Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Similar documents
Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

D I A G N O S I N G W O R K F L O W P R O C E S S E S U S I N G W O F L A N

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Markings in Perpetual Free-Choice Nets Are Fully Characterized by Their Enabled Transitions

Embedded Systems 6 REVIEW. Place/transition nets. defaults: K = ω W = 1

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

Linear Time Analysis of Properties of Conflict-Free and General Petri nets

Analysis and Optimization of Discrete Event Systems using Petri Nets

Petri nets. s 1 s 2. s 3 s 4. directed arcs.

DES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models

Synchronisation and Cancellation in Workflows based on Reset nets

Assigning Ontology-Based Semantics to Process Models: The Case of Petri Nets

A Polynomial-Time Algorithm for Checking Consistency of Free-Choice Signal Transition Graphs

The State Explosion Problem

Time(d) Petri Net. Serge Haddad. Petri Nets 2016, June 20th LSV ENS Cachan, Université Paris-Saclay & CNRS & INRIA

Soundness of Workflow Nets with an Unbounded Resource is Decidable

Timo Latvala. March 7, 2004

Efficient Computation of Causal Behavioural Profiles using Structural Decomposition

Free-Choice Petri Nets without Frozen Tokens, and Bipolar Synchronization Systems. Joachim Wehler

Time and Timed Petri Nets

7. Queueing Systems. 8. Petri nets vs. State Automata

NONBLOCKING CONTROL OF PETRI NETS USING UNFOLDING. Alessandro Giua Xiaolan Xie

A REACHABLE THROUGHPUT UPPER BOUND FOR LIVE AND SAFE FREE CHOICE NETS VIA T-INVARIANTS

Petri Nets (for Planners)

Complexity Analysis of Continuous Petri Nets

On Qualitative Analysis of Fault Trees Using Structurally Persistent Nets

A Structure Causality Relation for Liveness Characterisation in Petri Nets

Georg Frey ANALYSIS OF PETRI NET BASED CONTROL ALGORITHMS

FOURIER-MOTZKIN METHODS FOR FAULT DIAGNOSIS IN DISCRETE EVENT SYSTEMS

Interorganizational Workflow Nets: a Petri Net Based Approach for Modelling and Analyzing Interorganizational Workflows

Exact and Approximate Equilibria for Optimal Group Network Formation

Time Petri Nets. Miriam Zia School of Computer Science McGill University

c 2011 Nisha Somnath

Efficient Computation of Causal Behavioural Profiles using Structural Decomposition

Synchronizing sequences. on a class of unbounded systems using synchronized Petri nets

EE249 - Fall 2012 Lecture 18: Overview of Concrete Contract Theories. Alberto Sangiovanni-Vincentelli Pierluigi Nuzzo

MPRI 1-22 Introduction to Verification January 4, TD 6: Petri Nets

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Coloured Petri Nets Based Diagnosis on Causal Models

Petri Nets and Model Checking. Natasa Gkolfi. University of Oslo. March 31, 2017

1. sort of tokens (e.g. indistinguishable (black), coloured, structured,...),

The Alignment of Formal, Structured and Unstructured Process Descriptions. Josep Carmona

Deciding life-cycle inheritance on Petri nets

Distributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour

Simulation of Spiking Neural P Systems using Pnet Lab

Business Process Management

Trace- and Failure-Based Semantics for Responsiveness

AGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:

Compositional Analysis of Timed-arc Resource Workflows with Communication

Exact and Approximate Equilibria for Optimal Group Network Formation

Specification models and their analysis Petri Nets

Let us first give some intuitive idea about a state of a system and state transitions before describing finite automata.

Structural Analysis of Resource Allocation Systems with Synchronization Constraints

Recent results on Timed Systems

Reducing Complexity of Large EPCs

Announcements. Problem Set 7 graded; will be returned at end of lecture. Unclaimed problem sets and midterms moved!

TESTING is one of the most important parts of the

Finding Errors in the Design of a Workflow Process A Petri-net-based Approach

A Deadlock Prevention Policy for Flexible Manufacturing Systems Using Siphons

Chapter 8 Mining Additional Perspectives

Efficient Symbolic Analysis of Bounded Petri Nets Using Interval Decision Diagrams

Applications of Petri Nets

Theory of Computation Chapter 9

Direct mapping of low-latency asynchronous

Sequence convergence, the weak T-axioms, and first countability

Elementary Siphons of Petri Nets and Deadlock Control in FMS

Sections 8.1 & 8.2 Systems of Linear Equations in Two Variables

Semi-asynchronous. Fault Diagnosis of Discrete Event Systems ALEJANDRO WHITE DR. ALI KARIMODDINI OCTOBER

DECOMPOSITION OF PETRI NETS

Complete Process Semantics for Inhibitor Nets Technical Report

NP-COMPLETE PROBLEMS. 1. Characterizing NP. Proof

Class Note #20. In today s class, the following four concepts were introduced: decision

Causal Nets: A Modeling Language Tailored towards Process Discovery

A reachability graph partitioning technique for the analysis of deadlock prevention methods in bounded Petri nets

Basis Marking Representation of Petri Net Reachability Spaces and Its Application to the Reachability Problem

Generalised Computation of Behavioural Profiles based on Petri-Net Unfoldings

1 Secure two-party computation

The Downward-Closure of Petri Net Languages

Mining Process Models with Prime Invisible Tasks

Business Process Regulatory Compliance is Hard

Checking Behavioral Conformance of Artifacts

Automatic Generation of Polynomial Invariants for System Verification

Safety Analysis Using Petri Nets

Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66

Methods for the specification and verification of business processes MPB (6 cfu, 295AA)

From workflow models to document types and back again

Analysing Signal-Net Systems

Desynchronisation Technique using Petri Nets

Petri Net Modeling of Irrigation Canal Networks

CSC 5170: Theory of Computational Complexity Lecture 4 The Chinese University of Hong Kong 1 February 2010

Undecidable Problems. Z. Sawa (TU Ostrava) Introd. to Theoretical Computer Science May 12, / 65

Introduction to Quantum Branching Programs

Chapter 3 Deterministic planning

Timed Automata VINO 2011

Petri net models. tokens placed on places define the state of the Petri net

Process Discovery and Conformance Checking Using Passages

Logic and Automata I. Wolfgang Thomas. EATCS School, Telc, July 2014

Modeling and Stability Analysis of a Communication Network System

Coordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.

Transcription:

Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 17 - Diagnosis for WF nets 1

Object We study suitable diagnosis techniques for unsoundness of Workflow nets Diagnosing workflow processes using Woflan (article, optional reading) http://wwwis.win.tue.nl/~wvdaalst/publications/p135.pdf 2

Some Pragmatic Considerations We know that for a number of important classes of nets, liveness and boundedness can be decided efficiently (in polynomial time) but we want to check soundness for a wider range of nets Moreover, when a process is not sound, some diagnostic can be generated that indicates why it is flawed 3

Woflan (now inside WoPeD) WOrkFLow ANalyzer (Windows only) http://www.win.tue.nl/woflan/ Woflan takes a workflow process definition (imported from some workflow product) Woflan translates it to a Petri net N Woflan tells us if N is a sound workflow net (Is N a workflow net? Is N* bounded? Is N* live?) if not, provides some diagnostic information 4

Running example 5

Running example 6

Running example: short-circuited 7

Running example: short-circuited 8

Structural analysis 9

S-Invariant analysis If every place of N* is covered by a semi-positive S-invariant then N* is bounded Places not covered by semi-positive S-invariants are potential sources of errors 10

S-Coverability analysis S-coverability is one of the basic requirements any workflow process definition should satisfy From a formal point of view: there exists WF-nets which are sound but not S-coverable Typically, these nets contain places which do not restrict the firing of a transition, but which are not in any S-component 11

S-Coverability analysis A case is often composed by parallel threads of control (each thread imposing some order over its tasks) The notion of S-coverability allows to reveal such threads 12

Quick reminder A subnet N =(P,T,F ) of N =(P, T, F) consists of: a subset P P of places a subset T T of transitions the subset F ((P T ) (T P )) F of arcs An S-component is a subnet N =(P,T,F ) of N that: is a strongly-connected S-net ( t T. t = t =1) for any p P we have p p T 13

Quick reminder In a S-component, the total number of tokens in its places is constant Any S-component induces a uniform invariant (weights 0 and 1) A net is S-coverable i any p P belongs to some S-component S-coverability implies boundedness (because it induces a positive S-invariant) 14

Quick reminder Recall that a net is free choice if for any two transitions t1 and t2 then either t1 = t2 or t1 t2 = Non free-choice: two tasks share some but not all preconditions like a XOR-split that overlaps with an AND-join AND-join 15 XOR-split

Free-Choice vs Soundness Note that free-choice is orthogonal to soundness: there exists WF-nets that are free-choice but not sound there exists WF-nets that are sound but not free-choice (below: non free-choice but sound) 16

S-Coverability diagnosis A net which is free-choice, live, and bounded must be S-coverable If N* is free-choice, live and bounded must be S-coverable Theorem: If N is sound and free-choice, then N* must be S-coverable If N is free-choice and N* is not S-coverable... then N cannot be sound 17

S-Coverability diagnosis Any S-component of N* includes i, o, reset (by strong-connectedness) Places that are not covered by S-component are potential sources of errors S-coverability is not a sufficient requirement for soundness N* can be S-coverable even if N is not sound 18

Running example: S-cover for N*? 19

Running example: S-cover for N*? 20

Running example: S-cover for N* 21

Running example: S-cover for N*? No N* is free-choice but not S-coverable thus N is not sound 22

Split / Join Balancing A good workflow design is characterized by a balance between AND/XOR-split and AND/XOR-joins Any mismatch is a potential source of errors: two alternative flows created via a XOR-split should not be synchronized by an AND-join (the net could deadlock) two parallel flows initiated by an AND-split should not be joined by a XOR-join (multiple tokens can be produced in the same place) 23

TP-handles & PT-handles: Graphical Examples T AND-split XOR-join P P XOR-split AND-join T 24

TP- and PT-handles Definition: A transition t and a place p form a TP-handle if there are two distinct elementary paths c1 and c2 from t to p such that the only nodes they have in common are t,p Definition: A place p and a transition t form a PT-handle if there are two distinct elementary paths c1 and c2 from p to t such that the only nodes they have in common are p,t 25

Well-Structured Nets A net is well-handled iff it has: no PT-handles and no TP-handles Definition: A net is well-handled iff for any pair of nodes x and y of different kinds (one place and one transition) any two elementary paths c1 and c2 from x to y coincide or have other nodes in common apart x,y Definition: A workflow net N is said well-structured if N* is well-handled 26

S-coverability diagnosis Theorem: If N is sound and well-structured, then N* is S-coverable If N is well-structured and N* is not S-coverable... then it is not sound Note that If N* is not well-handled, N can be sound especially if reset is involved in the handle (it is a symptom, not a disease) 27

Running example: Well-structured? No PT-handle 28

Running example: Well-structured? No TP-handle 29

Running Example: WoPeD Diagnosis 30

Be careful We are interested in well-structuring of N, not of N* WoPeD also marks PT/TP-handles over N* 31

Liveness and boundedness vs Soundness requirements 32

Improper completion Suppose N completes improperly: from i we can reach o+m We can do the same on N* then we fire reset and reach i+m we can repeat the same run and reach i+2m and then i+3m and then i+4m and then... i+km N* has some unbounded places (all p such that M(p)>0) 33

Unsoundness from unboundedness Improper completion of N implies unboundeness of N* If N* has some unbounded places... N could complete improperly 34

Unsoundness from unboundedness If N has some unbounded places then N* has some unbounded places... N could complete improperly or may violate option to complete 35

Consequences of boundedness If N* is bounded, then: if o+m is reachable from i in N, then M=0 If N* is bounded, then... either N satisfies both option to complete and proper completion or N does not satisfy option to complete 36

Completion option failure Suppose N does not satisfy the option to complete : then from i we can reach M from which we cannot mark o We can do the same on N* then reset is dead from M i.e. reset is non-live in N* N* has non-live transitions 37

Unsoundness from non-liveness Option to complete fail for N implies non-liveness of N* If reset transition is non-live in N*... N could fail to satisfy completion option 38

Unsoundness from Non-Liveness If N* is bounded and has dead transitions, then if reset is dead N and N* have the same finite reachability graph hence N has the same dead tasks as N* (except reset) if reset is not dead the reachability graphs of N and N* differ only for (because N* is bounded) hence N has the same dead tasks as N* o reset i 39

Unsoundness from Non-Liveness If N* has non-live transitions then N could have dead transitions (but which ones?) 40

Error sequences 41

Diagnostic information The sets of: unbounded places of N* dead transitions of N* non-live transitions of N* may provide useful information for the diagnosis of behavioural errors (pointing to different types of errors) Unfortunately, this information is not always sufficient to determine the exact cause of the error Behavioural error sequences can overcome this problem 42

Error sequences Rationale: We want to find firing sequences such that: every continuation of such sequences will lead to an error they have minimal length (none of its prefixes satisfies the above property) Informally: error sequences are scenarios that capture the essence of errors made in the workflow design (violate option to complete or proper completion ) 43

Non-Live sequences: informally A non-live sequence is a firing sequence of minimal length such that completion of the case is no longer possible i.e. a witness for transition reset being non-live in N* 44

Non-Live sequences: fundamental property Let N be such that: N* is bounded N (or equivalently N*) has no dead task Then, N* is live iff N has no non-live sequences 45

Non-Live sequences: graphically The analysis is possible in bounded systems only Compute the RG of N* Color in red all nodes from which there is no path to o Color in green all nodes from which all paths lead to o Color in yellow all remaining nodes (some but not all paths lead to o) 46

Non-Live sequences: remarks No red node implies no yellow node No green node implies no yellow node 47

Non-Live sequences: formally Definition: An occurrence sequence t i 1 t M 1... M k k 1 M k is non-live if all markings are distinct M k M k is red 1 is yellow Firing tk removes the option to complete Then, the firing sequence t 1...t k is also called non-live 48

Running example: slight variant 49

Running example variant: colored RG register, do register, send, do register, send, timeout register, send, rec, do register, send, dont, timeout and also? 50

Unbounded sequences: informally An unbounded sequence is a firing sequence of minimal length such that every continuation implies a violation of proper completion i.e. a witness for unboundedness 52

Unbounded sequences: fundamental property N* is bounded iff N has no unbounded sequences Undesired markings: infinite-weighted markings or markings greater than o 53

Unbounded sequences: graphically Compute the CG of N* Color in green all nodes from which undesired markings are not reachable Color in red all nodes from which no green marking is reachable (undesired markings are unavoidable) Color in yellow all remaining nodes (undesired markings are reachable but avoidable) 54

Unbounded sequences: remarks No red node implies no yellow node No green node implies no yellow node 55

Restricted coverability graph (RCG) CG can become very large (intractable) Basic observation: infinite-weighted markings leads to infinite-weighted markings and they will be all red We can just avoid computing them 56

Running example: RCG vs CG 57

Running example: colored RCG register, dont, send, rec register, send, dont, rec and also? 58

Practice with WoPeD (and Woflan) 60

Analyse the running example 61

Analyse the running example variant 62

Analyse this net 63

Analyse this net 64

Analyse this net 65

Analyse this net 66

Analyse this net 67

Design and analysis of WF-net The workflow of a computer repair service (CRS) can be described as follows. A customer brings in a defective computer and the CRS checks the defect and hands out a repair cost calculation back. If the customer decides that the costs are acceptable, the process continues, otherwise she takes her computer home unrepaired. The ongoing repair consists of two activities, which are executed, in an arbitrary order. The first activity is to check and repair the hardware, whereas the second activity checks and configures the software. After each of these activities, the proper system functionality is tested. If an error is detected another arbitrary repair activity is executed, otherwise the repair is finished. Model the described workflow as a sound workflow net. 68

Design and analysis of WF-net A hospital wants to establish a rating workflow for their doctors. To make the workflow reliable two different roles are assigned. The first one is a referee from the newly created quality assurance department while the second one represents the managing director of the hospital. Both roles execute all of their tasks independently from each other. The referee starts a new case regarding a certain doctor by interviewing patients. Since a patient interview workflow is already established, it is simply integrated in the new workflow. Meanwhile, the director asks an external expert to review the work of the doctor under rating. Unfortunately, since the expert only gets a low expenses fee, it can happen that the expert is not responding in time. If that happens, another expert has to be asked (who could also not respond in time, i.e. the procedure repeats). If an expert finally sends an expertise, it is received by the director and forwarded to the referee. The referee files the results containing the patient interviews as well as the expertise and afterward creates a report. While the referee is doing this, the manager fills a cheque to pay the expenses of the expert. Model the described workflow as a sound workflow net. 69

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback