Hi all,
[a] Current spec description
I agree with Dieter there is a problem in our spec (at least we need to
clarify what we mean in cases similar to Dieter's example).
The
semantics of "first-termination-then-rest-of-fault-handling" comes from
Section 12.6 "Termination Handlers":
The behavior of a fault handler for a scope C begins
by implicitly terminating all activities enclosed within C that are
currently
active.
Rule #1:
Consider
scopes A and B such that B has a
control dependency on A. Assuming both A and B completed successfully
and both
must be compensated as part of default compensation behavior, the
compensation
handler of B MUST run to completion before the compensation handler of
A is
started.
In Dieter's example, the CH of scope "A" is first
executed as a part of TH of scope "S1" according to the
default compensation order under "S1". Then, the CH of
scope "S2" is executed as a part of FH of scope "S0"
according to the default compensation order under "S0". (Of course, CH
of scope "S2" triggers CH of scope "B". But that actually does not
matter. Dieter's question remains if the link target is "S2" instead
"B".)
The next question is:
Are the compensation order used in TH of S1 and FH of S0 parts of the
same grander compensation order?
I would tend to say no. Consider we have a default TH under S1 and a
customized FH under S0. The default compensation under TH under S1 of
course does not span to FH under S0.
If we agree that the compensation order of TH of a child scope does not
span to the compensation order of FH of the parent scope, then the
problem is less and easier to handle.
IMHO, two of possible solutions are:
- to add clarification to describe relationship of TH and FH in
terms of compensation order (similar to my text above), [inclusive or]
- to relax rule #1 which describes the default compensation order
(discussed more below)
[b] Default Compensation Order Relaxation in Danny's proposal
*** Danny,
Based on your previous email (Oct 30), your relaxation of Rule 1
is: the default compensation order is relaxed from the reverse
of
control dependency to the reverse of peer scope
dependency.
(Your email sent on Nov 3rd does not seem to be saying the same thing.)
This is a relaxation because peer scope dependency is a subset of
general control dependency. Hence, the domain / area of application of
rule 1 becomes smaller.
This relaxation clarifies that default compensation order only matters
to peer scopes (which are already completed successfully) and does not
span or cross scope levels (e.g spanning from S0 to S1 and back to S0
in Dieter's example)
[c] Dieter's proposal
If all of the following is true:
1. scope "S2" has a direct peer-scope dependency on scope "S1"
2. the scope-controlled set of activities of scope "S1" contains
default termination handlers
3. the scope-controlled set of activities of scope "S1" AND scope "S2" both contain at least one custom compensation handler -/break/-
then a WS-BPEL processor MUST execute these scopes as if "S2" had a control dependency on scope "S1".
I have a number of questions on Dieter's proposal:
(i) Clarifying what the proposal said: The first condition is
clear and easy to understand. But, the condition #2 and #3 are not that
clear. What does "scope-controlled set contains default termination
handlers and custom compensation handler" mean? Quoted from spec:
Definition
(Scope-Controlled Set). An activity A is within the scope-controlled set of activities of
scope S if either A is S itself, or A is enclosed within S, at any
depth.
Scoped-Controlled Set can be a non-scope activity. (e.g.
<receive>). That is why I am not 100% sure what "a
scoped-controlled set of activities contains default termination
handler" mean.
I guess it can be re-phrased to:
2. one or more <scope> or scope-equivalent
activity of the scope-controlled set of scope "S1" contains default
termination handlers
3. one or more <scope> or scope-equivalent activity of the
scope-controlled set of scope "S1" AND one or more <scope> or
scope-equivalent activity of the scope-controlled set of scope
"S2" both contain at least one custom compensation handler
I use the term "scope-equivalent activity" because of the case
<invoke> shortcut. (And, I guess the <invoke> shortcut is
considered having custom CH.)
(ii) Reasoning behind condition #2 and #3: I am not sure I
follow the logic and reasoning behind differentiating default and
non-default TH and CH in the condition.
As described in Dieter's example, scopes "S1", "A", S2" and "B" do not
have any custom CH, the forward work and reverse work pattern that
Dieter does not prefer still exists.
If S1 has a non-default TH which performs some extra login in
additional compensating scope "A", the forward work and reverse work
pattern remain the same.
If we want to follow the rough direction of Dieter's proposal, I would
say the link always behave as if they cross an isolated scope, whenever
they cross a scope.
IMHO, if people want to guarantee that scope B is compensated before
scope A, they should make scope S1 isolated explicitly.
(iii) Other information
When I was discussing Rule #2 for Default Compensation Order with
Satish (more than a year ago), I was suggesting to Satish that we may
want apply that restriction rule only to a parent scope
of peer scopes which has needs default compensation order. (e.g. using
<compensate/> or having default CH/FH/TH).
Satish replied that deciding legality of link patterns based on whether
a CH is default or not is TOO surprising to users.
I agreed with Satish after more thinking. After all, default
compensation order and default CH/FH/TH are mainly for convenience for
process designer. Its usage should not change the legality of a process
definition.
Same reasoning should apply here. Using default CH/TH should NOT change
the isolated nature of the link subtly. It would be too surprsing to
users! Hence I am not comfortable with condition #2 and #3 in current
Dieter's proposal.
[d] Summary
I would prefer adding clarification described in [a] and [b].
Optionally, we may want to make the pattern similar to Dieter's example
illegal, if we want.
Thanks!
Regards,
Alex Yiu
Dieter Koenig1 wrote:
We definitely have a bug because we have two parts of the spec that imply
contradicting default compensation orders.
IMO, the least invasive change is to make sure that "A" cannot be
compensated by the default termination handler of "S1". It can be achieved
by "promoting" the control dependency ("B" on "A") up ("S2" on "S1"). It
would be sufficient to use this as a description of the runtime behavior.
The behavior is similar to making "S1" non-permeable (which is also implied
by isolated="yes"). We may limit the behavior change to really harmful
cases (number 3. below).
Note that in the original submitter's proposal for 12.5.2., there was a
missing paragraph break in the last line (after 3. below):
"The default compensation order is initiated by default termination
handlers and default fault handlers, and recursively carried forward by
compensation handlers. The termination phase always precedes the fault
handling phase (see section 12.6. Termination Handlers). This sequence must
not create a conflict with the default compensation order of scopes that
are in a control dependency relationship. If all of the following is true:
1. scope "S2" has a direct peer-scope dependency on scope "S1"
2. the scope-controlled set of activities of scope "S1" contains
default termination handlers
3. the scope-controlled set of activities of scope "S1" AND scope "S2"
both contain at least one custom compensation handler -/break/-
then a WS-BPEL processor MUST execute these scopes as if "S2" had a control
dependency on scope "S1".
Kind Regards
DK
Dieter König Mail: dieterkoenig@de.ibm.com IBM Deutschland Entwicklung GmbH
Senior Technical Staff Member Tel (office): (+49) 7031-16-3426 Schönaicher Strasse 220
Architect, Business Process Choreographer Fax (office): (+49) 7031-16-4890 71032 Böblingen
Member, Technical Expert Council Tel (home office): (+49) 7032-201464 Germany
Danny van der
Rijn
<dannyv@tibco.com To
> Rania Khalaf
<rkhalaf@watson.ibm.com>
03.11.2006 22:08 cc
Dieter Koenig1/Germany/IBM@IBMDE,
wsbpel@lists.oasis-open.org
Subject
Re: [wsbpel] Issue - R26 - Default
Compensation Order Conflict
Yeah, my relaxation was to change to Consider scopes A and B such that B
has a *Peer Scope Dependency or a control dependency* on A, but that still
doesn't fix this issue. I told you that I hadn't understood the issue
completely! While this doesn't fix this issue, it's still probably worth
examining.
Where Dieter says there's a contradiction, I think that the spec doesn't
actually contradict itself. The behavior would be as Dieter describes.
The question in my mind is Do we have a bug here?
Danny
Rania Khalaf wrote:
Hi,
I was writing this mail during our discussion on the call today, so
decided to just wrap it up and send it as a recap and follow-on
questions.
First just a quick note that A and B are not peer scopes per the
def (their parents, s1 and s2 are) so the wording below is off but
Danny was suggesting today mod'ing it a bit.
If s1 and s2 have completed, then there is no problem because the
peer scope stuff takes care of it.
The problem is if S1 was still running but S2 has completed.
Then the spec dictates that first you do termination of S1 , then
once that completes, you do compensation of S0. Problem is that S1's
termination compensates A. This will always happen ( per today's def
of termination handlers ) before B if S1 was still running and S2 had
completed.
Now looking at proposals discussed to tackle it:
Dieter's proposal would make sure that one never has the case where
S1 is still running but S2 has completed so we will avoid this wierd
behavior at runtime.
I'm not sure I follow how the idea Danny is showing (coz he said he
will relax the wording) addresses the clash between the compensation
routines of the termination handler (s1) and the scope that kicked
of the termination (s0). I mean, I don't see how we wouldn't have to
change the termination/fault handling behavior to enforce the
proposal. Or are you suggesting following it up with a static
validation check of some sort ?
Alex is in support of Danny's direction, but i am confused about how
that would work so let's follow up on e-mail.
regards,
Rania
Danny van der Rijn wrote:
I'm not sure I understand your case completely, but if I do, my
understanding is that by the definition in 12.5.1, there exists
a Peer Scope Dependency from S1 to S2. I think the intention
of "Rule 1" in that section was to say that this should cause
compensation of S2 before S1, but, in fact, it does not.
My alternate suggestion would be to move the 3 definitions
before "Rule 1" and to Modify the following the first sentence
in the following paragraph
"Consider scopes A and B such that B has a control dependency
on A. Assuming both A and B completed successfully and both
must be compensated as part of default compensation behavior,
the compensation handler of B MUST run to completion before the
compensation handler of A is started. "
to say
"Consider scopes A and B such that B has a *Peer Scope
Dependency* on A. Assuming both A and B completed successfully
and both must be compensated as part of default compensation
behavior, the compensation handler of B MUST run to completion
before the compensation handler of A is started."
ws-bpel issues list editor wrote:
This issue has been added to the wsbpel issue list with a
status of "received". The status will be changed to
"open" if a motion to open the issue is proposed and that
motion is approved by the TC. A motion could also be
proposed to close it without further consideration.
Otherwise it will remain as "received".
The issues list is posted as a Technical Committee
document to the OASIS WSBPEL TC pages on a regular basis.
The current edition, as a TC document, is the most recent
version of the document entitled in the "Issues" folder
of the WSBPEL TC document list - the next posting as a TC
document will include this issue. The list editor's
working copy, which will normally include an issue when
it is announced, is available at this constant URL.
Issue - R26 - Default Compensation Order Conflict
Status: received
Date added: 30 Oct 2006
Date submitted: 27 October 2006
Submitter: Dieter Koenig
Description: Consider the following hierarchy of scopes.
In this example, none of the scopes is isolated, all
scopes only have default fault handlers and default
termination handlers, and scopes "A" and "B" have custom
compensation handlers.
scope name="S0"
flow
scope name="S1"
scope name="A"
source link="fromAtoB"
...
scope name="S2"
scope name="B"
target link="fromAtoB"
...
activity name="E"
Assume a point in time where scopes "A" and "B" and "S2"
have completed successfully, and scope "S1" and activity
"E" are still running.
Further assume that activity "E" now throws a fault which
is caught by the default fault handler of scope "S0".
1. All running activities inside of scope "S0" are
terminated, and the default termination handler of
scope "S1" compensates scope "A".
2. The default fault handler of scope "S0" then
compensates scope "S2", which in turn compensates
scope "B".
The observed compensation order "A then B" is caused by
the sequence "first termination, then fault handling".
OTOH, the required compensation order "B then A" implied
by the control dependency of "B" on "A".
This is a contradiction.
Note that this situation cannot occur when the scope "S1"
is an isolated scope. In this case, the link "fromAtoB"
cannot leave the scope "S1" before it completes. In this
case, scope "S1" always completes before scope "S2", and
compensation of "A" cannot be caused by a termination
handler before scope "B" is compensated.
Moreover, this conflict is irrelevant if scope "S1" OR
scope "S2" only contain default compensation handlers,
because in this case, no custom compensation logic can be
executed in the wrong order.
Submitter's proposal: In order to avoid conflicts between
the termination-handling / fault-handling sequence and
the default compensation order, different strategies can
be considered, for example, enforcing the absence of such
conflicts during static analysis. A less restrictive
approach is proposed here, which only affects the runtime
behavior.
At the end of section 12.5.2, add the following
paragraph:
"The default compensation order is initiated by
default termination handlers and default fault
handlers, and recursively carried forward by
compensation handlers. The termination phase always
precedes the fault handling phase (see section
12.6. Termination Handlers). This sequence must not
create a conflict with the default compensation
order of scopes that are in a control dependency
relationship. If all of the following is true:
1. scope "S2" has a direct peer-scope dependency
on scope "S1"
2. the scope-controlled set of activities of
scope "S1" contains default termination
handlers
3. the scope-controlled set of activities of
scope "S1" AND scope "S2" both contain at
least one custom compensation handler then a
WS-BPEL processor MUST execute these scopes
as if "S2" had a control dependency on scope
"S1".
Changes: 30 Oct 2006 - new issue
To comment on this issue (including whether it should be
accepted), please follow-up to this announcement on the
wsbpel@lists.oasis-open.org list (replying to this
message should automatically send your message to that
list), or ensure the subject line as you send it starts
"Issue - R26 - [anything]" or is a reply to such a
message. If you want to formally propose a resolution to
an open issue, please start the subject line "Issue - R26
- Proposed resolution", without any Re: or similar.
To add a new issue, see the issues procedures document
|