Professional Documents
Culture Documents
Howard Foster
London Software Systems, Imperial College London
180 Queens Gate, London, United Kingdom
Email: howard.foster@imperial.ac.uk
2
component interface specifications and secondly the higher contract, specifies what clients must know in order to use
level activity models of service compositions. The mod- provided services. The usage contract is defined by inter-
els are then passed to Darwin and FSP compilers respec- faces provided by a component, and required interfaces that
tively. The Darwin compiler generates FSP representations specify what the component needs in order to function. The
of each of the component specifications. The FSP compiler interfaces contain the available operations, their input and
takes an FSP model and generates a Labelled Transition output parameters, exceptions they might raise, precondi-
System (LTS). The result of transformation and compilation tions that must be met before a client can invoke the opera-
is a set of related state machines mapping both architec- tion, and post conditions that clients can expect after invo-
ture and behaviour model transitions as a system. However, cation. These operations represent features and obligations
the transformation also generates and maps some properties that constitute a coherent offered or required service. At
(detailed in section 6) to use as correctness checks against this level, the components are defined and connected in a
the system models. static way, or in other words, the view of the component
architecture represents a complete description disregarding
the necessary state of collaboration for a given goal. Even
if the designer wishes to restrict the component diagram to
only those components which do collaborate, the necessary
behaviour and constraints are not explicit to be able to de-
termine how, in a given situation, the components should
interact.
Additionally, Service Adaptation and constraining
changes to architecture and services, identifies both func-
Figure 2. Approach to Architecture and Be- tional and non-functional variants on the specification. Us-
haviour Analysis of Service Modes ing the Service Modes Profile we identify ModeCollabo-
rations (composite structure diagrams) with ModeBindings
The final step in the approach is the analysis of the state (connectors) that can be constrained with ModeConstraints
machines generated by compilation. Using the properties (UML constraints) which are categorised further by a con-
generated previously, the state machines are checked for straint stereotype. For example, in the domain of Quality-
any violations against these properties. If there are viola- Of-Service (QoS) a QoS Profile can be used to describe
tions, then the results are shown back to the engineer. The the required QoS when connecting a particular service part-
service architecture specifications can then be corrected or ner (of a particular type and offering similar specifications
modified to clear these violations. of usage). A good example profile is based upon a rec-
ommendation to the Object Management Group (OMG)
5 Modes to Models in [14]. Additionally, architectural constraints may be spec-
ified in the Object Constraint Language (OCL) or another
5.1 Service Modes constraint based language. The constraint language adopted
becomes an implementation-dependent aspect of analysing
A Service Modes Architecture consists of specifying the models in UML2. An example constraint applied to a Mod-
service components, their requirements and capabilities and eCollaboration is also illustrated in Figure 3, in this case for
interface specifications. A high-level architecture configu- the requirement that a QoSResponseTime should be offered
ration is given in UML to represent the component specifi- less than 20ms by the OtherVehicle service.
cations and their relationships. We developed and apply a Service Behaviour requirements are attributed to each of
UML Service Modes Profile [2] to identify various elements the service components in each mode architecture. In addi-
of architecture elements for service brokering, and reuse tion to the interface specification assigned or created in the
this in the approach to identify required and provided ser- modes architecture, the service engineer can specify what
vices in modes. An example composite structure diagram behaviour the service fulfils. This describes the behaviour
for a service modes architecture is illustrated in Figure 3 for of required and provided interfaces, in that the sequence of
an InVehicle Service composition consisting of Orchestra- the interface protocol is directly given. An example taken
tor, Reasoner, LocalDiscovery and VehicleCommGateway from the In-Vehicle Service architecture is for the DriverVe-
services. Each component will offer services to its clients, hicleUI service. As the behaviour is for a single component
each such service is a component contract. A component it is more concise to describe the behaviour in a state ma-
specification defines a contract between clients requiring chine diagram notation. UML provides such a diagramming
services, and implementers providing services. The con- notation, and an illustration for the DriverVehicleUI modes
tract is made up of two parts. The static part, or usage is given in Figure 4. Note that in Convoy mode (state ma-
3
Figure 3. Component Structure Diagram for In-Vehicle Service Architecture Modes
chine left side of diagram), that the behaviour exhibited by work to leverage such mechanisms to generate service mode
the service is only awaitingDisplay and displayed. In Plan- compositions for deployment. At design time, the activities
ning mode (state machine right side of diagram) exhibits for mode orchestration consist of two concepts. Firstly, or-
further functionality in terms of transitions and state for get- chestrating the default composition of services required and
Input behaviour. Both state machine and sequence chart provided in the specified mode architecture. Secondly, the
notations are supported and can describe service behaviour, orchestration should also be able to react to events which
however in this example we show state machines. cause mode changes, or in other words cater for the switch-
ing between the modes specified in the different architec-
ture configurations. To specify the services required and
provided, the engineer includes invoking and receiving ac-
tivities in the behaviour. To specify mode changes, the engi-
neer adds event handlers (and follow on activities) to react
to certain events which cause a mode change. The event
synchronisations are aligned by activities in a main service
orchestration (in this example the Orchestrator component
executes a main composition process). Changing modes re-
quires that all service invocations are complete following
the principles of Quiescence (i.e. placing a system in a con-
Figure 4. DriverVehicleUI Service Behaviour sistent state before and after runtime changes). An exam-
specified in State Machines for Convoy (left) ple Service Mode Behaviour is illustrated in Figure 5. Note
and Planning (right) modes the events that lead to mode changes, for example receiv-
ing notification of an accident from an Highway Emergency
Service Mode Behaviour is a higher-level view of the Service.
service composition in a given mode. Service Mode Be-
haviour is more akin to service orchestration (a local coordi-
nated process of service interactions), for which orchestra-
tions languages such as the Web Service Business Process
Execution Language (WS-BPEL) is widely adopted. At a
design level however, the orchestration behaviour can be
specified in a Activity Diagram notation. In fact, our work
aligns closely with that of the Sensoria UML4SOA [9] work Figure 5. Convoy Service Mode Behaviour
which has developed UML Activity Diagram to WS-BPEL specified in Activity Diagram
transformation routines and we also consider in our future
4
5.2 Architecture Models a corresponding FSP process composition. UML state ma-
chine diagrams depict the various states that an object may
A Darwin model is a set of loosely coupled, context- be in and the transitions between those states. A state ma-
independent software components, which communicate to chine consists of a series of regions, states and transitions.
achieve an overall goal. Components interact by accessing Regions include states and transitions. To begin with the
services. Each inter-component interaction is represented transformation identifies an initial (pseudo) state and lo-
by a binding between a required service and a provided ser- cates any corresponding first states by following the initial
vice. Our UML2toDarwin mapping extracts various ele- state transitions. If there is more than one transition from
ments of the UML2 Model to construct a Darwin specifica- a state, then this is modelled as a choice (as the actual run-
tion. The process is as follows. Given an input of a UML time may trigger these transitions in any order or not at all).
Model, each of the packages in the model are scanned for Each transition builds a corresponding FSP sequential pro-
ModeCollaborations, and a list is created. For each col- cess which are composed when the traversal and transfor-
laboration in the list, the set of elements is analysed for mation of the entire state machine is completed. The result
component structure diagrams and a set of components is of building processes and composing them generates a La-
generated in the Darwin specification. For each ModeBind- belled Transition System (LTS). An LTS example for the
ing within a ModeCollaboration, a series of Darwin por- DVUI State Machine given earlier in this section is illus-
tals are created to represent required and provided services trated in Figure 7.
in the ModeCollaboration, and instances of components in
the relationship. An example mapping from a UML Mode-
Binding to a Darwin model representation is illustrated in
Figure 6.
5
senting a concurrent transition between the different activ- in each mode composition. This includes both the ordering
ity paths in the diagram). Additionally, we represent Events of interactions in which services expect their methods to be
(and their signals) as additional sequence processes in the called, but also the order that they call other services meth-
FSP model. Again, the FSP built from the transformation ods. The process of analysis takes as input the combined
can be compiled as an LTS, for which an example of the model produced in section 5.2 and analyses each mode ser-
Convoy Service Mode Behaviour is illustrated in Figure 8. vice protocol with that of the other services in the archi-
tecture configuration. To achieve this an additional FSP
process is created selecting only those services in a par-
ticular mode configuration (e.g. Convoy Mode) and com-
poses these with both component architecture configuration
instances and bindings (from the Darwin model) and service
behaviour (from the service FSP model). The property is il-
lustrated in the following FSP snippet, where interfaces are
represented as variables (set), the || symbol defines a par-
allel composition, and each service is named from c1...cX.
Figure 8. LTS Model of Convoy Mode Activity Relabelling using the FSP / operator binds the interfaces of
Diagram different service components.
6
DVUI_DISP = (c3.display->DVUI_DISPD), 8 Conclusions
DVUI_DISPD = (c3.refresh->DVUI_DISP).
// FSP for Mode behaviour This paper presents an introduction to the analysis of
SYSB = (c1.getMVehPosition->SYSB2), service mode architectures and the service composition be-
SYSB2 = (c3.display->SYSB3), ... haviour specified around these. Our contribution is aimed
||CMODE = (Arch || SYSB). at providing easily accessible and practical tools for service
||Property = (CMODE). engineers to develop adaptive and evolving service architec-
tures and we believe the concept of service modes provides
The third type of analysis considered is that of Modes a practical level of abstraction for them to achieve this. Us-
Composition Analysis. This analyses the composition of ing model checking techniques, we have shown some anal-
system behaviour specified in all the modes given in the ysis of models produced from the specifications of service
Modes architecture specification. The goal is to take each mode architectures. Future work will continue to develop
service mode behaviour specified and consider the events efficient transformation routines, enhancing the interpreta-
which designate a mode change. For example, in the switch tion of different constructs within service architecture spec-
example from Convoy to Detour (given in Figure 5) an event ifications and enabling different notations to be used. In
received by the composition activity for a HighwayEmer- particular we wish to extend the analysis to consider ser-
gency eventually leads to a notification of architectural vice mode policies and their constraints against architecture
change to a Detour Mode. Using analysis through model- specifications. The concept of generating alternative modes
checking the service engineer can check whether the be- is also possible using other architecture analysis tools (such
haviour specified in this is compatible through the Detour as the approach taken with the Alloy tool) and analysing this
Mode service composition behaviour receiving this notifi- with an overall service adaptation policy specification. The
cation. At runtime it would be expected that a coordinator work is supported by the EU FET-IST Global Computing 2
agent manages the events and runtime architecture changes project Sensoria (IST-3-016004-IP-09).
(e.g. swapping in and out different service composition pro-
cesses). References
6.1 Limitations
[1] Alexandre Alves et al., Patterns: Service-oriented
The modelling and analysis currently only considers the architecture and web services (sg24-6303-00), White
structural elements of the architecture combined with be- paper, IBM Redbooks, 2004.
haviour specification. In practice there should also be a
higher-level policy, which in addition to the service con- [2] Howard Foster, Sebastian Uchitel, Jeff Magee, and
straints, governs when mode switches can occur and how Jeff Kramer, Leveraging modes and uml2 for ser-
the coordination should be realised across a distributed ser- vice brokering specifications, in Proceedings of 4th
vices architecture. This policy may take many forms, but is Model-Driven Web Engineering Workshop at MoD-
likely to be in a distributed management specification (such ELS 2008, 2008.
as the PONDER2 language) or also include behavioural
[3] J. Magee, N. Dulay, S. Eisenbach, and J. Kramer,
specification in the form of the Web Service Choreography
Specifying Distributed Software Architectures, in
Description Language (WS-CDL).
Proc. 5th European Software Engineering Conf.
(ESEC 95), W. Schafer and P. Botella, Eds., Sitges,
7 Tool Support Spain, 1995, vol. 989, pp. 137153, Springer-Verlag,
Berlin.
The LTSA WS-Engineer Tool (illustrated in Figure 9)
has been extended to support Service Mode analysis by au- [4] Dan Hirsch, Jeff Kramer, Jeff Magee, and Sebastian
tomatically transforming Service Mode Architecture spec- Uchitel, Modes for Software Architectures, in Pro-
ifications in to Darwin ADL and FSP behaviour mod- ceedings of EWSA 2006, 3rd European Workshop on
els. WS-Engineer benefits from being integrated in to the Software Architecture. 2006, Lecture Notes in Com-
Eclipse IDE (as a plug-in) and can therefore leverage exist- puter Science, Springer Verlag.
ing modelling tools, such as the IBM Rational Software Ar-
chitect (RSA) tool for UML2 specifications. Service Mod- [5] Jan Kofron, Frantisek Plasil, and Ondrej Sery, Modes
els can be analysed using one of several perspectives, with in component behavior specification via ebp and their
results shown graphically inside the tool. The tool is freely application in product lines, Information and Soft-
available for download at http://www.ws-engineer.net. ware Technology, vol. 51, no. 1, pp. 3141, 2009.
7
Figure 9. LTSA WS-Engineer tool and Service Mode Architecture Analysis
[6] Georgiadis Ioannis, Self-Organising Distributed Com- [11] M. Pistore, A. Marconi, P. Bertoli, and P Traverso,
ponent Software Architectures, PhD thesis, Depart- Automated composition of web services by planning
ment of Computing, Imperial College London, Uni- at the knowledge level, in Proceedings of the Interna-
versity of London, 2002. tional Joint Conference on Artificial Intelligence (IJ-
CAI), 2005.
[7] Robert Allen, Remi Douence, and David Garlan,
Specifying dynamism in software architectures, in [12] B. Medjahed, A. Bouguettaya, and A.K. Elmagarmid,
In Proceedings of the Workshop on Foundations Composing web services on the semantic web,
of Component-Based Systems, Zurich, Switzerland, VLDB Journal, pp. 333351, 2003.
1997, pp. 1122.
[13] Arun Mukhija, Andrew Dingwall-Smith, and David S.
[8] Simon Johnston, Uml 2.0 profile for soft- Rosenblum, Qos-aware service composition in
ware services, available at http://www- dino, in ECOWS 07: Proceedings of the Fifth Euro-
128.ibm.com/developerworks/rational/library, pean Conference on Web Services, Washington, DC,
IBM Rational Sofware Architect Profile - 05/419soa, USA, 2007, pp. 312, IEEE Computer Society.
2005. [14] Object Management Group, Uml profile for model-
ing quality of service and fault tolerance characteris-
[9] Nora Koch, Philip Mayer, Reiko Heckel, Lszl Gnczy,
tics and mechanisms, Request For Proposal - AD/02-
and Carlo Montangero, D1.4b: Uml for service-
01/07, 2002.
oriented systems, Tech. Rep., October 2007.
[15] Robert Chatley, Susan Eisenbach, Jeff Kramer, Jeff
[10] Paula Monteiro Ricardo J. Machado, Joao M. Fernan- Magee, and Sebastian Uchitel, Predictable dynamic
des and Helena Rodrigues, Transformation of uml plugin systems, in 7th international conference
models for service-oriented software architectures, in on fundamental approaches to software engineering,
In Proceedings of the 12th IEEE International Con- Barcelona, SPAIN, 2004.
ference and Workshops on Engineering of Computer-
Based Systems, Washington, DC, USA, 2005, pp. 173
182.