Specification of Workflows with Heterogeneous Tasks in ... - Kno.e.sis
Specification of Workflows with Heterogeneous Tasks in ... - Kno.e.sis
Specification of Workflows with Heterogeneous Tasks in ... - Kno.e.sis
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Specication <strong>of</strong> Workows <strong>with</strong> <strong>Heterogeneous</strong> <strong>Tasks</strong> <strong>in</strong><br />
METEOR<br />
Narayanan Krishnakumar<br />
Bellcore, MRE 2B324<br />
445 South St., Morristown, NJ 07960<br />
nkk@bellcore.com<br />
Amit Sheth<br />
Bellcore, RRC 1J210<br />
444 Hoes Lane, Piscataway, NJ 08854<br />
amit@ctt.bellcore.com<br />
Abstract<br />
Many enterprise applications require perform<strong>in</strong>g<br />
dierent tasks on dierent systems (or<br />
process<strong>in</strong>g entities). Both the types <strong>of</strong> tasks<br />
and process<strong>in</strong>g entities can be very heterogeneous.<br />
Such enterprise applications can be<br />
supported by workow automation. In this<br />
paper, we discuss specication <strong>of</strong> workows<br />
that <strong>in</strong>volve heterogeneous tasks that execute<br />
on old ma<strong>in</strong>-frame based (legacy) application<br />
systems as well as new workstation-based distributed<br />
comput<strong>in</strong>g systems.<br />
The workow specication <strong>in</strong>volves two highlevel<br />
languages for specify<strong>in</strong>g a workow at<br />
dierent levels <strong>of</strong> abstraction: the Work-<br />
ow Specication Language (WFSL) to express<br />
the application-level <strong>in</strong>teractions between<br />
multiple tasks, while the Task Speci-<br />
cation Language (TSL) focuses on the issues<br />
related to <strong>in</strong>dividual tasks. These languages<br />
support denition <strong>of</strong> dierent types <strong>of</strong> tasks,<br />
state-based and value-based <strong>in</strong>tertask dependencies<br />
and data management, as well as failure<br />
and exception handl<strong>in</strong>g.<br />
1 Introduction<br />
In most comput<strong>in</strong>g environments <strong>in</strong> <strong>in</strong>dustry and government,<br />
application systems were developed one at<br />
a time. Earlier application systems typically automated<br />
one organizational function, were developed <strong>in</strong>dependently<br />
<strong>of</strong> others and usually each had their own<br />
database. The need to improve productivity and cut<br />
Copyright c 1994 by Bell Communications Research,<br />
Inc.<br />
costs has resulted <strong>in</strong> the need to signicantly reeng<strong>in</strong>eer<br />
and automate enterprise applications. The objective<br />
<strong>of</strong> the METEOR (Manag<strong>in</strong>g End-To-End OpeRations)<br />
project at Bellcore is to support and enable exible<br />
automated solutions for enterprise applications.<br />
A workow supported <strong>in</strong> METEOR <strong>in</strong>volves the<br />
critical aspect <strong>of</strong> an enterprise application <strong>in</strong>volv<strong>in</strong>g<br />
coord<strong>in</strong>ated execution <strong>of</strong> multiple, related tasks. The<br />
tasks can be heterogeneous and performed on or by<br />
heterogeneous process<strong>in</strong>g entities. Many tasks cannot<br />
be modied or easily migrated to more modern environments<br />
due to the size and complexity <strong>of</strong> exist<strong>in</strong>g<br />
process<strong>in</strong>g entities . Thus, <strong>in</strong> METEOR, our approach<br />
to automat<strong>in</strong>g workows is necessarily a bottom-up<br />
one: we need to support the current execution environments<br />
as well as evolv<strong>in</strong>g ones. While signicant<br />
reuse <strong>of</strong> exist<strong>in</strong>g specications <strong>of</strong> <strong>in</strong>dividual tasks is<br />
desirable, some changes, mostly additions, may be necessary<br />
to support <strong>in</strong>creased functionality and automation.<br />
Other approaches <strong>in</strong> the literature to workow<br />
automation have taken one <strong>of</strong> distributed transaction<br />
process<strong>in</strong>g, oce (document or e-mail workow) automation,<br />
or multidatabase transaction perspectives.<br />
We wish to support an amalgamation <strong>of</strong> all <strong>of</strong> these -<br />
both <strong>in</strong> model<strong>in</strong>g/specication and implementation.<br />
A practical workow management system that can<br />
enable multi-system applications must deal <strong>with</strong> the<br />
specication and execution support related to:<br />
dierent types <strong>of</strong> (preexist<strong>in</strong>g and new) tasks, the<br />
process<strong>in</strong>g entities that execute or perform the<br />
tasks, and the <strong>in</strong>terfaces through which the tasks<br />
are submitted to the process<strong>in</strong>g entities,<br />
the coord<strong>in</strong>ation requirements between tasks, that<br />
are dependent on the execution states <strong>of</strong> <strong>in</strong>dividual<br />
tasks and the workow as a whole as well as<br />
the data manipulated by these tasks,<br />
the data exchange between tasks, that might also<br />
Page 1
<strong>in</strong>volve deal<strong>in</strong>g <strong>with</strong> dierent data formats for different<br />
tasks, and<br />
<strong>in</strong>terfac<strong>in</strong>g <strong>with</strong> exist<strong>in</strong>g s<strong>of</strong>tware systems (e.g.,<br />
script <strong>in</strong>terpreter/processors, abstract data management<br />
and manipulation, data format translators,<br />
etc.) that add value to workow process<strong>in</strong>g<br />
and the associated computation.<br />
METEOR deals <strong>with</strong> all <strong>of</strong> the above aspects and oers<br />
the follow<strong>in</strong>g features:<br />
awell-dened model and high-level languages for<br />
specify<strong>in</strong>g the workows and the tasks,<br />
a compiler/<strong>in</strong>terpreter for the workow language<br />
(ancillary support may <strong>in</strong>clude syntax directed<br />
editors and/or graphical user <strong>in</strong>terfaces that support<br />
workow specication, and support for test<strong>in</strong>g<br />
the correctness and executability <strong>of</strong>thede-<br />
ned workows), and<br />
run-time components, such as a workow controller<br />
that supervises the progress <strong>of</strong> the work-<br />
ow, enforces <strong>in</strong>tertask dependencies and <strong>in</strong>terfaces<br />
<strong>with</strong> exist<strong>in</strong>g systems, and task managers<br />
that have the responsibility for <strong>in</strong>dividual tasks.<br />
In this paper, we discuss a workow model and the<br />
high-level languages that support it. The language<br />
design is con<strong>sis</strong>tent <strong>with</strong> the need to support appropriate<br />
levels <strong>of</strong> abstractions for dierent classes <strong>of</strong> persons<br />
who might specify a workow. At Bellcore, for example,<br />
one group <strong>of</strong> persons (called systems eng<strong>in</strong>eers)<br />
focus on the enterprise-level (end-user and applicationcentric)<br />
requirements that the workows should support,<br />
while another group <strong>of</strong> persons (called developers)<br />
better understand the systems implementation aspects<br />
<strong>of</strong> the workows. This dichotomy aswell as the<br />
considerations for modular design and implementation<br />
has led us to have two languages: workow specication<br />
(sub-)language (WFSL) and task specication<br />
(sub-)language (TSL).<br />
The paper is organized as follows. Section 2 discusses<br />
<strong>in</strong> more detail the requirements for workow<br />
support <strong>in</strong> METEOR based on our <strong>in</strong>teractions <strong>with</strong><br />
real multi-system applications. A high-level description<br />
<strong>of</strong> the operational environment is also discussed<br />
s<strong>in</strong>ce it has <strong>in</strong>uenced the model and the language.<br />
Section 3 discusses the approach and rationale <strong>in</strong> the<br />
language design. Sections 4 and 5 discuss details <strong>of</strong><br />
WFSL and TSL, respectively. The related work is discussed<br />
<strong>in</strong> Section 6. Section 7 gives our conclusions.<br />
Additional details <strong>of</strong> this work is available from authors<br />
[21]. It discusses further details <strong>of</strong> the languages,<br />
the architecture <strong>of</strong> METEOR's workow management<br />
systems, correctness issues related to workow management,<br />
and additional examples.<br />
2 The Environment and Application<br />
Requirements<br />
Atypical large telecommunications company has several<br />
thousand applications. Around two hundred <strong>of</strong><br />
these are large application systems, called Operation<br />
Support Systems (OSSs), each <strong>with</strong> several hundreds<br />
<strong>of</strong> thousands <strong>of</strong> l<strong>in</strong>es <strong>of</strong> code and a very large database.<br />
Historically, end users performed operations on these<br />
OSSs us<strong>in</strong>g screens. To provide easier access, application<br />
programs and scripts have been written to perform<br />
operations us<strong>in</strong>g term<strong>in</strong>al emulation or through<br />
\contracts" that provide well-dened logical <strong>in</strong>terfaces.<br />
Many new applications also access DBMSs directly for<br />
auxiliary <strong>in</strong>ventory management, monitor<strong>in</strong>g <strong>of</strong> work-<br />
ow or task status, statistics ma<strong>in</strong>tenance, or error<br />
process<strong>in</strong>g. Applications could also <strong>in</strong>volve humans<br />
process<strong>in</strong>g some tasks (currently this is <strong>of</strong>ten needed<br />
for error resolution when OSSs issue Requests for Manual<br />
As<strong>sis</strong>ts- RMAs). To adequately model such realworld<br />
environments, we classify the relevant components<br />
<strong>of</strong> our applications <strong>in</strong>to tasks, process<strong>in</strong>g entities<br />
and their physical <strong>in</strong>terfaces, and then discuss how<br />
they can be tied together <strong>in</strong>to a workow.<br />
2.1 <strong>Tasks</strong>, Interfaces, and Process<strong>in</strong>g Entities<br />
<strong>Tasks</strong> are operations or a sequence <strong>of</strong> operations that<br />
are submitted for execution at the process<strong>in</strong>g entities<br />
us<strong>in</strong>g their <strong>in</strong>terfaces. The types <strong>of</strong> tasks we currently<br />
consider <strong>in</strong>clude user tasks that <strong>in</strong>volvehumans <strong>in</strong> process<strong>in</strong>g<br />
the tasks, scripts or application programs that<br />
may <strong>in</strong>volve term<strong>in</strong>al emulations to remote systems,<br />
client programs or servers <strong>in</strong>vok<strong>in</strong>g application servers,<br />
database transactions, and contracts. For the purpose<br />
<strong>of</strong> this paper, the contract tasks can be viewed as predened<br />
sets <strong>of</strong> operations at the OSSs and behave as<br />
stored procedures from the <strong>in</strong>voker's perspective. We<br />
refer to all types <strong>of</strong> tasks that do not <strong>in</strong>volve humans<br />
(i.e., tasks other than the user tasks) as application<br />
tasks.<br />
The process<strong>in</strong>g entities for the application tasks <strong>in</strong>clude<br />
application systems (OSSs, legacy and modern<br />
application systems) servers supported by client-server<br />
and/or transaction process<strong>in</strong>g systems (e.g., atop DCE<br />
and Enc<strong>in</strong>a TM ), DBMSs (for process<strong>in</strong>g transactions),<br />
and script <strong>in</strong>terpreters and compilers (for process<strong>in</strong>g<br />
scripts and application programs). Furthermore, <strong>with</strong><br />
user tasks, humans are the process<strong>in</strong>g entities, who <strong>in</strong><br />
turn may use other s<strong>of</strong>tware (typically bus<strong>in</strong>ess and<br />
oce automation s<strong>of</strong>tware such as spread sheets and<br />
document/image process<strong>in</strong>g systems).<br />
The physical <strong>in</strong>terfaces or distributed execution<br />
support mechanisms <strong>in</strong>clude remote procedure call<br />
Enc<strong>in</strong>a is a trademark <strong>of</strong> Transarc Corp.<br />
Page 2
mechanisms such as DCE RPC to directly make calls<br />
to application servers, transactional RPCs to application<br />
servers under the control <strong>of</strong> a transaction monitor<br />
(such transaction monitors <strong>in</strong>clude ACMS TM ,<br />
Tuxedo TM , and Enc<strong>in</strong>a), queue managers that deliver<br />
requests to application servers (proprietary or<br />
vendor product supported, e.g., Tuxedo/Q, Enc<strong>in</strong>a's<br />
RQS or DEC's MessageQ), workstation-to-ma<strong>in</strong>frame<br />
<strong>in</strong>terfaces to allow aworkstation-based client program<br />
to access a ma<strong>in</strong>frame-based OSS, and <strong>in</strong>terfaces that<br />
support user tasks and provide access to graphical<br />
user <strong>in</strong>terfaces (such as those associated <strong>with</strong> document/image<br />
process<strong>in</strong>g systems). The last two types<br />
<strong>of</strong> <strong>in</strong>terfaces behave as queue managers, where the task<br />
submitted may ormay not block foraresponse.<br />
2.2 Task Coord<strong>in</strong>ation and Data Management<br />
<strong>Tasks</strong>, process<strong>in</strong>g entities and their <strong>in</strong>terfaces are the<br />
basic components <strong>in</strong> a multi-system workow application.<br />
Two additional components are <strong>in</strong>ter-task dependencies<br />
and data management (<strong>in</strong>clud<strong>in</strong>g formatt<strong>in</strong>g,<br />
manipulation and exchange).<br />
Inter-task dependencies specify how the execution<br />
<strong>of</strong> a task is related to that <strong>of</strong> others (based on the execution<br />
state <strong>of</strong> other tasks and their outputs) and external<br />
variables (e.g., time <strong>of</strong> day). As <strong>in</strong> the literature<br />
on multidatabase transactions, there can be complex<br />
dependencies between the states <strong>of</strong> tasks, depend<strong>in</strong>g<br />
on transactional aspects such as concurrency control,<br />
commitment, etc. However, most <strong>of</strong> the telecommunications<br />
applications we considered dealt <strong>with</strong> several<br />
autonomous \closed" systems (i.e., whose <strong>in</strong>ternal<br />
mechanisms are not made available to the external<br />
world). There was therefore not much scope for <strong>in</strong>tricate<br />
dependencies <strong>in</strong>volv<strong>in</strong>g the states <strong>of</strong> tasks other<br />
than order<strong>in</strong>g dependencies among tasks. On the other<br />
hand, dependencies based on data values and external<br />
variables can <strong>of</strong>ten be complex.<br />
Data management <strong>in</strong>multi-system workow applications<br />
can be very demand<strong>in</strong>g. This <strong>in</strong>volves support<br />
for dierent data formats, transport and storage <strong>of</strong> this<br />
data and complex manipulation <strong>of</strong> data by auxiliary<br />
systems. Auxiliary systems are exist<strong>in</strong>g application<br />
programs (<strong>in</strong>clud<strong>in</strong>g applications that can <strong>in</strong>voke subworkows)<br />
or scripts, that can parse and manipulate<br />
complex data.<br />
2.3 Additional Requirements for Workow<br />
Management<br />
We now discuss some <strong>of</strong> the key additional requirements<br />
<strong>of</strong> workow management <strong>in</strong> our environment<br />
ACMS is a trademark <strong>of</strong> Digital Equipment Corp.<br />
Tuxedo is a trademark <strong>of</strong> AT & T Corp.<br />
that <strong>in</strong>uence the language design and the system architecture.<br />
Typically, one set <strong>of</strong> people dene the workows at<br />
the conceptual level - they do not concern themselves<br />
<strong>with</strong> the exact details <strong>of</strong> any task, but do describe<br />
its functionality and what <strong>in</strong>puts and outputs it may<br />
have. Another set <strong>of</strong> people write the code for the tasks<br />
associated <strong>with</strong> the workow. The workow management<br />
system should enable these two sets <strong>of</strong> people to<br />
work together and also permit code-reuse.<br />
As new telecommunications services are oered or<br />
newer systems get <strong>in</strong>corporated <strong>in</strong>to the bus<strong>in</strong>ess process,<br />
there is a need to exibly and easily modify the<br />
workows. Given that each new workow most likely<br />
<strong>in</strong>corporates pre-exist<strong>in</strong>g tasks, only the conceptual<br />
workow specication has to be written anew. This<br />
is yet another reason to separate the workow specication<br />
from the details <strong>of</strong> the <strong>in</strong>dividual tasks.<br />
Errors occur rout<strong>in</strong>ely <strong>in</strong> the system. The work-<br />
ow management system should be able to recognize<br />
and handle errors. We subdivide the errors <strong>in</strong>to logical<br />
errors and system errors. Logical errors arise at the<br />
level <strong>of</strong> the application, i.e., for <strong>in</strong>stance, if a particular<br />
item is required from the <strong>in</strong>ventory and the item is<br />
not <strong>in</strong> stock. The task that attempts to procure this<br />
item from <strong>in</strong>ventory runs to completion but <strong>with</strong> a<br />
logical failure. Alternative tasks can be dispatched to<br />
deal <strong>with</strong> this logical error. However, suppose the task<br />
was not able to complete s<strong>in</strong>ce the <strong>in</strong>ventory database<br />
could not be accessed. This is a system failure, where<br />
alternative means can be used to try to rectify the<br />
failure. This demarcation between logical and system<br />
errors and the dierenttechniques used to handle them<br />
is important <strong>in</strong> build<strong>in</strong>g a modular system. The task<br />
programmer and the workow management <strong>in</strong>frastructure<br />
handle system errors rst, for <strong>in</strong>stance by retry<strong>in</strong>g<br />
the same task (see Section 5). A workow specication<br />
deals only <strong>with</strong> logical errors.<br />
Workows can be dynamic, i.e., the entire workow<br />
cannot be determ<strong>in</strong>ed beforehand. For <strong>in</strong>stance, if a<br />
customer requires a digital l<strong>in</strong>k between three <strong>of</strong> his<br />
locations, a special rout<strong>in</strong>g task determ<strong>in</strong>es possible<br />
trunk routes between these locations, and new tasks<br />
will have to be generated to do appropriate <strong>in</strong>ventory<br />
assignment. The workow management system will<br />
have toallowsuch <strong>in</strong>cremental changes <strong>in</strong> the work-<br />
ow specication, where additional tasks and associated<br />
dependencies can be <strong>in</strong>cluded at run-time.<br />
3 Approach<br />
Any solution <strong>in</strong>volv<strong>in</strong>g <strong>in</strong>teroperability <strong>in</strong>theabove<br />
environment would require a careful trade-o between<br />
the exibility <strong>of</strong> the system, the functionality itcan<br />
provide, and performance. In this section, we discuss<br />
Page 3
the model, and the basic design decisions beh<strong>in</strong>d two<br />
languages for specify<strong>in</strong>g multi-system workow applications.<br />
Scope <strong>of</strong> TSL<br />
I1<br />
T1<br />
PE1<br />
f<br />
AUX1<br />
T2<br />
T3<br />
I2<br />
PE2<br />
Scope <strong>of</strong> WFSL<br />
Figure 1: Schematic <strong>of</strong> a workow<br />
<strong>Tasks</strong> <strong>in</strong> a workow can have dierent functionality,<br />
and can further be dierentiated on the ba<strong>sis</strong> <strong>of</strong> the <strong>in</strong>terface<br />
and/or the process<strong>in</strong>g entity they are executed<br />
on. We discussed <strong>in</strong> the last section the requirement <strong>of</strong><br />
separat<strong>in</strong>g the conceptual workow specication from<br />
the detail <strong>of</strong> how and where an <strong>in</strong>dividual task is executed.<br />
The METEOR workow model <strong>in</strong> Section 3.1<br />
provides the ba<strong>sis</strong> for the former and is an adaptation<br />
and extension <strong>of</strong> the model outl<strong>in</strong>ed <strong>in</strong> [28, 27].<br />
WFSL is based on the features <strong>of</strong> the workow model.<br />
The detailed specication <strong>of</strong> each task and its <strong>in</strong>teraction<br />
<strong>with</strong> the <strong>in</strong>terfaces/process<strong>in</strong>g entities is done<br />
us<strong>in</strong>g TSL (see Figure 1). At anarchitectural level,<br />
the WFSL specication would be executed by awork-<br />
ow controller, whereas each task specication would<br />
be executed by a task manager.<br />
3.1 The Workow Model<br />
Failed<br />
fail<br />
Initial<br />
start<br />
Execut<strong>in</strong>g<br />
done<br />
Done<br />
A non-transactional task structure<br />
abort<br />
Aborted<br />
Initial<br />
start<br />
Execut<strong>in</strong>g<br />
commit<br />
Committed<br />
A transactional task structure<br />
I3<br />
abort<br />
Figure 2: Task Structures<br />
abort<br />
Aborted<br />
T4<br />
PE3<br />
start<br />
Initial<br />
Execut<strong>in</strong>g<br />
done<br />
Done<br />
prepare<br />
Prepared<br />
abort<br />
commit<br />
Committed<br />
An open 2PC transaction structure<br />
Aworkow comprises multiple tasks. The workow<br />
specication might not be concerned <strong>with</strong> the details<br />
<strong>of</strong> the tasks, however, it would have to at least deal<br />
<strong>with</strong> the (externally visible) start<strong>in</strong>g and completion<br />
events <strong>of</strong> tasks, the <strong>in</strong>puts and outputs <strong>of</strong> tasks and<br />
how they relate to other tasks. In general, we represent<br />
the execution behavior <strong>of</strong> each task us<strong>in</strong>g task<br />
structures. This specication is important <strong>in</strong> deal<strong>in</strong>g<br />
<strong>with</strong> the co-ord<strong>in</strong>ation aspects <strong>of</strong> heterogeneous task<br />
executions. Generally, dierent types <strong>of</strong> tasks can have<br />
dierent task structures. Three frequently occurr<strong>in</strong>g<br />
task structures <strong>in</strong> our environment are shown <strong>in</strong> Figure<br />
2. Each task structure has an <strong>in</strong>itial state, and on<br />
the start transition moves <strong>in</strong>to the execut<strong>in</strong>g state.<br />
There could be one or more transitions after this, and<br />
the task eventually enters a term<strong>in</strong>at<strong>in</strong>g state (such<br />
as done, failed, committed, aborted). The controllable<br />
transitions <strong>in</strong> these tasks are underl<strong>in</strong>ed, i.e.,<br />
these transitions can be activated by an external entity.<br />
Whether a transition is controllable might depend<br />
upon the properties <strong>of</strong> the <strong>in</strong>terface or the process<strong>in</strong>g<br />
entity.<br />
A user task or script can be characterized by a nontransactional<br />
task structure. Such a task reaches a<br />
failed state if a system error is encountered dur<strong>in</strong>g<br />
its execution. A completed task reects normal execution<br />
<strong>of</strong> a task from the system (as opposed to the<br />
application) perspective. A completed task can further<br />
be determ<strong>in</strong>ed to be successful or unsuccessful,<br />
based on application-specic criteria (see value dependency<br />
<strong>in</strong> Section 4). The task structure <strong>of</strong> a contract<br />
(stored procedure) is typically a transactional<br />
task (<strong>with</strong> ACID properties), which has an aborted or<br />
committed nal state. The third type <strong>of</strong> task structure<br />
shown is that <strong>of</strong> a transaction supported by DBMSs<br />
that provide an open two-phase commit (2PC) feature.<br />
Notice the transitions from prepared to aborted<br />
or from prepared to committed are controllable. Furthermore,<br />
there are two k<strong>in</strong>ds <strong>of</strong> abort transitions from<br />
the execut<strong>in</strong>g state: one that is controllable (used<br />
when there is a deadlock), and another that is not<br />
controllable and <strong>in</strong>itiated by the process<strong>in</strong>g entity.<br />
The task structure does not determ<strong>in</strong>e the means <strong>of</strong><br />
execution nor the functionality <strong>of</strong> the task, but only a<br />
high-level description <strong>of</strong> the (visible) state transitions.<br />
Two tasks might have the same structure, but have<br />
dierent functionality or can be executed atop dierent<br />
<strong>in</strong>terfaces and/or process<strong>in</strong>g entities. Usually, the<br />
task structure is determ<strong>in</strong>ed by the states that are observable<br />
while the task executes at the process<strong>in</strong>g entity.<br />
Sometimes it is possible that the <strong>in</strong>terface does<br />
not support the same view: suppose a database transaction<br />
is submitted through a per<strong>sis</strong>tent queue. The<br />
queue might only oer a non-transactional view <strong>of</strong> the<br />
task, i.e., the task has been submitted, and the task<br />
has either failed or has been done (and not that the<br />
task committed or aborted). This issue is discussed<br />
further <strong>in</strong> Section 5.<br />
<strong>Tasks</strong> are not the only executable entities <strong>in</strong> a work-<br />
ow. Often the data transferred between tasks has to<br />
Page 4
e formatted appropriately us<strong>in</strong>g lters. Filters are<br />
repeatable (and side eect free) functions that need<br />
not be recoverable and need not be characterized by a<br />
task structure. Such functions can either be executed<br />
locally as part <strong>of</strong> the workow management system or<br />
remotely from shared libraries on auxiliary systems.<br />
Thus a workow specication primarily conta<strong>in</strong>s:<br />
the task structure <strong>of</strong> each task <strong>in</strong> the workow,<br />
the typed <strong>in</strong>puts and outputs <strong>of</strong> each task/lter<br />
types, and how they are related to the outputs<br />
and <strong>in</strong>puts <strong>of</strong> other task types, and<br />
the preconditions for each controllable transition<br />
<strong>in</strong> each task.<br />
3.2 Language design and rationale<br />
WFSL has been designed based on the model described<br />
<strong>in</strong> the previous section. WFSL is a declarative rulebased<br />
language. Each WFSL rule has two components:<br />
a control part and an optional data transfer part. The<br />
control part denotes the preconditions for a s<strong>in</strong>gle controllable<br />
task transition. Whenever a task makes a<br />
state transition, we saythatanevent occurs. The<br />
preconditions can <strong>in</strong>clude references to events and/or<br />
data outputs <strong>of</strong> other tasks, as well as program variables.<br />
The data transfer part <strong>in</strong>dicates which outputs<br />
<strong>of</strong> other tasks or variables (possibly pass<strong>in</strong>g through<br />
lters) are <strong>in</strong>put to that task, i.e., for <strong>in</strong>stance, the<br />
output o1 <strong>of</strong> task T 1 is fed through a lter f for reformatt<strong>in</strong>g<br />
and then fed <strong>in</strong>to the <strong>in</strong>put i1 <strong>of</strong> task T 2.<br />
The data transfer specication <strong>in</strong> WFSL is very exible.<br />
For <strong>in</strong>stance, the data outputs <strong>of</strong> several tasks<br />
that become available at dierent times can be fed<br />
<strong>in</strong>to one task. In a language that is procedure-calloriented,<br />
one would have to use variables to temporarily<br />
store the data as it becomes available, and then<br />
call the task at one po<strong>in</strong>t <strong>with</strong> all these variables. The<br />
METEOR workow management system handles this<br />
temporary storage <strong>in</strong>stead. We can also specify alternative<br />
<strong>in</strong>puts to tasks, i.e., it is possible that under<br />
one circumstance, the output <strong>of</strong> task T 1 feeds <strong>in</strong>to the<br />
<strong>in</strong>put <strong>of</strong> a second task T 2, but under some other circumstance,<br />
the output <strong>of</strong> a third task T 3 feeds <strong>in</strong>to<br />
the <strong>in</strong>put <strong>of</strong> T 2.<br />
A unique feature <strong>of</strong> WFSL is that task specications<br />
can be nested, which allows complex workowlike<br />
tasks <strong>with</strong> their own task structures to be specied<br />
as composed <strong>of</strong> smaller task units. To support<br />
specication re-use, task types and task classes can be<br />
dened. The rule-based nature <strong>of</strong> WFSL is con<strong>sis</strong>tent<br />
<strong>with</strong> the requirement <strong>of</strong>forward recovery. Every next<br />
step <strong>of</strong> the workow is determ<strong>in</strong>ed by anevaluation <strong>of</strong><br />
relevant rules when an event occurs, and a rule which<br />
has all its preconditions satised res. Note that by<br />
this declarative approach, we have removed the need<br />
for a program counter. If all <strong>in</strong>puts, outputs and task<br />
states were made per<strong>sis</strong>tent, then dur<strong>in</strong>g recovery, the<br />
workow controller can start up <strong>with</strong> its state <strong>in</strong>tact<br />
and resume evaluat<strong>in</strong>g rules. (In an imperative program<br />
implement<strong>in</strong>g the workow, the memory image<br />
<strong>of</strong> the program will have tobecheckpo<strong>in</strong>ted <strong>in</strong>stead.<br />
The logical checkpo<strong>in</strong>t<strong>in</strong>g <strong>in</strong> the declarative approach<br />
is usually more ecient than the memory image checkpo<strong>in</strong>t<strong>in</strong>g.)<br />
Furthermore, if the workow is dynamic,<br />
the declarative nature <strong>of</strong> WFSL allows it to be <strong>in</strong>crementally<br />
<strong>in</strong>terpreted dur<strong>in</strong>g run-time.<br />
We nowgive a high-level description <strong>of</strong> TSL. One<br />
<strong>of</strong> the key objectives <strong>in</strong> TSL is the m<strong>in</strong>imal rewrit<strong>in</strong>g<br />
<strong>of</strong> exist<strong>in</strong>g tasks. TSL provides a wrapper for code describ<strong>in</strong>g<br />
<strong>in</strong>teraction <strong>with</strong> an <strong>in</strong>terface to a process<strong>in</strong>g<br />
entity and comprises a set <strong>of</strong> macros that can be embedded<br />
<strong>in</strong> a host language like C or C++. The ma<strong>in</strong><br />
functionality <strong>of</strong> the TSL macros is to <strong>in</strong>dicate po<strong>in</strong>ts <strong>in</strong><br />
the task execution at whichtheworkowcontroller can<br />
be <strong>in</strong>formed about the current logical state <strong>of</strong> the task<br />
(and thereby po<strong>in</strong>ts where the state <strong>of</strong> the task can be<br />
made per<strong>sis</strong>tent). The rema<strong>in</strong>der <strong>of</strong> the task is written<br />
<strong>in</strong> the host language and embedded sub-languages<br />
supported by the process<strong>in</strong>g entities. As part <strong>of</strong> TSL,<br />
we also prescribe how new task programs should be<br />
written. The <strong>in</strong>terface is made explicit <strong>in</strong> the task<br />
specication, and this allows the task programmer to<br />
specify error handl<strong>in</strong>g for <strong>in</strong>terface or process<strong>in</strong>g entity<br />
(system) errors. For <strong>in</strong>stance, the task submission<br />
to the <strong>in</strong>terface might time out, or might needto<br />
be re-submitted for up to n retries, or a dierent <strong>in</strong>terface<br />
might bechosen, and so on. (A system error<br />
can eventually develop <strong>in</strong>to an application error at the<br />
workow level. For <strong>in</strong>stance, a task program can try<br />
to re-submit a task several times <strong>with</strong> repeated system<br />
errors before it gives up. The workow specication <strong>in</strong><br />
WFSL would then have to handle the error by possibly<br />
submitt<strong>in</strong>g an alternate task.)<br />
In summary, WFSL deals <strong>with</strong> the enterprise or application<br />
issues. It is used to specify the workows, <strong>in</strong>clud<strong>in</strong>g<br />
all task types and classes <strong>in</strong> a workow, all <strong>in</strong>tertask<br />
dependencies, lter calls, and application level<br />
failure recovery and error handl<strong>in</strong>g issues. TSL is used<br />
to homogeneously specify <strong>in</strong>dividual tasks <strong>in</strong>clud<strong>in</strong>g<br />
task level failure recovery and error handl<strong>in</strong>g that are<br />
<strong>in</strong>terface and/or process<strong>in</strong>g entity specic.<br />
4 WFSL<br />
We describe this language by us<strong>in</strong>g some representative<br />
examples. Many syntactic details and the full<br />
BNF for WFSL are not <strong>in</strong>cluded for brevity. Task<br />
structures can be dened and named by thework-<br />
ow designer <strong>in</strong> WFSL, but we do not give the syntax<br />
Page 5
here. We use the names SIMPLE NON TRANSACTIONAL,<br />
SIMPLE TRANSACTIONAL and TRANSACTIONAL OPEN2PC<br />
to refer to the task structures <strong>in</strong> Figure 2.<br />
4.1 Task type and <strong>in</strong>stance declarations<br />
The follow<strong>in</strong>g example declares a simple task type <strong>with</strong><br />
name OSS CONTRACT that has the structure <strong>of</strong> a transaction,<br />
has one <strong>in</strong>put <strong>of</strong> type FCIF 1 and one output <strong>of</strong><br />
type FCIF (for simplicity, we assume that data types<br />
are dened as <strong>in</strong> C.)<br />
simple_task_type OSS_CONTRACT<br />
SIMPLE_TRANSACTIONAL<br />
(<strong>in</strong>put FCIF <strong>in</strong>put1 output FCIF output1) <br />
A task class declaration is used to name one or<br />
more classes <strong>of</strong> the same type. The follow<strong>in</strong>g example<br />
species two task classes, Loop Assignment and<br />
Circuit Facility Check <strong>of</strong> type OSS CONTRACT.<br />
task_class OSS_CONTRACT Loop_Assignment,<br />
Circuit_Facility_Check <br />
Several <strong>in</strong>stances <strong>of</strong> the same task class can be used<br />
<strong>with</strong><strong>in</strong> a workow, as follows, where L1 and L2 are two<br />
<strong>in</strong>stances <strong>of</strong> Loop Assignment:<br />
Loop_Assignment L1, L2 <br />
Compound tasks are composed <strong>of</strong> several simple<br />
or compound tasks. The denition <strong>of</strong> a compound<br />
task is given entirely <strong>with</strong><strong>in</strong> WFSL (unlike a simple<br />
task, whose code is written <strong>in</strong> another language and<br />
compiled/<strong>in</strong>terpreted <strong>in</strong>dependently). An entire work-<br />
ow can be represented as a compound task. Unlike<br />
simple tasks, all the transitions <strong>of</strong> a compound<br />
task are controllable - the transition from execut<strong>in</strong>g<br />
to done or execut<strong>in</strong>g to failed is <strong>in</strong>uenced by the<br />
states and outputs <strong>of</strong> its sub-tasks. In our environment,<br />
the compound task associated <strong>with</strong> a workow<br />
has a non-transactional task structure. We refer to<br />
this task structure by COMPOUND NON TRANSACTIONAL.<br />
Compound tasks are specied as follows:<br />
compound_task_type WORKFLOW1_TYPE<br />
COMPOUND_NON_TRANSACTIONAL<br />
(<strong>in</strong>put FCIF <strong>in</strong>put1 output FCIF output1 ) <br />
As <strong>with</strong> simple task types, compound task classes<br />
and their <strong>in</strong>stances can be specied. Compound<br />
tasks can also have a transactional task structure provided<br />
all tasks <strong>with</strong><strong>in</strong> them are transactional <strong>with</strong><br />
open two-phase commit. For <strong>in</strong>stance, <strong>with</strong><strong>in</strong> a<br />
large workow, there might betwo tasks to be executed<br />
as a transactional unit. Then the two can be<br />
grouped together <strong>in</strong>to a transactional compound task<br />
(COMPOUND TRANSACTIONAL).<br />
1 FCIF (Flexible Computer Interface Format) is a de facto<br />
standard for data transfer between OSSs <strong>in</strong> Bellcore. Messages<br />
<strong>in</strong> the FCIF format have a tree structure, where the non-leaf<br />
nodes have tags and the leaf nodes hold the data.<br />
4.2 Intertask Dependencies<br />
Intertask dependencies determ<strong>in</strong>e how the tasks (<strong>in</strong>stances<br />
<strong>of</strong> task classes) <strong>in</strong> the workow are coord<strong>in</strong>ated<br />
for execution. Other coord<strong>in</strong>ation aspects, such<br />
as concurrency control among concurrent workows,<br />
will be ignored for now for lack <strong>of</strong>space. Two general<br />
types <strong>of</strong> dependencies are <strong>of</strong> <strong>in</strong>terest: state dependencies<br />
and value dependencies.<br />
A state dependency species how a controllable<br />
transition <strong>of</strong> a task depends on the current observable<br />
states <strong>of</strong> other tasks. A state dependency is<br />
specied as a rule con<strong>sis</strong>t<strong>in</strong>g <strong>of</strong> < left hand side ><br />
evaluator < right hand side >. Several complex<br />
dependencies have been dened <strong>in</strong> the literature [2, 20,<br />
6], but given our environment <strong>in</strong> which related tasks<br />
<strong>in</strong> a workow execute on autonomously developed<br />
and <strong>of</strong>ten \closed" systems, we nd that the BEGINdependency,<br />
SERIAL-dependency, BEGIN-ON-COMMITdependency<br />
and BEGIN-ON-ABORT dependency [6] are<br />
the most relevant. We express these dependencies us<strong>in</strong>g<br />
the evaluator ENABLES 2 : the event(s) lead<strong>in</strong>g to<br />
the state(s) identied by the left hand side must have<br />
occurred before the (controllable) transition(s) identi-<br />
ed on the right hand side can be allowed tooccur.<br />
Other evaluators can be <strong>in</strong>corporated <strong>in</strong>to WFSL easily<br />
as the need arises (the ma<strong>in</strong> impact would be on the<br />
schedul<strong>in</strong>g algorithms <strong>with</strong><strong>in</strong> the workow controller<br />
which is not addressed here). The follow<strong>in</strong>g state dependency<br />
species that L2 can make the start transition<br />
only after L1 has entered the done state.<br />
[L1,done] ENABLES [L2, start]<br />
Avalue dependency may optionally be associated<br />
<strong>with</strong> a state dependency to further constra<strong>in</strong> the latter.<br />
The data that are referred to <strong>in</strong> the value dependency<br />
can be data items that are the output <strong>of</strong> some<br />
task, program variables that keep track <strong>of</strong> some data<br />
items <strong>in</strong> the workow, constants, or the results <strong>of</strong> lter<br />
evaluations. When used <strong>in</strong> a value dependency, alter<br />
can be used to determ<strong>in</strong>e the logical success or failure<br />
<strong>of</strong> a previously term<strong>in</strong>ated task (typically a done nontransactional<br />
task or a committed transactional task).<br />
For example, the above state dependency can be further<br />
constra<strong>in</strong>ed us<strong>in</strong>g a program variable outvalL4<br />
and by us<strong>in</strong>g a lter function called "success" which<br />
determ<strong>in</strong>es whether L1 has logically (i.e., at the application<br />
level) completed successfully:<br />
[L1,done] & (success(L1.output1) = TRUE) &<br />
(outvalL4 > 5) ENABLES [L2, start]<br />
The usual boolean and arithmetic operators can be<br />
used <strong>in</strong> value dependencies.<br />
2 ENABLES is a comb<strong>in</strong>ation <strong>of</strong> the \!" and\
4.3 Input and Output Assignments<br />
In a workow, each task has to get data <strong>in</strong>put(s) from<br />
either the output <strong>of</strong> some other task, constants, program<br />
variables or the <strong>in</strong>put to the entire workow<br />
(compound task). Thus, the workow specication <strong>in</strong>cludes<br />
the association <strong>of</strong> <strong>in</strong>puts and outputs <strong>of</strong> each<br />
task to those <strong>of</strong> some other tasks. As an example,<br />
output1 <strong>of</strong> task L1 fed to <strong>in</strong>put1 <strong>of</strong> task L2 is speci-<br />
ed as:<br />
L1.output1 -> L2.<strong>in</strong>put1<br />
Similarly, the assignment to a program variable<br />
outvalL1 is done as follows:<br />
L1.output1 -> outvalL1 <br />
Program variables <strong>in</strong> a WFSL program can be<br />
global or local. For the purpose <strong>of</strong> simplicity <strong>of</strong> semantics,<br />
we assume each program variable can be assigned<br />
to at most once dur<strong>in</strong>g run-time.<br />
The <strong>in</strong>put and output assignments <strong>of</strong> a task are<br />
given <strong>in</strong> conjunction <strong>with</strong> the <strong>in</strong>tertask dependencies:<br />
it is crucial to determ<strong>in</strong>e when the outputs referred<br />
to <strong>in</strong> these assignments are made available. It is assumed<br />
that the outputs are made available when the<br />
associated tasks are <strong>in</strong> one <strong>of</strong> the term<strong>in</strong>at<strong>in</strong>g states<br />
(done/failed/committed/aborted). (For open 2PC<br />
transactions, the output can sometimes be made available<br />
<strong>in</strong> the done or prepared state, although this has<br />
implication on transactional properties.) The value <strong>of</strong><br />
a program variable is undened before it is assigned<br />
to. The follow<strong>in</strong>g rule <strong>in</strong>dicates that L2 starts when<br />
L1 completes successfully and the value <strong>of</strong> outvalL4<br />
is more than 5, and that the <strong>in</strong>put for L2 is available<br />
when L1 transitions to done.<br />
[L1,done] & (success(L1. output1) = TRUE) &<br />
(outvalL4 > 5) ENABLES [L2, start] %<br />
L1.output1 -> L2.<strong>in</strong>put1 <br />
An Example: We discuss a simple example to<br />
demonstrate some <strong>of</strong> the workow specication features.<br />
The example (Figure 3) shows how the repeated<br />
occurrence <strong>of</strong> an error can be handled. There are three<br />
non-transactional tasks, A, B, and C When A is done,<br />
C is started. If A encounters a system error, then B is<br />
started. When B is done, then A is started up aga<strong>in</strong>.<br />
Notice that the relationship between A and B is similar<br />
to that between a contract and the correspond<strong>in</strong>g failure<br />
handl<strong>in</strong>g procedure - when the contract fails, the<br />
failure handl<strong>in</strong>g procedure takes over, and once the<br />
latter completes, the contract is retried. The workow<br />
fails if A completes and C fails, or if B fails.<br />
The workow specication <strong>in</strong> Figure 4 denes the<br />
control and data ow between tasks A, B and C (the<br />
l<strong>in</strong>e numbers are just for reference and are not part<br />
<strong>of</strong> the syntax). Note the use <strong>of</strong> a lter to massage<br />
the <strong>in</strong>put to the workow. L<strong>in</strong>e 5 <strong>in</strong>dicates that the<br />
typedef ... FCIF <br />
typedef struct {<br />
<strong>in</strong>t field_one <br />
char field_two<br />
...<br />
} SPECIAL_REC <br />
simple_task_type A_type<br />
SIMPLE_NON_TRANSACTIONAL<br />
(<strong>in</strong>put FCIF <strong>in</strong>put1 <br />
output SPECIAL_REC output1) <br />
simple_task_type B_type<br />
SIMPLE_NON_TRANSACTIONAL<br />
(<strong>in</strong>put SPECIAL_REC <strong>in</strong>put1 <br />
output FCIF output1) <br />
simple_task_type C_type<br />
SIMPLE_NON_TRANSACTIONAL<br />
(<strong>in</strong>put SPECIAL_REC <strong>in</strong>put1 <br />
output SPECIAL_REC output1) <br />
task_class A_type A_class <br />
task_class B_type B_class <br />
task_class C_type C_class <br />
Filter FCIF f1(FCIF) <br />
compound_task_type WORKFLOW1<br />
COMPOUND_NON_TRANSACTIONAL<br />
(<strong>in</strong>put FCIF <strong>in</strong>put1 <br />
output SPECIAL_REC output1 ) <br />
{<br />
A_class A B_class B C_class C <br />
SPECIAL_REC var1 <br />
1 [WORKFLOW1,execut<strong>in</strong>g] ENABLES [A,start] %<br />
f1(WORKFLOW1.<strong>in</strong>put1) -> A.<strong>in</strong>put1 <br />
2 [A,failed] ENABLES [B,start] %<br />
A.output1 -> B.<strong>in</strong>put1 <br />
3 [B,done] ENABLES [A,start] %<br />
B.output1 -> A.<strong>in</strong>put1 <br />
4 [A,done] ENABLES [C,start] %<br />
A.output1 -> C.<strong>in</strong>put1 <br />
5 [C,done] ENABLES [WORKFLOW1,done] %<br />
C.output1 -> WORKFLOW1.output1 <br />
6 ([A,done] & [C,failed]) | [B,failed]<br />
ENABLES [WORKFLOW1,fail] %<br />
A.output1 -> WORKFLOW1.output1 <br />
}<br />
task_class WORKFLOW1 WF1_CLASS <br />
WF1_CLASS WF1 <br />
Figure 4: Workow Specication Example<br />
Page 7
COMPOUND TASK<br />
WORKFLOW1<br />
TASK A<br />
start<br />
Initial<br />
TASK B<br />
Initial<br />
Initial<br />
Execut<strong>in</strong>g<br />
start<br />
start<br />
Execut<strong>in</strong>g<br />
fail<br />
Execut<strong>in</strong>g<br />
done<br />
Failed<br />
Done<br />
Failed<br />
Done<br />
TASK C<br />
Initial<br />
start<br />
Failed<br />
Done<br />
Execut<strong>in</strong>g<br />
Failed<br />
Done<br />
workow can make a transition to the done state when<br />
C reaches the done state. From l<strong>in</strong>e 6, the workow<br />
enters the failed state if task A is done and task C has<br />
failed, or if B has failed. There is also a semantic detail<br />
<strong>in</strong> the specication <strong>of</strong> the rules above. The follow<strong>in</strong>g<br />
scenario can occur : task A moves to failed, task B<br />
is started and then completes, then task A is started,<br />
and so on (the assumption is that this term<strong>in</strong>ates).<br />
Thus there could be several dynamic <strong>in</strong>stances <strong>of</strong> task<br />
A which might be started up as the workow unfolds.<br />
However, at most one <strong>in</strong>stance <strong>of</strong> A can be \active"<br />
(i.e., not <strong>in</strong> the <strong>in</strong>itial or a term<strong>in</strong>at<strong>in</strong>g state). When<br />
we refer to a state <strong>of</strong> task A on the left hand side <strong>of</strong><br />
any <strong>of</strong> the rules (say as <strong>in</strong> l<strong>in</strong>e 4), the reference is to the<br />
currently active <strong>in</strong>stance when the rule is evaluated.<br />
Advanced Features :To accommodate complex applications,<br />
WFSL <strong>in</strong>cludes features that are not discussed<br />
here to allow the dynamic additions <strong>of</strong> tasks<br />
and dependencies, and concurrent <strong>in</strong>vocations <strong>of</strong> task<br />
<strong>in</strong>stances <strong>of</strong> the same class. Deal<strong>in</strong>g <strong>with</strong> the former<br />
<strong>in</strong>volves <strong>in</strong>clud<strong>in</strong>g a WFSL <strong>in</strong>terpreter as part <strong>of</strong> the<br />
workow and us<strong>in</strong>g \control lters" that produce new<br />
WFSL rules to augment theoldworkow us<strong>in</strong>g macro<br />
substitution. The latter <strong>in</strong>volves allow<strong>in</strong>g arrays <strong>of</strong><br />
tasks, conditions over subsets <strong>of</strong> such arrays <strong>of</strong> tasks,<br />
and array <strong>in</strong>puts/outputs <strong>of</strong> tasks.<br />
5 TSL<br />
In this section we describe how a task program is written.<br />
A task programmer <strong>in</strong>cludes the follow<strong>in</strong>g k<strong>in</strong>ds<br />
<strong>of</strong> statements <strong>in</strong> his/her task program:<br />
(a) Interface specic statements : This <strong>in</strong>cludes statements<br />
to identify the <strong>in</strong>terface and to handle errors at<br />
the <strong>in</strong>terface or process<strong>in</strong>g entity.<br />
(b) Process<strong>in</strong>g entity specic task statements : This<br />
would <strong>in</strong>clude all statements <strong>of</strong> the task that need<br />
Figure 3: Control Flow<br />
Database_task (Sp_rec)<br />
SPECIAL_REC Sp_rec <br />
{<br />
EXEC SQL INCLUDE SQLCA <br />
EXEC SQL BEGIN DECLARE SECTION<br />
<strong>in</strong>t <strong>in</strong>fo <br />
EXEC SQL END DECLARE SECTION<br />
EXEC SQL WHENEVER SQLERROR goto Failed <br />
TASK_EXECUTING() <br />
<strong>in</strong>fo = extract_<strong>in</strong>fo_from_rec(Sp_rec) <br />
EXEC SQL INSERT INTO INFO_table<br />
VALUES (:<strong>in</strong>fo) <br />
EXEC SQL COMMIT <br />
TASK_COMMIT() <br />
Failed :<br />
EXEC SQL ROLLBACK <br />
TASK_ABORT() <br />
}<br />
Figure 5: Database SQL task<br />
to be executed aga<strong>in</strong>st the process<strong>in</strong>g entity. For <strong>in</strong>stance,<br />
these might beembedded SQL statements for<br />
databases, or contract specications for OSSs.<br />
(c) Statements for reveal<strong>in</strong>g the task (structure) state<br />
to the workow controll<strong>in</strong>g entity : The task programmer<br />
explicitly <strong>in</strong>cludes macros <strong>with</strong><strong>in</strong> the program<br />
such asTASK EXECUTING() and TASK DONE() to<br />
<strong>in</strong>dicate to the workow controller that the task has<br />
reached a particular state.<br />
We illustrate the above us<strong>in</strong>gtwo examples. The<br />
rst example deals <strong>with</strong> an SQL-based task written<br />
<strong>in</strong> C (Figure 5). This transactional task receives as<br />
<strong>in</strong>put a record structure SPECIAL REC, extracts some<br />
<strong>in</strong>formation out <strong>of</strong> it, and <strong>in</strong>serts the result <strong>in</strong>to a<br />
database us<strong>in</strong>g Embedded SQL. The statements that<br />
Page 8
Contract (FCIF_id1,FCIF_id2)<br />
FCIF FCIF_id1,FCIF_id2 <br />
{ <strong>in</strong>t temp_qms_stat, iter <br />
TASK_EXECUTING() <br />
iter = MAX_TRIES /* Try QMS call up to<br />
MAX_TRIES times<br />
if system failure*/<br />
repeat<br />
{<br />
EXEC QMS<br />
send_and_recv (FCIF_id1, FCIF_id2) <br />
temp_qms_stat = qms_status <br />
iter++ <br />
}<br />
until (temp_qms_stat != ( QMS_FAILURE ||<br />
QMS_OSS_DOWN_FAILURE ) || iter >= 10)<br />
if (iter >=10)<br />
TASK_FAILED() <br />
else<br />
TASK_DONE(FCIF_id2) <br />
}<br />
Figure 6: Contract task - I<br />
are specic to the process<strong>in</strong>g entity are the Embedded<br />
SQL statements. The program is annotated <strong>with</strong><br />
TSL macros, i.e., TASK EXECUTING(), TASK COMMIT()<br />
and TASK ABORT(). These are used to communicate<br />
the current logical state <strong>of</strong> the task to the workow<br />
controller. (There is no detail <strong>in</strong> the program regard<strong>in</strong>g<br />
which database the \<strong>in</strong>terface" is connected to: it<br />
is assumed that the connection <strong>of</strong> the Embedded SQL<br />
<strong>in</strong>terface to the database has been done elsewhere.)<br />
The only additions the task programmer makes to<br />
the program s/he normally writes are the appropriate<br />
TASK ... macro calls.<br />
We now consider another example task program<br />
that submits a contract to an OSS through a queued<br />
message system called QMS (Figure 6). QMS is accessed<br />
by a transactional RPC call from a client. We<br />
assume that the access to QMS is made partially transparent<br />
us<strong>in</strong>g Embedded QMS calls (like Embedded<br />
SQL calls). We use the send and recv construct <strong>in</strong><br />
Embedded QMS to send a contract to QMS and block<br />
until the reply comes back or there is a system failure.<br />
It is assumed that the contract <strong>in</strong>formation is<br />
<strong>in</strong>put as FCIF id1, anFCIF structure, and the result<br />
is FCIF id2. We also illustrate <strong>in</strong> this example how<br />
the task structure <strong>of</strong> Contract assumed by thework-<br />
ow specication is con<strong>sis</strong>tent <strong>with</strong> the task structure<br />
reported by the task program. Contract is assumed<br />
to be non-transactional, so only the failure or successful<br />
completion <strong>of</strong> the task is reported to the workow<br />
controller. Notice how the task takes <strong>in</strong>to account the<br />
system errors <strong>of</strong> the <strong>in</strong>terface and the process<strong>in</strong>g entity.<br />
Contract (FCIF_id1,FCIF_id2)<br />
FCIF FCIF_id1,FCIF_id2 <br />
{ <strong>in</strong>t temp_qms_stat, iter <br />
extern <strong>in</strong>t did_commit() /* Function to<br />
determ<strong>in</strong>e if contract committed */<br />
TASK_EXECUTING() <br />
iter = MAX_TRIES /* Try QMS call up to<br />
MAX_TRIES times if system failure*/<br />
repeat<br />
{<br />
EXEC QMS<br />
send_and_recv (FCIF_id1, FCIF_id2) <br />
temp_qms_stat = qms_status <br />
iter++ <br />
}<br />
until (temp_qms_stat != ( QMS_FAILURE ||<br />
QMS_OSS_DOWN_FAILURE ) || iter >= 10)<br />
if (iter >=10)<br />
TASK_ABORTED() /* System failure */<br />
else if (did_commit(FCIF_id2) = TRUE)<br />
TASK_COMMITTED(FCIF_id2) <br />
else TASK_ABORTED() /* Abort due to<br />
actual abort <strong>of</strong> contract at OSS */<br />
}<br />
Figure 7: Contract Task - II<br />
In the second <strong>in</strong>stance <strong>of</strong> this example (Figure 7),<br />
suppose the workow designer assumed Contract to<br />
be transactional, and the contract execution at the<br />
process<strong>in</strong>g entity is also transactional. However, s<strong>in</strong>ce<br />
the submission <strong>of</strong> the contract is through the <strong>in</strong>terface,<br />
it is possible that the task completes successfully as far<br />
as the <strong>in</strong>terface is concerned (i.e., <strong>with</strong>out a system error),<br />
but the task could have committed or aborted.<br />
Then the task program is modied to return a commit<br />
or abort status to the workow controller. Furthermore,<br />
if the task does return successfully, the function<br />
did commit() <strong>in</strong> the task program is used to determ<strong>in</strong>e<br />
whether the contract committed or aborted.<br />
6 Related Work<br />
We rst discuss work <strong>in</strong> the literature related to<br />
workow/activity models [10]. These <strong>in</strong>clude active<br />
database and rule-based approaches [7, 8], multidatabase<br />
and relaxed/extended transaction model<br />
based approaches [14, 1, 15], and oce and process<br />
automation based approaches [17, 23,24]. Somewhat<br />
less relevant are the many proposals for multi-level<br />
and nested transaction models [30]. A perspective<br />
on comb<strong>in</strong><strong>in</strong>g workow and transaction management<br />
was given <strong>in</strong> [4]. Unlike many <strong>of</strong> these models, we<br />
do not view the entire application or the activities <strong>in</strong><br />
transactional terms, s<strong>in</strong>ce several tasks can be non-<br />
Page 9
transactional. Thus our approach is based on a detailed<br />
description <strong>of</strong> the task structure, and then build<strong>in</strong>g<br />
up a workow us<strong>in</strong>g <strong>in</strong>tertask data and control dependencies.<br />
When us<strong>in</strong>g a multidatabase oriented approach,<br />
issues related to <strong>in</strong>tertask dependencies have<br />
been discussed <strong>in</strong> detail <strong>in</strong> [6, 20, 2, 16, 15]. For <strong>in</strong>stance,<br />
both ACTA [6] and the DOM project [15] support<br />
complex <strong>in</strong>tra- and <strong>in</strong>ter-transaction state dependencies,<br />
and correctness dependencies such as serialization,<br />
visibility, co-operation and temporal dependencies.<br />
Our model can support all these dependencies,<br />
but for simplicitywehave restricted WFSL. This<br />
is because <strong>in</strong> several telecommunications applications,<br />
many tasks are not transactional and task transitions<br />
<strong>of</strong> autonomous process<strong>in</strong>g entities are not controllable.<br />
On the other hand, <strong>with</strong> operations supported by auxiliary<br />
systems, lters and logical operators, we allow<br />
a comprehensive set <strong>of</strong> data dependencies (the <strong>in</strong>tertask<br />
dependencies that <strong>in</strong>volve datavalues and external<br />
variables). The applications we have studied do<br />
<strong>in</strong>volve such complex value-based <strong>in</strong>tertask dependencies.<br />
We share the view <strong>of</strong> [9] regard<strong>in</strong>g the set <strong>of</strong> properties<br />
that a workow (called operation ow<strong>in</strong>[9]) model<br />
and specication language should support. These <strong>in</strong>clude<br />
(<strong>with</strong> the approximately correspond<strong>in</strong>g terms<br />
used by [9] <strong>in</strong> parantheses), denition <strong>of</strong> <strong>in</strong>dividual<br />
tasks (basic operation denition), a variety <strong>of</strong> tasks<br />
<strong>in</strong>clud<strong>in</strong>g user tasks (transactions and nonelectronic<br />
operations), state-based and value-based <strong>in</strong>tertask dependencies<br />
and data management (control and data<br />
ow denition), and failure and exception handl<strong>in</strong>g<br />
(same terms). Currently, no separate or direct support<br />
for bus<strong>in</strong>ess rules and constra<strong>in</strong>ts, and security<br />
and role resolution identied <strong>in</strong> [9] is provided. These<br />
can partly or <strong>in</strong>directly be supported by <strong>in</strong>tertask dependencies<br />
and by <strong>in</strong>dividual <strong>in</strong>terfaces (e.g., security<br />
features <strong>of</strong> DCE) and process<strong>in</strong>g entities.<br />
The relevant eorts on specication languages are<br />
as follows. In [14], a language is proposed for describ<strong>in</strong>g<br />
(possibly nested) multi-transaction activities,<br />
and how the ow <strong>of</strong> data between dierent modules<br />
can be specied. However, the specication <strong>of</strong> <strong>in</strong>tertask<br />
control dependencies is limited, and it is assumed<br />
that all the leaf-level tasks are transactional.<br />
We have adopted a similar data transfer specication<br />
<strong>in</strong> WFSL, but have extended the model to <strong>in</strong>clude different<br />
task structures and more complex control dependencies.<br />
In [7, 8], the ATM extended nested transaction<br />
model and language is presented for describ<strong>in</strong>g<br />
long runn<strong>in</strong>g activities. Such a description <strong>in</strong>cludes a<br />
procedural static specication <strong>of</strong> the high-level work-<br />
ow, and rules (triggers) for the dynamic evolution <strong>of</strong><br />
the workow. The WFSL language, is however, based<br />
on a unique more general workow model, and allows<br />
heterogeneous tasks to be <strong>in</strong>corporated exibly <strong>in</strong>to<br />
the workow. By model<strong>in</strong>g the task structures <strong>of</strong> compound<br />
tasks and by us<strong>in</strong>g rules throughout a WFSL<br />
specication, we have allowed the arbitrary nest<strong>in</strong>g <strong>of</strong><br />
tasks and specify how the controllable transitions <strong>of</strong><br />
each task is <strong>in</strong>uenced. WFSL is less expressive than<br />
a common procedural language, but we believe that<br />
this is compensated for by hav<strong>in</strong>g TSL <strong>in</strong>corporate a<br />
procedural host language. In the ConTract model[25],<br />
a long runn<strong>in</strong>g activity is modeled as a comb<strong>in</strong>ation <strong>of</strong><br />
scripts and steps, where scripts are at the level <strong>of</strong> the<br />
conceptual workow specication and steps are at the<br />
level <strong>of</strong> <strong>in</strong>dividual tasks. By us<strong>in</strong>g rules and the notion<br />
<strong>of</strong> compound tasks, we allow dynamic nested work-<br />
ows. In contrast to hav<strong>in</strong>g data transferred through<br />
variables and their contexts, we make<strong>in</strong>tertask data<br />
ow explicit, have variables one-time assignable only,<br />
and use lter functions. The IPL language from the<br />
InterBase project at Purdue [5] isyet another highlevel<br />
language that shares some <strong>of</strong> our objectives. IPL<br />
does separate workow-level details from task-level details<br />
and allows dependency rules, but nested work-<br />
ows are not allowed. Furthermore, error handl<strong>in</strong>g<br />
(system or logical) us<strong>in</strong>g the dependencies is limited.<br />
WFSL also supports more types <strong>of</strong> tasks and <strong>in</strong>terfaces<br />
and a exible data transfer specication. Other,<br />
albeit less relevant, specication and language eorts<br />
are the script-based workow specication <strong>in</strong> Carnot<br />
[29], and the extensions to MSQL to support some<br />
features <strong>of</strong> workows [27]. For transaction process<strong>in</strong>g<br />
environments, the STDL language [3] supports several<br />
features we consider to be important, <strong>in</strong>clud<strong>in</strong>g, support<br />
for tasks that are transactions, RPC-based tasks,<br />
and queued tasks, as well as recoverable presentation<br />
services, recoverable variables, and structured exception<br />
handl<strong>in</strong>g. The ideas beh<strong>in</strong>d TSL have been borrowed<br />
from several predecessors <strong>with</strong> which it shares<br />
its objectives and functionality. These <strong>in</strong>clude, among<br />
others, DOL [26], and the <strong>in</strong>terfaces that support executions<br />
<strong>of</strong> heterogeneous tasks aga<strong>in</strong>st dierent process<strong>in</strong>g<br />
entities (e.g., LAM <strong>in</strong> Narada [18], RSI <strong>in</strong> Interbase<br />
[12], and ESS <strong>in</strong> Carnot [29]).<br />
7 Conclusions<br />
Reeng<strong>in</strong>eer<strong>in</strong>g and automation <strong>of</strong> enterprise applications<br />
can be supported us<strong>in</strong>g workow management<br />
that support coord<strong>in</strong>ated execution <strong>of</strong> heterogeneous<br />
tasks on heterogeneous process<strong>in</strong>g systems. We have<br />
discussed a workow model and languages for specify<strong>in</strong>g<br />
the workows to support enterprise applications.<br />
The high-level language WFSL supports specication<br />
<strong>of</strong> the application-level issues <strong>of</strong> workows. Task type<br />
declarations capture the observable behavior <strong>of</strong> the<br />
task us<strong>in</strong>g task structures and data <strong>in</strong>puts and outputs.<br />
Page 10
Task class and <strong>in</strong>stance declarations support specication<br />
reuse. Inter-task dependencies and data exchange<br />
statements that express task coord<strong>in</strong>ation and data<br />
ow requirements, and lters can be used for data<br />
manipulation. TSL is used to specify <strong>in</strong>dividual tasks<br />
while accommodat<strong>in</strong>g the heterogeneities related to <strong>in</strong>terfaces<br />
and process<strong>in</strong>g entities. TSL supports macros<br />
that allow the tasks to reveal their task structure to<br />
the workow management system. The language design<br />
consider the issues <strong>of</strong> system and application-level<br />
error handl<strong>in</strong>g. They also enable logg<strong>in</strong>g for forward<br />
recovery (this issue is not discussed <strong>in</strong> this paper).<br />
A partial prototype <strong>of</strong> the METEOR workow management<br />
system was completed last year, and used<br />
to demonstrate some <strong>of</strong> the basic functionality to<br />
prospective clients by prototyp<strong>in</strong>g a real multi-system<br />
application, and to get further requirements. One approach<br />
to the workow controller part <strong>of</strong> the system<br />
was discussed <strong>in</strong> [2] and later implemented at MCC,<br />
while another was completed at Bellcore. A more<br />
detailed prototype system is currently be<strong>in</strong>g implemented.<br />
We are also study<strong>in</strong>g the issues <strong>of</strong> develop<strong>in</strong>g<br />
a graphical environment for specify<strong>in</strong>g, test<strong>in</strong>g, simulat<strong>in</strong>g<br />
and ma<strong>in</strong>ta<strong>in</strong><strong>in</strong>g the workows.<br />
Acknowledgements : The METEOR technical team<br />
at Bellcore, Henri We<strong>in</strong>berg and Chris Wood, and our long<br />
time collaborator Pr<strong>of</strong>. Marek Rus<strong>in</strong>kiewicz have had signicant<br />
<strong>in</strong>uence on our th<strong>in</strong>k<strong>in</strong>g and this work. Our special<br />
thanks to all application experts and developers at<br />
Bellcore to whom this work has been directed, for their<br />
participations <strong>in</strong> a task force, for shar<strong>in</strong>g their future application<br />
requirements, and for <strong>in</strong>formally review<strong>in</strong>g our<br />
work.<br />
References<br />
[1] M. Ansari, L. Ness, M. Rus<strong>in</strong>kiewicz, and A. Sheth.<br />
Us<strong>in</strong>g Flexible Transactions to Support Multi-System<br />
Telecommunication Applications. In Proc. <strong>of</strong> the 18th<br />
VLDB Conference, August 1992.<br />
[2] P. Attie, M. S<strong>in</strong>gh, A. Sheth, and M. Rus<strong>in</strong>kiewicz.<br />
Specify<strong>in</strong>g and Enforc<strong>in</strong>g Intertask Dependencies. In<br />
Proc. <strong>of</strong> the 19th VLDB Conference, 1993.<br />
[3] P. Bernste<strong>in</strong>, P. Gyllstorm and T. Wimberg. STDL -<br />
APortable Language for Transaction Process<strong>in</strong>g. In<br />
Proc. <strong>of</strong> the 19th VLDB Conference, 1993.<br />
[4] Y. Breitbart, A. Deacon, H.-J. Schek, A.Sheth,<br />
and G. Weikum Merg<strong>in</strong>g Application-centric and<br />
Data-Centric Approaches to Support Transactionoriented<br />
Multi-system Workows. In SIGMOD<br />
Record, September 1993<br />
[5] J. Chen, O. Bukhres, and A. Elmagarmid. IPL:<br />
A Multidatabase Transaction Specication Language.<br />
In Proc. <strong>of</strong> the 13th Intl. Conf. on Distributed Comput<strong>in</strong>g<br />
Systems, Pittsburgh, PA, May 1993.<br />
[6] P. Chrysanthis and K. Ramamritham. A Formalism<br />
for Extended Transaction Models. In Proc. <strong>of</strong> the 17th<br />
VLDB Conference, 1991.<br />
[7] U. Dayal, M. Hsu, and R. Lad<strong>in</strong>. Organiz<strong>in</strong>g Long-<br />
Runn<strong>in</strong>g Activities <strong>with</strong> Triggers and Transactions.<br />
In Proc. <strong>of</strong> ACM SIGMOD Conf. on Management <strong>of</strong><br />
Data, 1990.<br />
[8] U. Dayal, M. Hsu, and R. Lad<strong>in</strong>. ATransactional<br />
Model for Long-Runn<strong>in</strong>g Activities. In Proc. <strong>of</strong> the<br />
17th VLDB Conference, September 1991.<br />
[9] U. Dayal and M. Shan. Issues <strong>in</strong> Operation Flow Management<br />
for Long Runn<strong>in</strong>g Activities. In [10].<br />
[10] M. Hsu, editor. Special Issue on workow and Extended<br />
Transaction Systems, 16 (2), June 1993.<br />
[11] A. Elmagarmid, editor. Transaction Models for Advanced<br />
Database Applications. Morgan-Kaufmann,<br />
February 1992.<br />
[12] A. Elmagarmid, J. Chen, and O. Bukhres. Remote<br />
System Interfaces : An Approach toOvercome <strong>Heterogeneous</strong><br />
Barriers and Reta<strong>in</strong> Local Autonomy <strong>in</strong><br />
the Integration <strong>of</strong> <strong>Heterogeneous</strong> Systems. the Intl.<br />
Journal on Intelligent and Cooperative Information<br />
Systems, 1993. (to appear).<br />
[13] A.K. Elmagarmid, Y. Leu, W. Litw<strong>in</strong>, and<br />
M. Rus<strong>in</strong>kiewicz. A Multidatabase Transaction Model<br />
for InterBase. In Proc. <strong>of</strong> the 16th VLDB Conference,<br />
1990.<br />
[14] H. Garcia-Mol<strong>in</strong>a, D. Gawlick, J. Kle<strong>in</strong>, K. Kleissner,<br />
and K. Salem. Coord<strong>in</strong>at<strong>in</strong>g Multi-transaction Activities.<br />
Technical Report CS-TR-247-90, Pr<strong>in</strong>ceton<br />
University, February 1990.<br />
[15] D. Georgakopoulos, M. Hornick, P.Krychniak, and F.<br />
Manola. Specication and Management <strong>of</strong> Extended<br />
Transactions <strong>in</strong> a Programmable Transaction Environment.<br />
In Proc. <strong>of</strong> the Intl. Conf. on Data Eng<strong>in</strong>eer<strong>in</strong>g,<br />
February 1994.<br />
[16] R. Gunthor. Extended Transaction Process<strong>in</strong>g Based<br />
on Dependency Rules. In Proc. <strong>of</strong> the RIDE-IMS '93:<br />
Intl. Workshop on Multidatabase Systems, April 1993.<br />
[17] M. Hsu, R. Obermarch, and R. Vuurboom. Integration<br />
and Interoperability <strong>of</strong> a Multimedia Workow<br />
Model and Execution. In [10].<br />
[18] Y. Halabi et. al. Narada: An Environment for Speci-<br />
cation and Execution <strong>of</strong> Multi-System Applications.<br />
In Proc. <strong>of</strong> the 2nd Intl. Conf. on Systems Integration,<br />
1992.<br />
[19] W. J<strong>in</strong>, L. Ness, M. Rus<strong>in</strong>kiewicz, A. Sheth. Concurrency<br />
Control and Recovery <strong>of</strong> Multidatabase Work<br />
Flows <strong>in</strong> Telecommunication Applications. In Proc. <strong>of</strong><br />
ACM SIGMOD Conf. on Management <strong>of</strong> Data, May<br />
1993.<br />
Page 11
[20] J. Kle<strong>in</strong>. Advanced Rule Driven Transaction Management.<br />
In Proc. <strong>of</strong> the IEEE COMPCON, 1991.<br />
[21] N. Krishnakumar and A. Sheth. Specify<strong>in</strong>g Multisystem<br />
Workow Applications <strong>in</strong> METEOR. Bellcore<br />
Technical Memorandum TM-24198, May 1994.<br />
[22] P. Krychniak, M. Rus<strong>in</strong>kiewicz, A. Sheth, and<br />
G. Thomas. Bound<strong>in</strong>g the Eects <strong>of</strong> Compensation<br />
under Relaxed Multi-level Serializability. Technical<br />
Report UH-CS-92-06, Dept. <strong>of</strong> Computer Science,<br />
University <strong>of</strong> Houston, March 1992.<br />
[23] D. McCarthy and S. Sar<strong>in</strong>. Workow and Transaction<br />
<strong>in</strong> InConcert. In [10].<br />
[24] R. Med<strong>in</strong>a-Mora,<br />
H. Wong, and P. Flores. ActionWorkow TM as the<br />
Enterprise Integration Technology. In [10].<br />
[25] H. Wachter and A. Reuter. The ConTract Model.<br />
Chapter 7, In [11], 1992.<br />
[26] M. Rus<strong>in</strong>kiewicz, S. Osterman, A. Elmagarmid, and<br />
K. Loa. The Distributed Operational Language for<br />
Specify<strong>in</strong>g Multisystem Applications. In Proc. <strong>of</strong> the<br />
1st Intl. Conf. on Systems Integration, 1990.<br />
[27] M. Rus<strong>in</strong>kiewicz and A. Sheth. Specication and<br />
Execution <strong>of</strong> Transactional Workows. In Modern<br />
Database Systems: The Object Model, Interoperability,<br />
and beyond, W. Kim, Ed., Addison-Wesley/ ACM<br />
Press, 1994.<br />
[28] A. Sheth and M. Rus<strong>in</strong>kiewicz. On Transactional<br />
Workows, In [10].<br />
[29] C. Toml<strong>in</strong>son et. al. Workow Support <strong>in</strong> Carnot. In<br />
[10].<br />
[30] G. Weikum and H.-J. Schek. Concepts and applications<br />
<strong>of</strong> multilevel transactions and open nested transactions.<br />
Chapter 13, In [11].<br />
ActionWorkow is a trademark <strong>of</strong> Action Technologies, Inc.<br />
Page 12