pÅpÅØ
Values inside messages
"Stop exploring thatalternative"
NOINC
"Value b must be ati
the end of path p""Value b must not be ati
the end of path p"
![Page 75: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/75.jpg)
Sylvain Hallé
Problem
The rule for " checks all values that were added byprevious applications of the rule for $
What if we add new values ?
Example: (" p/x : x > 0) Ù ($ p/y : y = 0)
Consequence: soundness is guaranteed only if all
after
$ areprocessed before any "(cf. Theorem 1 in the paper)
Soundness and completeness
SHOW
![Page 76: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/76.jpg)
Sylvain Hallé
Universal stub: web service that takes as input a declarative specification of its behaviour
The stub dynamically produces sequences of messages following the specification
Implementation
MESSAGES
DOMAINS
SPECS
move[ put[row,col], player];
player: X,O,empty; row,col: 1,2,3;
[move/board/A1 x] ((x) = ({empty})); ...
Range of valuesfor each element
LTL-FO+ formulas
Structure of eachpossible message
SHOW
![Page 77: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/77.jpg)
Sylvain Hallé
·
·Based on a runtime monitor for LTL-FO+ "running inreverse"
·
Implemented in Java
The stub dynamically produces sequences of messagesfollowing the specification
Implementation
SHOW
STUB
SPEC
![Page 78: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/78.jpg)
Sylvain Hallé
A model checker can find a trace of a formula,if there is one
Create a Kripke structure whose first n transitions areunique (and correspond to the pre-existing trace)
Don't give any constraints for the (n+1)-th state
Run the model checker on that system with the specification
The counter-example found gives us a possibleextension of the existing trace
* S. Hallé, WS-FM 2010
counter-example
negated
.
.
.
.
Earlier solution*
SHOW
![Page 79: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/79.jpg)
Sylvain Hallé
We compared both approaches on the same input specification
Showdown
SHOW
MESSAGES m[p*];
DOMAINS p : 1,2,...;
SPEC (" m/p/x : ($ m/p/y : x=y))G X G
<m>
</m>
0<p> </p> 2 ...<p> </p>
Messages of the form
"Every value occurring insome must reappearin all future messages"
<p>
}
![Page 80: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/80.jpg)
Sylvain Hallé
Exhibit A: we vary the size of the (i.e. the set of possible values in message parameters)
domain
Experiments
SHOW
MESSAGES m[p*];
DOMAINS p : 1,2,..., ;
SPEC (" m/p/x : ($ m/p/y : x=y))
n
G X G
![Page 81: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/81.jpg)
Sylvain Hallé
Exhibit A: we vary the size of the (i.e. the set of possible values in message parameters)
domain
01
100
10,000
1,000,000
2 4 6 8
Tim
e (m
s)
Domain size
10
Experiments
With model checker
» 1300 × 1.65x
NOINC
![Page 82: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/82.jpg)
Sylvain Hallé
Exhibit A: we vary the size of the (i.e. the set of possible values in message parameters)
domain
01
100
10,000
1,000,000
2 4 6 8
Tim
e (m
s)
Domain size
10
Experiments
With model checker
» 1300 × 1.65x
This paper's algorithm
» 6.5 × 1.42x
NOINC
![Page 83: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/83.jpg)
Sylvain Hallé
Exhibit A: we vary the size of the (i.e. the set of possible values in message parameters)
domain
01
100
10,000
1,000,000
2 4 6 8
Tim
e (m
s)
Domain size
10
Experiments
With model checker
» 1300 × 1.65x
This paper's algorithm
» 6.5 × 1.42x
6:50
0:00.375
NOINC
![Page 84: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/84.jpg)
Sylvain Hallé
Exhibit B: we vary the message (i.e. the maximum number of parameters in messages)
arity
Experiments
SHOW
MESSAGES m[p{0, }];
DOMAINS p : 1,2,...;
SPEC (" m/p/x : ($ m/p/y : x=y))
n
G X G
![Page 85: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/85.jpg)
Sylvain Hallé
Exhibit B: we vary the message (i.e. the number of parameters in messages)
arity maximum
Experiments
01
100
10,000
1,000,000
2 4 6 8
Tim
e (m
s)
Message arity
10
» 8500 × 1.64xWith model checker
NOINC
![Page 86: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/86.jpg)
Sylvain Hallé
Exhibit B: we vary the message (i.e. the number of parameters in messages)
arity maximum
Experiments
01
100
10,000
1,000,000
2 4 6 8
Tim
e (m
s)
Message arity
10
» 8500 × 1.64xWith model checker
= 375
This paper's algorithm
NOINC
![Page 87: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/87.jpg)
Sylvain Hallé
Exhibit C: we measure processing time for as the trace lengthens
each new message
Experiments
00
Message #
2 124 146 168 1810 20
Tim
e (m
s)
900
800
700
600
500
400
300
200
100
SHOW
![Page 88: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/88.jpg)
Sylvain Hallé
Exhibit C: we measure processing time for as the trace lengthens
each new message
Experiments
» 16x + 511
With model checker
00
Message #
2 124 146 168 1810 20
Tim
e (m
s)
900
800
700
600
500
400
300
200
100
NOINC
![Page 89: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/89.jpg)
Sylvain Hallé
Exhibit C: we measure processing time for as the trace lengthens
each new message
Experiments
» 16x + 511
With model checker
» -0.2x + 3.5
This paper's algorithm
00
Message #
2 124 146 168 1810 20
Tim
e (m
s)
900
800
700
600
500
400
300
200
100
NOINC
![Page 90: Model-Based Simulation of SOAP Web Services From Temporal Logic Specifications (Talk @ ICECCS 2011)](https://reader033.vdocument.in/reader033/viewer/2022052601/5591369b1a28abbd2c8b4670/html5/thumbnails/90.jpg)
Sylvain Hallé
Take-home points
SHOW
1. Long-running web service transactions involve constraintsover message , and
2. Typical web service stubs only allow basic, pre-recordedinteractions
3. The logic LTL-FO+ can model these constraints
4. Simulating a web service becomes a problem of over a set of LTL-FO+
formulas
5. An algorithm can generate realisticsequences of messages
structure values sequence
declaratively
satisfiability solving
.
.
.
.