WSAT: A Tool for Formal Analysis of Web Services

This paper presents Web Service Analysis Tool (WSAT), a tool for analyzing and verifying composite web service designs, with the state of the art model checking techniques. Web services are loosely coupled distributed systems communicating via XML messages. Communication among web services is asynchronous, and it is supported by messaging platforms such as JMS which provide FIFO queues to store incoming messages. Data transmission among web services is standardized via XML, and the specification of web service itself (invocation interface and behavior signature) relies on a stack of XML based standards (e.g. WSDL, BPEL4WS, WSCI and etc.). The characteristics of web services, however, raise several challenges in the application of model checking: (1) Numerous competing web service standards, most of which lack formal semantics, complicate the formal specification of web service composition. (2) Asynchronous messaging makes most interesting verification problems undecidable, even when XML message contents are abstracted away [3]. (3) XML data and expressive XPath based manipulation are not supported by current model checkers. WSAT, as shown in Fig. 1, tackles these challenges as follows: (1) An Intermediate Representation: We use automata with XPath guards (called GFSA) as an intermediate representation for web services. A translator from BPEL4WS to GFSA is developed, and support for other languages can be added without changing the analysis and the verification modules of the tool. (2) Synchronizability and Realizability Analyses: We define a set of sufficient synchronizability conditions to restrict control flows of a composite web service. When the analysis succeeds, LTL verification can be performed using the synchronous communication semantics instead of asynchronous communication semantics. We also define a set of sufficient realizability conditions that are used to synthesize a set of GFSA (called peers) which communicate with asynchronous messages from a single GFSA (called a conversation protocol) which specifies the set of desired global behaviors. The behaviors of the synthesized peers are the same as the behaviors of the conversation protocol if the conversation protocol is realizable [3]. (3) Handling of XML Data Manipulation: We developed and implemented algorithms for translating XPath expressions to Promela code [5], and we use model checker SPIN [7] as the back-end of WSAT to check LTL properties.