Verifying soundness of business processes: A decision process Petri nets approach

This paper presents a trajectory-tracking approach for verifying soundness of workflow/Petri nets represented by a decision-process Petri net. Well-formed business processes correspond to sound workflow nets. The advantage of this approach is its ability to represent the dynamic behavior of the business process. We show that the problem of finding an optimum trajectory for validation of well-formed business processes is solvable. To prove our statement we use the Lyapunov stability theory to tackle the soundness verification problem for decision-process Petri nets. As a result, applying Lyapunov theory, the well-formed verification (soundness) property is solved showing that the workflow net representation using decision process Petri nets is uniformly practically stable. It is important to note that in a complexity-theoretic sense checking the soundness property is computationally tractable, we calculate the computational complexity for solving the problem. We show the connection between workflow nets and partially ordered decision-process Petri net used for business process representation and analysis. Our computational experiment of supply chains demonstrate the viability of the modeling and solution approaches for solving computer science problems.     

Soundness of workflow nets: classification, decidability, and analysis

Workflow nets, a particular class of Petri nets, have become one of the standard ways to model and analyze workflows. Typically, they are used as an abstraction of the workflow that is used to check the so-called soundness property. This property guarantees the absence of livelocks, deadlocks, and other anomalies that can be detected without domain knowledge. Several authors have proposed alternative notions of soundness and have suggested to use more expressive languages, e.g., models with cancellations or priorities. This paper provides an overview of the different notions of soundness and investigates these in the presence of different extensions of workflow nets. We will show that the eight soundness notions described in the literature are decidable for workflow nets. However, most extensions will make all of these notions undecidable. These new results show the theoretical limits of workflow verification. Moreover, we discuss some of the analysis approaches described in the literature.     

On the expressive power of behavioral profiles

Behavioral profiles have been proposed as a behavioral abstraction of dynamic systems, specifically in the context of business process modeling. A behavioral profile can be seen as a complete graph over a set of task labels, where each edge is annotated with one relation from a given set of binary behavioral relations. Since their introduction, behavioral profiles were argued to provide a convenient way for comparing pairs of process models with respect to their behavior or computing behavioral similarity between process models. Still, as of today, there is little understanding of the expressive power of behavioral profiles. Via counter-examples, several authors have shown that behavioral profiles over various sets of behavioral relations cannot distinguish certain systems up to trace equivalence, even for restricted classes of systems represented as safe workflow nets. This paper studies the expressive power of behavioral profiles from two angles. Firstly, the paper investigates the expressive power of behavioral profiles and systems captured as acyclic workflow nets. It is shown that for unlabeled acyclic workflow net systems, behavioral profiles over a simple set of behavioral relations are expressive up to configuration equivalence. When systems are labeled, this result does not hold for any of several previously proposed sets of behavioral relations. Secondly, the paper compares the expressive power of behavioral profiles and regular languages. It is shown that for any set of behavioral relations, behavioral profiles are strictly less expressive than regular languages, entailing that behavioral profiles cannot be used to decide trace equivalence of finite automata and thus Petri nets.     

基于工作流网的实时协同系统模拟技术

基于Petri网和工作流的概念，提出一种实时协同系统的形式化模拟与分析技术——逻辑工作流网，逻辑工作流网是抑制弧Petri网和高级Petri网的抽象和扩展，其变迁的输入／输出受逻辑表达式的约束，它与一般工作流网相比，能够在一定程度上缓解状态空间爆炸问题，且便于系统设计人员掌握和使用，该文分析了逻辑工作流网的若干性质及组合网的性质继承问题，并以网上企业销售系统为例，说明逻辑工作流网在实时协同系统模拟分析中的应用。     

一种新的Statechart模型验证方法

在传统的基于时序逻辑的模型检查框架下验证Statcchart模型面临三大挑战:全状态空间搜索、多次重复搜索和复杂时序逻辑公式难写。基于上述问题和实践工作,提出一种新的Statechart模型验证方法。该方法的中心是一种强化了的属性描述语言—属性状态图,并利用属性状态图中存在的先后关系和并发关系,把各个属性状态图有机地结合成一个树结构—属性树。属性树涵盖了目标系统要求验证的属性空间,因此可自上而下的验证整棵属性树。在验证过程中系统Statechart模型对应状态空间是逐步展开的,每验证部分属性就展开相应的部分状态空间并对其进行验证,验证过程是基于属性树转换并以step为单位,验证step的初始status和结束status是否满足对应属性树节点公式对其的属性约束,这样既能够迅速找出错误又能屏蔽step内部系统Statcchart模型的状态变化,使得验证过程更简单快捷。为了说明属性状态图和基于其的验证算法是实用和易用的,通过一个例子说明了从模型设计到具体验证整个过程。     

Soundness-preserving reduction rules for reset workflow nets

The application of reduction rules to any Petri net may assist in its analysis as its reduced version may be significantly smaller while still retaining the original net’s essential properties. Reset nets extend Petri nets with the concept of a reset arc, allowing one to remove all tokens from a certain place. Such nets have a natural application in business process modelling where possible cancellation of activities need to be modelled explicitly and in workflow management where such process models with cancellation behaviours should be enacted correctly. As cancelling the entire workflow or even cancelling certain activities in a workflow has serious implications during execution (for instance, a workflow can deadlock because of cancellation), such workflows should be thoroughly tested before deployment. However, verification of large workflows with cancellation behaviour is time consuming and can become intractable due to the state space explosion problem. One way of speeding up verification of workflows based on reset nets is to apply reduction rules. Even though reduction rules exist for Petri nets and some of its subclasses and extensions, there are no documented reduction rules for reset nets. This paper systematically presents such reduction rules. Because we want to apply the results to the workflow domain, this paper focusses on reset workflow nets (RWF-nets), i.e. a subclass tailored to the modelling of workflows. The approach has been implemented in the context of the workflow system YAWL.     

ECA规则在工作流管理系统中的应用

针对工作流管理系统的实现复杂性及模型可靠性的验证问题,提出了一种结合工作流网和ECA规则来创建工作流管理系统的方法。这种基于ECA规则的工作流描述和执行机制较好地实现了工作流网模型的语义描述和控制的统一。通过建立基于ECA规则的工作流描述表,将ECA 规则引入到工作流路由机制中,灵活地控制了工作流的流程。通过事件触发和消息处理机制,工作流描述表处理可以被实际系统加以执行和控制。     

YAWL: yet another workflow language

Based on a rigorous analysis of existing workflow management systems and workflow languages, a new workflow language is proposed: yet another workflow language (YAWL). To identify the differences between the various languages, we have collected a fairly complete set of workflow patterns. Based on these patterns we have evaluated several workflow products and detected considerable differences in their ability to capture control flows for non-trivial workflow processes. Languages based on Petri nets perform better when it comes to state-based workflow patterns. However, some patterns (e.g. involving multiple instances, complex synchronisations or non-local withdrawals) are not easy to map onto (high-level) Petri nets. This inspired us to develop a new language by taking Petri nets as a starting point and adding mechanisms to allow for a more direct and intuitive support of the workflow patterns identified. This paper motivates the need for such a language, specifies the semantics of the language, and shows that soundness can be verified in a compositional way. Although YAWL is intended as a complete workflow language, the focus of this paper is limited to the control-flow perspective.     

基于UML-Statecharts的工作流控制结构的验证

工作流模型验证成为工作流的重要研究领域之一。控制结构的正确性是工作流过程所需达到的最基本要求,本文着重控制结构方面的验证。本文使用UML-Statecharts建立控制结构模型,使用时序逻辑表示工作流控制结构需要满足的性质。给出了一个定理并进行了证明,基于定理给出了一个验证完全性的算法,对于工作流语义相关性质的验证给出了一模型检测算法。     

基于交互学习的柔性工作流形式化验证方法研究

工作流过程建模是一个复杂且易错的过程,在建模阶段进行有效的过程验证是十分必要的。目前,柔性工作流验证领域的研究还比较欠缺,该文在这方面作了一些探索。把过程合理化验证和化简验证技术应用于基于交互学习的柔性工作流建模的形式化验证中,叙述了需要验证的问题和复杂度。利用Petri网的形式化基础特性对过程进行合理性验证和规约验证。根据规约粒度的不同,分别对基于交互学习的柔性工作流模型进行原子级和组件级规约。规约使用的基本技术有库所融合、变迁融合和子网融合。在特性保持的前提下,将过程模型缩小到适当规模。结果表明,基于交互学习的柔性工作流过程建模中的形式化验证方法具有一定的实用性和可操作性。     

事务工作流模型定义及完全性分析

事务工作流模型可被视为扩展的事务模型和通用工作流模型的交汇点，提出将工作流的模型定义同其事务属性的定义独立开来，尽管在此方法中区分了多重的事务属性。提出了直观的注解符来定义原子性，提供了一个通用规则——放宽的完全性准则，以适应现实运行中事务管理的需要，以一个网上电子书店工作流应用为例来阐明这种思路。     

Modeling and monitoring of E-commerce workflows

Electronic commerce (E-commerce) is an important Internet application that is significantly changing the way of commercial transaction. Due to the complexity of E-commerce systems and lack of well-designed formal models, providing a suitable method for their modeling and monitoring turns out to be a challenging job. This paper introduces labeled workflow nets (LWN) and their semantics on the basis of labeled Petri nets. Then an inter-organizational labeled workflow net (ILWN) - which can graphically model the dynamic behavior of the systems - is presented. Furthermore, the nonblocking property of ILWNs is defined to achieve a common goal of E-commerce participants. This nonblocking property helps to analyze the soundness of ILWNs and the undeniable property of interactive actions. The proposed framework for E-commerce workflows (ECW) can record a history of interactive events and monitor the execution of interactive activities to achieve a common goal. Therefore, it can elegantly model the execution of interorganizational workflows and analyze the accountability of cooperative activities. The main contribution of the paper is to present a new formal mechanism - ILWN. It can efficiently support the modeling and monitoring of ECWs. Finally, this paper illustrates how to use the proposed method by modeling and analyzing a Customer-Producer-Supplier example.     

A Compositional Behavioral Modeling Framework for Embedded System Design and Conformance Checking

We propose a framework based on a synchronous multi-clocked model of computation to support the inductive and compositional construction of scalable behavioral models of embedded systems engineered with de facto standard design and programming languages. Behavioral modeling is seen under the paradigm of type inference. The aim of the proposed type system is to capture the behavior of a system under design and to re-factor it by performing global optimizing and architecture-sensitive transformations on it. It allows to modularly express a wide spectrum of static and dynamic behavioral properties and automatically or manually scale the desired degree of abstraction of these properties for efficient verification. The type system is presented using a generic and language-independent static single assignment intermediate representation.     

Compositional verification of sequential programs with procedures

We present a method for algorithmic, compositional verification of control-flow-based safety properties of sequential programs with procedures. The application of the method involves three steps: (1) decomposing the desired global property into local properties of the components, (2) proving the correctness of the property decomposition by using a maximal model construction, and (3) verifying that the component implementations obey their local specifications. We consider safety properties of both the structure and the behaviour of program control flow. Our compositional verification method builds on a technique proposed by Grumberg and Long that uses maximal models to reduce compositional verification of finite-state parallel processes to standard model checking. We present a novel maximal model construction for the fragment of the modal μ-calculus with boxes and greatest fixed points only, and adapt it to control-flow graphs modelling components described in a sequential procedural language. We extend our verification method to programs with private procedures by defining an abstraction, presented as an inlining transformation. All algorithms have been implemented in a tool set automating all required verification steps. We validate our approach on an electronic purse case study.     

Choice-free Petri nets: a model for deterministic concurrentsystems with bulk services and arrivals

Among discrete event systems, those exhibiting concurrency are especially challenging, requiring the use of formal methods to deal with them. Petri nets are a well-established such formalism. The structure theory aims at overcoming the state space explosion problem, inherent to the analysis of concurrent systems, by bridging structural and behavioral properties. To date, this has been successfully achieved mainly for some subclasses of ordinary nets. However weights are a modeling convenience in many situations. In this paper we study a formal model for a subclass of concurrent systems with bulk services and arrivals which structurally avoids conflicts. Structural results and techniques for dealing with them are introduced. These include structural conditions on properties of correct behavior and a unified framework for checking general behavioral properties by reasoning solely on the structure     

Combining static analysis and state transition graphs for verification of event-condition-action systems in the RERS 2012 and 2013 challenges

We present a combination of approaches for the verification of event-condition-action (ECA) systems. The analyzed ECA systems range from structurally simple to structurally complex systems. We address the verification of reachability properties and behavioral properties. Reachability properties are represented by assertions in the program and we determine statically whether an assertion holds for all execution paths. Behavioral properties are represented as linear temporal logic formulas specifying the input/output behavior of the program. Our approach assumes a finite state space. We compare a symbolic analysis with an exhaustive state space exploration and discuss the trade-offs between the approaches in terms of the number of computed states and run-time behavior. All variants compute a state transition graph which can also be passed to an LTL verifier. The variants have a different impact on the number of computed states in the state transition graph which in turn impacts the run-time and memory consumption of subsequent phases. We evaluate the different analysis variants with the RERS benchmarks.     

Model checking Petri nets with names using data-centric dynamic systems

Petri nets with name creation and management (\({\nu}\)-PNs) have been recently introduced as an expressive model for dynamic (distributed) systems, whose dynamics are determined not only by how tokens flow in the system, but also by the pure names they carry. On the one hand, this extension makes the resulting nets strictly more expressive than P/T nets: they can be exploited to capture a plethora of interesting systems, such as distributed systems enriched with channels and name passing, service interaction with correlation mechanisms, and resource-constrained workflow nets that explicitly account for process instances. On the other hand, fundamental properties like coverability, termination and boundedness are decidable for \({\nu}\)-PNs. In this work, we go one step beyond the verification of such general properties, and provide decidability and undecidability results of model checking \({\nu}\)-PNs against variants of first-order \({\mu}\)-calculus, recently proposed in the area of data-aware process analysis. While this model checking problem is undecidable in the general case, decidability can be obtained by considering different forms of boundedness, which still give raise to an infinite-state transition system. We then ground our framework to tackle the problem of soundness checking over workflow nets enriched with explicit process instances and resources. Notably, our decidability results are obtained via a translation to data-centric dynamic systems, a recently devised framework for the formal specification and verification of data-aware business processes working over full-fledged relational databases with constraints. In this light, our results contribute to the cross-fertilization between the area of formal methods for concurrent systems and that of foundations of data-aware processes, which has not been extensively investigated so far.     

State space analysis of Petri nets with relation-algebraic methods

A large variety of systems can be modelled by Petri nets. Their formal semantics are based on linear algebra which in particular allows the calculation of a Petri net’s state space. Since state space explosion is still a serious problem, efficiently calculating, representing, and analysing the state space is mandatory. We propose a formal semantics of Petri nets based on executable relation-algebraic specifications. Thereupon, we suggest how to calculate the markings reachable from a given one simultaneously. We provide an efficient representation of reachability graphs and show in a correct-by-construction approach how to efficiently analyse their properties. Therewith we cover two aspects: modelling and model checking systems by means of one and the same logic-based approach. On a practical side, we explore the power and limits of relation-algebraic concepts for concurrent system analysis.     

A practical method to analyze workflow logic models

The analysis of workflow is crucial to the correctness of workflow applications. This paper introduces a simple and practical method for analyzing workflow logic models. Firstly, some definitions of the models and some properties, such as throughness, no‐redundant‐transition and boundedness, are presented. Then, we propose an approach based on synchronized reachability graphs (SRGs) to verify these properties. The SRG uses the characteristics of synchronizers in workflow logic models and mitigates the state explosion by constructing synchronized occurrence sequences rather than interleaving occurrence sequences. This paper also proposes some refined and feasible reduction rules which can preserve vital properties of workflow logic models. Using these two techniques, the SRG‐based verification method can achieve higher efficiency. Furthermore, this research also develops a verification tool based on the method, presents the analysis results of some practical cases and compares our method with others. Copyright © 2007 John Wiley & Sons, Ltd.