In this paper we discuss a model-based approach to verifying web service compositions for web service implementations. The approach supports verification against specification models and assigns semantics to the behavior of implementation models so as to confirm expected results for both the designer and implementer. Specifications of the design are modeled in UML, in the form of Message Sequence Charts (MSCs), and mechanically compiled into the Finite State Process notation (FSP) to concisely describe and reason about the concurrent programs. Implementations are mechanically translated to FSP to allow a trace equivalence verification process to be performed. By providing early design verification, the implementation, testing and deployment of web service compositions can be eased through the understanding of the differences, limitations and undesirable traces allowed by the composition. The approach is supported by a suite of cooperating tools for specification, formal modeling and trace animation of the composition workflow.

Behavior modeling has proved to be successful in helping uncover design flaws of concurrent and distributed systems. Nevertheless, it has not had a widespread impact on practitioners because model construction remains a difficult task and because the benefits of behavior analysis appear at the end of the model construction effort. In contrast, scenario-based specifications have a wide acceptance in industry and are well suited for developing first approximations of intended behavior; however, they are still maturing with respect to rigorous semantics and analysis tools. This article proposes a process for elaborating system behavior that exploits the potential benefits of behavior modeling and scenario-based specifications yet ameliorates their shortcomings. The concept that drives the elaboration process is that of implied scenarios. Implied scenarios identify gaps in scenario-based specifications that arise from specifying the global behavior of a system that will be implemented component-wise. They are the result of a mismatch between the behavioral and architectural aspects of scenario-based specifications. Due to the partial nature of scenariobased specifications, implied scenarios need to be validated as desired or undesired behavior. The scenario specifications are then updated accordingly with new positive or negative scenarios. By iteratively detecting and validating implied scenarios, it is possible to incrementally elaborate the

Scenario-based specifications such as Message Sequence Charts (MSCs) are becoming increasingly popular as part of a requirements specification. Scenarios describe how system components, the environment and users work concurrently and interact in order to provide system level functionality. Each scenario is a partial story which, when combined with other scenarios, should conform to provide a complete system description. However, although it is possible to build a set of components such that each component behaves in accordance with the set of scenarios, their composition may not provide the required system behaviour. Implied scenarios may appear as a result of unexpected component interaction.

In this paper we discuss a case study for the UK Police IT Organisation (PITO) on using a model-based approach to verifying web service composition interactions for a coordinated service-oriented architecture. The move towards implementing web service compositions by multiple interested parties as a form of distributed system architecture promotes the ability to support 1) early verification of service implementations against design specifications and 2) that compositions are built with compatible interfaces for differing scenarios in such a collaborative environment. The approach uses finite state machine representations of web service orchestrations and distributed process interactions. The described approach is supported by an integrated tool environment for for providing verification and validation results from checking designated properties of service models. 1.

The behaviour of a distributed system is largely determined by the use of synchronization primitives and threading policies of the underlying middleware. The inherent parallel nature of distributed systems may cause liveness problems, such as deadlocks and livelocks. An increasing number of distributed systems is built using object middleware. We exploit the fact that modern object middleware offers only a few built-in synchronization and threading primitives by suggesting UML stereotypes to represent each of these primitives in distributed object design. We define the semantics of the stereotypes using a process algebra. We use that semantics to translate UML diagrams into behaviourally equivalent process algebra representations and can then use model checking techniques to find potential deadlocks. The paper also shows how the model checking results can be related back to the original UML diagrams.

The idea of synthesizing statecharts out of a collection of scenarios has received a lot of attention in recent years. However due to the poor expr essive power of rst generation scenario languages, including UML1.x sequence diagrams, the propose d solutions often use ad hoc tricks and su er from many shortcomings. The recent adoption in UML2.0 of a richer scenario language, including interesting composition operators, now makes it possible to revisit the problem of statechart synthesis with a radic allynew approach. Inspir ed by the way UML2.0 sequence diagr ams can be algebraically composed, we rst de ne an algebraic framework for composing state charts. Then we show how to leverage the algebraic structure of UML2.0 sequence diagrams to get a direct algorithm for synthesizing a composition of state charts out of them. The synthesized statecharts exhibit inter esting prop erties that make them particularly useful as a basis for the detaile d design process. Beyond o ering a systematic and semantically well founded method, another interest of our appr oach lies in its exibility: the modi cation or replac ement of a given scenario has a limited impact on the synthesis process, thus fostering abetter traceability between the requirements and the detailed design. 1.

In this paper we describe a tool for a model-based approach to verifying compositions of web service implementations. The tool supports verification of properties created from design specifications and implementation models to confirm expected results from the viewpoints of both the designer and implementer. Scenarios are modeled in UML, in the form of Message Sequence Charts (MSCs), and then compiled into the Finite State Process (FSP) process algebra to concisely model the required behavior. BPEL4WS implementations are mechanically translated to FSP to allow an equivalence trace verification process to be performed. By providing early design verification and validation, the implementation, testing and deployment of web service compositions can be eased through the understanding of the behavior exhibited by the composition. The approach is implemented as a plug-in for the Eclipse development environment providing cooperating tools for specification, formal modeling, verification and validation of the composition process.

In this paper we describe tool support for a modelbased approach to verifying compositions of web service implementations. The tool supports verification of properties created from design specifications and implementation models to confirm expected results from the viewpoints of both the designer and implementer. Scenarios are modeled in UML, in the form of Message Sequence Charts (MSCs), and then compiled into the Finite State Process (FSP) algebra to concisely model the required behavior. BPEL4WS implementations are mechanically translated to FSP to allow an equivalence trace verification process to be performed. By providing early design verification and validation, the implementation, testing and deployment of web service compositions can be eased through the understanding of the behavior exhibited by the composition. The tool is implemented as a plug-in for the Eclipse development environment providing cooperating tools for specification, formal modeling and trace animation of the composition process. 1.

Although widely used, traditional use case modeling does not provide explicit means which could be easily used for capturing and testing behavior compliance of the entities involved in a particular use case model. Specifically, a use case model (a set of use cases) related to a system under design provides neither an explicit abstraction to capture the "whole picture" of the behavior of the system, nor to cover the interactions of subsystems and internal actors with the parent system. With the aim to allow for reasoning on the behavior, the paper introduces a simple formal model Generic UC View which identifies important abstractions and the relations upon them which target the goal. Among them, the concept of use case expression is the base for the desired reasoning on whether the behavior of an entity (such as an agent, a subsystem or a software component) complies with the composed behavior of its sub-entities, and the behavior on the communication links of two neighboring entities is compliant.

Abstract—Interaction-based and state-based modeling are two complementary approaches of behavior modeling. The former focuses on global interactions between system components. The latter concentrates on the internal states of individual components. Both approaches have been proven useful in practice. One challenging and important research objective is to combine the modeling power of both effectively and then use the combination as the basis for automatic design synthesis. We present a combination of interaction-based and state-based modeling, namely, Live Sequence Charts and Z, for system specification. We then propose a way of generating distributed design from the combinations. Our approach handles systems with intensive interactive behaviors as well as complex state structures. Index Terms—Z language, live sequence charts, specification, synthesis. 1