[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [wsbpel] Issue - R26 - Default Compensation Order Conflict
Hi Alex, the answer to your question "Are the compensation order used in TH of S1 and FH of S0 parts of the same grander compensation order?" is "yes" because the default compensation order defined in 12.5.2 *is* exactly this global rule. We cannot simply divide it in two disjoint steps as there are good reasons why a modeler defined a control dependency between "A" and "B" which must also be observed on the reverse path. In [a], the important piece is the scope "S1" which is still running after "B" is completed. In order to limit the number of affected cases, we might as well only "promote" the source side of the link between "A" and "B", that is, processing it as if there was a link between "S1" and "B". With respect to your comments/questions in [c]: - both rules 2. and 3. are attempts to limit the effects to the critical cases -- the point of rule 2. is that default termination handlers in "S1" are the main cause of the default compensation order violation, however, I agree that we have to consider custom termination handlers containing the <compensate/> activity as well. -- the point of rule 3. is really an optimization -- as follows: if there are only default compensation handlers then the order is still violated but this violation does not create any harm because default compensation handlers don't contain any business logic that might be processed in the wrong order. - instead of "a scoped-controlled set of activities contains default termination handler" we may say more precisely "a scope in the scoped-controlled set of activities contains default termination handler" -- your rephrasing is fine as well. - I do not agree with "IMHO, if people want to guarantee that scope B is compensated before scope A, they should make scope S1 isolated explicitly." because the spec cannot say "we have a conflict here but you may avoid it by creating a different process model" I would not make the critical cases illegal because many permeable scopes with outgoing links (whether we like them or not) would be affected. Kind Regards DK Dieter König Mail: dieterkoenig@de.ibm.com IBM Deutschland Entwicklung GmbH Senior Technical Staff Member Tel (office): (+49) 7031-16-3426 Schönaicher Strasse 220 Architect, Business Process Choreographer Fax (office): (+49) 7031-16-4890 71032 Böblingen Member, Technical Expert Council Tel (home office): (+49) 7032-201464 Germany Alex Yiu <alex.yiu@oracle. com> To Dieter Koenig1/Germany/IBM@IBMDE 06.11.2006 07:20 cc Danny van der Rijn <dannyv@tibco.com>, Rania Khalaf <rkhalaf@watson.ibm.com>, wsbpel@lists.oasis-open.org, Alex Yiu <alex.yiu@oracle.com> Subject Re: [wsbpel] Issue - R26 - Default Compensation Order Conflict Hi all, [a] Current spec description I agree with Dieter there is a problem in our spec (at least we need to clarify what we mean in cases similar to Dieter's example). The semantics of "first-termination-then-rest-of-fault-handling" comes from Section 12.6 "Termination Handlers": The behavior of a fault handler for a scope C begins by implicitly terminating all activities enclosed within C that are currently active. Rule #1: Consider scopes A and B such that B has a control dependency on A. Assuming both A and B completed successfully and both must be compensated as part of default compensation behavior, the compensation handler of B MUST run to completion before the compensation handler of A is started. In Dieter's example, the CH of scope "A" is first executed as a part of TH of scope "S1" according to the default compensation order under "S1". Then, the CH of scope "S2" is executed as a part of FH of scope "S0" according to the default compensation order under "S0". (Of course, CH of scope "S2" triggers CH of scope "B". But that actually does not matter. Dieter's question remains if the link target is "S2" instead "B".) The next question is: Are the compensation order used in TH of S1 and FH of S0 parts of the same grander compensation order? I would tend to say no. Consider we have a default TH under S1 and a customized FH under S0. The default compensation under TH under S1 of course does not span to FH under S0. If we agree that the compensation order of TH of a child scope does not span to the compensation order of FH of the parent scope, then the problem is less and easier to handle. IMHO, two of possible solutions are: to add clarification to describe relationship of TH and FH in terms of compensation order (similar to my text above), [inclusive or] to relax rule #1 which describes the default compensation order (discussed more below) [b] Default Compensation Order Relaxation in Danny's proposal *** Danny, Based on your previous email (Oct 30), your relaxation of Rule 1 is: the default compensation order is relaxed from the reverse of control dependency to the reverse of peer scope dependency. (Your email sent on Nov 3rd does not seem to be saying the same thing.) This is a relaxation because peer scope dependency is a subset of general control dependency. Hence, the domain / area of application of rule 1 becomes smaller. This relaxation clarifies that default compensation order only matters to peer scopes (which are already completed successfully) and does not span or cross scope levels (e.g spanning from S0 to S1 and back to S0 in Dieter's example) [c] Dieter's proposal If all of the following is true: 1. scope "S2" has a direct peer-scope dependency on scope "S1" 2. the scope-controlled set of activities of scope "S1" contains default termination handlers 3. the scope-controlled set of activities of scope "S1" AND scope "S2" both contain at least one custom compensation handler -/break/- then a WS-BPEL processor MUST execute these scopes as if "S2" had a control dependency on scope "S1". I have a number of questions on Dieter's proposal: (i) Clarifying what the proposal said: The first condition is clear and easy to understand. But, the condition #2 and #3 are not that clear. What does "scope-controlled set contains default termination handlers and custom compensation handler" mean? Quoted from spec: Definition (Scope-Controlled Set). An activity A is within the scope-controlled set of activities of scope S if either A is S itself, or A is enclosed within S, at any depth. Scoped-Controlled Set can be a non-scope activity. (e.g. <receive>). That is why I am not 100% sure what "a scoped-controlled set of activities contains default termination handler" mean. I guess it can be re-phrased to: 2. one or more <scope> or scope-equivalent activity of the scope-controlled set of scope "S1" contains default termination handlers 3. one or more <scope> or scope-equivalent activity of the scope-controlled set of scope "S1" AND one or more <scope> or scope-equivalent activity of the scope-controlled set of scope "S2" both contain at least one custom compensation handler I use the term "scope-equivalent activity" because of the case <invoke> shortcut. (And, I guess the <invoke> shortcut is considered having custom CH.) (ii) Reasoning behind condition #2 and #3: I am not sure I follow the logic and reasoning behind differentiating default and non-default TH and CH in the condition. As described in Dieter's example, scopes "S1", "A", S2" and "B" do not have any custom CH, the forward work and reverse work pattern that Dieter does not prefer still exists. If S1 has a non-default TH which performs some extra login in additional compensating scope "A", the forward work and reverse work pattern remain the same. If we want to follow the rough direction of Dieter's proposal, I would say the link always behave as if they cross an isolated scope, whenever they cross a scope. IMHO, if people want to guarantee that scope B is compensated before scope A, they should make scope S1 isolated explicitly. (iii) Other information When I was discussing Rule #2 for Default Compensation Order with Satish (more than a year ago), I was suggesting to Satish that we may want apply that restriction rule only to a parent scope of peer scopes which has needs default compensation order. (e.g. using <compensate/> or having default CH/FH/TH). Satish replied that deciding legality of link patterns based on whether a CH is default or not is TOO surprising to users. I agreed with Satish after more thinking. After all, default compensation order and default CH/FH/TH are mainly for convenience for process designer. Its usage should not change the legality of a process definition. Same reasoning should apply here. Using default CH/TH should NOT change the isolated nature of the link subtly. It would be too surprsing to users! Hence I am not comfortable with condition #2 and #3 in current Dieter's proposal. [d] Summary I would prefer adding clarification described in [a] and [b]. Optionally, we may want to make the pattern similar to Dieter's example illegal, if we want. Thanks! Regards, Alex Yiu Dieter Koenig1 wrote: We definitely have a bug because we have two parts of the spec that imply contradicting default compensation orders. IMO, the least invasive change is to make sure that "A" cannot be compensated by the default termination handler of "S1". It can be achieved by "promoting" the control dependency ("B" on "A") up ("S2" on "S1"). It would be sufficient to use this as a description of the runtime behavior. The behavior is similar to making "S1" non-permeable (which is also implied by isolated="yes"). We may limit the behavior change to really harmful cases (number 3. below). Note that in the original submitter's proposal for 12.5.2., there was a missing paragraph break in the last line (after 3. below): "The default compensation order is initiated by default termination handlers and default fault handlers, and recursively carried forward by compensation handlers. The termination phase always precedes the fault handling phase (see section 12.6. Termination Handlers). This sequence must not create a conflict with the default compensation order of scopes that are in a control dependency relationship. If all of the following is true: 1. scope "S2" has a direct peer-scope dependency on scope "S1" 2. the scope-controlled set of activities of scope "S1" contains default termination handlers 3. the scope-controlled set of activities of scope "S1" AND scope "S2" both contain at least one custom compensation handler -/break/- then a WS-BPEL processor MUST execute these scopes as if "S2" had a control dependency on scope "S1". Kind Regards DK Dieter König Mail: dieterkoenig@de.ibm.com IBM Deutschland Entwicklung GmbH Senior Technical Staff Member Tel (office): (+49) 7031-16-3426 Schönaicher Strasse 220 Architect, Business Process Choreographer Fax (office): (+49) 7031-16-4890 71032 Böblingen Member, Technical Expert Council Tel (home office): (+49) 7032-201464 Germany Danny van der Rijn <dannyv@tibco.com To > Rania Khalaf <rkhalaf@watson.ibm.com> 03.11.2006 22:08 cc Dieter Koenig1/Germany/IBM@IBMDE, wsbpel@lists.oasis-open.org Subject Re: [wsbpel] Issue - R26 - Default Compensation Order Conflict Yeah, my relaxation was to change to Consider scopes A and B such that B has a *Peer Scope Dependency or a control dependency* on A, but that still doesn't fix this issue. I told you that I hadn't understood the issue completely! While this doesn't fix this issue, it's still probably worth examining. Where Dieter says there's a contradiction, I think that the spec doesn't actually contradict itself. The behavior would be as Dieter describes. The question in my mind is Do we have a bug here? Danny Rania Khalaf wrote: Hi, I was writing this mail during our discussion on the call today, so decided to just wrap it up and send it as a recap and follow-on questions. First just a quick note that A and B are not peer scopes per the def (their parents, s1 and s2 are) so the wording below is off but Danny was suggesting today mod'ing it a bit. If s1 and s2 have completed, then there is no problem because the peer scope stuff takes care of it. The problem is if S1 was still running but S2 has completed. Then the spec dictates that first you do termination of S1 , then once that completes, you do compensation of S0. Problem is that S1's termination compensates A. This will always happen ( per today's def of termination handlers ) before B if S1 was still running and S2 had completed. Now looking at proposals discussed to tackle it: Dieter's proposal would make sure that one never has the case where S1 is still running but S2 has completed so we will avoid this wierd behavior at runtime. I'm not sure I follow how the idea Danny is showing (coz he said he will relax the wording) addresses the clash between the compensation routines of the termination handler (s1) and the scope that kicked of the termination (s0). I mean, I don't see how we wouldn't have to change the termination/fault handling behavior to enforce the proposal. Or are you suggesting following it up with a static validation check of some sort ? Alex is in support of Danny's direction, but i am confused about how that would work so let's follow up on e-mail. regards, Rania Danny van der Rijn wrote: I'm not sure I understand your case completely, but if I do, my understanding is that by the definition in 12.5.1, there exists a Peer Scope Dependency from S1 to S2. I think the intention of "Rule 1" in that section was to say that this should cause compensation of S2 before S1, but, in fact, it does not. My alternate suggestion would be to move the 3 definitions before "Rule 1" and to Modify the following the first sentence in the following paragraph "Consider scopes A and B such that B has a control dependency on A. Assuming both A and B completed successfully and both must be compensated as part of default compensation behavior, the compensation handler of B MUST run to completion before the compensation handler of A is started. " to say "Consider scopes A and B such that B has a *Peer Scope Dependency* on A. Assuming both A and B completed successfully and both must be compensated as part of default compensation behavior, the compensation handler of B MUST run to completion before the compensation handler of A is started." ws-bpel issues list editor wrote: This issue has been added to the wsbpel issue list with a status of "received". The status will be changed to "open" if a motion to open the issue is proposed and that motion is approved by the TC. A motion could also be proposed to close it without further consideration. Otherwise it will remain as "received". The issues list is posted as a Technical Committee document to the OASIS WSBPEL TC pages on a regular basis. The current edition, as a TC document, is the most recent version of the document entitled in the "Issues" folder of the WSBPEL TC document list - the next posting as a TC document will include this issue. The list editor's working copy, which will normally include an issue when it is announced, is available at this constant URL. Issue - R26 - Default Compensation Order Conflict Status: received Date added: 30 Oct 2006 Date submitted: 27 October 2006 Submitter: Dieter Koenig Description: Consider the following hierarchy of scopes. In this example, none of the scopes is isolated, all scopes only have default fault handlers and default termination handlers, and scopes "A" and "B" have custom compensation handlers. scope name="S0" flow scope name="S1" scope name="A" source link="fromAtoB" ... scope name="S2" scope name="B" target link="fromAtoB" ... activity name="E" Assume a point in time where scopes "A" and "B" and "S2" have completed successfully, and scope "S1" and activity "E" are still running. Further assume that activity "E" now throws a fault which is caught by the default fault handler of scope "S0". 1. All running activities inside of scope "S0" are terminated, and the default termination handler of scope "S1" compensates scope "A". 2. The default fault handler of scope "S0" then compensates scope "S2", which in turn compensates scope "B". The observed compensation order "A then B" is caused by the sequence "first termination, then fault handling". OTOH, the required compensation order "B then A" implied by the control dependency of "B" on "A". This is a contradiction. Note that this situation cannot occur when the scope "S1" is an isolated scope. In this case, the link "fromAtoB" cannot leave the scope "S1" before it completes. In this case, scope "S1" always completes before scope "S2", and compensation of "A" cannot be caused by a termination handler before scope "B" is compensated. Moreover, this conflict is irrelevant if scope "S1" OR scope "S2" only contain default compensation handlers, because in this case, no custom compensation logic can be executed in the wrong order. Submitter's proposal: In order to avoid conflicts between the termination-handling / fault-handling sequence and the default compensation order, different strategies can be considered, for example, enforcing the absence of such conflicts during static analysis. A less restrictive approach is proposed here, which only affects the runtime behavior. At the end of section 12.5.2, add the following paragraph: "The default compensation order is initiated by default termination handlers and default fault handlers, and recursively carried forward by compensation handlers. The termination phase always precedes the fault handling phase (see section 12.6. Termination Handlers). This sequence must not create a conflict with the default compensation order of scopes that are in a control dependency relationship. If all of the following is true: 1. scope "S2" has a direct peer-scope dependency on scope "S1" 2. the scope-controlled set of activities of scope "S1" contains default termination handlers 3. the scope-controlled set of activities of scope "S1" AND scope "S2" both contain at least one custom compensation handler then a WS-BPEL processor MUST execute these scopes as if "S2" had a control dependency on scope "S1". Changes: 30 Oct 2006 - new issue To comment on this issue (including whether it should be accepted), please follow-up to this announcement on the wsbpel@lists.oasis-open.org list (replying to this message should automatically send your message to that list), or ensure the subject line as you send it starts "Issue - R26 - [anything]" or is a reply to such a message. If you want to formally propose a resolution to an open issue, please start the subject line "Issue - R26 - Proposed resolution", without any Re: or similar. To add a new issue, see the issues procedures document
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]