Dongmei Liu, Hong Zhu and Ian Bayley

09 November 2012

Applying Algebraic Specification To Cloud Computing

Outline

Motivation and Related works

Our Algebraic Specification Language

Case Study of IaaS GoGrid

Discussion

Conclusion and Future work

Motivation

Formal Specification Merits Limitation

Classification of approaches

Algebraic Specification Heterogeneous algebras Signature Axioms Property-Oriented

Model-Oriented

axiomaticalgebraic

Encourage rigourWell-founded mathematical basis.Well-defined semanticsAutomating analysis

Difficult to learn and useLimited scopeLimited scalability

Motivation

RESTful Web Services Identification of resources (URIs) Manipulation of resources through representations HTTP methods Stateless

Cloud Computing Open API OCCI (Open Cloud Computing Interface)

REST: From Research to Practice (2011, Erik Wilde)

http://stage.vambenepe.com/archives/863

The OCCI Core specification The OCCI Rendering specifications The OCCI Extension specifications

Related Works

Description of RESTful WS Formats for annotating the syntax and semantics Graphic notation(UML state machine diagram)

Algebraic Specification Algebras Co-algebras Extend algebraic and co-algebraic Algebraic testing

WADLhRESTS/Micro WSMOSA-REST

O. Liskin,etc. Welcome to the Real World: A Notation for Modeling REST Services, IEEE Internet Computing, 2012

CASOCC-WS

Overall structure Sorts, operators and/or axioms that logically belong

together are grouped into a unit.

<Specification> ::= {<Spec Unit>}<Spec Unit> ::=

Spec <Sort Name> [<Observability>]; <Signature> [<Axioms>] End

<Sort Name> ::= <Identifier><Observability> ::= is observable by <Operator ID> | is unobservable<Operator ID> ::= <Identifier>

CASOCC-WS

Example Spec BOOL is observable by eqv; Operators: Creator: true: VOID -> BOOL; false: VOID -> BOOL; Transformer: and: BOOL, BOOL -> BOOL; or: Bool, BOOL -> BOOL; eqv: BOOL, BOOL -> BOOL; not: BOOL -> BOOL; Axioms: For b: BOOL that b and true == b; b or false == b; b and b == b; b or b == b; ... End…End

CASOCC-WS

Signature specify the syntactic aspect of the software entity defines a set of typed operations reuse

<Signature> ::= [<Imported Sorts>;] <Operations><Imported Sorts> ::= Sort <Imported Sort List><Imported Sort List> ::= <Sort Name>[, <Imported Sort List>]<Operations> ::= Operators: [<Creators>;][<Transformers>;][<Observers>;][<Definers>;]<Creators> ::= Creator: <OpList><Transformers> ::= Transformer: <OpList><Observers> ::= Observer: <OpList><Definers> ::= Definer: <OpList><OpList> ::= <Operation> [; <OpList>]

CASOCC-WS

Operator Function: identifier, domain and co-domain types have more than one domain sort and more than one co-

domain sort at the same timeSpec STACK; Sort BOOL, NAT; Operators: Creator: newStack: -> STACK; Transformer: push: STACK, NAT -> STACK; pop: STACK -> STACK; Observer: isNewStack: STACK -> BOOL; top: STACK -> NAT;End

Spec STREAM is unobservable; Sort NAT; Operators: Transformer: next: STREAM -> STREAM, NAT;End

CASOCC-WS

Operator Function: identifier, domain and co-domain types have more than one domain sort and more than one co-

domain sort at the same time

<Operation> ::= <Operator ID> :['['<Context Sort>']'] [<Domain Type>] -> <Co-domain Type><Context Sort> ::= <Sort Name><Domain Type> ::= <Type> | VOID<Co-domain Type> ::= <Type> | VOID<Type> ::= <Sort Name> [, <Type>]

CASOCC-WS

Axioms specify the semantics of the operators describing the properties that operators are required to

satisfy consists of a variable declarations block and a list of

conditional equations.<Axioms> ::= Axiom: <Axiom List><Axiom List> ::= <Axiom> [<Axiom List>]<Axiom> ::= <Var Declarations> <Equations> End<Var Declarations> ::= For all <Var-Sort Pairs> that<Var-Sort Pairs> ::= <Var IDs> : <Sort Name> [, <Var-Sort Pairs>]<Var IDs> ::= <Var ID> [, <Var IDs>]<Var ID> ::= <Identifier>

CASOCC-WS

Equation conditional equation local variable and Let… in

For all s: STACK, n: NAT that Let s1 = push(s,n) in isNewStack(s1) == False; pop(s1) == s; top(s1) == n; EndEnd

For all SLR: ServerListRequest that SLR.num_items>=0; SLR.page>=0, if SLR.num_items> 0;End

For all s: STACK, n: NAT that isNewStack(push(s,n))== False; pop(push(s, n))== s; top(push(s, n))== n;End

CASOCC-WS

Equation conditional equation local variable and Let… in

<Equation> ::= [<Label>:] <Condition> [, if <Conditions>]; | Let <Var Definitions> in <Equations> End<Conditions> ::= <Condition> [(,|or) <Conditions>]<Condition> ::= <Bool Term> | <Term> <Relation OP> <Term> | "(" <Condition> ")" | "~" <Condition><Bool Term> ::= True | False | <Term><Relation OP> ::= "==" | "<>" | ">" | "<" | ">=" | "<=" | "IS“<Term> ::= <Var ID> | "(" <Term> ")“ | "<" <Term List> ">" | <Operator ID> ["(" [<Parameters>] ")"] | "[" <Term> "]" | <Term> "." <Term> | <Term> "#" <Term> | <numeric_expression> | <string_expression> | <literal_expression> | NULL

CASOCC-WS

Modular software entity: abstract data type, class, component, WS

Algebraic and co-algebraic

Op : [s] s1, … , sn s'1, … , s'k

Kinds of operators Creator Transformer Observer

Conditional equations Relation Operation Let … in …

Case Study: GoGird

GoGrid world's largest pure-play Infrastructure-as-a-Service

provider specializing in Cloud infrastructure solutions

API a REST-like query interface

Object List Get Add Delete Edit Other Ops

Server Yes Yes Yes Yes Yes Power

Server image Yes Yes Yes Yes Save, Restore

Load Balancer Yes Yes Yes Yes Yes

Job Yes Yes        IP Yes  

Password Yes Yes        

Billing Yes        

Option Yes          

Case Study: GoGrid

Overall Structure of the Specification First, for each object, specifying the requests and

responses of the operations, defining their structures and the constraints on the values of the elements.

Then, specify the semantics of the operators on the type of objects by defining the relationships between the requests and the responses.

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec Server; Sort Option, IP, ServerImage; Operators: Observer: id: Server -> long; name: Server -> string; description: Server -> string; ip: Server -> IP; image: Server -> ServerImage; ram: Server -> Option; state: Server -> Option; type: Server -> Option; os: Server -> Option; isSandbox: Server -> boolean; datacenter: Server -> Option; Axiom: For all SO: Server that SO.id <> null; EndEnd

Spec ListofServer; Sort Server; Operators: Observer: items: ListofServer,int -> Server; length: ListofServer -> int;End

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec CommonParameter; Operators: Observer: api_key: CommonParameter -> string; sig: CommonParameter -> string; v: CommonParameter -> string; format: CommonParameter -> string; Axiom: For all CP: CommonParameter that CP.api_key <> NULL; CP.sig <> NULL; CP.v <> NULL; EndEnd

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec ServerListRequest; Sort CommonParameter, ListofString; Operators: Observer: para: ServerListRequest -> CommonParameter; num_items: ServerListRequest -> int; page: ServerListRequest -> int; server_type: ServerListRequest -> string; isSandbox: ServerListRequest -> boolean; datacenter: ServerListRequest -> ListofString; timestamp: ServerListRequest -> int; Axiom: For all SLR: ServerListRequest that SLR.num_items >=0; SLR.page >=0, if SLR.num_items > 0; EndEnd

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec ListResSummary; Operators: Observer: total: ListResSummary -> int; start: ListResSummary -> int; returned: ListResSummary -> int; numpages: ListResSummary -> int;Axiom: For all LRS: ListResSummary that LRS.total >= 0; LRS.start >= 0; LRS.returned >= 0; LRS.numpages >= 0; EndEnd

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec ServerListResponse; Sort ListResSummary, ListofServer, ListofString; Operators: Observer: status: ServerListResponse -> string; request_method: ServerListResponse -> string; summary: ServerListResponse -> ListResSummary; objects: ServerListResponse -> ListofServer; statusCode: ServerListResponse -> int; Axiom: For all SLR: ServerListResponse that SLR.request_method == "/grid/server/list"; End For all SLR:ServerListResponse, i,j:int that SLR.objects.items(i).id <> SLR.objects.items(j).id, if status == "success", i <> j, 0 <= i, i <= SLR.summary.returned, 0 <= j, j <= SLR.summary.returned; End ...End

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Spec ServerGrid; Sort CommonParameter, Server, ListofServer, … ListofString, ServerListRequest, ListResSummary, ServerListResponse, …; Operators: Observer: clockTime: ServerGrid -> int; sharedSecret: ServerGrid, string -> string; List: [ServerGrid] ServerListRequest -> ServerListResponse; Get: [ServerGrid] ServerGetRequest -> ServerGetResponse; Transformer: Add: [ServerGrid] ServerAddRequest -> ServerAddResponse; Delete: [ServerGrid] ServerDeleteRequest -> ServerDeleteResponse; Edit: [ServerGrid] ServerEditRequest -> ServerEditResponse; Power: [ServerGrid] ServerPowerRequest -> ServerPowerResponse;End

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Axiom <Authentication>:For all G:ServerGrid, X:ServerListRequest that Let key = X.para.api_key, sig_Re = MD5(key, G.sharedSecret(key), X.timeStamp) in G.List(X).statusCode == 403, If X.para.sig <> sig_Re or abs(X.timeStamp - G.clockTime) > 600; EndEnd

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Axiom <List-XOp>:For all G: ServerGrid, X: ServerListRequest, X1: ServerXOpRequest that [G.List(X)].XOp(X1) == G.XOp(X1);End

Case Study: GoGrid

The Specification of Server Objects and Collections Requests and Responses Semantics of the Operations

Axiom <Add-List>:For all G: ServerGrid, X1: ServerAddRequest, X2: ServerListRequest that [G.Add(X1)].List(X2).objects == insert(G.List(X2).objects, G.Add(X1).objects), If X2.num_items == 0, X2.server_type == NULL, X2.isSandbox == NULL, X2.datacenter == NULL, G.Add(X1).statusCode == 200, G.List(X2).statusCode == 200;End

Case Study: GoGrid

Results

Parser Tool

JavaCC (Compiler Compiler) parser generator for use with Java applications a tool that reads a grammar specification and converts it

to a Java program that can recognize matches to the grammar.

generates top-down parsers, which limits it to the LL(k)

<numeric_expression> ::= <Term> <Arithmetic OP> <Term>

<numeric_expression> ::= <numeric_p> [ (*|/) <numeric_p> ]<numeric_p> ::= <numeric_v> [ (+|-) <numeric_v> ]<numeric_v>] ::= <integer_literal> | <float_literal> | ( <Term> )

Parser Tool

JavaCC (Compiler Compiler)

Parser Tool

JavaCC (Compiler Compiler)

Parser Tool

JavaCC (Compiler Compiler)

Parser Tool

JavaCC (Compiler Compiler)

Parser Tool

GUI

Discussion

Improving Document Preciseness

Detecting Incompleteness

Checking Consistency

Reducing Redundancy

Understandability of Document

Conclusion

apply the CASOCC-WS specification language to cloud computing interface with a case study on GoGrid System

demonstrate that CASOCC-WS can be used for RESTful WS detect non-trivial errors including ambiguity, inconsistency and incompletenessdemonstrate that algebraic specifications can be easy to understand

Further work

More case study for cloud computing, OCCI

Extend the algebraic specification language

Combine Ontology to describe RESTful WS

Develop a tool to support automated testing of a

cloud computing interface

Thanks

Questions?