A lower bound on web services composition

Logical Methods in Computer Science V ol. 4 (2:5) 2008, pp. 1–14 www .lmcs-online.org Submitted Sep . 21, 2007 Published Ma y 15, 2008 A LO WER BOUND ON WE B SER VICES COMPOSITI ON ANCA MUSCHOLL a AND IGOR W ALU KIEWICZ b a LaBRI, Universit ´ e Bordeaux, 351, Cours de la Lib ´ eration, F-33 405, T ale nce cedex, F rance e-mail addr ess : anca@labri.fr b CNRS LaBRI, 351, Cours de la Lib ´ eration, F-33 405, T alence cedex, F rance e-mail addr ess : igw@labri.fr Abstra ct. A w eb serv ice is mo deled here as a finite state machine. A composition problem for w eb services is to decide if a given w eb service can b e constructed from a given set of w eb services; where the constru ct ion is und erstoo d as a si mula tion of the specification by a fully async hronous product of the giv en services. W e show an EXPTIME-lo w er b ound for this problem, thus matching the known up p er b ou n d. Our result also applies to richer mod els of web services, suc h as the Roman mo del. 1. Int roduction Inherently distr ibuted applicatio ns such as web services [1] in creasingly get in to the fo cus of automat ed verificat ion tec hniques. Often, some basic e-services are already imple- men ted, but n o such simple service can answer to a more complex query . F or instance, a user in terested in hiking Mt. Ev erest will ask a tra vel agency for information concerning we ather forecast, group tra v els, guid es etc. The trav el agency w ill con tact different e-services, ask- ing for su c h information and making appropriate reserv ations, if p laces are a v ailable. In general, single services suc h as weat her forecast or group reserv ations, are already a v ailable and it is imp ortan t to b e able to reuse them without any change . The task of the tr av el agency is to comp ose basic e-services in suc h a w a y that the u ser’s requiremen ts are met (and eve n tually some constrain ts wrt. the called services, su c h as a v oiding unreliable on es). Th us, one main ob jectiv e is to b e able to c h ec k automatica lly that the comp osition of basic e-services satisfies certain d esirable p r op erties or realizes another complex e-service. In this pap er w e study a problem that arises in the c omp osition of e-services as con- sidered in [2, 3, 4]. The setting is the follo wing: w e get as input a sp ecification (goal) B , together w ith n a v ailable services A 1 , . . . , A n . Then we ask whether the comp osition of the services A i can sim ulate the b eha vior of the goal B . This pr oblem is kno wn as c omp osition synthesis . I t amounts to syn thesize a so-ca lled dele g ator , that tells at any moment whic h 1998 ACM Subje ct C l assific ation: F.1.2, F.3.1. Key wor ds and phr ases: Automata sim ulation, complexity , web services comp osition. a,b W ork sup p orted by t he pro jects ANR DOCFLOW (A NR-06-MDCA-005) and ANR DOTS (A NR-06- SETI-003). LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.216 8/LMCS-4 (2:5) 2008 c  A. Muscholl and I. Walukiewicz CC  Cr eative Comm ons 2 A. MUSCHOLL AND I. W ALUKIEWICZ service m ust p erform an action. In essence, a delegator implemen ts a sim ulation relation of the goal service B b y the composition of the av ailable services A i . In the most general setting, as considered for instance in [9, 8, 7 ], services are mo deled b y comm u nicating state mac h ines [5], that ha ve access to some lo cal data. In this pap er, w e reconsider the simp lified setting of the so-called Roman mod el [2] where services are finite state pro cesses with no access to data and no mutual syn c h ronization. This restriction is s ev ere, ho w ev er sufficient for our purp oses, sin ce our primary motiv ation is to obtain a complexit y lo wer b ound for the comp osition syn thesis p roblem. In this pap er w e study the complexit y of the comp osition synthesis problem in the v ery simple setting where th e comp osition of the fin ite state mac hines A i is fully async hronous (in particular there is no comm unication). This case is in teresting for t wo reasons. It is kno wn to b e decidable in Exptime [2], cont rary to some ric h er framewo rks where it is un- decidable [3 ]. It is also p robably the simplest setting where th e p roblem can b e formulate d, th us the complexit y of this v ariant gi v es a lo wer b ound on the complexit y of an y other v arian ts of the s yn thesis problem. A related problem arises wh en instead of sim ulation one considers bisimulation. This is sometimes calle d or chestr ation pr oblem , where the issue is to fi nd a comm unication arc hitecture of the a v ailable services, that is equiv alen t to the goal, mo dulo bisimulat ion. In ou r setting, this p roblem amoun ts to chec king if the asynchronous comp osition of finite state machines is bisimilar to a give n machine. The main result of this pap er is the Exptime low er b ound for the comp osition synthesis problem. W e also sho w that the same question can b e solv ed in p olynomial time if w e assume that the sets of actions of the av ailable mac h ines are pairwise disjoin t, i.e., eac h request can b e handled by precisely one service. Not e th at in the latter case, the set of actions dep ends on th e num b er of pro cesses, wh ereas for the fir st r esult w e show that the case where the set of actions is fixed is already Exptime -hard. W e also show that the orc h estration (bisimulat ion) problem is Nlogsp ace complete, ind ep endently of w hether the sets of actions of the comp onen ts are disjoint or not 1 . This result, ho w ever, is less in teresting the con text of service comp osition. The b isim ulation requiremen t means that that the clien t (goal au tomaton) should b e prepared to admit all p ossible inte rlea vin gs in the comp osition, whic h u s ually makes the sp ecification to o complex. Similar k in ds of questions we re also considered b y the ve rification co mm unit y . T here is a large b o dy of literature on the complexit y of b isim ulation and sim u lation problems for differen t kinds of pro cess calc uli (for a survey see [12]). A result that is most clo sely related to ours is the Exptime completeness of simulatio n and b isim ulation b et w een non- flat systems [10]. T h e main difference to our setting is that there b oth a system and services are giv en as comp osition of fin ite state mac hines using (binary) synchr onization on actions, i.e., an action can sync hr on ize t wo services. In a sense this pap er sho ws that the lo w er b ound for the simulatio n holds ev en w ithout an y synchronizatio n. This p ap er is an extended v ersion of the conference p u blication [11]. In particular, the c h aracterizat ion of the complexit y of the bisimulation pr oblem is new. 1 This problem is easier than chec k ing bisimulatio n b etw een a BPP and a finite state automaton, which is P-complete. The reason is that the finite-state automaton is deterministic in our setting. A LOWER BOUND ON WEB SER VICES COM POSITION 3 2. Not a tions W e d en ote thr oughout this pap er tup les of states (i.e ., global state s of a pro du ct au- tomaton) by b old c haracters ~ q , ~ s, ~ t, . . . . Unless otherwise stated, the comp onen ts of ve ctor ~ t are t 1 , . . . , t n . An asynchr onous pro d uct of n d eterministic au tomata A i = h Q i , Σ i , q 0 i , δ i : Q i × Σ i → Q i i is a nond eterministic automaton: A 1 ⊗ · · · ⊗ A n = h Q, Σ , ~ q , δ : Q × Σ → P ( Q ) i where: Q = Q 1 × · · · × Q n ; Σ = S i =1 ,...,n Σ i ; ~ q = ( q 0 1 , . . . , q 0 n ); and δ is defined b y: ~ t ∈ δ ( ~ s , a ) iff for some i , t i = δ i ( s i , a ) and for all j 6 = i we ha v e t j = s j . Observe that the p ro duct automaton can b e non deterministic b ecause the alphab ets Σ i are not necessarily d isjoin t. W e d efine a simulation r elation on n ondeterministic automata in a standard w ay . T ak e tw o nond eterministic automata A = h Q A , Σ , q 0 A , δ A : Q A × Σ → P ( Q A ) i and B = h Q B , Σ , q 0 B , δ B : Q B × Σ → P ( Q B ) i ov er the same alphab et. The sim u lation r elation 4 ⊆ Q A × Q B is the biggest relat ion su c h that if q A 4 q B then for eve ry a ∈ Σ and eve ry q ′ A ∈ δ A ( q A , a ) there is q ′ B ∈ δ B ( q B , a ) such that q ′ A 4 q ′ B . W e write A 4 B if q 0 A 4 q 0 B . Problem: Given n deterministic automata A 1 , . . . , A n and a deterministic automaton B decide if B 4 A 1 ⊗ · · · ⊗ A n . W e will sh ow that this problem is Exptime -complete . It is clearly in Exp time as one can construct the p ro duct A 1 ⊗ · · · ⊗ A n explicitly and calculat e the biggest sim ulation relation with B . The rest of this pap er will con tain the pro of of Exptime -hardness. W e will start with the Psp ace - hardness, as th is w ill allo w us to intro d uce th e metho d and some notation. 3. A Psp ace lower bound W e will sho w Psp ace -hardness of the pr oblem by reducing it to the existence of a lo op- ing computation of a linearly sp ace b ounded d etermin istic T ur ing machine. The p resen ted pro of of the Psp ace b ound has the adv an tage to generalize to th e enco ding of alternating mac h ines that w e w ill present in the f ollo wing section. Fix a deterministic T uring mac hine M working in space b ounded b y the size of its input. W e w an t to decide if on a giv en inpu t the computation of the mac hine lo ops. Thus w e do not need an y accepting states in the machine and w e can assume that ther e are no tran s itions from rejecting states. W e denote by Q the states of M and b y Γ the tape alphab et of M . A c onfigur ation of M is a wo rd ov er Γ ∪ ( Q × Γ ) with exactly one occur rence of a letter from Q × Γ. A configuration is of size n if it is a w ord of length n . T ransitions of M will b e denoted as q a − → q ′ bd , where q , q ′ are the old/new state, a, b the old/new tap e sym b ol and d ∈ { l, r } the left/righ t head mo ve (w.l.o.g. we assume that M mo v es the head in eac h step). Supp ose that the input is a word w of size n . W e will construct automata A 1 , . . . , A n and B suc h that B 4 A 1 ⊗ · · · ⊗ A n iff the computation of M on w is in finite. 4 A. MUSCHOLL AND I. W ALUKIEWICZ W e start with some auxiliary alphab ets. F or ev ery i = 1 , . . . , n let Γ i = Γ × { i } and ∆ i = ( Q × Γ i ) ∪ ( Q × Γ i × { l , r } ) . W e will wr ite a i instead of ( a, i ) for elemen ts of Γ i . Let also ∆ = S i =1 ,...,n ∆ i . The automaton A i = h Q i , Σ i , q 0 i , − →i is defined as follo w s: • The set of states is Q i = Γ ∪ ( Q × Γ) ∪ {⊤} , and the alphab et of the automaton is Σ i = ∆. • W e hav e transitions: − a q a i − → q a , for all a ∈ Γ an d q ∈ Q , − q a q ′ b i d − → b , for q a → q ′ bd the transition of M on q a (there is at m ost one). − F rom a , transitions on lett ers in ∆ i \ { q a i : q ∈ Q } go to ⊤ . Similarly , from q a transitions on ∆ i \ { q b i d } go to ⊤ if there is a transition of M on q a ; if not, then q a has n o outgoing transitions. F rom ⊤ there are self-lo ops on all letters from ∆ . • F or i = 2 , . . . , n the initial state of A i is w i , th e i -th letter of w ; for A 1 the in itial s tate is q 0 w 1 , i.e., the initial state of M and the first letter of w . Figure 1 s ho ws a part of A i : ⊤ q a a b q a i ∆ i \ { q a i : q ∈ Q } ∆ i \ { q ′ b i d } q ′ b i d ∆ Figure 1: P art of A i The idea is classical: automaton A i con tr ols the i -th tap e sym b ol, whereas automaton B defin ed b elo w is in charge of the control part of M . The challe nge is to d o this without using any sync hronization b etw een adjacen t automata A i , A i +1 . Next, we in trod uce an automaton K th at w ill b e used to define B (see also Figure 2). The set of s tates of K is Q K = { s, e } ∪ ( Q × S Γ i × { l , r } ); the initial state is s and the fi nal one e ; the alphab et is ∆; the trans itions are defin ed by: • s q ′ b i r − → q ′ b i r for i = 1 , . . . , n − 1, wh enev er w e ha v e a transition q a → q ′ br in M for some state q and some letter a ; • s q ′ b i +1 l − → q ′ b i +1 l for i = 1 , . . . , n − 1, whenev er w e ha v e a trans ition q a → q bl in M for some state q and some letter a ; • q ′ b i r q ′ c i +1 − → e an d q ′ b i +1 l q ′ c i − → e for all c ∈ Γ. Figure 2 present s a sc hema of the automaton K . W e d efine B as the deterministic automaton recognizing ( L ( K )) ∗ , that is obtained by gluing together the states s and e . Remark 1. Al l A i and B ar e deterministic automata of size p olynomial in n . The input alphab ets of the A i ar e almost p airwise disjoint: the only states with c ommon lab e ls on outgoing tr ansitions ar e the ⊤ states. A LOWER BOUND ON WEB SER VICES COM POSITION 5 s e q ′ b i +1 l q ′ b i r q ′ b i +1 l q ′ b i r q ′ c i q ′ c i +1 Figure 2: Automaton K Definition 3.1. W e say that a configuration C of size n of M c orr esp onds to a global state ~ s of A 1 ⊗ · · · ⊗ A n iff s i = C ( i ) for i = 1 , . . . , n ; in other w ords, if the state of A i is the same as the i -th letter of C . Definition 3.2. W e say that a global state ~ s of A 1 ⊗ · · · ⊗ A n is pr op er when there is no ⊤ -state in ~ s . Lemma 3.3. If ~ s i s a pr op e r state, then for every letter a ∈ ∆ the automaton A 1 ⊗ · · · ⊗ A n has in state ~ s at most one outgoing a -tr ansition. Onc e the automaton enters a state that is not pr op er, it stays in non pr op er states. It is easy to see that fr om a non p rop er state, A 1 ⊗ · · · ⊗ A n can simulate any state of B . The reason is that fr om ⊤ , an y mo ve on letters from ∆ is p ossible. Lemma 3.4. Supp ose that A 1 ⊗ · · · ⊗ A n is in a state ~ s that c orr esp onds to a c onfigur ation C of M . • If C is a c onfigur ation with no suc c essor, then ther e is a wor d v ∈ L ( K ) that c annot b e simulate d by A 1 ⊗ · · · ⊗ A n fr om ~ s . • Otherwise, the suc c essor c onfigur ation C ⊢ C ′ exists, and ther e i s a uniq u e wor d v ∈ L ( K ) such that ~ s v − → ~ t and ~ t is pr op er. M or e over ~ t c orr esp onds to C ′ . A l l other wor ds fr om L ( K ) le ad fr om ~ s to non pr op er states of A 1 ⊗ · · · ⊗ A n . Pr o of. F or the first claim, assume that ~ s corresp onds to a configuration, thus there is exactly one i such that A i is in a state from Q × Γ. T he other automata are in states from Γ . If C is terminal then A i is in a state q a which has no outgoing transition. This means that this state can sim ulate no m ov e on letters q ′ b i r , for q ′ ∈ Q and b i ∈ Γ i (and suc h a mo v e exists in K , as the mac hine M must hav e a mo ve to the righ t if it is nontrivia l). All other automata are also n ot capable to sim ulate q ′ b i r as they can d o only mo v es on letters ∆ j for j 6 = i . No w s upp ose that C ⊢ C ′ . T o av oid sp ecial, but simple, cases su pp ose that the p osition i of the state is neither th e first nor the last. Let s i = q a and sup p ose also that q a → q ′ br is the mov e of M on q a . Th e case when the mo ve is to the left is s imilar. The only p ossible mov e of K from s whic h will p ut A 1 ⊗ · · · ⊗ A n in to a prop er state is q ′ b i r . T his mak es A i to c hange the state to b and it mak es K to c hange the state to q ′ b i r . F rom this latter state the only p ossible mov e of K is on letters q ′ c ′ i +1 for arbitrary c ′ ∈ Γ. Supp ose that A i +1 is in the state c = s i +1 ∈ Γ, then all m ov es of K on q ′ c ′ i +1 with c ′ 6 = c can b e matc hed with a mov e to ⊤ of A i +1 . On q ′ c i +1 the automaton A i +1 go es to q ′ c and automaton K go es to e . This wa y the state in the configuration is c hanged and transm itted to the right. W e ha ve that the new state of A 1 ⊗ · · · ⊗ A n corresp onds to the configuration C ′ . 6 A. MUSCHOLL AND I. W ALUKIEWICZ Lemma 3.5. We have B 4 A 1 ⊗ · · · ⊗ A n iff the c omputation of M on w is infinite. Pr o of. Recall that B is a deterministic automaton r ecognizing ( L ( K )) ∗ , and has initial state s . The initial state of A 1 ⊗ · · · ⊗ A n corresp onds to the in itial configur ation C 0 of M on w . W e sh ow n o w for ev ery s tate ~ t corresp onding to a confi gu r ation C of M : s 4 ~ t iff the computation of M starting in C is infin ite. F rom a configuration C , the mac h in e M h as only one computation: either in finite, or a finite one that is blo c king. Supp ose that the computation from C h as at least one step and let C 1 b e th e successor configuration. By Lemma 3.4 f r om state s there is exactly one w ord v 1 ∈ L ( K ) suc h that ~ t v 1 − → ~ t 1 in A 1 ⊗ · · · ⊗ A n , and ~ t 1 is pr op er. Moreo ve r ~ t 1 corresp onds to C 1 . On all other w ord s from L ( K ), the pro duct A 1 ⊗ · · · ⊗ A n reac h es n on prop er states and from there it can simulate an y futur e b eha viour of B . If C 1 has no s u ccessor configuration then, again b y Lemma 3.4, there is a w ord in L ( K ) that cannot b e sim ulated b y A 1 ⊗ · · · ⊗ A n from ~ t 1 . If C 1 has a su ccessor th en we rep eat the whole argumen t. Th us the b ehaviour of B from s can b e simulate d by A 1 ⊗ · · · ⊗ A n from the state corresp onding to C iff the mac h ine M has an infi nite computation starting from C . One can n ote that the constru ction presented in this section uses actions th at are common to several pro cesses in a quite limited w a y: the only states that h a ve common outgoing lab els are th e ⊤ states from which all b eh a viour s are p ossible. T h is observ ation motiv ates the question ab out the complexit y of the problem when the automata A 1 , . . . , A n ha v e pairwise disjoint alphab ets. With this restriction, th e sim ulation pr oblem can b e solv ed efficien tly: Theorem 3.6. The fol lowing que stion c an b e solve d in p olynomial time: Input: n deterministic automata A 1 , . . . , A n over p airwise disjoint i nput alpha b ets, and a deterministic automaton B . Output: de ci de if B 4 A 1 ⊗ · · · ⊗ A n . Pr o of. Let C i b e a automaton with a sin gle state ⊤ , and with self-lo ops on ev ery letter from the alphab et Σ i of A i . W e write A ( i ) for the async hron ou s p r o duct of all C j , j 6 = i , and of A i . S imilarly , ~ t ( i ) will d enote ~ t with all comp onent s but i replaced by ⊤ . Sup p ose no w that p is a state of B , and ~ t a s tate of A 1 ⊗ · · · ⊗ A n . W e w rite p 4 i ~ t if p is simula ted by ~ t ( i ) in A ( i ) . Notice that s ince B and A i are b oth deterministic, we can decide if p 6 4 i ~ t in logarithmic space (hence in p olynomial time), by guessing simultaneously a path in B and one in A i . W e sho w now that p 4 ~ t in A 1 ⊗ · · · ⊗ A n iff p 4 i ~ t f or all i . If p 4 ~ t , then all the more p 4 ~ t ( i ) , since C j can simulate A j for all j = 1 , . . . , n . Con v er s ely , assum e that p 4 i ~ t for all i , but p 6 4 ~ t . Th is means th at there exist computations p a 1 ...a k − → p ′ in B , ~ t a 1 ...a k − → ~ u in A 1 ⊗ · · · ⊗ A n and a letter a ∈ Σ i for some i , su c h that p ′ has an outgoing a -transition, but ~ u i do es not (in A i ). Clearly , we also ha v e a computation ~ t ( i ) a 1 ...a k − → ~ u ( i ) in A ( i ) . Since ~ u i has n o outgoing a -t ransition, so neither does ~ u ( i ) , whic h con tr adicts p 4 i ~ t . A LOWER BOUND ON WEB SER VICES COM POSITION 7 4. The complex ity of simula tion This time w e tak e an alternating T uring mac h in e M w orkin g in sp ace b ounded by th e size of the input. W e wan t to decide if M has an infi nite computation. This means that the machine can make c hoices of existentia l transitions in suc h a wa y that no matter what are the c hoices of u n iv ersal transitions the machine can alwa y s con tinue. Clearly , one can reduce the wo rd problem to this p r oblem, h en ce it is Exptime -hard (see [6 ]; for m ore details on complexit y see an y standard textb o ok). W e will assume that M has alw a ys a c h oice b et ween tw o trans itions, i.e., for eac h non blo c king s tate/sym b ol pair q a there will b e p recisely tw o distinct tuples q ′ b ′ d ′ , q ′′ b ′′ d ′′ suc h that q a → q ′ b ′ d ′ and q a → q ′′ b ′′ d ′′ . If q is existen tial then it is up to the mac hine to c h o ose a mo v e; if q is universal then the c hoice is m ade fr om outside. T o simplify the presen tation w e will assume that d ′ = d ′′ , i.e., b oth mov es go in the same direction. Ev ery m ac hin e can b e transformed to an equiv alen t one with this prop ert y . W e will also assume that th e transitions are ordered in some wa y , so we will b e able to sa y th at q a → q ′ b ′ d is the fir st transition and q a → q ′′ b ′′ d is the second one. T ak e the input wo rd is w of size n . W e will c onstruct automat a A ′ 1 , A ′′ 1 , . . . , A ′ n , A ′′ n and B such that B is s im ulated by A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n iff there is an infi nite alternating computation of M on w . The main idea is that automata A ′ i and A ′′ i con tr ol the i -th tap e sym b ol, as in the previous section, and eac h one is in c harge of o ne of the t w o p ossib le transitions (if any) wh en the inp ut h ead is at p osition i in an existen tial s tate (universal mo v es are simpler). W e will mo d ify a little the alphab ets that w e u se. Let ∆ ′ i =( Q × Γ i ) ∪ ( Q × Γ i × { l , r } × { 1 } ) ∆ ′′ i =( Q × Γ i ) ∪ ( Q × Γ i × { l , r } × { 2 } ) W e then p ut ∆ i = ∆ ′ i ∪ ∆ ′′ i , ∆ = S i ∆ i , ∆ ′ = S i ∆ ′ i and ∆ ′′ = S i ∆ ′′ i . The automaton A ′ i is d efined as follo ws: • The set of states is Q ′ i = {⊤} ∪ Γ ∪ ( Q × Γ ) ∪ ( Q × Γ × { l, r } ), th e alphab et of the automaton is Σ ′ i = ∆ ∪ { ζ } ; where ζ is a new letter common to all automata. • W e hav e the follo win g transitions: − a q a i − → q a for all a ∈ Γ and q ∈ Q , − q a q ′ b ′ i d 1 − → b ′ and q a q ′′ b ′′ i d 1 − → b ′′ if q is an univ ersal state and q a → q ′ b ′ d , q a → q ′′ b ′′ d are the t wo transitions from q a . W e ha ve also transitions to ⊤ on al l the letters from ∆ ′ i \ { q ′ b ′ i d 1 , q ′′ b ′′ i d 1 } . − q a ζ − → q ′ b ′ d q ′ b ′ i d 1 − → b ′ and q a q ′′ b ′′ i d 1 − → b ′′ if q is an existen tial state and q a → q ′ b ′ d , q a → q ′′ b ′′ d are th e first an d the second transitions f rom q a , resp ectiv ely . W e hav e also transitions to ⊤ on all the letters f rom ∆ ′ i \ { q ′′ b ′′ i d 1 } . F rom q ′ b ′ d all transitions on ∆ ′ i \ { q ′ b ′ i d 1 } go to ⊤ . − F rom a , transitions on le tters in ∆ ′ i \ { q a i : q ∈ Q } go to ⊤ . I f q a is terminal then there are no outgoi ng transitions from q a . F rom ⊤ there are self-lo ops on all letters from ∆ c := ∆ ∪ { ζ } . • The initial state of A ′ i is w i , the i -th letter of w except for A 1 whose initial state is q 0 w 1 , the initial state of M and the first letter of w . Figure 3 b elo w pr esen ts parts of A ′ i corresp ondin g to unive rsal and existent ial states. 8 A. MUSCHOLL AND I. W ALUKIEWICZ ⊤ q a a b ′ b ′′ q a i ∆ ′ i \ { q a i : q ∈ Q } ∆ ′ i \ { q ′ b ′ i d 1 , q ′′ b ′′ i d 1 } q ′ b ′ i d 1 q ′′ b ′′ i d 1 ∆ c ⊤ q a q ′ b ′ d a b ′ b ′′ ⊤ q a i ∆ ′ i \ { q a i : q ∈ Q } ∆ ′ i \ { q ′′ b ′′ i d 1 } ζ q ′ b ′ i d 1 q ′′ b ′′ i d 1 ∆ c ∆ ′ i \ { q ′ b ′ i d 1 } Figure 3: P arts of the automaton A ′ i corresp ondin g to universal and existent ial states q , resp ectiv ely . The alphab et ∆ c is ∆ ∪ { ζ } . The automaton A ′′ i is the s ame as A ′ i with the difference that we replace every label q ′′ b ′′ d 1 b y q ′ b ′ d 2, ev ery q ′ b ′ d 1 b y q ′′ b ′′ d 2 (notice the c hange of prim es and d ouble primes), ev er y ∆ ′ i b y ∆ ′′ i and ∆ ′ b y ∆ ′′ . Moreo v er, state lab els b ′ and b ′′ are exc h anged, and state q ′ b ′ d is relab eled q ′′ b ′′ d . Next, w e define a new automaton K that will b e u sed to defin e new automaton B . The states of K are Q K = { s, e, choic e } ∪ ( Q × [ i Γ i × { l , r } ) plus some auxiliary states to implemen t tr an s itions on t w o letters at a time. W e will write transitions with t wo letters on th em f or r eadability . The initial state is s and the fin al one is e . Th e alphab et is Σ K = S Σ i . The transitions are defi n ed by (cf. Figure 4): • s ζ − → choic e ; • s ( q ′ b i r 1)( q ′ b i r 2) − → q ′ b i r whenev er we ha v e a transition q a → q ′ br in M for some univ ersal state q and some letter a , and similarly from choic e instead of s when q is existen tial; • s ( q ′ b i +1 l 1)( q ′ b i +1 l 2) − → q ′ b i +1 l whenever we hav e a transition q a → q ′ bl in M for some un iv ersal state q and some letter a , and similarly from choic e instead of s when q is existen tial; • q ′ b i r ( q ′ c i +1 ) 2 − → e and q ′ b i +1 l ( q ′ c i ) 2 − → e for all c ∈ Γ. W e defin e B as the deterministic automaton recognizing ( L ( K )) ∗ that is obtained b y gluing together states s and e . Remark 2. A l l A ′ i , A ′′ i and B ar e deterministic and of size p olynomial in n . Definition 4.1. A configuration C of size n c orr esp onds to a global state ~ s of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n if s 2 i = s 2 i − 1 = C ( i ) for i = 1 , . . . , n ; in other w ord s, if the states of A ′ i and A ′′ i are the same as the i -th letter of C . A LOWER BOUND ON WEB SER VICES COM POSITION 9 q ′ b i +1 l q ′ b i r s choic e e ( q ′ b i +1 l 1)( q ′ b i +1 l 2) ( q ′ b i r 1)( q ′ b i r 2) ( q ′ b i +1 l 1)( q ′ b i +1 l 2) ( q ′ b i r 1)( q ′ b i r 2) ζ ( q ′ c i )( q ′ c i ) ( q ′ c i +1 )( q ′ c i +1 ) Figure 4: Automaton K Definition 4.2. W e say that a global state ~ s of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n is pr op er when ⊤ do es not app ear in ~ s . It is easy to see that from a non prop er state, A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n can sim ulate any state of B . The r eason is that from ⊤ , an y m ov e on letters from ∆ c is p ossible. Lemma 4.3. Supp ose that A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n is in a state ~ s c orr esp onding to a c on- figur ation C of M . If C has no suc c essor c onfigur ation then ther e is a wor d v ∈ L ( K ) that c annot b e simulate d by A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n fr om ~ s . O therwise, C has two suc c essor c onfigur ations C ⊢ C ′ and C ⊢ C ′′ . We have two c ases: • If C i s univ e rsal then ther e ar e two wor ds v ′ and v ′′ in L ( K ) : e ach le ading fr om ~ s to a unique state ~ t ′ and ~ t ′′ , r esp e ctively. These two states ar e pr op er and c orr esp ond to C ′ and C ′′ , r esp e ctively. On al l other wor ds fr om L ( K ) , non pr op er states c an b e r e ache d fr om ~ s . • If C is existential, then on the letter ζ exactly two states ar e r e achable fr om ~ s , c al l them ~ s ′ and ~ s ′′ . Ther e is a wor d v ′ such that ζ v ′ ∈ L ( K ) and on v ′ fr om ~ s ′ a unique state is r e achable. This state is pr op er and c orr esp onds to C ′ . Similarly ther e is a wor d v ′′ for ~ s ′′ and C ′′ . On al l wor ds fr om L ( K ) tha t ar e differ ent fr om ζ v ′ and ζ v ′′ , non pr op er states c an b e r e ache d fr om ~ s . Pr o of. As ~ s corresp onds to the configuration C , there is some i su c h that b oth automata A ′ i and A ′′ i are in state q a , for some q ∈ Q and a ∈ Γ, and all other automata are in states from Γ. If C is a configuration without successor, then the state q a in A ′ i and A ′′ i do es not ha v e an y outgoing transition. Thus these automata cannot sim ulate the ζ transition of K f r om s . No other automat on A ′ j , or A ′′ j can sim u late the ζ transition either, as they are all in states from Γ. Supp ose that C is an universal configuration with t w o p ossible transitions to the right , q a → q ′ b ′ r and qa → q ′′ b ′′ r . Th e case when the mo ves are to the left is similar. In A ′ i from the state q a we ha v e a transition on q ′ b ′ i r 1 leading to b ′ and on q ′′ b ′′ i r 1 leading to b ′′ . Similarly for A ′′ i , but on q ′ b ′ i r 2 and q ′′ b ′′ i r 2. These tr an s itions can sim ulate b oth transitions ( q ′ b ′ i r 1)( q ′ b ′ i r 2) and ( q ′′ b ′′ i r 1)( q ′′ b ′′ i r 2) that are p ossible from s in K . (All other transitions from s in K lea d from ~ s to a n on pr op er state of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n .) Let us fo cus only 10 A. MUSCHOLL AND I. W ALUKIEWICZ on the fir s t case, when ( q ′ b ′ i r 1)( q ′ b ′ i r 2) is executed in K and the state q ′ b ′ i r is reac hed. F r om this state only transitions ( q ′ c ′ i +1 ) 2 are p ossible, for all c ′ ∈ Γ. S upp ose that A ′ i +1 and A ′′ i +1 are in state c ∈ Γ. T ransition ( q ′ c i +1 ) 2 of K is sim ulated by mo ves to q ′ c in b oth A ′ i +1 and A ′′ i +1 . This w a y the n ew state is transferr ed to the right. T ransitions ( q ′ c ′ i +1 ) 2 where c 6 = c ′ are sim ulated in A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n b y mov es of A ′ i +1 and A ′′ i +1 to ⊤ . Supp ose that C is an existen tial configuration, w ith p ossible transitions q a → q ′ b ′ r and q a → q ′′ b ′′ r . Th e case when m o ves are to the left is similar. Consider first the trans ition of K from s th at corresp ond s to the letter ζ . Both A ′ i and A ′′ i can simulate th is transition: the firs t go es to state q ′ b ′ r , and the second go es to q ′′ b ′′ r . Assume that it is the transition of A ′ i that is tak en; the other case is sym metric. W e get to the p osition w hen K is in the state choic e , A ′ i is in the state q ′ b ′ r and A ′′ i in the state q a . F rom choic e , automato n K can do ( q ′ b ′ i r 1)( q ′ b ′ i r 2) that can b e sim ulated by the transitions of A ′ i and A ′′ i (ev ery other transition of K can b e sim u lated b y a mo v e of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n to a n on p rop er state). Both automata reac h the state b ′ . Automaton K is no w in state q ′ b i r from wh ere it can do ( q ′ c i +1 ) 2 for any c ∈ Γ. The result of simulating these transitions while reac hing a prop er state is the transfer of the state to the r igh t, in the same wa y as in the case of the unive rsal mo v e. Finally , it remains to s ee what happ ens if K mak es a mo v e from s that is different from ζ . In th is case, at least one of the automata A ′ i , A ′′ i can sim ulate the corresp onding transition on ( pe i d 1), ( pe i d 2) resp ectiv ely , by going to state ⊤ , since w e su pp ose that in any configuration of M , the t wo outgo ing transitions are distinct. Hence , a n on pr op er state can b e reac hed. Theorem 4.4. The fol lowing pr oblem is Exptime -c omplete: Input: deterministic automata A 1 , . . . , A n and a deterministic automaton B . Output: de ci de if B 4 A 1 ⊗ · · · ⊗ A n . Pr o of. The p roblem is clearly in Exptime as the state sp ace of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n can b e constructed in Exptime . F or Exptime hardness, w e ta k e an alternating machine M as at the b eginning of this section and u se the constru ction presente d ab o v e together with Lemma 4.3. Reca ll, that B is a d eterministic automaton ob tained from the automaton K b y gluing states s and e (cf. Figure 4). W e also hav e that the initial state of A ′ 1 ⊗A ′′ 1 · · ·⊗ A ′ n ⊗A ′′ n corresp onds to th e initial configuration of M (in a wa y required by Definition 4.1). W e will sho w that for eve ry state ~ t corresp onding to a co nfiguration C of M : s 4 ~ t iff M has an infinite alternating computation f r om C . Consider a game of t w o play ers: C omputer and Envi ronment . Positio ns of the game are configurations of M . In existen tial configurations Computer chooses a successor configura- tion (with resp ect to the transition table of M ). In u n iv ersal confi gurations Environmen t mak es a c h oice. Ha ving an infinite alternating computation from C is equiv alent to saying that in this game Compu ter has a strategy to a v oid b eing blo c k ed. At the same time, not ha ving such a computatio n from C is equiv alent to sa ying Environmen t has a strateg y to reac h a configuration w ith n o su ccessors. As this is a r eac habilit y game, for eac h such C there is a b ound d C (distance) on the n um b er of ste ps in whic h En vironmen t ca n force Computer into a blo cking configuration. Th is distance is 0 if C is b lo cking; it is one p lus the maxim um ov er d istances for tw o successor configur ations if C is existe n tial, and it is one plus the minim um o ver the distances of successor configurations if C is u niv ersal. (Here w e assu me that the distance is ∞ if E n vironmen t cannot win from C .). Going bac k to the pro of of the theorem, consider first the case when M do es not ha v e an infin ite alternating computation f r om C . Let ~ t b e the state of A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n A LOWER BOUND ON WEB SER VICES COM POSITION 11 corresp ondin g to C . W e sho w that s 6 4 ~ t by induction on the distance d C . Th ere are three p ossible cases: • If d c = 0 th en is no transition p ossible from C . In this case Lemma 4.3 giv es u s an execution of B f r om s that cannot b e sim ulated by A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n from ~ t . • If C is u niv ersal, there is a successor C 1 suc h that d C > d C 1 . W e tak e the word v ∈ L ( K ) giv en by L emma 4.3. The only wa y to simulat e this w ord from ~ t leads to the prop er state ~ t 1 corresp ondin g to C 1 . By induction h yp othesis s 6 4 ~ t 1 . • If C is existent ial, then for b oth successor configurations, C ′ and C ′′ , the distance is smaller. W e make B execute ζ and then, dep end in g how it w as matc hed by A ′ 1 ⊗ A ′′ 1 · · · ⊗ A ′ n ⊗ A ′′ n , a w ord forcing the automaton to go to a prop er state corresp ondin g either to C ′ or to C ′′ . Usin g the induction hypothesis w e get that the sim ulation is n ot p ossible from s and the obtained states. The case when M has an in finite alt ernating computation from C is v ery similar. In this case d C = ∞ . The means that if C is an existen tial computation then one of the successor configurations h as d istance equal to ∞ . By Lemma 4.3 we can matc h ζ so that w e go to the state corresp onding to that configuration. If C is un iversal then b oth successor configurations hav e distance equal to ∞ . Once again Lemma 4. 3, tells us how to matc h ev er y w ord fr om L ( K ). W e conclud e the section by sh o w ing that Theorem 4.4 still holds und er the assump tion that the alphab et of the automata A i and B is of constant size. Theorem 4.5. L et Σ b e a fixe d alphab et of at le ast 2 letters. The fol lowing pr oblem is Exptime -c omplete: Input: deterministic a utomata A 1 , . . . , A n and a d eterministic auto maton B over the input alphab et Σ . Output: de ci de if B 4 A 1 ⊗ · · · ⊗ A n . Pr o of. W e r educe d irectly f rom T heorem 4.4. Sup p ose that the input alphab et of all au- tomata A i , B is Σ × { 1 , . . . , m } , for some m . Moreo v er, let S be the set of states of B and let Q = Q 1 × · · · × Q n b e the set of global states of A 1 ⊗ · · · ⊗ A n . In eac h automaton A i , B we r eplace every trans ition s a l − → t by a sequence of transitions with lab els from Σ ∪ { # , $ } as follo ws: s a − → ( stl 0) # − → ( stl 1) # − → ( stl 2) · · · # − → ( stl l ) $ − → t The ( l + 1) states ( stl 0) , . . . , ( stl l ) are new. Let A ′ i , B ′ b e the automata obtained fr om A i , B , with state s pace Q ′ and S ′ , resp ectiv ely . T ak e 4 , the largest sim ulation relation from B to A 1 ⊗ · · · ⊗ A n . W e sho w ho w to extend 4 to 4 ′ suc h that 4 ′ is a sim ulation r elation fr om B ′ to A ′ 1 ⊗ · · · ⊗ A ′ n (not necessarily the largest on e). Let 4 ′ b e the union of 4 w ith the set of all pairs (( stl k ) , ~ u ′ ), where s , t ∈ S , ~ u ′ = ( u ′ 1 , . . . , u ′ n ) ∈ Q ′ , and such that: • s a l − → t and ~ v a l − → ~ w for some a ∈ Σ, ~ v = ( v 1 , . . . , v n ) and ~ w = ( w 1 , . . . , w n ) suc h that s 4 ~ v , t 4 ~ w , • there is some i with u ′ i = ( v i w i lk ), and u ′ j = v j = w j for j 6 = i . It is immediate to c hec k that 4 ′ is a sim ulation r elation. First, (old) states fr om S can only b e sim ulated by (old) states f r om Q . Second, a n ew s tate ( stl j ) of B can b e sim ulated only b y states ~ u ′ ∈ Q ′ \ Q . It can b e shown easily that the largest simulatio n relation fr om B ′ to A ′ 1 ⊗ · · · ⊗ A ′ n coincides with 4 ′ (hence with 4 ) on the set S × Q of pairs of old states. 12 A. MUSCHOLL AND I. W ALUKIEWICZ 5. The complex ity of bisimula tion Till no w w e w anted to decide if an async hronous p ro duct of deterministic automata A 1 ⊗ · · · ⊗ A n can simulat e a deterministic automaton B . An eviden t question is to consider what happ ens if w e consider bisim ulation instead of sim u lation. T o b e bisimilar to an async hronous pro du ct, B must satisfy some structural constraints. In this section we p ro v e the follo wing theorem, wh ic h sho ws that ind eed, the bisimula tion problem is easier. Theorem 5.1. The fol lowing que stion c an b e solve d in lo garithmic sp ac e: Input: n deterministic automata A 1 , . . . , A n and a deterministic automaton B . Output: de ci de if B and A 1 ⊗ · · · ⊗ A n ar e bisimilar. The pro of of the theorem will o ccup y the rest of the section. W e fix B and A 1 , . . . , A n . Without loss of generalit y we assum e that B is minimal with resp ect to bisim ulation: no t wo differen t states of B are bisimilar (if B is not minimal we can m in imize it on-the-fly in logarithmic sp ace). T his assumption also has a v ery p leasant consequ ence. If t w o states s 1 and s 2 of B are bisimilar to the same global state of A , then s 1 = s 2 . As w e aim to obtain a log arithmic space algorithm we cannot even allo w ou r selv es to explore the state space of A 1 ⊗ · · · ⊗ A n at random, as we cannot store the tuples of states. This is why the follo win g definition is crucial for the construction. Definition 5.2. A sequence of transitions of A 1 ⊗ · · · ⊗ A n is b anal if it can b e decomp osed in to a, p ossibly empty , sequence of transitions of A 1 , follo w ed by one of A 2 , and so on, up to A n . Observe that thanks to the lac k of synchronizatio n ev ery state of A 1 ⊗ · · · ⊗ A n is reac h ab le by a ru n that is a banal sequence. Another pleasan t prop erty is that banal sequences can b e explored in logarithmic sp ace: w e n eed only to remem b er the current state of the unique pro cess that is activ e. W e call c onfigur ation a pair ( s, ~ t ) consisting of a state s of B an d a global state ~ t of A . F or conv enience, w e sa y that a configur ation ( s, ~ t ) is reac hable b y some sequence ρ of transitions of A if ρ leads to ~ t from the initial state of A , and if s is reac hed in B fr om the initial state b y the sequence of actio ns asso ciated with ρ (this is w ell-defined since B is deterministic). Note al so th at we can explore an y configuration ( s, ~ t ) that is r eac hable b y some b anal sequence in logarithmic space. Let u s call suc h p airs b anal ly-r e acha ble c onfigur ations . The fir st necessary condition for B b eing bisimilar to A 1 ⊗ · · · ⊗ A n is that for ev ery banally-reac hable confi guration ( s, ~ t ) the s ame actions are p ossible from s and ~ t . This can b e c h ec ked in logarithmic s pace as it is easy to verify its n egation within this b oun d. The s econd necessary condition is that every reac hable configuration is banally-reac hable. Indeed, if ( s, ~ t ) is reac hable by a sequence that is n ot banal then the b anal sequence ρ ob- tained b y ordering th e transitions pro cess-wise also reac hes ~ t . If a bisimulati on exists then w e are guaran teed that ρ reac hes s in B . This is b ecause the state reac h ed by ρ m ust b e bisimilar to s , and B is minimal with resp ect to bisim ulation. T o sho w that one can c h ec k in logarithmic sp ace that every reac hable confi guration is banally-reac hable, we consider the negation of this prop erty . W e can then use the fact that Logsp ace is closed u nder complement. W e wa n t to find a reac hable confi guration that is not banally-reac hable. If one exists th en w e can lo ok at one that is reac hable in a shortest A LOWER BOUND ON WEB SER VICES COM POSITION 13 n um b er of steps. This means that there must exist a banally-reac hable configuration ( s 1 , ~ t 1 ), an action b and a pro cess i su c h that ( s 2 , ~ t 2 ) is not banally-reac hable, where δ B ( s 1 , b ) = s 2 and ~ t 2 is obtained from ~ t 1 b y taking trans ition b of pro cess i . This can b e c hec ked as follo ws . One pr o duces on-the-fly a banal sequence, when the part of pro cess i is finished an extra transition with letter b is tak en. This wa y we hav e tw o states, one b efore taking b and one after. W e then con tin ue constructing banal sequences from the tw o states with transitions of p r o cesses i + 1 u p to n . This wa y w e ha v e obtained tw o sequences whic h differ b y th e action b of pr o cess i , and w e chec k th at th e t w o states reac h ed b y B are different. T ogether, the t wo cond itions abov e are also su fficien t for A 1 ⊗ · · · ⊗ A n and B b eing bisimilar, hence th e r esult. 6. Concl usion W e hav e sho wn an Exptime lo w er b ound for the comp osition of services that are describ ed as a fully async hronous pr o duct of finite state mac h ines. Th us, we an s w er the question left op en in [2 ]. Since our lo w er b ound holds for the simplest parallel comp osition op eration one can think of (no synchronizatio n at all), it also applies to r ic h er mo dels, suc h as pro ducts with sync h ronization on actions as in [10] or communicat ing finite-state mac h ines (CFSM) as in [9, 8]. It is easy to see that the simulat ion of a finite-state mac hine b y a CFSM A with b ounded messag e queues is in Exptime , s in ce the state space of A is exp onen tial in this case. Hence, this problem, as w ell as any of its v ariants with s ome restricted form of comm unication, is Exptime -complete as w ell. An interesting op en question is wh at happ ens if w e allo w in the asynchronous pro du ct arbitrary many copies of eac h finite state mac hine. That is, w e su pp ose that an a v ailable service can b e u sed by an arbitrary num b er of p eers. This question redu ces to a b ound ed v arian t of th e sim ulation of a fin ite state mac hine b y a BPP , and its decidabilit y status is op en. A cknow le dgement: W e thank th e anon ymous referees for int eresting commen ts and suggestions for imp r o vemen t. Referen ces [1] G. Alonso, F. Casati, H. K uno, and V. Machira ju. Web Servic es. Conc epts, Ar chite ctur es and Applic a- tions . Springer, 2004. [2] D. Berardi, D. Calv anese, G. De Giacomo, M. Lenzerini, and M. Mecella. Au tomatic comp osition of e- services that exp ort their b ehavior. I n Pr o c. of the 1st Int. Conf. on Servic e O riente d Computing (ICSO C 2003) , LNCS 2910, pp. 43–58, 2003. [3] D. Berardi, D. Calv anese, G. D. Giacomo, R. Hull, and M. Mecella. Automatic composition of web services in Colom bo. In SEBD 2005 , pages 8–15, 2005. [4] D. Berardi, D. Calv anese, G. D. Giacomo, R. Hull, and M. Mecella. Automatic composition of web services with messaging. In VLDB 2005 , pages 613–624, 2005. [5] D. Brand and P . Zafiropulo. On comm unicating finite-state mac hines. J. A CM 30(2):32 3–342, 1983. [6] A. K. Chand ra, D. Kozen and L. J. Sto ckmey er. Alternation. J. ACM 28(1):114–133, 1981. [7] A. Deutsch, L. Sui, V. Vianu, and D. Zhou. V erification of comm unicating data-driven w eb services. In Symp osium on Principles of Datab ase Systems (PODS) , pp . 90-99, 2006. [8] X. F u, T. Bultan, an d J. S u. Con versa tion protocols: a formalism for sp ecification and verification of reactiv e electronic services. In The or. Comput. Sci. 328(1-2):19–3 7, 2004. [9] R. Hull, M. Benedik t , V. Christophides, J. Su . E-services: a look b eh ind the curtain. I n Symp osium on Principles of Datab ase Systems (PODS) , pp. 1-14, 2003. 14 A. MUSCHOLL AND I. W ALUKIEWICZ [10] F. Laroussinie and Ph. S chnoeb elen. The state explosion problem from trace to bisim ulation equiva lence. In F oSSaCS 2000 , LNCS 1784, pp. 192–207, 2000. [11] A . Muscholl and I. W aluk iewicz. A low er b ound on W eb services composition. In Pr o c. of F oSSaCS’ 07 , LNCS 4423, pp. 274-286, 2007. [12] J. Srba. R oadmap of infinite results. Bul letin of the EA TCS 78, pages 163-175, 2002. S ee also http://www .brics.dk / ∼ srba/roadmap . This work is license d un der the Crea tive Commons Attr ibution-NoDe rivs License. T o view a copy of this license, visit http: //cr eativ ecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons , 559 Nathan Abbott Wa y , Stanford, California 94305, USA.