Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Similar documents
Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Can I Find a Partner?

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

The State Explosion Problem

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Characterizing Weakly Terminating Partners of Open Systems

Interorganizational Workflow Nets: a Petri Net Based Approach for Modelling and Analyzing Interorganizational Workflows

Process Mining in Non-Stationary Environments

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

A Component Framework where Port Compatibility Implies Weak Termination

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

Multiparty Contracts: Agreeing and Implementing Interorganizational Processes

Reducing Complexity of Large EPCs

Markings in Perpetual Free-Choice Nets Are Fully Characterized by Their Enabled Transitions

Automata-based Verification - III

7. Queueing Systems. 8. Petri nets vs. State Automata

Automata-based Verification - III

Simulation of Spiking Neural P Systems using Pnet Lab

Georg Frey ANALYSIS OF PETRI NET BASED CONTROL ALGORITHMS

Soundness of Workflow Nets with an Unbounded Resource is Decidable

Assigning Ontology-Based Semantics to Process Models: The Case of Petri Nets

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems

Structural Analysis of Resource Allocation Systems with Synchronization Constraints

Automatic Synthesis of Distributed Protocols

Consistent Global States of Distributed Systems: Fundamental Concepts and Mechanisms. CS 249 Project Fall 2005 Wing Wong

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

A REACHABLE THROUGHPUT UPPER BOUND FOR LIVE AND SAFE FREE CHOICE NETS VIA T-INVARIANTS

Introduction. Büchi Automata and Model Checking. Outline. Büchi Automata. The simplest computation model for infinite behaviors is the

Generalised Computation of Behavioural Profiles based on Petri-Net Unfoldings

Lecture 4 Model Checking and Logic Synthesis

c 2011 Nisha Somnath

The Downward-Closure of Petri Net Languages

Business Processes Modelling MPB (6 cfu, 295AA)

Guaranteeing Weak Termination in Service Discovery

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication

Compositional Analysis of Timed-arc Resource Workflows with Communication

SPECIFICATION MODELS. Chapter 3. Overview. Introducing Hierarchy. StateCharts

Theory of Computation

A subtle problem. An obvious problem. An obvious problem. An obvious problem. No!

Applications of Petri Nets

Business Process Regulatory Compliance is Hard

Analysis and Optimization of Discrete Event Systems using Petri Nets

Efficient Computation of Causal Behavioural Profiles using Structural Decomposition

CS 322 D: Formal languages and automata theory

An Alternative Construction in Symbolic Reachability Analysis of Second Order Pushdown Systems

Before we show how languages can be proven not regular, first, how would we show a language is regular?

Transition Predicate Abstraction and Fair Termination

Embedded systems specification and design

The priority promotion approach to parity games

Failure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications

Deciding Substitutability of Services with Operating Guidelines

More on Regular Languages and Non-Regular Languages

for System Modeling, Analysis, and Optimization

Extending Supervisory Controller Synthesis to Deterministic Pushdown Automata Enforcing Controllability Least Restrictively

NONBLOCKING CONTROL OF PETRI NETS USING UNFOLDING. Alessandro Giua Xiaolan Xie

Foundations of Informatics: a Bridging Course

Constraint Solving for Program Verification: Theory and Practice by Example

Timed Automata VINO 2011

The Parameterized Complexity of Intersection and Composition Operations on Sets of Finite-State Automata

On the Design of Adaptive Supervisors for Discrete Event Systems

On the modularity in Petri Nets of Active Resources

Computational Models - Lecture 3

Note: In any grammar here, the meaning and usage of P (productions) is equivalent to R (rules).

Causal Nets: A Modeling Language Tailored towards Process Discovery

CSE200: Computability and complexity Space Complexity

P is the class of problems for which there are algorithms that solve the problem in time O(n k ) for some constant k.

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Compact Regions for Place/Transition Nets

Representation of Correlated Sources into Graphs for Transmission over Broadcast Channels

On Parametrical Sequences in Time Petri Nets

Discrete Event Systems Exam

Acceptance of!-languages by Communicating Deterministic Turing Machines

STUBBORN SETS FOR REDUCED STATE SPACE GENERATION

Closure Properties of Regular Languages. Union, Intersection, Difference, Concatenation, Kleene Closure, Reversal, Homomorphism, Inverse Homomorphism

Principles of Program Analysis: A Sampler of Approaches

cse303 ELEMENTS OF THE THEORY OF COMPUTATION Professor Anita Wasilewska

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1

Probabilistic Model Checking and Strategy Synthesis for Robot Navigation

Business Process Management

Optimal Metric Planning with State Sets in Automata Representation [3]

arxiv: v1 [cs.ds] 17 Mar 2017

Let us first give some intuitive idea about a state of a system and state transitions before describing finite automata.

Automata Theory (2A) Young Won Lim 5/31/18

Regular Language Equivalence and DFA Minimization. Equivalence of Two Regular Languages DFA Minimization

Communication and Concurrency: CCS

Synchronisation and Cancellation in Workflows based on Reset nets

A Polynomial-Time Algorithm for Checking Consistency of Free-Choice Signal Transition Graphs

Nondeterministic finite automata

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

Basics of Relation Algebra. Jules Desharnais Département d informatique et de génie logiciel Université Laval, Québec, Canada

What we have done so far

Deciding life-cycle inheritance on Petri nets

Modeling and Stability Analysis of a Communication Network System

Attack-Resilient Supervisory Control of Discrete-Event Systems

CS 373: Theory of Computation. Fall 2010

Nondeterministic Finite Automata. Nondeterminism Subset Construction

Earliest Arrival Flows in Networks with Multiple Sinks

Embedded Systems 6 REVIEW. Place/transition nets. defaults: K = ω W = 1

Transcription:

Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 20 - Workflow modules 1

Object We study Workflow modules to model interaction between workflows Ch.6 of Business Process Management: Concepts, Languages, Architectures 2

Problem Not all tasks of a workflow net are automatic: they can be triggered manually or by a message they can be used to trigger other tasks How do we represent this? 3

Implicit interaction Separately developed Seller workflow Some activities can input messages Some activities can rec_reject reject rec_accept accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 output messages 4

Implicit interaction Seller can receive Seller (symbol?) recommendations Seller can send (symbol!)?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 decisions 5

Interface Seller has an interface Seller for interaction It consists of some input places and ra rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 some output places 6

Interface P I Seller receiving? sending! P O ra rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 7

Problem Assume the original workflow net has been validated: it is a sound (and maybe safe) workflow net When we add the (places in the) interface it is no longer a workflow net! 8

Workflow Modules Definition: A workflow module consists of a workflow net (P,T,F) plus a set P I of incoming places plus a set of incoming arcs F I (P I x T) plus a set P O of outgoing places plus a set of outgoing arcs F O (T x P O ) such that each transition has at most one connection to places in the interface 9

Problem Workflow modules must be capable to interact How do we check that their interfaces match? How do we combine them together? 10

Strong structural compatibility A set of workflow modules is called strongly structural compatible if for every message that can be sent there is a module who can receive it, and for every message that can be received there is a module who can send it (formats of message data are assumed to match) 11

Weak structural compatibility A set of workflow modules is called weakly structural compatible if all messages sent by modules can be received by other modules more likely than a complete structural match (workflow modules are developed separately) 12

Interaction Auctioning Service P O P I Seller sending! receiving?!rec_accept?accept!rec_reject?reject ra rr sa sr P I P O ra rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 13

Interaction Auctioning Service Seller!rec_accept?accept!rec_reject?reject ra rr sa sr ra rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 14

Problem We have added places and arcs to single nets We have joined places of different nets We have paired their initial markings How do we check that the system behaves well? What has this check to do with WF net soundness? 15

Workflow systems 16

Workflow system Auctioning Service Seller ra ra!rec_accept?accept!rec_reject?reject rr sa sr rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 17

Workflow system Definition: A workflow system consists of a set of n structurally compatible workflow modules (initial places i1,...,in, final places o1,...,on) plus an initial place i and a transition ti from i to i1,...,in plus a final place o and a transition to from o1,...,on to o 18

Soundness of workflow systems A workflow system is just an ordinary workflow net We can check its soundness as usual 19

Exercise Can the system deadlock? Auctioning Service Seller ra ra!rec_accept?accept!rec_reject?reject rr sa sr rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 20

Exercise Can the system deadlock? Auctioning Service' Seller ra ra!rec_accept?accept!rec_reject?reject rr sa sr rr sa sr?rec_reject!reject?rec_accept!accept M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 21

Exercise Complete with missing arcs the following behavioural interfaces and check their compatibility pr pr! participation_req? participation_req ra rr ra rr! rec_accept! rec_reject? rec_reject? rec_accept ba br ba br? accept? reject! reject! accept a a? reject? accept! accept! reject r r M. Weske: Business Process Management, Springer-Verlag Berlin Heidelberg 2007 n n! notify? notify 22

Exercise Check compatibility of WF modules below a a e e b b f f c c g g d d h h (a) (b) 23 (c)

Weak soundness 24

Problem When checking behavioural compatibility the soundness of the overall net is a too restrictive requirement Workflow modules are designed separately, possibly reused in several systems It is unlikely that every functionality they offer is involved in each system 25

Problem Definition: A workflow net is weak sound if it satisfies option to complete and proper completion (dead tasks are allowed) Weak soundness can be checked on the RG It guarantees deadlock freedom and proper termination of all modules 26

Sound + Sound =? p1 p2 M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 p3 27

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 28

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 29

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 30

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 31

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 32

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 33

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 34

Sound + Sound = not sound M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 35

Sound + Sound = not sound Dead tasks! M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 36

Sound + Sound = not sound Weak Sound! M. Weske : Busines s Proce ss Management, Springer-Verlag Berlin Heide lberg 2007 37

Exercise: Preliminaries contractor subcontractor order part N0 specification cost_statement part N1 product 38

Exercise: Check Weak Soundness of The Assembly order specification cost_statement product 39

Exercise: Check Again After Refactoring Contractor order specification cost_statement product 40

Exercise: Check Again After Refactoring Both order specification cost_statement product order specification cost_statement product 41

(Contractor zoom-in) 42

(Subcontractor zoom-in) 43

Partner existence (aka controllability) Does My Service Have Partners? Karsten Wolf Universität Rostock, Institut für Informatik, 18051 Rostock, Germany karsten.wolf@uni-rostock.de K. Jensen and W. van der Aalst (Eds.): ToPNoC II, LNCS 5460, pp. 152 171, 2009. c Springer-Verlag Berlin Heidelberg 2009 44

Problem Processes are designed in isolation (loose coupling) We would like their composition to be well-behaved Given a process: Can we guarantee that at least one partner exists? If so, can we synthesize the most permissive partner? 45

Controllability Assume a notion of well-behaving is defined We say that a process N is controllable if it has at least one partner N such that the composition of N with N is well-behaving 46

Controllability: idea Given a process N we aim to construct an automaton that over-approximates the behaviour of any partner, then we iteratively remove states and arcs that invalidate the behavioural property we are after: if we end up with the empty automaton, then the process N is uncontrollable otherwise, the automaton defines the most general strategy to collaborate with N (guaranteeing the behavioural property we are after) 47

Open nets Definition: An open net consists of a net (P,T,F,m0) plus incoming places P I P plus outgoing places P O P plus a finite set Mf of final markings such that each transition has at most one connection to places in the interface any initial or final marking does not mark any place in the interface 48

Example: open net m0 = a P I = { i } P O = { o } Mf = { b } 49

Notation Definition: The label of a transition t is the interface place connected to t, if any, or the special silent action tau otherwise `(t) = x if x 2 (P I [ P O ) and (t, x) 2 F _ (x, t) 2 F otherwise 50

Example: open net m0 = a P I = { i } P O = { o } Mf = { b } `(t 1 ) = i `(t 2 ) = o 51

Closed nets An open net N = (P,T,F,m0,P I,P O,Mf) is called closed if P I = P O = 52

Inner nets Let N = (P,T,F,m0,P I,P O,Mf) be an open net and let IO = (P I P O ) be its interface its inner net In(N) is the closed net obtained by removing the interface In(N) = ( P \ IO, T, F \ ((IO T) (T IO)), m0,,, Mf ) 53

Example: inner net 54

Bounded and responsive nets We focus on open nets N such that their inner nets In(N) are bounded (in the usual sense, they have finite occurrence graphs) responsive from any marking m either a final marking is reachable or m enables a transition t connected to the interface 55

Composition of open nets Given two open nets N1 = (P1,T1,F1,m01,P I 1,P O 1,Mf1) N2 = (P2,T2,F2,m02,P I 2,P O 2,Mf2) such that P I 1=P O 2 and P O 1= P I 2 56

Composition of open nets Given two open nets N1 = (P1,T1,F1,m01,P I,P O,Mf1) N2 = (P2,T2,F2,m02,P O,P I,Mf2) their composition N = N1 N2 is the closed net N = ( P1 P2, T1 T2, F1 F2, m01+m02,,, Mf1 Mf2 ) A final marking of the composed net is any combination of final markings of the original nets note that even if N1 and N2 are bounded and responsive, their composition N1 N2 is not necessarily so 57

Behavioural properties: DF A closed net N = (P,T,F,m0,,,Mf) is DF (deadlock-free) if any non-final reachable marking enables a transition 8m 2 ([m 0 i \ M f ). 9t. M t! 58

DF,k-controllable nets A bounded and responsive open net N = (P,T,F,m0,P I,P O,Mf) is DF,k-controllable if there is a (bounded and responsive) partner N such that N N is DF and any place p (P I P O ) is k-bounded in N N such an N is called a DF,k-strategy of N 59

Approach Start with a bounded and responsive open net N = (P,T,F,m0,P I,P O,Mf) 1st step Define a strategy TS0 which is an automaton such that a state q of TS0 represents the set of markings N can be in while TS0 is in q i.e. q is the view of N according to the interactions observed so far Note that TS0 can be infinite 60

Notation A special symbol # tags final states Given a set of markings M of N, we denote by cl(m)n the closure of M i.e., the set of markings reachable in N from any of the markings in M cl(m) N = { m 0 9m 2 M. m 0 2 [Mi N } 61

TS 0 =(Q, E, q 0,Q f ) TS 0 q 0 = cl({m 0 }) N q 0 2 Q if q 2 Q if # 62 q any state q has a final counterpart then q 0 = q [ # 2 Q, q! q 2 E, q! q 0 2 E if x 2 P I ^ # 62 q then q 0 = cl({m + x m 2 q}) 2 Q, q x! q 0 2 E if x 2 P O TS0 simulates the production of messages in input places TS0 simulates the consumption of messages from output places then q 0 = {m x m 2 q, m(x) > 0}\{#} 2 Q, q x! q 0 Q f = {q 2 Q # 2 q} 62

Approach Starting from the strategy TS0 2nd step Define a strategy TS1 that removes from TS0 all states q that contains a marking m that exceeds the capacity bound k for some place in the interface (as a consequence remove all adjacent edges and all states that become unreachable) TS1 is always a finite automaton (actually it can be constructed directly from N) 63

TS 1 TS 0 =(Q, E, q 0,Q f ) Q 1 = Q \{q 2 Q 9m 2 q. 9x 2 (P I [ P O ).m(x) >k} E 1 = {q! q 0 2 E q, q 0 2 Q 1 } Q f1 = Q f \ Q 1 TS 1 =(Q 1,E 1,q 0,Q f1 ) 64

DF,1-controllability example: TS 1 N cl({a}) N 65

DF,1-controllability example: TS 1 N any state q has a final counterpart 66

DF,1-controllability example: TS 1 simulates the production of messages in input places cl({a + i, b + o + i}) N N 67

DF,1-controllability example: TS 1 N any state q has a final counterpart 68

DF,1-controllability example: TS 1 N q1 has not outgoing arc with label i because of 1-boundedness (this is TS1, not TS0) 69

DF,1-controllability example: TS 1 N cl({b}) N simulates the consumption of messages from output places 70

DF,1-controllability example: TS 1 N any state q has a final counterpart 71

DF,1-controllability example: TS 1 simulates the consumption of messages from output places N cl({b + i}) N simulates the production of messages in input places 72

DF,1-controllability example: TS 1 N any state q has a final counterpart 73

DF,1-controllability example: TS 1 simulates the consumption of messages from output places N 74

DF,1-controllability example: TS 1 N simulates the consumption of messages from output places cl({}) N 75

DF,1-controllability example: TS 1 N any state q has a final counterpart 76

DF,1-controllability example: TS 1 N 77

Approach Starting from the strategy TSi Iterative step Define a strategy TSi+1 that removes from TSi all states q that can invalidate the property of interest (as a consequence remove all adjacent edges and all states that become unreachable) At some point TSj+1 = TSj and we terminate 78

Notation We can compose TS i with N, writtents i N States are pairs [q, m] with q 2 Q i and m 2 q if m! t m 0 in N then [q, m] `(t)! [q, m 0 ] if q! q 0 2 E i then [q, m]! [q 0,m] if q! x q 0 2 E i with x 2 P I then [q, m]! x [q 0,m+ x] if q! x q 0 2 E i with x 2 P O and m(x) > 0 then [q, m]! x [q 0,m x] 79

DF,1-controllability example: TS 1 N 80

TS i+1 TS i =(Q i,e i,q 0,Q fi ) remove the state q if q! q is the only edge with source q remove the state q if 9m 2 q such that in TS i N if [q 0,m 0 ] is reachable from [q, m] then m 0 62 M f and only sequences of -steps are possible from [q, m] 81

DF,1-controllability example: TS 2 82

DF,1-controllability example: TS 2 83 X

DF,1-controllability example: TS 2 X 84 X

DF,1-controllability example: TS 2 X X 85 X

DF,1-controllability example: TS 2 X X X 86 X

DF,1-controllability example: TS 2 87

DF,1-controllability example: TS 2 N 88

DF,1-controllability example: TS 2 N X 89

X DF,1-controllability example: TS 2 N X 90

X DF,1-controllability example: TS 2 N X X X 91

X DF,1-controllability example: TS 2 N X X X X 92

DF,1-controllability example: TS 2 N X X X X X X 93

DF,1-controllability example: TS 2 N X X X X X X X X 94

DF,1-controllability example: TS 3 95

DF,1-controllability example: TS 3 N 96

Note Note the presence of a state associated with the empty set of markings it can appear in a strategy, but is actually unreachable in the composition with N for DF,k-controllability it makes no harm 97

DF,k-controllability theorem Let TS = (Q,E,q0,Qf) be the automaton produced by applying the above procedure to the open net N Theorem N is DF,k-controllable iff Q (proof omitted) 98

Behavioural properties: LF A closed net N = (P,T,F,m0,,,Mf) is LF (livelock-free) if from any reachable marking a final marking is reachable 8m 2 [m 0 i. [mi\m f 6= ; 99

LF,k-controllable nets A bounded and responsive open net N = (P,T,F,m0,P I,P O,Mf) is LF,k-controllable if there is a (bounded and responsive) partner N such that N N is LF and any place p (P I P O ) is k-bounded in N N such an N is called a LF,k-strategy of N 100

Approach We construct TS0 and TS1 as before. We change only the iterative step Iterative step Define a strategy TSi+1 that removes from TSi all states q that can invalidate the property of interest (as a consequence remove all adjacent edges and all states that become unreachable) At some point TSj+1 = TSj and we terminate 101

TS i+1 TS i =(Q i,e i,q 0,Q fi ) remove the state q if 9m 2 q such that in TS i no [q 0,m 0 ] with q 0 2 Q fi ^ m 0 2 M f is reachable from [q, m] N 102

LF,k-controllability theorem Let TS = (Q,E,q0,Qf) be the automaton produced by applying the above procedure to the open net N Theorem N is LF,k-controllable iff Q (proof omitted) 103

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback