Monotony in Service Orchestrations

apport   de recherche ISSN 0249-6399 ISRN INRIA/RR--6528--FR+ENG Thème COM INSTITUT N A TION AL DE RECHERCHE EN INFORMA TIQUE ET EN A UTOMA TIQUE Monotony in Service Orc hestrations Anne Bouillard — Sidney Rosario — Albert Ben veniste — Stefa n Haar N° 6528 May 2008 Centre de recherche INRIA Rennes – Bretagne Atlantique IRISA, Campus universitaire de Beaulieu, 3504 2 Rennes Cedex Téléphone : +33 2 99 84 71 00 — Téléco pie : +33 2 99 84 71 71 Monoton y i n Service Orc hestrations ∗ Anne Bouillard, Sidney Ro sario, Alb ert Ben v eniste , Stefan Haar † Th` eme COM — Syst` emes communican ts ´ Equip es-Pr o jets Distrib com Rapp ort de r echerc he n ° 6528 — May 200 8 — 20 pages Abstract: W eb Ser vice orchestrations ar e co mp os itions o f differ e nt W eb Ser- vices to form a new servic e. The s ervices ca lle d during the or chestration g uar- antee a given p erfor mance to the orchestrater, usually in the fo r m of contracts. These contracts c a n b e us ed by the o rchestrater to deduce the contract it can offer to its own clients, by p erfo r ming con tract comp osition. An implicit as- sumption in co nt ra c t based Qo S manag ement is: ” the b etter the co mpo nent services p er form, the better the o r chestration’s per fo rmance will b e”. Thu s, contract based QoS mana gement for W eb services orchestrations implicitly as - sumes monotony . In some orchestrations, how ever, monotony can be violated, i.e., the p er- formance of the orchestration improves when the per formance of a comp onent service degrades. This is highly undesirable since it c a n render the pr o cess of contract comp osition incons istent. In this paper w e define monotony for or chestrations mo delled by Colored Occurrence Nets (CO-nets) and w e c harac ter ize the classes of monotonic orches- trations. W e s how that few orchestrations a re indeed monotonic, mostly since latency can b e traded for quality of data. W e a lso pr op ose a sound refinement of monoto ny , called c onditional monotony , which for bids this kind of cheating and show that conditional monotony is widely satisfied by orchestrations. This finding leads to r econsidering the way SLAs should b e for mulated. Key-w ords: web ser vice, orchestrations, contracts, monotony ∗ This work was partiall y funded by the ANR national r esearc h program DOTS (ANR-06- SETI-003), Do cFlow (ANR-06-M DCA-005) and the pro ject CR EA TE ActivDoc. † S.Rosario and A. Benv eniste are with Irisa/Inria, Campus de Beaulieu, Rennes. A. Bouillard is with Irisa/ENS Cachan Campus de Ker Lann and S.Haar is with Alcatel-Lucen t Bell Labs, Kanata, ON,Canada. Monotonie dans les orc hestrations de w eb services R´ esum´ e : Les orchestrations de se r vices web sont des comp o s itions de ser- vices ´ el´ ementaires. Ces services, fourniss e nt un ’contrat’ ` a l’orchestrateur, ce qui garantit une certaine perfo r mance de leur s e r vice. Ces contrats so nt uti- lis´ es pa r l’or chestrateur p our pr op oser un contrat ` a un client p our s o n pro pre service. Cela se fait pa r la ’comp ostion de contrats’. Du p oint v ue de la p erfor- mance, la comp os ition de contrats supp os e implicitement que ”L’a m´ elioration de la p erfor mance d’un ser vice v a re ndre l’orchestration plus p er formante”. La comp osition de contrats supp ose a insi que les orchestrations sont ” monotones” . Dans quelques o rchestrations, cep endant, la mo notonie p eut ne pas ˆ etr e resp ect´ ee. Lorsque la p e r formance d’un service s’am ´ eliore, la p erfor mance de l’orchestration se d ´ egra de. Ceci est tr` es gˆ enant car cela rend le pro cessus de comp osition de con trats inv alide. Dans ce rapp ort, nous d´ efinissons la mono- tonie p our les orchestrations mod´ elis´ ees par des r ´ eseaux d’o ccurrence color´ es (CO-nets) et nous caract´ erisons la class e des or chestrations monotones. Nous d´ emontrons que tr` es pe u d’o rchestrations s ont mo no tone en pratique , ce qui es t largement d ˆ u ` a la p oss ibilit ´ e d’a m´ elio rer la la tence en d ´ egra da nt la qualit´ e de la r´ ep onse donn´ e. Nous prop os ons ensuite un ra ffinemen t de la mono tonie, la ”monotonie co nditionnelle”, qui interdit ce type de ’triche’. Nous montrons que la monotonie co nditio nnelle est tr` es g´ en´ era le ment satisfaite par les or chestra- tions. Cette ´ etude nous m ` ene ` a reconsid´ er er la formulation des contrats dans le cadre des or chestrations de serv ices web. Mots-cl´ es : web service, orchestrations, co nt ra ts , mo notonie Monotony in Servic e Or chestr ations 3 Con ten ts 1 In tro duction 3 2 Non-monotoni c patterns i n CO -nets 5 3 The O rc hestration M o del : Orc hNets 7 3.1 Petri nets, Occur rence nets . . . . . . . . . . . . . . . . . . . . . 7 3.2 Our Mo del: OrchNets . . . . . . . . . . . . . . . . . . . . . . . . 9 4 Characterizing mon o ton y 12 4.1 Defining monotony . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.2 A g lobal necessa ry a nd sufficient condition . . . . . . . . . . . . . 13 4.3 A s tr uctural condition for the monotony of w orkflow nets . . . . 14 4.4 Discussion rega rding monoto ny . . . . . . . . . . . . . . . . . . . 17 5 Refined Q oS and Conditio nal mono ton y 18 6 Conclusion 19 1 Int ro duction W eb Services and their co mpo sitions ar e b eing widely used to build distributed applications ov er the in ternet. W eb Service orchestrations are compo sitions of W eb Services to for m an ag grega te, and usually more co mplex, W eb Service (WS). The se r vices inv olved in a WS o rchestration may have widely different behaviour (bo th functional and non-functional) and may be separ ated g eogra ph- ically by larg e distances. A WS orchestration is itself a W eb Service, a nd it can b e further compo s ed with other W e b Services to build incr easingly sophisticated servic e s. The func- tioning of such serv ice co mpo sitions can th us b e quite co mplex in nature. There is a need to formally des crib e these systems in o rder to be able to build and reason ab out them. Different forma lisms ha ve b een prop osed for this purpo se, the mos t po pular amongst these is the Business Pro cess Ex ecution Lang ua ge (BPEL) [2] a standa rd prop osed by Microsoft and IBM. Another formalism is Or c [7] a sma ll a nd elegant formalism equipp ed with extensive semantics work [5 , 10]. V arious mo dels exis t, that hav e b een either used to mo del directly orchestrations or choreographies, o r as a semantic do main for some formalis ms . Noticeably P etri Nets base d mo dels , e.g., W orkFlow Nets [1, 11] and pro cess algebra based mo dels. The main fo c us of the existing mo dels is to capture the functional asp ects of such co mpo sitions. How ever, non-functional — also ca lled Quality of Ser vice (QoS) — aspects inv olved in services and their comp ositions need also to be considered. The QoS of a ser vice is characterised by different metrics, for e.g., latency , av ailability , thro ughput, security , etc. Standard WSLA [4] specifies how Qo S ca n b e specified using Se r vice Level Sp ecifica tions and Agreements. Examples of SLA parameter s a r e found in this document that illustrate the current practice. In particular , “co nditio na l SLA o bligations” c o nsist in sp eci- fying what a s e r vice must guara ntee given that the environment satisfies certain assumptions. RR n ° 6528 4 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar QoS manag ement is typically based on the notion of c ontr act . Co nt ra c ts are agr eements ma de betw een the or chestrater and the different actors (the called s ervices) inv olved in the orchestration. Co ntracts formalise the duties and resp onsibilities each s ub co nt ra c tor must sa tisfy . F o r e.g., a service which is called in a n o rchestration can ha ve a contract of the type : for 95% of the r e quests the r esp onse time wil l b e less than 5ms . All these co ntracts with the services inv olved in the orchestration could then b e compo sed by the orchestrater to help it prop ose its own contract with users of the or chestration. This pro ces s is called c ontr act c omp osition. In [9] we intro duced the no tion of pr ob abilistic c ontr acts to formalise the Qo S behaviour of service s — the work of [9] fo cused on latency . W e show ed how these contracts can b e comp osed to get the e nd- to-end orchestration’s cont rac t. W e also showed that realistic overb o oking of reso urces by the orchestrater is p ossible using this appr oach. Contract based Q oS management re lie s on the implicit assumption that, if each sub-co nt rac to r meets its contract ob jectives, then so do es the or chestrater. Vice-versa, a s ub- contractor brea ching its con tract can cause the orchestrater to fail meeting its overall contract ob jectives. Thus the whole philosophy b e- hind co nt rac ts is that the b etter sub-contractors b ehave, the better the ov erall orchestration will meet its own contract. In fact, the a uthors themselves hav e developed their past work [9] based o n this credo . . . until they discovered that this implicit assumption could easily b e falsified. Why so ? S T N M Figure 1: A no n-monotonic orchestration As an illustration example, consider the or chestration in Figure 1. Services M and N are first ca lle d in par allel. If M res p o nds first, service S is next called and the re sp onse of N is ignored. If N r esp onds first, T is called a nd not S . Let δ i denote the re s p o nse time o f site i . Assume the following delay b ehaviour : δ M < δ N and δ S ≫ δ T . Since M r esp onds faster , the end-to-end orchestration delay d 0 = δ M + δ S . Now let se rvice M b ehav es slig ht ly ’badly’, i.e delay δ M increases and b eco mes slightly greater than δ N . Now s ervice T is called a nd the new orchestration delay is d 1 = δ N + δ T . But since δ S ≫ δ T , d 1 is in fact lesser than d 0 . This o rchestration is non- mo notonic since increasing the latency of o ne of its comp onents can decreas e the end-to-end la tency o f the or chestration. So, what is the na ture of the difficult y? INRIA Monotony in Servic e Or chestr ations 5 “Simple” c omp osed W eb s ervices are such that QoS asp ects do no t interfere with functional as p ects and do no t int erfere with each other. T heir flow of co n- trol is typically rigid and do e s not inv olve if-then-else br anches. F or such c ases, latencies will compo se gen tly and w ill not cause pathologies as shown ab ov e. How ev er, as evidenced b y the rich constructions offered b y BPEL, orchestra- tions and choreographies can ha ve br a nching based on data and Q oS v alues, v ar io us kinds o f exceptions, and timers. With such flex ibility , non-monotony such as that ex hibited by the exa mple of Figure 1 can very easily occur . L ack of monotony, in t u rn, imp airs using c ontr acts for t he c omp ositional management of Q oS. Surprising ly eno ugh, this fact do es not seem to hav e b een noticed in the liter ature. In this pap er we give a cla ssification for or chestrations bas ed on their mono- tonic characteristics. O ur study fo cuses on latency , altho ugh other asp ects of QoS are discussed a s w ell. This pap e r is o rganised as follows: Section 2 infor- mally intro duces the notion of monotony with examples. In section 3 we recall the definition of Petri nets and colore d Petri nets, a nd in tro duce o ur mo del, OrchNet. A formal definition of monotony and a characteris a tion of mono- tonic orchestrations is then given in sectio n 4. Sectio n 5 introduces c onditional monotony which will b e useful to deal with no n-monotonic orchestrations which use data-dep endent c o ntrol. 2 Non-monotonic patterns in CO -nets W e now show examples of non-monoto nic or chestrations and identif y the so ur ce of their non-monotony . The nece s sary and sufficien t co nditions for monotony that we give la ter were inspired from the study of these patterns. The examples we dis cuss her e informally use Petri nets; we b elieve they are s elf-explanator y and do not deserve formal definitions . The formal definitions of Petri nets and their semantics is given in section 3. Consider the net on Figur e 2 with four transitions a, b , c and d with latencies τ a , τ b , τ c and τ d resp ectively . Let τ a = 2, τ b = 3, τ c = 4 and τ d = 7 . Here a fires befo re b and the ov erall orchestration latency is τ a + τ c = 6. Now, if τ b = 1, b fires befor e a and so the orchestration latency is τ b + τ d = 8 . Since decr easing the latency of b incr eases the o rchestration’s latency , the net is no t monotonic. Non-monotony arises from the fact that the futures of the co nflicting tr ansitions a and b ha d different latencies. The net is monotonic if the latencies of c and d are constr ained to be the same. b d a c Figure 2: Choices are not monoto nic. RR n ° 6528 6 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar In Fig ure 3, transitions a and c are concurre nt, a # b and b # c . Since we saw in the pr e vious example that the futures of co nflicting transitions sho uld have the same latencies , let us set τ d = τ e = τ f = τ ∗ . If τ a = 4 , τ b = 3 , τ c = 5, b fires fir st and the ov erall latency is τ b + τ e = 4 + τ ∗ . Now if τ a = 2, a fires first, b is blo ck ed and c will even tually fire. The ov erall latency here is max ( τ a + τ d , τ c + τ f ) = 5 + τ ∗ . W e thus see that for this net to b e monotonic, we must have the latencies of the concurr e nt transitions a and c to b e the same (along with their futures). In fa c t, since τ a = τ c and τ d = τ f , the tw o co nc ur rent branches ca n be ”folded” int o a single br anch to give us a net similar to that of Figure 2. b c a d f e Figure 3: Choic e and Concur rency int er-playing A monotonic or chestr ation: Figur e 4 shows an o rchestration that has a fork-join pattern (in the le ft). The rig ht side of the figur e shows the net’s unfolding . (The unfolding of a net N is a n acyclic net which includes all the p o ssible executions of N . Every place in the unfolding can be marked by at-most o ne transitio n and so every p ossible wa y o f enabling a transition is distinguished. In Figure 4, the tw o po ssible case s in whic h even t c can b e fired are distinguished in the unfolded net). Since the le ft net has a c hoice pattern, o ne may think that it is not monotonic. How ever, this is not true. F rom the previous example we know that the unfolded net is mo notonic since the futures of the co nflicting transitio ns a and b are the same (and hence ha ve the sa me la tencies). a b c a c b c Figure 4 : A monoto nic orchestration with a fork- jo in pattern (left) a nd its unfolding (right). A t this p oint we hav e identifi ed go o d and bad patter ns for mono tony . Go ing beyond such simple findings proved to b e sur prisingly challenging. In pa r ticular, INRIA Monotony in Servic e Or chestr ations 7 characterizing tha t the restricted class o f orchestrations we define is a ne c essit y for mo notony is dema nding. All this require s more for ma l material that we int ro duce next. 3 T he Orc hestration M o del: Or chNet s In this section w e present the orchestration mo del that we use for our studies, which we call Or chNets . OrchNets are a sp ecial form of c olor e d o c curr enc e nets (CO-nets) , which ar e high level Petri Nets. W e hav e c hosen this mathematica l mo del for the following r easons. F rom the semantic s tudies p er formed for BPEL [8, 3] and Orc [5, 10] we need to supp ort in a n eleg a nt and suc c inct wa y the following features: concur rency , rich c ontrol patterns including preemption, and fo r so me cases even recurs ion. The first tw o requirements suggest using colo red Petri nets . The last requirement s uggests considering extensions of Petri nets with dynamicity . How ever, in our s tudy we will not b e interested in the sp ecification of or chestrations, but r a ther in their executions. O ccurrence nets a re co ncurrent mo dels of executions o f Petri nets. As such, they encompas s or chestrations in volving re cursion at no additional cost. The e x ecutions of W orkflow Nets [1, 11] are also (CO- nets ). 3.1 P etri nets, Occurrence nets Definition 1 A Petri net is a tuple N = ( P , T , F , M 0 ) , wher e  P is a set of places ,  T is a set of trans itions such that P ∩ T = ∅ ,  F ⊆ ( P × T ) ∪ ( T × P ) is a set of flow a rcs ,  M 0 : P → N is the initial ma r king . The elements in P ∪ T are called the no des of N and will b e denoted by v a riables for e.g , x . F or no de x ∈ P ∪ T , we call • x = { y | ( y , x ) ∈ F } the pr eset of x , and x • = { y | ( x, y ) ∈ F } the p ostset of x . A marking of the net is a m ultiset M of pla ces, i.e a ma p fr o m P to N . A trans ition t is enable d in marking M if ∀ p ∈ • t, M ( p ) > 0 . This enabled tra nsition ca n fi r e resulting in a new marking M − • t + t • denoted by M [ t i M ′ . A ma rking M is r e achable if there exists a sequence of transitio ns t 0 , t 1 . . . t n such that M 0 [ t 0 i M 1 [ t 1 i . . . [ t n i M . A net is safe if for all reachable mar kings M , M ( p ) ⊆ { 0 , 1 } for a ll p ∈ P . W e define t wo r elations on the no des of a net: Definition 2 (Causality) F or a net N = ( P , T , F , M 0 ) the causalit y relation < is t he tr ansitive closur e of the r elation ≺ define d as:  If p ∈ • t , then p ≺ t ,  If p ∈ t • , then t ≺ p , wher e p ∈ P , t ∈ T . The r eflexive closure of < is denoted by ≤ . F or a no de x ∈ P ∪ T , the set of c auses of x is ⌈ x ⌉ = { y ∈ P ∪ T | y ≤ x } . RR n ° 6528 8 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar Definition 3 (Conflict) F or a net N = ( P , T , F , M 0 ) two no des x and y ar e in conflict - denote d by x # y - if ther e exist distinct tr ansitions t, t ′ ∈ T , such that t ≤ x, t ′ ≤ y and • t ∩ • t ′ 6 = ∅ . No des x a nd y are said to b e c oncurr ent - wr itten as x k y - if neither ( x ≤ y ) nor ( y ≤ x ) nor ( x # y ). A set of concur rent conditions P ⊆ P is ca lled a c o-set . A cut is a maximal (for set inclusio n) co -set. Definition 4 (Configuration) A configur a tion of N is a subnet κ of no des of N such that: 1. κ is causa lly closed , i.e , if x < x ′ and x ′ ∈ κ then x ∈ κ 2. κ is conflict-free , i.e , for al l no des x, x ′ ∈ κ, ¬ ( x # x ′ ) F o r conv enience, we will a ssume that the maximal no des (w.r.t the < relatio n) in a config ur ation are places. Definition 5 (Occurrence ne ts) A safe net N = ( P , T , F , M 0 ) is c al le d an o ccurrence net (O-net) iff 1. ¬ ( x # x ) for every x ∈ P ∪ T . 2. ≤ is a p artial or der and ⌈ t ⌉ is finite for any t ∈ T . 3. F or e ach plac e p ∈ P , | • p | ≤ 1 . 4. M 0 = { p ∈ P | • p = ∅ } , i.e the initial marking is the set of minimal plac es with r esp e ct t o ≤ N . Occurrence nets are a go o d mo del for representing the po ssible ex e cutions of a concurrent sy stem. Unfoldings of a sa fe Petri net, which colle ct all the po ssible executions of the net, are o cc ur rence nets. Unfoldings a re defined as follows. F o r N a nd N ′ t wo safe nets, a ma p ϕ : P ∪ T 7→ P ′ ∪ T ′ is called a morphism of N to N ′ if: 1/ ϕ ( P ) ⊆ P ′ and ϕ ( T ) ⊆ T ′ , and 2/ for every t ∈ T and t ′ = ϕ ( t ) ∈ T ′ , • t ∪ { t } ∪ t • is in bijectio n with • t ′ ∪ { t ′ } ∪ t ′ • through ϕ . Now, for N a safe net, there exists pairs ( U, ϕ ) where U is an o ccur rence net and ϕ : U 7→ N is a morphis m — the places a nd transitions of U are “lab eled” with place s and tr a nsitions of N thro ugh morphism ϕ . The unfolding of N , denoted by ( U N , ϕ N ) or U N for short, is the smallest pa ir ( U, ϕ ) with the ab ov e prop erties, where smallest refers to inclusion up to isomorphism. The configuratio ns of U N are the ex e cutions of N , seen a s partial or ders of even ts. Figure 5 shows a safe net N and a small pa rt o f its unfolding U N . A step in the constructio n of U N is shown in the fig ur e on the r ig ht. In each such step, a set of concurrent c o nditions X in U N are chosen s uch that ϕ ( X ) = • t for so me transition t in N . The s et o f no des X ∪ { t ′ } ∪ t ′ • are then added to U N where ϕ ( t ′ ) = t and ϕ ( t ′ • ) = t • . The r ight figure shows the addition o f a new copy of transition a (along with its preset and p o stset) to U N . An y place o f an o ccur r ence net (sp ecifically , an unfolding) gets a token at- most o nce. W e can thus talk a b o ut ”the token of the place” unambiguously for any place in these nets. INRIA Monotony in Servic e Or chestr ations 9 2 1 2 2 1 1 2 1 2 2 1 1 2 2 2 1 2 2 1 2 2 b a b N a b b b a a U N a a 1 Figure 5: Construction of the unfolding U N of a sa fe net N . 3.2 Our Model: Orc hNet s W e now present the orchestration mo del that w e use for our studies, which we call O r chNets . OrchN ets are o c c ur rence nets in which to kens are equipp ed with attributes (or co lors). Figur e 6 shows an OrchNet equipped with attributes m n t d 1 d 2 τ n τ = 0 τ t τ s τ = 0 τ m d 0 + τ m d 1 + τ n d ′ = max { d 2 , d 1 + τ n } d 0 E = 8 < : case d < d ′ then d + τ s case d > d ′ then d ′ + τ t otherwise nondeterministic d = max { d 2 , d 0 + τ m } s . Figure 6: A Generic T ransitio n of our Mo del. The arc express ions a re shown next to the a rcs and the g uard expression is wr itten next to the transition. RR n ° 6528 10 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar related to timing. Pla ces are lab eled with dates which is in fact the date of the token of that place. T ransitions are lab eled with latencies. The tokens in the three minimal places are given initial dates (here, d 0 , d 1 , d 2 ). The four named transitions m, n, s and t are la b eled with latencies τ m , τ n , τ s and τ t resp ectively , and the tw o shade d tr a nsitions hav e z ero latency . The pres ence o f dates in tokens a lters the firing semantics slightly . A trans i- tion t is enabled at date when all places in its preset hav e tokens. It then takes τ t additional time to fir e . F or example, the shaded transitio n in the left has a ll its input tokens at max { d 2 , d 0 + τ m } and so it fires at max { d 2 , d 0 + τ m } + 0 since it has zero latency . If a tr ansition fires at date d , then the tokens in its p o s tset hav e the date d . This is shown in the figure, e .g ., on the pla ce following the left shaded tra nsition, which has date max { d 2 , d 0 + τ m } . When transitions a re in conflict, (e.g., the t wo shaded transitions in Fig- ure 6), the tra ns ition that actually o ccur s is governed b y a r ac e p olicy [6]. If a set of enabled transitions ar e in conflict, the o ne with smallest date of o c- currence will fire, preempting the other transitions in conflict with it. So, in Figure 6 , the left s haded tra nsition or the right shaded tr ansition will fir e de- pending on whether d < d ′ or d > d ′ resp ectively , with a no ndeter ministic choice if d = d ′ . This results in selecting the left most o r right mo st contin uation (firing s o r t ) dep ending on the above cas es. The res ulting overall latency E of the orchestration is s hown at the b ottom of the figure. In addition to dates, tok ens in OrchNets can ha ve data attributes, which we call values . W e hav e no t s hown this in Figure 6, in order to keep it simple. V a lue s of tokens in the pres e t of a tra nsition t can be combined by a v alue function φ t attached to t . The res ulting v alue is ta ken by the token in the po stset of t . T r ansitions ca n also have guar ds (the pres ence of such a guard is not neces- sary). Guards a re b o olean predicates inv olving v alues of the tokens in the tran- sition’s pr eset. A transition is ena ble d only if its guard is true. An “If(cond)- then-else” branchin g ca n b e implemen ted b y using the following mechanism: Put a pla ce p , followed b y t wo tra nsitions t, t ′ . Guard t with the predicate “cond=true” and t ′ with the predicate “cond=fals e”. A t this point we are ready to provide the for ma l definition of Or chNets : Definition 6 (Orc hNet) An OrchNet is a tuple N = ( N , Φ , T , T init ) c onsist- ing of  An o c curr enc e net N with token attributes c = ( v al u e, date ) .  A family Φ = ( φ t ) t ∈T of v a lue functions, whose input p ar ameters ar e the values of the tr ansition ’s input tokens.  A family T = ( τ t ) t ∈T of la tency functions, whose input p ar ameters ar e the values of the tr ansition ’s input tokens. The r ange of the latency fun ctions is in R ∪ { + ∞}  A famil y T init = ( τ p ) p ∈ min( P ) of initial date functions for t he minimal plac es of N . The r ange of the initial date functions is in R ∪ { + ∞} W e do no t specify a concrete rang e of v alue functions since they ca n b e any arbitrar y v alue and this is not of direct impo rtance in the sequel. How a tra n- sition t modifies the attributes of to kens is for malized now: Let the preset of INRIA Monotony in Servic e Or chestr ations 11 t hav e n places who se tokens hav e ( v alue , date ) attributes ( v 1 , d 1 ) . . . ( v n , d n ). Then a ll the to kens in the p o stset of t have the pair ( v t , d t ) of v alue and da te, where: v t = φ t ( v 1 . . . v n ) d t = max { d 1 . . . d n } + τ t ( v 1 . . . v n ) (1) The r ac e p olicy during execution is forma lized as follows: In any given ma r king M , let T b e the set of transitions that ar e p ossibly enable d , i.e. ∀ t ∈ T , • t is marked in M . Then the transition t that is actual ly enable d , (which really fires) is given by: t = arg min t ∈ T d t where arg min f ( x ) x ∈ X = x ∗ ∈ X s.t. ∀ x ′ ∈ X , f ( x ∗ ) ≤ f ( x ′ ). If tw o transitions hav e the same d t , then the choice of the tr ansition that actually fires is non-deter ministic. If for a transition t , the delay d t is infinite, it is eq uiv alent to saying that transition t do es not o ccur . The choice extensions to o c currence nets in OrchNets is inspired by the application domain: compo sitions of web ser vices. It reflec ts the following facts.  Since we fo cus on latency , ( v a l ue, date ) is the only nee ded color .  Orchestrations r arely inv o lve dec is ions on actions based on absolute dates. Timeouts are an ex c e ption, but these can be mo delled explicitly , without using dates in guards of tr a nsitions. This justifies the fact that gua r ds only hav e token v alues a s inputs, a nd not their dates.  The time needed to p erfor m transitions do es no t depe nd on the tuple of dates ( d 1 . . . d n ) when input tokens were cr eated, but it ca n dep end on the data ( v 1 . . . v n ) a nd computation φ p erfor med on these. This justifies o ur restriction for output a rc express ions. If it is still wished that control e x plicitly dep ends on da tes, then dates must be measured and can then be stored as par t o f the v alue v . Actually Occurring Configuration and Execution Time In general, bo th v alue a nd latency functions can be nondeterministic. W e intro duce an invisible daemo n v a riable ω that resolves this nondeterminism and we denote by Ω its do main. F o r a given v alue o f ω , the v alue a nd latency functions φ ω t and τ ω t are deterministic functions. Let N = ( N , Φ , T , T init ) b e a finite OrchNet. F or a v alue ω ∈ Ω for the daemon w e can calculate the following dates for every tr ansition t a nd pla ce p of N : d p ( ω ) =  τ ω p if p is minimal d s ( ω ) where s = • p otherwis e d t ( ω ) = max { d n ( ω ) | n ∈ • t } + τ ω t ( v 1 , . . . v n ) (2) where v 1 , . . . v n are the v alue comp onents of the tokens in • t as in eq uation (1). If κ is a configur ation of N , the future N κ is the Or chNet ( N κ , Φ N κ , T N κ , T ′ init ) where Φ N κ and T N κ are the r estrictions of Φ and T resp ectively , to the transi- tions of N κ . T ′ init is the fa mily derived fro m N a ccording to (2): for any minimal RR n ° 6528 12 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar place p of N κ , the initialisation function is given by τ ′ p ω = d p ( ω ). F o r X a set of no des of N , let T min ( X ) = { t ∈ T ( X ) | • • t ∩ X = ∅} Now define inductively , κ 0 ( ω ) = ∅ κ m ( ω ) = κ m − 1 ( ω ) ∪ { t m } ∪ • t m ∪ t m • (3) where t m = arg min t ∈T min ( N κ m − 1 ( ω ) ) d t ( ω ) Since net N is finite, the ab ov e inductive definition terminates in finitely ma ny steps when N κ m ( ω ) = ∅ . Let M ( ω ) b e this num b er o f s teps. W e thus hav e ∅ = κ 0 ⊂ κ 1 ( ω ) · · · ⊂ κ M ( ω ) ( ω ) κ M ( ω ) ( ω ) is a maximal co nfiguration which actually o ccur s accor ding to our timed semantics, for a fixed ω . Each step decreases the num ber of maximal configuratio ns shar ing κ m ( ω ) as a prefix. W e deno te by κ ( N , ω ), the maximal configuratio n κ M ( ω ) ( ω ) that ac tua lly o ccurs. F o r a prefix B of N define E ω ( B , N ) = max { d x ( ω ) | x ∈ B } (4) If B is a co nfig uration, then E ω ( B , N ) is the time taken for B to e x ecute (latency of B ). The latency of the OrchNet N = ( N , Φ , T , T init ), for a given ω is E ω ( N ) = E ω ( κ ( N , ω ) , N ) 4 Characterizing monoton y In this article, we are interested in the total time taken to execute a web- service orchestration. As a consequence, we will consider only orchestrations that terminate in a finite time, i.e , only a finite num b er of v alues can b e r eturned. 4.1 Defining monoton y T o forma lize monoto ny we m ust s pe c ify how latencies a nd initial dates ca n v ar y . As a n example, we may wan t to co nstrain some pair of transitions to have ident ical la tencies, o r some pair of minimal pla ces to have iden tical initial da tes. This allowed flex ibilit y in setting latencie s o r initial dates is for malized under the notion of pre - OrchNet we intro duce ne x t. Definition 7 (pre-Orc hNet) Cal l pr e-OrchNet a tu ple N = ( N , Φ , T , T init ) , wher e N and Φ ar e as b efor e, and T and T init ar e sets of families T of latency functions and of families T init of initial date functions. W r ite N ∈ N if N = ( N , Φ , T , T init ) for some T ∈ T and T init ∈ T init . F o r tw o families T and T ′ of latency functions, write T ≥ T ′ INRIA Monotony in Servic e Or chestr ations 13 to mean that ∀ ω ∈ Ω , ∀ t ∈ T = ⇒ τ t ( ω ) ≥ τ ′ t ( ω ), and s imilarly for T init ≥ T ′ init . F o r N , N ′ ∈ N , write N ≥ N ′ if T ≥ T ′ and T init ≥ T ′ init bo th hold. Definition 8 (mono ton y) pr e- Or chNet N = ( N , Φ , T , T init ) is c al le d mono- tonic if, for any two N , N ′ ∈ N , su ch that N ≥ N ′ , we have E ω ( N ) ≥ E ω ( N ′ ) . Considering lega l sets T and T init of families of latency functions and initial date functions allows s etting constr aints o n these fa milies . This po s sibility will be essential in character iz ing monotonic or chestrations. 4.2 A global necessary and sufficien t condition Theorem 1 1. The fol low ing c ondition implies the monotony of pr e-Or chNet N = ( N , Φ , T , T init ) : ∀N ∈ N , ∀ ω ∈ Ω , ∀ κ ∈ V ( N ) , E ω ( κ, N ) ≥ E ω ( κ ( N , ω ) , N ) (5) wher e V ( N ) denotes the set of al l maximal c onfigur ations of net N and κ ( N , ω ) is the maximal c onfigur ation of N that actual ly o c curs under t he daemon value ω . 2. Conversely, assume that: (a) Condition (5) is violate d, and (b) for any two Or chNets N and N ′ such that N ∈ N , then N ′ ≥ N = ⇒ N ′ ∈ N . Then N = ( N , Φ , T , T init ) is not monotonic. Sub-condition b) in s tatement 2 destroys the necessity of Condition (5). State- men t 2 ex pr esses that Condition (5) is also neces sary provided that it is legal to increase a t will latencies o r initial da tes . O bserve that Condition (5) by itself cannot b e enoug h since it tr ivially holds if T is a singleton. Pro of: W e first pr ov e Statement 1. Let N ′ ∈ N b e suc h that N ′ ≥ N . W e hav e: E ω ( κ ( N ′ , ω ) , N ′ ) ≥ E ω ( κ ( N ′ , ω ) , N ) ≥ E ω ( κ ( N , ω ) , N ) where the first inequality follows from the fact that κ ( N ′ , ω ) is a co nflict free partial or der and N ′ ≥ N , and the second inequa lit y follows fr o m (5) applied with κ = κ ( N ′ , ω ). This proves Statement 1 . W e prove statement 2 b y contradiction. Let ( N , ω , κ † ) b e a tr iple viola ting Condition (5), in that κ † cannot o cc ur (6) E ω ( κ † , N ) < E ω ( κ ( N , ω ) , N ) (7) RR n ° 6528 14 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar Now consider the Or chNet net N ′ = ( N , Φ , T ′ , T init ) where the fa mily T ′ is the same as T exc e pt that in ω , ∀ t / ∈ κ † , τ ′ t ( ω ) > E ω ( κ † , N ). Clear ly N ′ ≥ N . But using co ns truction (3), it is ea sy to verify that κ ( N ′ , ω ) = κ † and th us E ω ( κ ( N ′ , ω ) , N ′ ) = E ω ( κ † , N ′ ) = E ω ( κ † , N ) < E ω ( κ ( N , ω ) , N ) , which viola tes mono tony . ⋄ 4.3 A structural condition for t he monotony of workflo w nets Workflow nets [1 1] were pro p o sed as a simple mo del for workflo ws. These ar e Petri nets, with a sp ecia l minimal place i and a sp ecial maximal place o . W e consider the class of workflow nets that are 1-sa fe and whic h have no lo ops. F ur ther, we r equire them to b e sound [11]. Definition 9 A Workflow net W is said to b e sound iff: 1. F or every marking M r e achable fr om the initial plac e i , ther e is a firing se quen c e le ading t o the final plac e o . 2. If a marking M marks the final plac e o , then no other plac e c an in W c an b e marke d in M 3. Ther e ar e no dead tr ansitions in W . Starting fr om the initial plac e, it is always p ossible to fir e any tr ansition of W . An example of workflow net is shown in the firs t net of Figur e 4. W orkflow nets will b e generically deno ted by W . W e can equip workflow nets with same attributes as o ccurrence nets, this yields pr e-WFnets W = ( W, Φ , T , T init ). Re- ferring to the end of Section 3.1, unfolding W yields an o ccur rence net tha t we denote by N W with asso ciated mo rphism ϕ W : N W 7→ W , see Figure 4. Her e the morphism ϕ W maps the t wo c transitions (and the place in its pre s et and po stset) in the net o n the right to the single c transition (and its pr eset and po stset) in the net o n the left. O bserve that W and N W po ssess iden tical sets of minimal pla ces. Morphis m ϕ W induces a pre - OrchNet N W = ( N W , Φ W , T W , T init ) by attaching to ea ch transition t o f N W the v alue and latency functions attached to ϕ W ( t ) in W . W e s hall use the results of the previous section in o rder to characterize tho se pre-WFnets whos e unfoldings give monotonic pr e -OrchNets. Our c hara cteriza- tion will b e e ssentially structura l in that it do es not inv olve any constraint on latency functions b eyond equality co ns traints, for some pairs of transitions. Un- der this restr icted discipline, the simple struc tur al c o nditions we sha ll for m ulate will also b e almost necessa r y . W e first define a notion of cluster on s afe nets, which will be useful fo r our characterisation. INRIA Monotony in Servic e Or chestr ations 15 Definition 10 (clusters ) F or a safe net N , a clus ter is a minimal set c of plac es and tr ansitions of N such that ∀ t ∈ c = ⇒ • t ⊆ c , ∀ p ∈ c = ⇒ p • ⊆ c (8) Theorem 2 (Sufficie n t Condition) L et W b e a WFnet and N W b e its un- folding. A sufficient c ondition for the pr e-Or chNet N W = ( N W , Φ W , T W , T init ) to b e monotonic is that every cluster c satisfies the fol lowing c ondition: ∀ t 1 , t 2 ∈ c , t 1 6 = t 2 = ⇒ t 1 • = t 2 • (9) Pro of: Let ϕ W be the net morphism mapping N W onto W and le t N ∈ N be any OrchNet. W e prov e that condition 1 of Theor em 1 holds for N by induction o n the n umber of transitions in the maximal co nfig uration κ ( N , ω ) that a ctually o ccurs. The ba se cas e is when it has only one tra nsition. Clearly this transition has the lea st latency and any other maximal configura tion ha s a greater execution time. Induction Hyp othesis Condition 1 of Theo r em 1 holds for any maximal o ccurring co nfiguration with m − 1 transitions ( m > 1). F ormally , for a pre- OrchNet N = ( N , Φ , T , T init ): ∀N ∈ N , ∀ ω ∈ Ω , ∀ κ ∈ V ( N ), E ω ( κ, N ) ≥ E ω ( κ ( N , ω ) , N ) (10) holds if |{ t ∈ κ ( N , ω ) }| ≤ m − 1. Induction Argume n t Consider the OrchNet N , where the actually o ccur r ing configuratio n κ ( N , ω ) has m tr ansitions. κ ′ is any other maximal configur ation of N . If the transition t in κ ( N , ω ) with minimal date d t also o ccur s in κ ′ then comparing execution times o f κ ( N , ω ) and κ ′ reduces to c o mparing E ω ( κ ( N , ω ) \ { t } , N t ) a nd E ω ( κ ′ \ { t } , N t ). Since κ ( N , ω ) \ { t } is the actually oc c ur ring configuratio n in the future N t of trans itio n t , using our induction hypothesis, we hav e E ω ( κ ( N , ω ) \ { t } , N t ) ≤ E ω ( κ ′ \ { t } , N t ) and so E ω ( κ ( N , ω ) , N ) ≤ E ω ( κ ′ , N ) If t / ∈ κ ′ for some κ ′ , then there must ex is t another transition t ′ such that • t ∩ • t ′ 6 = ∅ . By the definition of clusters, ϕ W ( t ) and ϕ W ( t ′ ) must belo ng to the same cluster c . Hence, t • = t ′ • follows from co ndition 9 of Theorem 2. The futures N t and N t ′ th us have iden tical sets of transitio ns : they only differ in the initial mark ing of their pla ces. If T init and T ′ init are the initial mark ing of these places , T init ≤ T ′ init (since d t ≤ d t ′ , t • has dates lesser than t ′ • ). Hence E ω ( κ ( N , ω ) , N ) = E ω ( κ ( N , ω ) \ { t } , N t ) (11) and E ω ( κ ′ , N ) = E ω ( κ ′ \ { t ′ } , N t ′ ) ≥ E ω ( κ ′ \ { t ′ } , N t ) (12) RR n ° 6528 16 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar The inequality holds since N t ′ ≥ N t . The induction h ypo thesis on (11) and (12) gives E ω ( κ ( N , ω ) , N ) ≤ E ω ( κ ′ , N ) This proves the theorem. ⋄ Comments ab out ti gh tness o f the conditi o ns of Theorem 2 Reca ll that the sufficient co ndition for monoto ny stated in Theo r em 1 is “ almost necessar y” in that, if eno ugh flex ibilit y exist in s e tting latencies and initial dates, then it is actually necessa ry . It tur ns out that the same holds for the sufficient condition stated in T he o rem 2 if the workflow net is assumed to b e liv e. Theorem 3 (Necess ary Condi tion) Supp ose t hat the workflow n et W is sound. Assume that W ∈ W and W ′ ≥ W implies W ′ ∈ W , me aning that ther e is enough flexibility in sett ing latencies and initial dates. In addition, assum e t hat ther e is atle ast one W ∗ ∈ W such t hat ther e is an daemo n value ω ∗ for which the latencies of al l the tr ansitions ar e fin ite. Then the sufficient c ondition of The or em 2 is also ne c essary for monotony. Pro of: W e will show tha t when co ndition (9 ) of Theo rem 2 is not satisfied by W , the Orchnets in its induced pr eOrchNet N W can violate condition (5) of Theorem 1, the ne c essary condition for monotony . Let c W be any cluster in W that violates the condition 9 o f Theor em 2. Consider the unfolding of W , N W and the a sso ciated morphism ϕ : N W 7→ W as intro duced befor e. Since W is sound, all transitions in c W are re a chable from the initial place i and so there is a cluster c in N W such that ϕ ( c ) = c W . There a r e transitions t 1 , t 2 ∈ c such that • t 1 ∩ • t 2 6 = ∅ , • ϕ ( t 1 ) ∩ • ϕ ( t 2 ) 6 = ∅ and ϕ ( t 1 ) • 6 = ϕ ( t 2 ) • . Call [ t ] = ⌈ t ⌉ \ { t } and define K = [ t 1 ] ∪ [ t 2 ]. W e consider the following tw o cases: K is a configuration If so, consider the O r chNet N ∗ ∈ N W got when trans i- tions of N W (and so W ) hav e latencies as that in W ∗ . So for the daemon v alue ω ∗ , the quantit y E ω ∗ ( K, N ∗ ) is so me finite v alue n ∗ . Now, configur ation K ca n actually occ ur in a Orch Net N , s uch that N > N ∗ , where N is o btained as follows ( τ and τ ∗ denote the latencies of tra nsitions in N and N ∗ resp ectively): ∀ t ∈ K, t ′ ∈ N W s.t. • t ∩ • t ′ 6 = ∅ , set τ t ′ ( ω ∗ ) = n ∗ + 1 and keep the other latencies unc hanged. In this case, for the daemon v alue ω ∗ , the latencies of all transitions of N (and so its ov era ll execution time) is finite. Deno te by N K the future o f N once co nfiguration K has actually o ccurred. Both t 1 and t 2 are minimal and enabled in N K . Since ϕ ( t 1 ) • 6 = ϕ ( t 2 ) • , without loss of g enerality , w e assume that there is a place p ∈ t 1 • such that ϕ ( p ) ∈ ϕ ( t 1 ) • but ϕ ( p ) / ∈ ϕ ( t 2 ) • . Let t ∗ be a tra nsition in N K such that t ∗ ∈ p • . Such a transition m ust exist since p can not b e a maximal place: ϕ ( p ) can not b e a maximal place in W which has a unique maximal place. Now consider the Orchnet N ′ > N got as follows: τ ′ t 1 ( ω ∗ ) = τ t 1 ( ω ∗ ) , τ ′ t 2 ( ω ∗ ) = τ t 1 ( ω ∗ ) + 1 and for all other t ∈ c, τ ′ t ( ω ∗ ) = τ ′ t 2 ( ω ∗ ) + 1. Set τ ′ t ∗ ( ω ∗ ) = ∞ and for all other transitions o f N ′ , the delays ar e the same as that in N and th us are finite for ω ∗ . INRIA Monotony in Servic e Or chestr ations 17 t 1 has the minimal delay among all tr a nsitions in c , and t ∗ is in the future of t 1 . So the actually o ccuring co nfiguration E ω ∗ ( κ ( N ′ , ω ∗ ) , N ′ ) ha s an infinite delay . How ever any maxima l config uration κ whic h does not include t 1 (for eg, when t 2 fires instead of t 1 ) w ill hav e a finite delay . F or such κ we thus hav e E ω ∗ ( κ ( N ′ , ω ∗ ) , N ′ ) > E ω ∗ ( κ, N ′ ) and so N ′ violates the condition (5) of Theorem 1. K i s not a configuration If so, there exist transitions t ∈ [ t 1 ] \ [ t 2 ] , t ′ ∈ [ t 2 ] \ [ t 1 ] suc h that • t ∩ • t ′ 6 = ∅ , • ϕ ( t ) ∩ • ϕ ( t ′ ) 6 = ∅ and ϕ ( t ) • 6 = ϕ ( t ′ ) • . The final co ndition holds since t 2 and t 1 are not in the causal future of t and t ′ resp ectively . Thus t and t ′ belo ng to the sa me cluster , which vio la tes co ndition 9 of Theore m 2 and we can a pply the same rea soning as in the b eginning of the pro of. Since [ t ] is finite for any transition t , we will eventually end up with K being a configur ation. ⋄ 4.4 Discussion regarding monoton y Based on the mathematical results o f the former se c tio n, we shall first discuss which or chestrations are mono tonic. The r esulting class is not very wide, as we shall see. How ever, further thinking suggests that consider ing QoS parameters in is olation — as we did so far — is not the r ig ht wa y to pro ceed. W e will thus revisit QoS a nd mo no tony . Whic h o rc hestrations are monotonic? Not s urprisingly , orchestrations inv o lving no choice at all — they are mo deled by ev ent graphs — are mono tonic. Theorem 2, how ever, allows for more g eneral orchestrations. In par ticular, if m ulti-threading with o nly conflicting threads ar e used, then the theorem esse n- tially requires that the choice a mong the different threa ds is per formed, based on their overall la tency (where a thr e ad is considered a s atomic). It is allow ed, how ever, that co nflicting threads p o ssess different ov erall latencies. Nex t, if a blend o f concurrent and conflicting multi-threading is used, then 1/ conc ur rent threads sho uld hav e equal la tencies, and 2 / the choice among c o nflicting threads should be based on their overall latency . Finally , c o ncurrent multi-threading (with no conflict with other threa d when the concurr ent threads ar e launched) raises no problem. An e x ample of a non tr ivial monotonic orchestration is shown in Figure 4. Revisiti ng QoS and monotony As discuss ed b efore, orchestrations inv olv- ing data dep endent co ntrol will very often be non monotonic. This makes SLA/SLS/contract base d QoS management very problematic. What did we wrong? In fact, the problem is that we consider Qo S parameter s in iso lation when dealing with SLS or contracts. How ever one can trade latency for “qua lit y of data”. Typically , by reducing timeouts while waiting for resp onses fr om called W eb services , one can easily reduce la tency . But there is no free lunch: if one do es so, then exceptions get raised in lieu of getting v a lid resp onses for the query . So we must refine o ur notion of monoto ny a s follows: s ay that a n or chestra- tion is “co nditionally mo notonic” if, under the c onst r aint that identic al r esp onses RR n ° 6528 18 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar ar e r e c eive d by the or chestr ation, incr easing so me latency will cause an incre a se of the ov erall latency of the orchestration. In the nex t section we forma liz e this notion and study the characterization o f co nditional monotony . 5 Refined QoS and Conditional monoton y Define the set of v a lue s returned by a maximal co nfig uration κ ∈ V ( N ) as V ω ( κ, N ) = { φ t ( ω ) | t ∈ ma x( κ ) } where ma x( κ ) denotes the maximal (w.r.t ≤ ) tr ansitions in the configura tion κ . The v alues returned by the o r chestration N = ( N , φ, T , T init ) for a g iven v alue of the da emon ω is V ω ( N ) = V ω ( κ ( N , ω ) , N ) Definition 11 (conditi onal monotony) pr e-Or chNet N = ( N , Φ , T , T init ) is c al le d conditiona lly monotonic if, ∀N , N ′ ∈ N s . t . N ≥ N ′ and ∀ ω ∈ Ω s . t . V ω ( N ) = V ω ( N ′ )  ⇒ E ω ( N ) ≥ E ω ( N ′ ) Definition 11 do es not attempt to compare ov erall or chestration latencies, if different r esp onses ar e received a s a result o f changing latencies of calle d W eb services. In particular, cases w he r e v alid da ta ar e received are not compar ed with cases where exceptions ar e r a ised. Said differently , Definition 1 1 pr ohibits trading latency for qualit y o f data. Conditional monotony do es no t seem to b e consider ed while formulating WSLA co ntracts. The ’conditional’ co nt rac ts in WSLA are not related to the notion of co nditional mo notony but r ather r efer to the oblig a tions that need to be met by the client fo r the server’s pro mises to b e fulfilled. Assumption 1 We assume t hat Orc hNet N is such that for al l distinct κ, κ ′ ∈ V ( N ) , V ω ( κ, N ) 6 = V ω ( κ ′ , N ) . Assumption 1 is very natural when nor mal pro cessing o f the orchestration to- gether with cas es wher e ex ceptions o ccur ar e co nsidered. With this assumption, Theorem 1 simplifies as follows: Theorem 4 Under Assumption 1 pr e-Or chNet N = ( N , Φ , T , T init ) is c ondi- tional ly monotonic. Pro of: In fact this is a trivia l result: by Assumption 1, we do not need to compar e latencies a cross different configurations . But each configuration po ssesses no co nflict and is therefore an even t gra ph. Since dating in even t graphs is amenable of max / + algebr a, it is monotonic. Thus pre-Or chN et N = ( N , Φ , T , T init ) is co nditionally monotonic. ⋄ INRIA Monotony in Servic e Or chestr ations 19 6 Conclus ion This pap er is a contribution to the fundamentals of contract bas e d QoS manage- men t of W eb service s orchestrations/ choreographies. Qo S contracts implicitly assume mono tony w.r.t. QoS par ameters. This paper fo cuses on one sp ecific (but r epresentativ e) QoS para meter, na mely latency or re s p o nse time. W e hav e shown tha t mono tony is v ery easily violated in realistic cases. W e hav e formal- ized monoto ny and have provided necessar y a nd s ufficient conditions for it. As we hav e seen, Qo S c an b e very often traded for Quality of Data: p o or q uality resp onses to queries (including exceptions or inv alid r esp onses) ca n be obtained t ypically m uch faster. This reveals that QoS par ameters sho uld not b e consid- ered sepa rately , in isola tion. W e have thus revisited the notions of latency a nd monotony and prop os ed the new concept of c onditional m onotony. F ortunately enough, typical o rchestrations turn o ut to b e non-mono tonic, but conditiona lly monotonic. Our study has an impact on the wa y SLS should be phra sed for orchestra- tions: it suggests crude contracts such as “for 95% of the reques ts the resp o nse time will b e less than 5ms” should not b e used without re fer ring to the qualit y of data. Also, our study ha s an impa c t on co ntract monitoring — monitoring whether a ca lled service meets its contract. W e see tw o extensions of this w ork. First, our ma thematical results re ly on the notion of bra nching cells, which were develope d fo r nets without read ar cs. How ev er, a dv anced orchestration la nguages such a s Or c [7] offer a sophisticated form o f preemption that requires contextual nets (with rea d arcs) for their mo d- eling. Extending our results to this case is non trivia l since br a nching cells do not ex ist for con textual nets. Seco nd, this pap er considers latencies in a non probabilistic context. Howev er, these authors advoca ted in [9] the use of proba- bilistic contracts — they b etter reflect the uncertain natur e of Qo S para meters in the op en world of the W eb and they allow for well sound ov erb o o king and les s pes simistic contracts. W e should extend our present work to this pr obabilistic framework. This should not b e to o difficult, as we guess. In fact, a theory of monotony for probabilistic Q oS must r ely o n an order a mong proba bility distr i- butions. This exists and is known as sto chastic or dering. Results are av ailable that relate sto chastic ordering and po int-wise ordering (as we s tudy here), which should b e of help for such an extensio n. References [1] W.M.P . v an der Aalst. The Application o f Petri Nets to W orkflow Man- agement. The J ou r n al of Cir cu its, Systems and Computers , 8(1):21– 6 6, 1998. [2] T on y Andrews, F rancisco Curbera , Hitesh Dholakia, Y aron Go land, Jo - hannes Klein, F rank Leymann, Kev in Liu, Dieter Roller, Doug Smith, Satish Thatte, Iv ana T rick ovic, Sanjiv a W eeraw arana , a nd Satish Thatte. Business Pro ces s Ex ecution La nguage for W eb Services V ersion 1.1. Sp eci- fication, BE A Systems, International B us iness Machines Cor p o ration, Mi- crosoft Corp or a tion, SAP AG, Sieb el Systems, May 2003 . RR n ° 6528 20 Anne Bouil lar d, Sidney R osario, Alb ert Benveniste , Stefan Haar [3] Jes ´ us Arias-Fisteus, Luis S´ anchez F er n´ andez, and Carlos Delgado Klo os. Applying mo del checking to BPEL4WS business collab or ations. In SAC , pages 826– 8 30, 20 05. [4] Alexander Keller and Heiko Ludwig. The wsla framework: Specifying and monitoring service level agr e ement s for web services . J . Network S yst. Manage. , 11 (1), 20 0 3. [5] David Kitchin, Willia m R. Co ok, a nd Jay adev Misra. A la nguage for task orchestration and its semantic prop erties. In CONCUR , pages 477 –491 , 2006. [6] Marco Ajmone Ma rsan, Gianfranco Balb o, Gianni Co nte, Susanna Do- natelli, and Giuliana F ra nc e s chinis. Mo delling with genera lized sto chastic petr i nets. SIGMETRICS Performanc e Evaluation R eview , 26(2):2 , 199 8. [7] Jay adev Misra and William R. Co ok. Computation orchestra- tion: A basis for wide- a rea computing. Journal of Softwar e and Systems Mo deling , May , 2006 . Av ailable for download at http:/ /dx.d oi.org/ 10.1007/s10270-006-0012-1 . [8] C. Ouyang, E. V erb eek, W.M.P v an der Aalst, and S. Breutel. F o rmal Semantics and Analys is of Control Flow in WS-BP EL. BPM Center Re p o rt BPM-05- 15, BPMc ent er.o rg, 20 0 5. [9] Sidney Rosa rio, Alber t Benv eniste, Stefan Haa r, a nd Claude Jar d. Pro ba- bilistic QoS a nd soft contracts for tr ansaction based web services. In ICWS , pages 126– 1 33, 20 07. [10] Sidney Ros a rio, David Kitchin, Alber t Benveniste, William Co ok, Stefan Haar, and Cla ude Ja rd. E ven t str ucture s emantics of or c. In WSFM , 20 07. [11] Wil M. P . v a n der Aalst. V erification o f workflow nets. In ICA TPN , pa ges 407–4 26, 1997 . INRIA Centre de recherche INRIA Rennes – Bretagne Atlantique IRISA, Campus universitaire de Beaulieu - 35042 Rennes Cedex (France) Centre de recherc he INRIA Bordeaux – Sud Ouest : Domaine Uni versit aire - 351, cours de la Libération - 33405 T alenc e Cedex Centre de recherc he INRIA Grenobl e – Rhône-Alpes : 655, ave nue de l’Europe - 38334 Montbonnot Saint-Ismier Centre de recherc he INRIA Lille – Nord Europe : Parc Scientifique de la Haute Borne - 40, ave nue Halley - 59650 V ille neuve d’Ascq Centre de recherc he INRIA Nanc y – Grand Est : L ORIA, T echnopôle de Nancy-Bra bois - Campus scientifique 615, rue du Jardin Botani que - BP 101 - 54602 V illers-lès-Na ncy Cede x Centre de recherc he INRIA Pari s – Rocquencourt : Domaine de V oluceau - Rocquencou rt - BP 105 - 78153 Le Chesnay Cedex Centre de recherc he INRIA Sacla y – Île-de-Franc e : Parc Orsay Uni ver sité - ZAC des V ignes : 4, rue Jacques Monod - 91893 Orsay Cedex Centre de recherc he INRIA Sophia Antipolis – Méditerranée : 2004, route des Lucioles - BP 93 - 06902 Sophia Antipolis Cedex Éditeur INRIA - Domaine de V olucea u - Rocquenc ourt, BP 105 - 78153 Le Chesnay Cede x (France) http://www.inria.fr ISSN 0249 -6399