Issue - 168 - Lost design patterns

["Yaron Y. Goland" <ygoland@bea.com>]

This was Maciej's response to my previous mail.

--- Begin Message ---

• From: Maciej Szefler <mbs@fivesight.com>
• To: ygoland@bea.com
• Date: Tue, 26 Oct 2004 12:35:16 -0500

Yaron, see comments below.
On Mon, 2004-10-25 at 15:20, Yaron Y. Goland wrote:
> process
>    flow
>       receive createInstance="yes"
>          correlations
>             correlation set = "foo" initiate = "yes"
>       receive createInstance="no"
>          correlations
>             correlation set = "foo" initiate = "no"
> 
> In the old world order the previous would have been illegal since an 
> initial activity appears to need to be a start activity and the second 
> receive is not a start activity.
> 
> In the new world order is the previous illegal? For example, if an 
> engine knows that it will always execute the initiating activity before 
> anything else then it can always execute the previous. If an engine 
> isn't sure it will complete the initiating activity before executing 
> other activities then it might either reject the process statically or 
> throw a runtime error.
I would say that it is legal but is very likely to throw an
uninitialized correlation fault. This puts it in the realm of "bad code"
(legal but not advisable).


> There is a similar possible race condition between multi-start 
> activities although one can argue that the elephant in the room (i.e. 
> the dispatcher) will always handle that.
I'm not sure there is a visible race in the multi-start case. It is true
that if two messages arrive at nearly the same time it is a race as to
which message is the "instantiating message". However, as far as the
process is concerned, it does not matter which of the two messages
instantiated the process (i.e. the process will proceed in exactly the
same way regardless of which message caused the instantiation). The
elephant knows that the two multi-start activities are related (because
they both have initiate='rendezvous' and they both share the same
correlation set) and ensures that the "loosing" activity is delivered
messages with the same correlation key as the instantiating message. 

Basically this means that "loosing" receives with initiate='rendezvous'
do not depend on the /correlation set/ being properly initialized at the
time they are enabled/activated as do receives with initiate='no'. In
other words: with initiate='yes' you are "initiating" the correlation
set, with initiate='no' you are "following" the (initialized)
correlation set, but with initiate='rendezvous' you are NOT "sometimes
following" and "sometimes initiating" but rather "rendezvousing" (for
lack of a better word), an operation that ensures that after either the
looser or winner completes the correlation set is set. 

An example might be useful:
process
  flow "f1"
    sequence "s1"
      receive "r11" op="foo" createInstance="yes"
        correlation set = "foo" initiate = "rendezvous"
      receive "r12" op="baz" createInstance="no"
        correlation set = "foo" initiate = "no"

    sequence "s2"
      receive "r21" op="bar" createInstance="yes"
        correlation set = "foo" initiate = "rendezvous"
      receive "r22" op="baz" createInstance="no"
        correlation set = "foo" initiate = "no"

It is important to note that the above process will always work (it
won't have uninitialized correlation faults) regardless of whether the
"foo" receive or the "bar" receive is the instantiating activity. The
"elephant" might even choose the following  execution path:

1. receive msg#1 op=foo  key=123
2. receive msg#2 op=bar  key=456
3. receive msg#3 op=bar  key=123
4. create instance (instantiating message = msg#1 [key=123])
5. f1
6. s2
7. receive msg#4 op=baz key=123
8. r21 returns msg#3 op=bar key=123 / "foo" is initialized!
9. r22 returns msg#4 op=baz
10. s1
11. r11 returns msg#1 (**instantiating message**)
12. r12 WAITS
----

Note that in the above, the "loosing" receive activity was evaluated
/before/ the receive that got the "instantiating message". This is
acceptable, given <flow> semantics.  Despite this fact, and r22 was free
to depend on correlation set "foo" which is guaranteed to be initialized
after /any/ of the rendezvous activities complete. If in step #4, the
elephant decided to use msg#3, it would not have made any difference. 


> There is also a race condition between event handlers and start 
> activities in the new design if the event handler is defined on a scope 
> that contains the initiating activity. In other words, it may prove to 
> be impossible to ever define an event handler on a scope that contains a 
> start activity and be sure what the result would be.
As I imagine it, the event handler would become active when that scope
instance became active, which may be before the initiating activity is
active. It is unlikely that such an event handler would be useful, as it
could not rely on the data of the initiating activity being set. So
typically, a process-level event handler would not make any sense.

> As a general design pattern, I would imagine that anytime there is an 
> initial receive/pick (including event handlers) that isn't a start 
> activity then it must depend on a correlation set initialization caused 
> by the initiating activity. If we don't clearly specify that an 
> initiating activity always completes before any other initial activities 
> are executed then we make that design pattern effectively impossible.
Yes, but I would argue that this problem has nothing to do with the
createInstance scenario. The problem you are describing is true of any
rendezvous situation. For example: 

process
  sequence
    receive createInstance=yes...
    ...
    flow
      receive op=buy 
         correlationset name=foo initiate=rendezvous
      receive op=sell
         correlationset name=foo initiate=rendezvous
      receive op=authorize 
         correlationset name=foo initiate=no

In the above, I would like the fourth receive (op=authorize) to not
occur until either the second or third occur. I can't draw links because
there are two sources for the link. This seems to me to be exactly the
problem you describe. My solution would be two wrap the two rendezvous
in a flow and draw link between that flow and the third receive. The
same solution I would apply to your case. 

> I don't like the idea of losing the initiating non-start receive 
> activity design pattern and it doesn't seem to me like a big deal to 
> just require that the initiating activity completes before any other 
> activity is executed. I especially like it because it neatly resolves 
> the multi-start race condition and so lets us ignore the elephant.
I agree that these use cases are valid, and current BPEL syntax makes
them difficult to model. However, I'd much prefer a solution to the
underlying problem (i.e. the lack of multi-source/dynamic links). I
believe addressing the issue in the limited context of createInstance
activities is going to introduce an unsightly inconsistency in behavior
and at the same time won't get to the heart of the problem.

-maciej



> 	What do you think?
> 
> 		Yaron
> 
> 
> Maciej Szefler wrote:
> > I propose we adopt the "less magic" approach described in the issue
> > description. This means that the semantics of process instantiation
> > would be as follows:
> >  1. The arrival of message that matches an activity marked with
> > createInstance=yes/rendezvous (and not matching an existing process
> > instance) causes a new process instance to be created. This message is
> > termed the "instantiating message" for that process instance. The
> > createInstance=yes/rendezvous activity that was used to justify the
> > instantiation is termed the "instantiating activity" for that process
> > instance. 
> >  2. Once a process instance is created, all its activities are executed
> > in the order dictated by the structure of the process. 
> >  3. When a <receive> or <pick> activity with createInstance=yes is
> > executed, the message "received" will be the "instantiating message" of
> > the process instance.
> >  4. When a <receive> and <pick> activity  with createInstance=rendezvous
> > is executed, the message "received" will be either: 
> >     a ) the "instantiating message" if said activity is the
> > "instantiating activity" 
> >     b ) some other message matching the correlation key from the
> > "instantiating message" if said activity is not the "instantiating
> > activity"
> > 
> > Key changes to text:
> > 6.4: 
> > OLD: This is done by setting the createInstance attribute of such an
> > activity to "yes". When a message is received by such an activity, an
> > instance of the business process is created if it does not already exist
> > (see Providing Web Service Operations and Pick). 
> > NEW: This is done by setting the createInstance attribute of such an
> > activity to "yes". When a message that matches such an activity is
> > received, an instance of the business process is created if it does not
> > already exist (see Providing Web Service Operations and Pick). 
> >  
> > OLD: To be instantiated, each business process must contain at least one
> > such "start activity." This must be an initial activity in the sense
> > that there is no basic activity that logically precedes it in the
> > behavior of the process.
> > NEW: To be instantiated, each business process must contain at least one
> > such "start activity." ----strike---
> > 
> > 11.4:
> > OLD: A receive activity annotated in this way MUST be an initial
> > activity in the process, that is, the only other basic activities may
> > potentially be performed prior to or simultaneously with such a receive
> > activity MUST be similarly annotated receive activities. 
> > NEW: -----strike----
> > 
> > 
> > 13.5.3:
> > OLD: If the event handler is associated with the global process scope,
> > the event handler is enabled as soon as the process instance is created.
> > The process instance is created when the first receive activity that
> > provides for the creation of a process instance (indicated via the
> > createInstance attribute set to "yes") has received and processed the
> > corresponding message. This allows the alarm time for a global alarm
> > event to be specified using the data provided within the message that
> > creates a process instance, as shown in the following example: 
> > 
> > NEW: If the event handler is associated with the global process scope,
> > the event handler is enabled as soon as the process instance is created.
> > Note: alarm time for a global alarm event /cannot/ be specified using
> > the data provided within the message that creates a process instance! 
> > 
> > On Mon, 2004-10-04 at 17:14, ws-bpel issues list editor wrote:
> > 
> >>This issue has been added to the wsbpel issue list with a status of
> >>"received". The status will be changed to "open" if the TC accepts it
> >>as identifying a bug in the spec or decides it should be accepted
> >>specially. Otherwise it will be closed without further consideration
> >>(but will be marked as "Revisitable") 
> >>
> >>The issues list is posted as a Technical Committee document to the
> >>OASIS WSBPEL TC pages on a regular basis. The current edition, as a TC
> >>document, is the most recent version of the document entitled  in the
> >>"Issues" folder of the WSBPEL TC document list - the next posting as a
> >>TC document will include this issue. The list editor's working copy,
> >>which will normally include an issue when it is announced, is
> >>available at this constant URL. 
> >>Issue - 168 - Semantics of instance creation
> >>Status: received
> >>Date added: 4 Oct 2004
> >>Categories: State management
> >>Date submitted: 30 September 2004
> >>Submitter: Maciej Szefler
> >>Description: Discussions of issue 81 : Are start activities that
> >>aren't createInstance activities legal?  have brought to light a
> >>certain deficiency of clarity in the current specification with
> >>respect to issue of instance creation. The present spec makes various
> >>vague and somewhat contradictory statements as to how createInstance
> >>activities should be handled. 
> >>
> >>On the one hand, the spec suggests that process creation is "implicit"
> >>and that the createInstance flag is merely an annotation that defines
> >>which message events cause an instance to be created and that once
> >>created the process instance processes all activities in the same
> >>manner largely oblivious to the value of that annotation. 
> >>
> >>On the other hand, the spec restricts the set of activities that are
> >>"initial" activities, and establishes exceptional semantics (for
> >>process-level event handlers) that could be construed to imply that
> >>createInstance activities are actually activated before any other
> >>activities, irrespective of their actual location in the process. 
> >>
> >>I posit that the former interpretation provides a concise and
> >>manageable view of the instance creation process. By making the spec
> >>consistent with it we can define execution semantics of a single
> >>process instance without reference to instance creation. We can handle
> >>instance creation simply and separately by stipulating that a process
> >>instance is created when a message event that would match one of the
> >>createInstance activities is received. This message event is
> >>"allocated" to that activity, so that when that activity is actually
> >>activated (in the normal course of process instance evaluation) it
> >>will receive the said event. 
> >>
> >>The major implication of this model on execution semantics is the
> >>elimination of the notion of "initiate" activities. This concept
> >>becomes unnecessary. One might object on the basis that without the
> >>initiate activity restrictions the following process would be
> >>perfectly legal: 
> >>   <sequence>
> >>     <invoke .../>
> >>     <receive createInstance="yes" .../>
> >>   </sequence>
> >>Such a process certainly seems objectionable. However, the details of
> >>normal execution semantics would make such a process unlikely. That is
> >>to say, the <invoke> would need to use a message variable (for the
> >>request), and that variable could not have been initialized unless
> >>some activity preceded the <invoke>. One might then object with the
> >>following: 
> >>   <sequence>
> >>     <receive createInstance="no" .. var="foo"/>
> >>     <invoke ... inVar="foo"/>
> >>     <receive createInstance="yes" ..>
> >>   </sequence>
> >>However, in this process the first receive is invalid unless a
> >>correlation set is used. But in order to use the correlation set, it
> >>first needs to be initialized, and the only way to do that is with an
> >>invoke or a receive/pick that precedes it, so you're back to needing a
> >><receive> to precede the <invoke>. This receive would have to have
> >>createInstance="yes" lest it run into the same problem. But if this
> >>receive had createInstance="yes" then the same annotation on the
> >>second <receive> would be invalid. 
> >>
> >>Now, one might get cleverer still and object based on the following
> >>somewhat convoluted process: 
> >>   <sequence>
> >>     <assign> 
> >>        <copy>
> >>           <to variable="foo"/>
> >>           <from> literal </from>
> >>        </copy>
> >>     </assign>
> >>     <invoke ... inVar="foo"> 
> >>        <correlation name="cset1" initiate="yes" pattern="in"/>
> >>     </invoke>
> >>     <receive createInstance="no" ..>
> >>        <correlation name="cset1" initiate="no" />
> >>     </receive>
> >>     <receive createInstance="yes" ..>
> >>   </sequence>
> >>However the above construct would result in ALL process instances
> >>having the same correlation set value, which does not make any sense. 
> >>
> >>But one could still object by changing the pattern to "out" on the
> >>invoke, and asserting that the partner generates unique output
> >>messages for each invocation thereby yielding unique correlation keys.
> >>But even this very brink of the edge case forces us to change nothing
> >>in the semantics. The only significant implication is that in certain
> >>unlikely circumstances, the implementation might have to handle
> >><invoke>s and non-createInstance <receive> before it has a chance to
> >>offload the createInstance message to the createInstance <receive>
> >>(i.e. it needs to provide a "memory" for the message that created the
> >>instance). The only plausible use case for this kind of behavior is
> >>for initialization of static content. 
> >>
> >>Finally, adopting uniform execution semantics would lead us to
> >>elimination of the exceptional language in the spec that requires that
> >>process-level alarm handlers can use data that would normally only be
> >>valid after a receive activity completes. This is not so onerous, as
> >>it is possible to move a process-level event handler into a scope
> >>following the initial receives. 
> >>Changes: 4 Oct 2004 - new issue
> >>
> >>______________________________________________________________________
> >>
> >>To comment on this issue (including whether it should be accepted),
> >>please follow-up to this announcement on the
> >>wsbpel@lists.oasis-open.org list (replying to this message should
> >>automatically send your message to that list), or ensure the subject
> >>line as you send it starts "Issue - 168 - [anything]" or is a reply to
> >>such a message. If you want to formally propose a resolution to an
> >>open issue, please start the subject line "Issue - 168 - Proposed
> >>resolution", without any Re: or similar. 
> >>
> >>To add a new issue, see the issues procedures document (but the
> >>address for new issue submission is the sender of this announcement). 
> >>
> >>Choreology Anti virus scan completed
> 

This is a digitally signed message part

--- End Message ---