OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

wsbpel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [wsbpel] Issue - R26 - Default Compensation Order Conflict


Hi Alex, the answer to your question "Are the compensation order used in TH
of S1 and FH of S0 parts of the same grander compensation order?" is "yes"
because the default compensation order defined in 12.5.2 *is* exactly this
global rule. We cannot simply divide it in two disjoint steps as there are
good reasons why a modeler defined a control dependency between "A" and "B"
which must also be observed on the reverse path.

In [a], the important piece is the scope "S1" which is still running after
"B" is completed. In order to limit the number of affected cases, we might
as well only "promote" the source side of the link between "A" and "B",
that is, processing it as if there was a link between "S1" and "B".

With respect to your comments/questions in [c]:
 - both rules 2. and 3. are attempts to limit the effects to the critical
cases
    -- the point of rule 2. is that default termination handlers in "S1"
are the main cause of the default compensation order violation, however, I
agree that we have to consider custom termination handlers containing the
<compensate/> activity as well.
    -- the point of rule 3. is really an optimization -- as follows: if
there are only default compensation handlers then the order is still
violated but this violation does not create any harm because default
compensation handlers don't contain any business logic that might be
processed in the wrong order.
 - instead of "a scoped-controlled set of activities contains default
termination handler" we may say more precisely "a scope in the
scoped-controlled set of activities contains default termination handler"
-- your rephrasing is fine as well.
 - I do not agree with "IMHO, if people want to guarantee that scope B is
compensated before scope A, they should make scope S1 isolated explicitly."
because the spec cannot say "we have a conflict here but you may avoid it
by creating a different process model"

I would not make the critical cases illegal because many permeable scopes
with outgoing links (whether we like them or not) would be affected.

Kind Regards
DK
                                                                       
 Dieter König                                Mail: dieterkoenig@de.ibm.com         IBM Deutschland Entwicklung GmbH
                                                                       
 Senior Technical Staff Member               Tel (office): (+49) 7031-16-3426      Schönaicher Strasse 220
                                                                       
 Architect, Business Process Choreographer   Fax (office): (+49) 7031-16-4890      71032 Böblingen
                                                                       
 Member, Technical Expert Council            Tel (home office): (+49) 7032-201464  Germany
                                                                       





                                                                       
             Alex Yiu                                                  
             <alex.yiu@oracle.                                         
             com>                                                       To
                                       Dieter Koenig1/Germany/IBM@IBMDE
             06.11.2006 07:20                                           cc
                                       Danny van der Rijn              
                                       <dannyv@tibco.com>, Rania Khalaf
                                       <rkhalaf@watson.ibm.com>,       
                                       wsbpel@lists.oasis-open.org, Alex
                                       Yiu <alex.yiu@oracle.com>       
                                                                   Subject
                                       Re: [wsbpel] Issue - R26 - Default
                                       Compensation Order Conflict     
                                                                       
                                                                       
                                                                       
                                                                       
                                                                       
                                                                       





Hi all,

[a] Current spec description
I agree with Dieter there is a problem in our spec (at least we need to
clarify what we mean in cases similar to Dieter's example).

The semantics of "first-termination-then-rest-of-fault-handling" comes from
Section 12.6 "Termination Handlers":
      The behavior of a fault handler for a scope C begins by implicitly
      terminating all activities enclosed within C that are currently
      active.
Rule #1:
      Consider scopes A and B such that B has a control dependency on A.
      Assuming both A and B completed successfully and both must be
      compensated as part of default compensation behavior, the
      compensation handler of B MUST run to completion before the
      compensation handler of A is started.
In Dieter's example, the CH of scope "A" is first executed as a part of TH
of scope "S1" according to the default compensation order under "S1". Then,
the CH of scope "S2" is executed as a part of FH of scope "S0" according to
the default compensation order under "S0". (Of course, CH of scope "S2"
triggers CH of scope "B". But that actually does not matter. Dieter's
question remains if the link target is "S2" instead "B".)

The next question is:
Are the compensation order used in TH of S1 and FH of S0 parts of the same
grander compensation order?

I would tend to say no. Consider we have a default TH under S1 and a
customized FH under S0. The default compensation under TH under S1 of
course does not span to FH under S0.

If we agree that the compensation order of TH of a child scope does not
span to the compensation order of FH of the parent scope, then the problem
is less and easier to handle.

IMHO, two of possible solutions are:
      to add clarification to describe relationship of TH and FH in terms
      of compensation order (similar to my text above), [inclusive or]
      to relax rule #1 which describes the default compensation order
      (discussed more below)

[b] Default Compensation Order Relaxation in Danny's proposal
*** Danny,
Based on your previous email (Oct 30), your relaxation of Rule 1 is: the
default compensation order is relaxed from the reverse of control
dependency to the reverse of peer scope dependency.

(Your email sent on Nov 3rd does not seem to be saying the same thing.)

This is a relaxation because peer scope dependency is a subset of general
control dependency. Hence, the domain / area of application of rule 1
becomes smaller.

This relaxation clarifies that default compensation order only matters to
peer scopes (which are already completed successfully) and does not span or
cross scope levels (e.g spanning from S0 to S1 and back to S0 in Dieter's
example)


[c] Dieter's proposal

      If all of the following is true:
          1. scope "S2" has a direct peer-scope dependency on scope "S1"
          2. the scope-controlled set of activities of scope "S1" contains
         default termination handlers
          3. the scope-controlled set of activities of scope "S1" AND scope
      "S2" both contain at least one custom compensation handler -/break/-

      then a WS-BPEL processor MUST execute these scopes as if "S2" had a
      control   dependency on scope "S1".

I have a number of questions on Dieter's proposal:

(i) Clarifying what the proposal said: The first condition is clear and
easy to understand. But, the condition #2 and #3 are not that clear. What
does "scope-controlled set contains default termination handlers and custom
compensation handler" mean? Quoted from spec:


      Definition (Scope-Controlled Set). An activity A is within the
      scope-controlled set of activities of scope S if either A is S
      itself, or A is enclosed within S, at any depth.


Scoped-Controlled Set can be a non-scope activity. (e.g. <receive>). That
is why I am not 100% sure what "a scoped-controlled set of activities
contains default termination handler" mean.

I guess it can be re-phrased to:
      2. one or more <scope> or scope-equivalent activity of the
      scope-controlled set of scope "S1" contains default termination
      handlers
      3. one or more <scope> or scope-equivalent activity of the
      scope-controlled set of scope "S1" AND one or more <scope> or
      scope-equivalent activity of the scope-controlled set of scope "S2"
      both contain at least one custom compensation handler
I use the term "scope-equivalent activity" because of the case <invoke>
shortcut. (And, I guess the <invoke> shortcut is considered having custom
CH.)

(ii) Reasoning behind condition #2 and #3: I am not sure I follow the logic
and reasoning behind differentiating default and non-default TH and CH in
the condition.

As described in Dieter's example, scopes "S1", "A", S2" and "B" do not have
any custom CH, the forward work and reverse work pattern that Dieter does
not prefer still exists.

If S1 has a non-default TH which performs some extra login in additional
compensating scope "A", the forward work and reverse work pattern remain
the same.

If we want to follow the rough direction of Dieter's proposal, I would say
the link always behave as if they cross an isolated scope, whenever they
cross a scope.

IMHO, if people want to guarantee that scope B is compensated before scope
A, they should make scope S1 isolated explicitly.


(iii) Other information

When I was discussing Rule #2 for Default Compensation Order with Satish
(more than a year ago), I was suggesting to Satish that we may want apply
that restriction rule only to a parent scope of peer scopes which has needs
default compensation order. (e.g. using <compensate/> or having default
CH/FH/TH).

Satish replied that deciding legality of link patterns based on whether a
CH is default or not is TOO surprising to users.

I agreed with Satish after more thinking. After all, default compensation
order and default CH/FH/TH are mainly for convenience for process designer.
Its usage should not change the legality of a process definition.

Same reasoning should apply here. Using default CH/TH should NOT change the
isolated nature of the link subtly. It would be too surprsing to users!
Hence I am not comfortable with condition #2 and #3 in current Dieter's
proposal.

[d] Summary
I would prefer adding clarification described in [a] and [b]. Optionally,
we may want to make the pattern similar to Dieter's example illegal, if we
want.


Thanks!



Regards,
Alex Yiu



Dieter Koenig1 wrote:
      We definitely have a bug because we have two parts of the spec that
      imply
      contradicting default compensation orders.

      IMO, the least invasive change is to make sure that "A" cannot be
      compensated by the default termination handler of "S1". It can be
      achieved
      by "promoting" the control dependency ("B" on "A") up ("S2" on "S1").
      It
      would be sufficient to use this as a description of the runtime
      behavior.

      The behavior is similar to making "S1" non-permeable (which is also
      implied
      by isolated="yes"). We may limit the behavior change to really
      harmful
      cases (number 3. below).

      Note that in the original submitter's proposal for 12.5.2., there was
      a
      missing paragraph break in the last line (after 3. below):

      "The default compensation order is initiated by default termination
      handlers and default fault handlers, and recursively carried forward
      by
      compensation handlers. The termination phase always precedes the
      fault
      handling phase (see section 12.6. Termination Handlers). This
      sequence must
      not create a conflict with the default compensation order of scopes
      that
      are in a control dependency relationship. If all of the following is
      true:
          1. scope "S2" has a direct peer-scope dependency on scope "S1"
          2. the scope-controlled set of activities of scope "S1" contains
         default termination handlers
          3. the scope-controlled set of activities of scope "S1" AND scope
      "S2"
         both contain at least one custom compensation handler -/break/-
      then a WS-BPEL processor MUST execute these scopes as if "S2" had a
      control
         dependency on scope "S1".

      Kind Regards
      DK

       Dieter König                                Mail:
      dieterkoenig@de.ibm.com         IBM Deutschland Entwicklung GmbH


       Senior Technical Staff Member               Tel (office): (+49)
      7031-16-3426      Schönaicher Strasse 220

       Architect, Business Process Choreographer   Fax (office): (+49)
      7031-16-4890      71032 Böblingen

       Member, Technical Expert Council            Tel (home office): (+49)
      7032-201464  Germany







                   Danny van der

                   Rijn

                   <dannyv@tibco.com
      To
                   >                         Rania Khalaf

                                             <rkhalaf@watson.ibm.com>

                   03.11.2006 22:08
      cc
                                             Dieter
      Koenig1/Germany/IBM@IBMDE,
                                             wsbpel@lists.oasis-open.org


      Subject
                                             Re: [wsbpel] Issue - R26 -
      Default
                                             Compensation Order Conflict











      Yeah, my relaxation was to change to Consider scopes A and B such
      that B
      has a *Peer Scope Dependency or a control dependency* on A, but that
      still
      doesn't fix this issue.  I told you that I hadn't understood the
      issue
      completely!  While this doesn't fix this issue, it's still probably
      worth
      examining.

      Where Dieter says there's a contradiction, I think that the spec
      doesn't
      actually contradict itself.  The behavior would be as Dieter
      describes.
      The question in my mind is Do we have a bug here?

      Danny

      Rania Khalaf wrote:

            Hi,

            I was writing this mail during our discussion on the call
      today, so
            decided to just wrap it up and send it as a recap and follow-on
            questions.

             First just a quick note that  A and B are not peer scopes per
      the
            def (their parents, s1 and s2 are) so the wording below is off
      but
            Danny was  suggesting today  mod'ing it a bit.

            If s1 and s2 have completed, then there is no problem because
      the
            peer scope stuff takes care of it.

            The problem is if S1 was still running but S2 has completed.

            Then the spec dictates that first you do termination of S1 ,
      then
            once that completes, you do compensation of S0. Problem is that
      S1's
            termination compensates A. This will always happen ( per
      today's def
            of termination handlers ) before B if S1 was still running and
      S2 had
            completed.

            Now looking at proposals discussed to tackle it:

            Dieter's proposal would make sure that one never has the case
      where
            S1 is still running but S2 has completed so we will avoid this
      wierd
            behavior at runtime.

            I'm not sure I follow how the idea Danny is showing (coz he
      said he
            will relax the wording) addresses the clash between the
      compensation
            routines of the  termination handler (s1) and the scope that
      kicked
            of the termination (s0). I mean, I don't see how we wouldn't
      have to
            change the termination/fault handling behavior to enforce the
            proposal. Or are you suggesting following it up with a static
            validation check of some sort ?

            Alex is in support of Danny's direction, but i am confused
      about how
            that would work so let's follow up on e-mail.

            regards,
            Rania


            Danny van der Rijn wrote:
                  I'm not sure I understand your case completely, but if I
      do, my
                  understanding is that by the definition in 12.5.1, there
      exists
                  a Peer Scope Dependency from S1 to S2.  I think the
      intention
                  of "Rule 1" in that section was to say that this should
      cause
                  compensation of S2 before S1, but, in fact, it does not.

                  My alternate suggestion would be to move the 3
      definitions
                  before "Rule 1" and to Modify the following the first
      sentence
                  in the following paragraph

                  "Consider scopes A and B such that B has a control
      dependency
                  on A. Assuming both A and B completed successfully and
      both
                  must be compensated as part of default compensation
      behavior,
                  the compensation handler of B MUST run to completion
      before the
                  compensation handler of A is started. "

                  to say

                  "Consider scopes A and B such that B has a *Peer Scope
                  Dependency* on A. Assuming both A and B completed
      successfully
                  and both must be compensated as part of default
      compensation
                  behavior, the compensation handler of B MUST run to
      completion
                  before the compensation handler of A is started."



                  ws-bpel issues list editor wrote:


                        This issue has been added to the wsbpel issue list
      with a
                        status of "received". The status will be changed to
                        "open" if a motion to open the issue is proposed
      and that
                        motion is approved by the TC. A motion could also
      be
                        proposed to close it without further consideration.
                        Otherwise it will remain as "received".


                        The issues list is posted as a Technical Committee
                        document to the OASIS WSBPEL TC pages on a regular
      basis.
                        The current edition, as a TC document, is the most
      recent
                        version of the document entitled in the "Issues"
      folder
                        of the WSBPEL TC document list - the next posting
      as a TC
                        document will include this issue. The list editor's
                        working copy, which will normally include an issue
      when
                        it is announced, is available at this constant URL.


                        Issue - R26 - Default Compensation Order Conflict
                        Status: received
                        Date added: 30 Oct 2006
                        Date submitted: 27 October 2006
                        Submitter: Dieter Koenig
                        Description: Consider the following hierarchy of
      scopes.
                        In this example, none of the scopes is isolated,
      all
                        scopes only have default fault handlers and default
                        termination handlers, and scopes "A" and "B" have
      custom
                        compensation handlers.
                        scope name="S0"
                           flow
                              scope name="S1"
                                 scope name="A"
                                    source link="fromAtoB"
                                 ...
                              scope name="S2"
                                 scope name="B"
                                    target link="fromAtoB"
                                 ...
                              activity name="E"

                        Assume a point in time where scopes "A" and "B" and
      "S2"
                        have completed successfully, and scope "S1" and
      activity
                        "E" are still running.


                        Further assume that activity "E" now throws a fault
      which
                        is caught by the default fault handler of scope
      "S0".
                           1. All running activities inside of scope "S0"
      are
                              terminated, and the default termination
      handler of
                              scope "S1" compensates scope "A".
                           2. The default fault handler of scope "S0" then
                              compensates scope "S2", which in turn
      compensates
                              scope "B".


                        The observed compensation order "A then B" is
      caused by
                        the sequence "first termination, then fault
      handling".
                        OTOH, the required compensation order "B then A"
      implied
                        by the control dependency of "B" on "A".


                        This is a contradiction.


                        Note that this situation cannot occur when the
      scope "S1"
                        is an isolated scope. In this case, the link
      "fromAtoB"
                        cannot leave the scope "S1" before it completes. In
      this
                        case, scope "S1" always completes before scope
      "S2", and
                        compensation of "A" cannot be caused by a
      termination
                        handler before scope "B" is compensated.


                        Moreover, this conflict is irrelevant if scope "S1"
      OR
                        scope "S2" only contain default compensation
      handlers,
                        because in this case, no custom compensation logic
      can be
                        executed in the wrong order.
                        Submitter's proposal: In order to avoid conflicts
      between
                        the termination-handling / fault-handling sequence
      and
                        the default compensation order, different
      strategies can
                        be considered, for example, enforcing the absence
      of such
                        conflicts during static analysis. A less
      restrictive
                        approach is proposed here, which only affects the
      runtime
                        behavior.


                        At the end of section 12.5.2, add the following
                        paragraph:


                              "The default compensation order is initiated
      by
                              default termination handlers and default
      fault
                              handlers, and recursively carried forward by
                              compensation handlers. The termination phase
      always
                              precedes the fault handling phase (see
      section
                              12.6. Termination Handlers). This sequence
      must not
                              create a conflict with the default
      compensation
                              order of scopes that are in a control
      dependency
                              relationship. If all of the following is
      true:
                                 1. scope "S2" has a direct peer-scope
      dependency
                                    on scope "S1"
                                 2. the scope-controlled set of activities
      of
                                    scope "S1" contains default termination
                                    handlers
                                 3. the scope-controlled set of activities
      of
                                    scope "S1" AND scope "S2" both contain
      at
                                    least one custom compensation handler
      then a
                                    WS-BPEL processor MUST execute these
      scopes
                                    as if "S2" had a control dependency on
      scope
                                    "S1".

                        Changes: 30 Oct 2006 - new issue



                        To comment on this issue (including whether it
      should be
                        accepted), please follow-up to this announcement on
      the
                        wsbpel@lists.oasis-open.org list (replying to this
                        message should automatically send your message to
      that
                        list), or ensure the subject line as you send it
      starts
                        "Issue - R26 - [anything]" or is a reply to such a
                        message. If you want to formally propose a
      resolution to
                        an open issue, please start the subject line "Issue
      - R26
                        - Proposed resolution", without any Re: or similar.


                        To add a new issue, see the issues procedures
      document











[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]