Paper Menu >>
Journal Menu >>
J. Software Engineering & Applications, 2009, 2:25-33
Published Online April 2009 in SciRes (www.SciRP.org/journal/jsea)
Copyright © 2009 SciRes JSEA
Formal Semantics of OWL-S with Rewrite Logic#
Ning Huang*, Xiao Juan Wang*, Camilo Rocha+
*Beihang University, Beijing, China, +University of Illinois at Champaign Urbana, USA
Email: firstname.lastname@example.org; email@example.com
Received December 29th, 2008; revised January 27th, 2009; accepted February 27th, 2009.
SOA is built upon and evolving from older concepts of distributed computing and modular programming, OWL-S plays
a key role in describing behaviors of web services, which are the essential of the SOA software. Although OWL-S has
given semantics to concepts by ontology technology, it gives no semantics to control-flow and data-flow. This paper
presents a formal semantics framework for OWL-S sub-set, including its abstraction, syntax, static and dynamic seman-
tics by rewrite logic. Details of a consistent transformation from OWL-S SOS of control-flow to corresponding rules
and equations, and dataflow semantics including “Precondition”, “Result” and “Binding” etc. are explained. This
paper provides a possibility for formal verification and reliability evaluation of software based on SOA.
Keywords: SOA, Web Services, OWL-S, Formal Semantics, Rewrite Logic, Consistent Transformation, Reliability
Service Oriented Architecture (SOA) adopts the Web
services standards and technologies and is rapidly be-
coming a standard approach for enterprise information
systems. We believe that there will be a heavy demand of
reliability evaluation for the SOA software in the early
Web services are the essential of the SOA software,
because SOA offers one such architecture, it unifies
business processes by structuring large applications as an
ad hoc collection of smaller modules called “services”,
Services-orientation aims at a loose coupling of services
with operating systems, programming languages and oth-
er technologies which underlie applications. There are
many higher level standards such as BPEL , WSCI,
BPML, DAML-S (the predecessor of OWL-S), etc.
OWL-S (Web Ontology Language for services) is a
well-established language for the description of Web ser-
vices based on ontology, it has been recommended by
Web-ontology Working Group at the World Wide Web
In order to undergo more accurate reliability evaluation
and prediction of software based on SOA in the early
phase, we should give software architecture the descrip-
tion semantics for gaining more components information,
according to this motivation, we plan to use OWL-S to
describe the software architecture, and then use formal
method to construct a well-defined mathematical model
of the system described by OWL-S, once we have this
formal model, we will compute the reliability of the
software based on the formal model. Here, as a me-
ta-language of rewrite logic, Maude has been chosen as a
language to give OWL-S formal semantics in a frame-
work in static and dynamic aspects. With this framework
in hand, an OWL-S specification can be transformed into
an easy-understand formal one only concerning syntax,
and this transformation makes a critical contribution for
the formal verification and reliability evaluation of
OWL-S model using the Maude language.
The rest of this paper is organized as follows. We will
give an overview of related works in Section 2, the
background of our method will be presented in Section 3
by an overview of OWL-S, rewrite logic and Maude,
section 4 presents the abstraction of the model to intro-
duce what we should abstract from the model. How to
give OWL-S model the formal semantics using Maude
in static and dynamic aspects will be presented respec-
tively in Section 5 and Section 6. Finally, we will give a
conclusion in Section 7 and an acknowledgement in
2. Related Works
Most of previous related works focus on model checking
instead of providing a precise formal semantics for the
specification. For example,  converts OWL-S Process
Model using a C-Like code specification language and
then uses BLAST to validate it by the test cases auto-
matically generated in the model checking process. 
proposes a Petri Net-based operational semantics, which
models the control flow of DAML-S (the former of
OWL-S) Process Model, but lack of dataflow. Based on
the work of [4,5] extends it to translate OWL-S Process
Model using Promela, a SPIN specification language, and
uses SPIN to do model checking.  presents a formal
denotational model of OWL-S using the Object-Z(OZ)
specification language, but it focuses on the formal model
#Supported by the 11th Defense Five-Year plan Foundation, and Avia-
tion Fund of China
26 Formal Semantics of OWL-S with Rewrite Logic
Copyright © 2009 SciRes JSEA
for the syntax and static semantics of OWL-S, and does
not discuss the dynamic semantics.
These researches give good examples of formal speci-
fication of OWL-S and applications, but there are some
(1) Some semantics is undefined: Because OWL-S is
not a traditional language, so some properties can’t be
expressed directly. Some papers didn’t claim this prob-
lem explicitly, but some do so, for example, in , “Pre-
condition” and “Effect” can’t be expressed in Promela
and so ignored. In this paper, these properties are de-
clared as important ones for processes and defined
(2) Transforming consistency: The structural opera-
tional semantics (SOS) of OWL-S hasn’t been mapped to
the specification language directly in related researches.
This gives less consistency assurance for the transforma-
tion. But for rewrite logic, the mapping is rather clear. On
the other hand, the later transformation for OWL-S speci-
fication only concerns syntax.
(3) Lack of analysis of dataflow: Among the above re-
searches, only  explicitly stated the dataflow, it simpli-
fies “Input” and “Output” as “Integer” and connects them
to “channel”. On the other hand, rewrite logic used in this
paper is much more appropriate and efficient for proper-
ties deal not only with causality of events but also with
data types or recursive constructs.
 and  use an algebra specification language Z.
But the former focuses on the analysis of ontology, in-
cluding some properties verification and reasoning with-
out analysis of control flow and dataflow. The latter gives
a good explanation for static semantics of OWL-S but
without dynamic semantics.
3.1 Introduction of OWL-S
OWL-S is an OWL-based (Recommendation produced
by the Web-Ontology Working Group at the World Wide
Web Consortium) Web service ontology, which supplies
Web service providers with a core set of constructs for
describing the properties and capabilities of their Web
services in unambiguous, computer interpretable form.
OWL-S markup of Web services will facilitate the auto-
mation of Web service tasks, including automated Web
service discovery, execution, composition and interop-
It is the first well-researched Web Services Ontology,
which has numerous users from industry and academe,
and is still undergoing. Details of the latest version of
OWL-S submission document can be referred to .
3.2 Rewrite Logic and Maude
Rewriting logic is a computational logic that can be effi-
ciently implemented and that has good properties as a
general and flexible logical and semantic framework, in
which a wide range of logics and models of computation
can be faithfully represented .
Definition 1: A rewrite theory R is a triple R = (∑, E,
·(∑,E) a membership equational theory, and
·R a set of labeled rewrite rules of the form:
→': ttl cond”, with “l” as a label, t, t′
for some kind k, and “cond” is a con-
dition (involving the same variables X).
In general, a rule in rewrite logic is like:
Maude is a formal programming language based on the
mathematical theory of rewriting logic. With Maude sys-
tem’s support, this kind of language specifications can be
executed and model can be checked, what is more, its
mathematic semantics can be obtained. A program in
Maude is just a rewrite logic theory, and Maude offers a
comprehensive toolkit for the analysis of specifications,
such as LTL model checker, Inductive Theorem Prover
(ITP), Maude Termination Tool, Church Rosser Checker,
Coherence Checker, etc.
In Maude, object-oriented systems are specified by
object-oriented modules, defined by the keyword
“omod ... endom”, in which classes and subclasses are
declared. A class declaration has the form class C|a1:
S1, ..., an: Sn ,where C is the name of the class, the ai are
attribute identifiers, and the Si are the sorts of the corre-
sponding attributes. An object of a class C is defined as:<
O : C | a1 : v1, ... , an : vn >, where O is the object’s
name, and the vi are the corresponding values of object’s
attributes, for i=1 . . . n. Objects can interact in a number
of different ways such as messages passing, messages
between objects can be defined by the keyword “msg”.
Details of Maude can be referred to .
The main reasons why we choose rewrite logic to give
the OWL-S specification the formal semantics are listed as
follows, and more detail advantages can be referred to :
♦ Consistency in transforming: Rewrite logic is a
flexible and expressive one that unifies algebraic de-
notational semantics and structural operational se-
mantics (SOS) in a novel way, which can be seam-
lessly transformed from OWL-S SOS into rewrite
rules/equations , and suitable for describing data
types and their relationships. On the other hand, the
latter transforming from an OWL-S specification
model into an algebraic one only concerns syntax.
♦ Suitable for many logic formula expressions in
OWL-S: In , it is argued that rewriting logic is
suitable both as a logical framework in which many
other logics can be represented, and as a semantic
♦ Efficiency implementation: Maude is a high per-
formance rewriting logic implementations . It is
demonstrated that the performance of the Maude
model checker “is comparable to that of current ex-
plicit-state model checkers” such as SPIN .
Formal Semantics of OWL-S with Rewrite Logic 27
Copyright © 2009 SciRes JSEA
♦ Analyzing tools: It has been well established now
that a rewrite logic specification can be benefited for
comprehensive tool-supported formal verification
4. Abstraction of the Model
There are three methods to transform an OWL-S specifi-
cation into a rewrite logic one:
(1) Translate every lines in OWL-S specification into
corresponding rewrite logic ones directly. The translating
is the same as giving semantics to OWL-S specification.
(2) Give OWL-S (the language) rewrite logic seman-
tics for every parts of its syntax. Then the OWL-S speci-
fication itself is a rewrite logic one with semantics. None
transformation is needed.
(3) Abstract the main parts of OWL-S (the language),
define syntax in rewrite logic for the sub-set and give
semantics for the syntax. And then translate the OWL-S
specification into a rewrite logic one by abstracting it into
the syntax in rewrite logic.
Method (1) is direct, but difficult to ensure the consis-
tency. Method (2) is a complete one. For example, a ser-
vice is modeled by a process in OWL-S, some tags such
as < process: CompositeProcess rdf:ID="CP">, <proc-
ess: hasInput rdf:resource="#inputownright1"/> are
used to give a detailed perspective within a composite
web service. All tags should have semantics (here the
tags are “process: CompositeProcess rdf: ID” and “proc-
ess: hasInput rdf: resource”).
In this paper, method (3) is accepted. One reason to do
so is that abstraction can reduce the complexity of ana-
lyzing a model; another reason is that we can go to the
most difficult and challenge problems quickly.
In the following section, we will explain what has been
abstracted from OWL-S, including control flow and data
flow. This abstraction becomes a sub-set of OWL-S.
1) Parameters and Expressions: Parameters are the
basis of representing expressions, conditions, formulas
and the state of an execution. In OWL-S, parameters are
distinguished as “ProcessVar”, “Variables” and “Re-
sultVar”, etc. They can even be identified as variables in
SWRL. Our abstraction in this paper doesn’t distinguish
these, but refer them all as parameters.
Expressions can be treated as literals in OWL-S, either
string literals or XML literals. The later case is used for
languages whose standard encoding is in XML, such as
SWRL or RDF. In this paper, expressions are separated
into Arithmetic and Boolean expressions.
2) Precondition: If a process's precondition is false,
the consequences of performing or initiating the process
are undefined. Otherwise, the result described in OWL-S
for the process will affect its “world”.
3) Input: Inputs specify the information that the proc-
ess requires for its execution. It is not contradictive with
the definition of messages between web services, because
a message can bundle as many inputs as required, and the
bundling is specified by the grounding of the process
4) Result and Output: The performance of a process
may result in changes of the state of the world (effects),
and the acquisition of information by the client agent
performing it (returned to it as outputs). In OWL-S, the
term “Result” is used to refer to a coupled output and
effect. Having declared a result, a process model can then
describe it in terms of four properties, in which, the “in-
Condition” property specifies the condition under which
this result occurs, the “withOutput” and “hasEffect”
properties then state what ensures when the condition is
true. The “hasResultVar” property declares variables that
are bound in the “inCondition”.
Precondition and Result are represented as logical
formulas in OWL-S, but when they are abstracted, Boo-
lean expression and assignment are used separately in
5) Process: A Web service is regarded as a process.
There are three different processes: Atomic process cor-
responds to the actions that a service can perform by en-
gaging it in a single interaction; composite process cor-
responds to actions that require multi-step protocols
and/or multiple services actions; finally, simple process
provides an abstraction mechanism to provide multiple
views of the same process. We focus on atomic process
and composite process here.
6) Control structure: Composite processes are de-
composable into other (non-composite or composite)
processes; their decomposition can be specified by using
eight control structures provided for web services, in-
cluding Sequence, Split, Split-Join, Choice, Any-Order,
If-Then-Else, Repeat-Until, and Repeat-While.
7) Dataflow and Variables binding: When defining
processes using OWL-S, there are many conditions
where the input to one process component is obtained as
one of the outputs of a preceding step. This is one kind of
data flow from one step of a process to another.
A Binding represents a flow of data to a variable, and
it has two properties: “toVar”, the name of the variable,
and “valueSpecifier”, a description of the value to receive.
There are four different kinds of valueSpecifier for Bind-
ings: valueSource, valueType, valueData, and value-
Function. The widely used one “valueSource” is ad-
dressed in this paper.
The information listed above gives an overview of how
web services are bound together with control structures
5. Syntax and Static Semantics in Maude
According to the method (3) described above, we now
need to define how to express the information abstracted
in Section 3 in rewrite logic, namely, syntax of the
sub-set in Maude. Because of space limited, we only ex-
plain parts of it:
1) Parameters and Expressions: To express them,
several rewrite logic modules have been defined. They
are NAME, EXP and BEXP.
To specify process variables we define a module
named “NAME”, in which “op_._: Oid Varname-> Name
28 Formal Semantics of OWL-S with Rewrite Logic
Copyright © 2009 SciRes JSEA
“is defined to be the form “process.var” as a variable
name, while “Oid” is the name of a process, which has
been regarded as an object identification. And a “Nam-
eList” is used to be a list of variables.
The value of a variable is stored in a “Location” which
is indicated by an integer. When we bind a location with
a variable name, the variable get the value stored in that
Arithmetic expressions (sort name is “Exp”) and Boo-
lean expressions (sort name is “BExp”) are defined sepa-
rately in module EXP and BEXP, which gives a descrip-
tion of how to use variable names to describe expres-
2) IOPR (Input/Output/Precondition/Result), Data
flow and variable bindings:
“Input” and “Output” of a process are defined as
“NameLists” which are attributions of a process.
In OWL-S, “Precondition” and “Effects” are repre-
sented as logical formulas by other languages such as
SWRL. Here we first simplify Precondition as “BExp” to
be an attribution of a process class.
“Result” is more complicated. After separate “Out-
put” as an attribution of a process, “Result” combines a
list of “Effect”, while every Effect is simplified as a con-
ditional assignment here. The definition in Maude is
“ op_<-_if_: Name Exp BExp -> Effect.”
As discussed above, there are four types of binding
“valueSpecifier”. Here we defined binding as “op fromto :
Name Name -> Binding “ to specify “valueSource” in
module WSTYPE. With this definition, dataflow in a
composite web service is created.
3) Processes and Control Structures: Atomic and
composite web services are defined as two classes with
different attributions. In order to distinguish defini-
tions of “ControlConstructList” and “ControlCon-
structBag” for control structure, “OList” is defined to
represent the object list which should be executed in
order, and “OBag” to represent there is no order for
It seems very hard to express that a web service set can
be executed in any order. But benefited with Maude op-
erator attribution “comm”, we can get this with definition
“op_#_: OBag OBag -> OBag [ctor assoc comm id:
noo]”. “comm” attribution means that this “op” is with
commutative property, which makes the objects in this
“bag” ignore the order unlike it is in “OList” .
After defining two sorts as follows:
subsort Qid < Oid < Block < BlockList.
subsort Qid < Oid < Block < BlockBag.
We define a nested control structure. For example,
“sequence” as “op sequence: BlockList->Block [ctor]”
and “split” as “op split : BlockBag -> Block [ctor] “.
This separates “Block” into three cases:
(1) Only a process.
(2) A group of processes within one control structure
(we refer it as a control block).
(3) A group of processes and control blocks within one
Obviously, the (3) is a nested control structure. If the
group is order sensitive, it is a “BlockList”, otherwise, it
is a “BlockBag”.
Syntax of atomic web service: A class “Atomws” is
defined in Definition 2. When an instance of atomic web
service is created, it should be declared as an object of
Syntax of composite web service: And a class “Com-
positews” is defined in Definition 3. We have explained
“IOPR”, “Result”, “Precondition” and “Binding” above.
Other attributions are: “initialized” to represent whether
this instance object (composite web service) of the class
has been initialized with actual values of its “IOPR”,
“Result”, “Precondition”, “Binding” and control struc-
tures. “father” denotes which composite web service
(instance) it belongs to. “struc” is the control structure
with “BlockList” and “BlockBag” as its subsort. Other
attributions are defined to be used when the composite
one is executed, especially for the nested control struc-
When an instance of composite web service is created,
it should be declared as an object of class “Compo-
sitews”. And prepare an initial equation for itself (how to
define an initial equation is ignored here).
6. Dynamic Semantics in Maude
6.1 Auxiliary Modules
When “Precondition” of a process is true, it can be ini-
tialized and executed. It affects the “world” by various
“Effect”. So we need to define what the “world” will be
for a web service. Here a module of “SUPERSTATE” is
extended with “CONFIGURATION” which already defines
as a “soup” of floating objects and messages in Maude.
A “Superstate” is the “world” of a process which de-
fined as “op_|_: State Configuration -> Superstate”. “State” is
a group of variables with corresponding locations, and
locations with corresponding values. A message is de-
fined as “msg call: Oid Oid -> Msg” for a composite web
service to trigger its sub-process to execute. Another is
defined as “msg tellfinish: Oid Oid -> Msg” to tell its father
that it has finished execution.
Definition 2: class Atomws | initialized : Bool,
father : Oid, input : NameList,
output : NameList, precondition : BExp,
result : Effect .
Definition 3: class Compositews | initialized : Bool,
input : NameList, output : NameList,
precondition : BExp, result : Effect,
binding : Binding, father : Oid,
struc : CStruc, nest : BlockList, wait : OList,
blockwait : NList, waitbag : OBag .
Formal Semantics of OWL-S with Rewrite Logic 29
Copyright © 2009 SciRes JSEA
In module “SUPERSTATE”, assignment, evaluation of
an arithmetic expression and a Boolean expression are
defined, which gives semantics to how these syntax can
be executed to affect the “world” of a process.
An operator “k” is defined as “op k: Configuration -> Con-
figuration” to indicate that one web service is ready to be
executed. Two operators “val” and “bval” are defined to
evaluate expression and Boolean expression values in a state.
A sort “NList” (natural number list) is also defined in
“NLIST” module to give semantics of executions of a
nested control structure, with the help of the four attribu-
tions: nest, wait, blockwait, and waitbag.
6.2 Dynamic Semantics
In this section, we first analyze how executions of web
services can affect their “world”, and then by giving out
the SOS for control structure, explain the corresponding
rewrite logic rules or equations.
1) Execution of a Service:
◎Execution of an Atomic One
As defined in OWL-S, atomic processes have no
sub-processes and execute in a single step only if the ser-
vice is concerned and its precondition is true. The execu-
tion gives result to its “world” by “Effect”. The main
parts for its execution semantics (Figure 1) have been
chosen to be explained as below.
Equation (1) asks atomic web service “ws” do initiali-
zation if its precondition “Cd” is true and hasn’t been
initialized before. Initialization is designed as an equation
in a module of an instance of “Atomws”. It prepares an
initial state for this web service.
Equation (2) explains that when an atomic web service
“ws” gets a message from its father “F”, it is the same
meaning that it will be executed after initialized.
Figure 1. Semantics of execution atomic web service
Equation (3) explains that how to execute a condition
inside an “Effect”. Of course there are rules that explain
how to evaluate expression inside an “Effect” (ignored
The forth rule (4) simulates state changes by one “Ef-
fect”. And rule (5) ensure that only after all the “Effect”
of this web service has been executed it tells its father it
has finished, and prepares a same instance waiting for its
“Precondition” to be true to be initialized to execute
◎Execution of a composite process
Composite web service changes its “world” by exe-
cuting its sub-processes according to its control struc-
Different from atomic web service, before a composite
one is going to be executed, it should prepare “binding”
information. A rule below is used to explain how to do
that. After that, “sourcedata” should be defined to affect
the “world” by other rules.
After that, composite web service will be executed
when its precondition is true like the atomic one. The
difference is that the sub-processes grouped in control
structures should be executed according to semantics of
control. How to execute these structures will be explained
2) Sequence: The SOS of “sequence” and the corre-
sponding rewrite logic rule are showed in Figure 2.
“BLK” is a “Block” and “BL” is a “BlockList”. Obviously,
attribution “nest” here is used to separate the “BlockList”,
leaves the first one in “struc” to be executed first.
The question is how to ensure the first control block
be executed firstly? Especially when it is a nested control
structure-because when the most inner to be executed, the
decomposing difference (order sensitive of BlockList and
opposite BlockBag) should be recorded.
As discussed above in Section 4, a “Block” has three
cases. But all of them should ensure that this “Block” be
executed before “BL” is going to be executed for “se-
quence”. To ensure this, two attributions “wait” and
“blockwait” are defined. “wait” is a “OList (object list)”
to ensure that only after the list of objects are all finished
that this service “ws” can be executed. “blockwait” is
defined as “NList (nature number list)”. When an order
<sequence (BLK; BL)
rl k( < ws : Compositews | father : F, struc : sequence(BLK ;
BL), nest : BL1, wait : nilo, blockwait : BW > )
=><ws:Compositews|father:F, struc:BLK, nest : sequence(BL) ;
BL1, wait: nilo, blockwait : (1 BW) > call(F, ws) .
Figure 2. Semantics of execution sequence
rl st1 | (conf call(F, ws) < ws : Compositews | initialized :
true, father : F, binding : fromto(v1 , v2) BD > )
=> (sourcedata(v1, v2, st1) st1) | (conf < ws : Compositews |
father : F, binding : BD > call(F, ws) ) .
(1) ceq < ws : Atomws | initialized : init-state, father : F,
precondition : Cd > call(F, ws)
= ( initial( < ws : Atomws | initialized : true, father : F
> ) call(F, ws) ) if ( not init-state) and bval(Cd, st1) .
(2) eq st1 | (conf < ws : Atomws | initialized : true , father :
F> call(F, ws)) = st1 |(conf k( < ws : Atomws | father :
F > )) .
(3) eq st1 | (conf k(< ws : Atomws | father : F, result : (x1
<- exp1 if cond) Eff >))
= st1 | (conf k(< ws : Atomws | father : F, result : (x1 <-
exp1 if bval(cond, st1)) Eff >)) .
(4) rl [ execute ] :
(mem(x1, location1) loc(location1, y1) st1) | (conf k(<
ws : Atomws | father : F , result : (x1 <- y) Eff >))
=> (mem(x1, location1) loc(location1, y) st1) | (conf k(<
ws : Atomws | father : F , result : Eff >)) .
(5) rl [finish] : st1 |(conf k(< ws : Atomws | father : F,
initialized : init-state , result : noEff >))
=> st1 | (conf < ws : Atomws | father: F , initialized:
30 Formal Semantics of OWL-S with Rewrite Logic
Copyright © 2009 SciRes JSEA
sensitive control block (here is sequence) is separated, it
definitely asks the “Block” left in “struc” (here is BLK)
should be finished before other “Block” left in “nest” are
going to be executed. So we add natural number “1” into
the “NList” (here is BW). Otherwise, “0” is added for no
order sensitive one, such as for control structure “Split”.
And “2” will be added when the outer control structure
asks order but this one doesn’t.
After separating a control structure, there are three
cases waited to be explained of how to execute BLK.
Case 1: BLK is a process.
In this case, if it is a composite one, it can be separated
recursively. If it is an atomic one (here is “A”), different
rules should be matched according to “blockwait” (here
is BW). The value of head of “BW” is “1” means “A”
should be completely finished before “ws” continues,
showed as Figure 3 rule (1). So “A” is put into “wait”,
and “1” is added to “BW” of “ws” to indicate that this an
order sensitive block. And then two messages are re-
leased to trigger “A” and “ws”. Of course, there should
be a corresponding rule when “A” completes its execu-
tion (Figure 3 rule (2)).
If head(BW)==0 and sum(BW) > 0 (rule (3)), then “2”
is added to “BW” and “A” is added to “waitbag” (here is
OO), this indicates that “A” need not to be executed
firstly in this level of the control structure, but it need to
be so in outer control structure. The corresponding rule to
release the blocking is showed as rule (4).
Similarly if head (BW) == 0 and sum(BW) == 0, “0”
is added to “BW” to indicate there is no need for “A” to
be executed firstly.
Figure 3. Semantics of execution nested control Block
<repeat-while bexp1 CS1,
'' <repeat-while bexp1 CS1,
<repeat-while bexp1 CS1,
crl k( < ws : Compositews | father : F, struc : repeat CS1
while bexp1, nest : BL, wait : nilo > ) =>
then < ws : Compositews | father : F, struc : CS1, nest :
(repeat CS1 while bexp1) ; BL, wait : nilo > call(F, ws)
else < ws : Compositews | father : F, struc : empty,
nest : BL, wait : nilo > call(F, ws)
Figure 4. Semantics of execution Repeat-while
Case 2 and Case 3: are similar with case1, but with re-
cursive definition. Because of space limited, we will not
discuss them here
3) Repeat-while: “Repeat-While” tests the condition,
exits if it is false and does the operation if the condition is
true, then loops. Its SOS and corresponding rewrite rule
are showed in Figure 4.
Actually, for the control structure itself, it is not com-
plex. The rule in Figure 4 just gives semantics of how
this structure can be executed. The difficult is how
“Block” can be executed inside it.
For example, when there is simple composite web ser-
vice which contents only one atomic web service “A”
within its repeat-while, say (k( < ws : Compositews | fa-
ther: F, struc: repeat ‘A while bexp1, nest: BL, wait: nilo
> )), how about the execution of “A”?
As discussed for Definition 2 and 3, before this com-
posite “ws” enters its execution “k” state, it should pre-
pare an atomic instance ‘A. If the precondition of ‘A is
true, it can be initialized and go into “k” execution state.
This may affect the “world” of “ws” according to the
group rules and equations in Figure 1. After ‘A has fin-
ished its execution, rule (5) in Figure 1 prepares another
instance ‘A waiting for its “precondition” again. If
“bexp1” decides to execute ‘A again, execution can be
continue, and the “Result” may turn “bexp1” to be true
by affecting the “world” of “ws”.
4) Repeat-until: “Repeat-until” does the operation,
tests for the condition, exits if the condition is true, and
otherwise loops. Its SOS and corresponding rewrite rule
are showed in Figure 5.
<repeat-until bexp1 CS1,
'' <repeat-until bexp1 CS1,
<repeat-until bexp1 CS1,
eq k( < ws : Compositews | father : F, struc : repeat CS1 until
bexp1, nest : BL, wait : nilo > ) =
k(< ws : Compositews | father : F, struc : CS1, nest : (repeat
CS1 while not bexp1) ; BL, wait : nilo > call(F, ws)).
Figure 5. Semantics of execution Repeat-until
(1) crl : k( < ws : Compositews | father : F, struc : A ,
wait :nilo, blockwait : BW > )
=> < ws : Compositews | father : F, struc : empty,
wait : A ,
blockwait: ( 1 BW) > call(ws, A) call(F, ws)
if head(BW) == 1 .
(2) crl k( < ws : Compositews | father : F, struc : CS1,
nest :BL, wait : A ~ L, blockwait : BW >) tellfin-
=> (call(F, ws) < ws : Compositews | father : F,
struc : CS1,
nest : BL , wait : L, blockwait : BW > ) if head(BW)
== 1 .
(3) crl :k( < ws : Compositews | father : F, struc : A ,
wait : nilo, blockwait : BW, waitbag : OO > )
=> call(ws, A) call(F, ws) < ws : Compositews | father :
F, struc : empty, wait : nilo, blockwait : ( 2 BW), wait-
bag : A # OO >
if head(BW) == 0 and sum(BW) > 0 .
(4) crl k( < ws : Compositews | father : F, struc : CS1,
nest :BL, waitbag : A # OO, blockwait : BW >) tell-
=> < ws : Compositews | father : F, struc : CS1, nest :
BL , waitbag : OO, blockwait : BW > call(F, ws)
== 2 or sum
> 0 .
Formal Semantics of OWL-S with Rewrite Logic 31
Copyright © 2009 SciRes JSEA
Actually, Repeat-While may never act, whereas Re-
peat-Until always acts at least once. Other executions are
5) Split: The components of a “Split” process are a
bag of process components to be executed concurrently.
Split completes as soon as all of its component processes
have been scheduled for execution.
The rule below creates “Block” without order (because
of split definition). At last these “Block”s produce atomic
web services and messages into the “world” of “ws”.
Benefitted with objects concurrent execution in Maude,
all web services that meet its precondition can be exe-
rl k( < ws : Compositews | father : F, struc : split(BLK @
BB), nest : BL, wait : nilo, blockwait : BW > )
=> < ws : Compositews | father : F, struc : BLK, nest :
split(BB) ; BL , wait : nilo, blockwait : (0 BW) > call(F,
6) Split-join: Here the process consists of concurrent
execution of a bunch of process components with barrier
synchronization. That is, “Split-Join” completes when all
of its components processes have completed. To do this,
a special object named “split-join” is defined, and then
control structure “split-join(BB)” is equal to “sequence
(split(BB) ; 'split-join)”.
7) Choice: “Choice” calls for the execution of a single
control construct from a given bag of control constructs.
Any of the given control constructs may be chosen for
execution. As discussed above, any “Block” inside the
control bag may be chosen to match BLK@BB, because of
commutative property. This gives a choice to the control
bag. And then “0” is added to “BW” means there is no
need waiting for this “BLK”.
rl k( < ws : Compositews | father : F, struc : choice(BLK @
BB), nest : BL, wait : nilo, blockwait : BW >)
=> < ws : Compositews | father : F, struc : BLK, nest : BL,
wait: nilo, blockwait : (0 BW) > call(F, ws).
8) Anyorder: “Anyorder” allows the process compo-
nents (specified as a bag) to be executed in some un-
specified order but not concurrently. Execution and com-
pletion of all components is required. The execution of
processes in an Any-Order construct cannot overlap, i.e.
atomic processes cannot be executed concurrently and
composite processes cannot be interleaved. All compo-
nents must be executed. As with Split+Join, completion
of all components is required.
rl k( < ws : Compositews | father : F, struc : anyor-
der(BLK @ BB), nest : BL, wait : nilo, waitbag: OO,
blockwait : BW > )
=><ws:Compositews | father:F, struc: BLK, nest : anyor-
der(BB) ; BL, wait: nilo, waitbag: OO, blockwait : (1 BW) >
9) If-then-else: The “If-Then-Else” class is a control
construct that has a property ifCond ition, then and else
< if bexp1 then CS1 else CS2,
rl k( < ws : Compositews | father : F, struc : if bexp1 then CS1
else CS2, nest : BL, wait : nilo > ) =>
then < ws : Compositews | father : F, struc : CS1, nest :
BL, wait : nilo > call(F, ws)
else < ws : Compositews | father : F, struc : CS2, nest :
BL, wait : nilo > call(F, ws)
Figure 6. Execution of if-then-else
holding different aspects of the If-Then-Else. Its seman-
tics is intended to be “Test If-condition; if True do Then,
if False do Else”. Its SOS and corresponding rewrite rule
are showed in Figure 6.
As discussed above, the rewrite logic rules are obvi-
ously consistent with the definition of SOS benefited
from the great expressing capability of rewrite logic.
7. Case Study
Through the modules discussed above, we get a “seman-
tics-OWL-S.maude” rewrite logic theory for semantics of
the sub-set OWL-S. With this theory in hand, a software
requirement or design in OWL-S can be abstracted into a
rewrite logic theory with the syntax described above by
extending this frame. Different from other translating
methods directly mapping an OWL-S model into another
specification language, this way avoids explaining the
semantics in an actual model, translating work only con-
cerns syntax mapping while semantics have been given in
For verifying the rewrite logic theory, we give an ex-
ample to translate the process model to a Maude program,
and undergo simple verifications  on it.
This example presented by OWL-S in Figure 7 is a
web service based on Amazon E-Commerce Web Ser-
vices. The process is to search books on Amazon by in-
putted keyword and create a cart with selected items, it is
composed of four atomic processes through a sequence
Through the rewrite theory discussed above, we get a
complete Maude program. Here we only display the main
parts of the Maude program. Figure 8 is the initializing
equation for the third atomic process “cartCreateRequest
Process”. In this module, we should build attributes to
express process’s IOPRs first. Two inputs and one output
are translated name by name. Precondition and Effect in
Result are translated to SWRL expression.
The main process of this example is a composite proc-
ess, and the translated Maude code of initializing equa-
tion of it has been shown in Figure 9.
Load the Maude program, and then execute the process
by the command “rew execute-aws”, we can also search
executing path using command “search execute-aws =>!
S: State|C: Configuration tell finish (‘, ‘mainProcess).” If
input a right number less than or equal to the length of
32 Formal Semantics of OWL-S with Rewrite Logic
Copyright © 2009 SciRes JSEA
Figure 7. Structure of the web service process
Figure 8. Initial equation of atomic process
‘items’ for ‘index’, the input of third atomic process “cart
CreateRequestProcess”, Maude will display the result in
Figure 10. In other cases the result is like Figure 11.
We have done more works concerning this framework,
because of space limitation, details are ignored:
(1) Test framework: although the directly mapping
from OWL-S SOS to rewrite logic gives the consistency,
some web services have been constructed to test the eight
control structures and nested ones, including the execu-
tion of atomic web services. The results are the same as
(2) Model checking and analysis: several cases are
constructed including “philosopher dining” which not
only concern control flow but also get a deadlock because
of data sharing in the dataflow; and “online shopping”
which concerns an error in dataflow. These errors can be
found by the Maude analysis tools.
Figure 9. Initializing equation of composite process
Figure 10. Executing environment module
omod EXEC-MAINPROCESS is
pr MAINPROCESS .
op MainProcess : -> MainProcess' .
op execute-aws : -> Superstate .
eq exec-MainProcess = loc(1, nilv) loc(2, 'SubscriptionId')
loc(3, 'AssociateTag') loc(4, nilv) loc(5, Keywords-1) loc(6,
SearchIndex-1) loc(7, nilv) loc(8, nilv) loc(9, nilv) loc(10,
index-1) loc(11, nilv) loc(12, nilv) loc(13, index-1) loc(14,
nilv) loc(15, nilv) loc(16, index-1) loc(17, nilv) loc(18,nilv)
mem('mainProcess . 'InputSubscriptionId, 2)
mem('MainProcess . 'InputAssociateTag, 3)
mem('Perform_SearchReq . 'ItemSearchRequest, 4)
mem('Perform_Req . 'Keywords, 5)
mem('Perform_SearchReq . 'SearchIndex, 6)
mem('Perform_Search . 'Items, 7)
mem('Perform_Search .'OperationRequest, 8)
mem('Perform_Search . 'Shared, 13)
mem('Perform_Search . 'Validate, 14) mem('Perform_Search .
'XMLEscaping, 15) mem('Perform_CreateReq . 'CartCre-
ateRequest, 9) mem('Perform_CreateReq . 'index, 10)
mem('Perform_Create . 'Cart, 11) mem('Perform_Create .
'OperationRequest, 12) mem('Perform_Create . 'Shared, 16)
mem('Perform_Create . 'Validate, 17) mem('Perform_Create .
'XMLEscaping, 18) | < 'MainProcess : MainProcess | initial-
ized : false, father : ', precondition : true >
call(' , 'MainProcess).
eq initial( < WS : MainProcess | father : F, attrs> )
= < WS : MainProcess | initialized : true, father : F, input : ws .
'InputAssociateTag || (ws . 'InputAssociateTag || (ws . 'InputSub-
scriptionId,output : ws . 'OutputCart, precondition : true, result :
noEff, binding : fromto( 'Perform_Search . 'SubscriptionId, ws .
fromto('Perform_Search . 'AssociateTag, ws .'InputAssociateTag)
fromto('Perform_Search . 'Request, ws . 'ItemSearchRequest)
fromto('Perform_Search . 'Request, 'Perform_SearchReq . 'Item-
fromto('Perform_CreateReq . 'items, 'Perform_Search . 'Items)
fromto('Perform_Create . 'SubscriptionId, ws . 'InputSubscrip-
fromto('Perform_Create . 'AssociateTag, ws . 'InputAssociateTag)
fromto('Perform_Create . 'Request, 'Perform_CreateReq . 'Cart-
struc : sequence('Perform_SearchReq ; 'Perform_Search; 'Per-
nest : null, wait : nilo, blockwait : niln, waitbag : noo >
< 'Perform_SearchReq : itemSearchRequestProcess | initialized :
false, father : ws, precondition : true >
< 'Perform_Search : ItemSearchProcess | initialized : false, fa-
ther : ws, precondition : ture>
< 'Perform_CreateReq : ItemSearchProcess | initialized : false,
father : ws, precondition : swrlb:length( 'Perform_CreateReq .
'items) #>= ('Perform_CreateReq .'index) >
< 'Perform_Create : CartCreateProcess | initialized : false, fa-
ther : ws,
recondition : true>.
vars ws F : Oid .
var state : State .
var attrs : AttributeSet .
var conf : Configuration .
var cartCreateRequestProcess : cartCreateRequestProcess' .
eq state | conf initial(<ws : cartCreateRequestProcess |
father : F,attrs>)call(F,ws)
=state | conf<ws : cartCreateRequestProcess |
initialized : true,father : F,input : ws.'index || ws.'items,
output : ws.'cartCreateRequest,
precondition : #not(swrlb:length(ws.'items) #< (ws.'index)),
Formal Semantics of OWL-S with Rewrite Logic 33
Copyright © 2009 SciRes JSEA
Figure 11. Process can finish
Figure 12. Process can not finish
This paper gives a formal semantics for OWL-S sub-set
by rewrite logic, including abstraction, syntax, static and
dynamic semantics. Compared with related researches,
the contribution of this paper gives a translation consis-
tency and benefited with formal specification, dataflow
can be analyzed deeply, which makes formal verification,
and reliability evaluation of software based on SOA pos-
The undergoing future works include: “Precondition”
and “Effect” in SWRL format; WSDL and grounding
information; and a more complex application analysis.
This work has been greatly helped by Prof. Meseguer.
Thanks to Michael Katelman, Feng Chen and Joe Hen-
drix in Formal Systems Lab of UIUC, and all the devel-
opers of the shared software.
 X. Fu, T. Bultan, and J. W. Su, “Analysis of interacting
bpel web services,” in Proceedings of the 13th Interna-
tional Conference on World Wide Web, New York,
NY,USA, pp. 621-630, May 2004.
 D. Martin, M. Burstein, J. Hobbs, O. Lassila, D. McDer-
mott, S. McIlraith, S. Narayanan, M. Paolucci, B. Parsia,
T. R. Payne, E. Sirin, N. Srinivasan, and K. Sycara,
“OWL-S: Semantic markup for web services,” Technical
Report UNSPECIFIED, Member Submission, W3C,
http://www.w3.org/Submission/ OWL-S/, 2004.
 H. Huang, W. T. Tsai, R. Paul, and Y. N. Chen, “Auto-
mated model checking and testing for composite web ser-
vices,” in Proceedings Eighth IEEE International Sympo
sium on Object-Oriented Real-Time Distributed Com
puting, Washington, DC, USA, pp. 300-307, May 2005.
 S. Narayanan and S. A. Mcllraith, “Simulation, verifi-
cation and automated composition of web services,” in
Proceedings 11th International Conference on World
Wide Web, Honolulu, Hawaii, USA, pp. 77-88, May
 A. Ankolekar, M. Paolucci, and K. Sycara, “Spinning the
OWL-S process model-toward the verification of the
OWL-S process models,” in Proceedings International
Semantic Web Conference 2004 Workshop on Semantic
Web Services: Preparing to Meet the World of Business
Applications, Hiroshima, Japan, 2004.
 H. H. Wang, A. Saleh, T. Payne, and N. Gibbins, “Formal
specification of OWL-S with Object-Z: The static aspect,”
in Proceedings IEEE/WIC/ACM International Conference
on Web Intelligence, Washington, DC, USA, pp. 431-434,
 J. S. Dong, C. H. Lee, Y. F. Li, and H. Wang, “Verifying
DAML+OIL and beyond in Z/EVES,” in Proceedings the
26th International Conference on Software Engineering,
Washington, DC, USA, pp. 201-210, May 2004.
 T. F. Serbanuta, F. Rosu, and J. Meseguer, “A rewriting
logic approach to operational semantics (Extended Ab-
stract),” Electronic Notes Theoretical Computer Science,
Vol. 192, No. 1, pp. 125-141, October 2007.
 H. Huang and R. A. Mason, “Model checking technolo-
gies for web services,” in Proceedings the 4th IEEE
Workshop on Software Technologies for Future Embed-
ded and Ubiquitous Systems, and the Second International
Workshop on Collaborative Computing, Integration, and
Assurance, Wanshington, DC, USA, pp. 217-224, April
 A. Verdejo and N. Marti-Oliet, “Executable structural
operational semantics in maude,” Journal of Logic and
Algebraic Programming, Vol. 67, No. 1-No. 2, pp. 226-293,
 M. Birna van Riemsdijk, Frank S. de Boer, M. Dastani,
and John-Jules Meyer, “Prototyping 3APL in the maude
term rewriting language,” in Proceedings of the fifth in-
ternational joint conference on Autonomous agents and
multiagent systems, Hakodate, Hokkaido, Japan, pp.
1279-1281, May 2006.
 M. Clavel, F. Duran, S. Eker, P. Lincoln, N. M. Oliet, J.
Meseguer, and C. Talcott, “All about maude-A high-per-
formance logical framework,” Springer-Verlag New York,
 J. Meseguer and G. Rou, “The rewriting logic semantics
project,” Theoretical Computer Science, Vol. 373, No. 3,
pp. 213-237, April 2007.
 M. Clavel, F. Duran, etc., “Maude mannual,” Department
of Computer Science University of Illinois at Urbana-
Champaign, 2007, http://maude.cs.uiuc.edu.