Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets)

Similar documents
Analysis on Demand: Instantaneous Soundness Checking of Industrial Business Process Models

The Difficulty of Replacing an Inclusive OR-Join

Faster Or-join Enactment for BPMN 2.0

Dynamic Skipping and Blocking, Dead Path Elimination for Cyclic Workflows, and a Local Semantics for Inclusive Gateways

Petri Nets ee249 Fall 2000

Outline. Petri nets. Introduction Examples Properties Analysis techniques. 1 EE249Fall04

RZ 3884 (# ZUR ) 10/17/2014 (Revised May 2015) Computer Sciences/Mathematics

14 More Graphs: Euler Tours and Hamilton Cycles

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

On Application of Structural Decomposition for Process Model Abstraction. Artem Polyvyanyy Sergey Smirnov Mathias Weske

Workflow : Patterns and Specifications

WEEK 5 - APPLICATION OF PETRI NETS. 4.4 Producers-consumers problem with priority

ANALYZING PROCESS MODELS USING GRAPH REDUCTION TECHNIQUES

EE249 Discussion Petri Nets: Properties, Analysis and Applications - T. Murata. Chang-Ching Wu 10/9/2007

Reachability Analysis

From Task Graphs to Petri Nets

Process Modelling using Petri Nets

Dynamic Skipping and Blocking and Dead Path Elimination for Cyclic Workflows

From Business Process Models to Process-oriented Software Systems: The BPMN to BPEL Way

Embedded Systems 7 BF - ES - 1 -

Managing test suites for services

Binary Decision Diagrams and Symbolic Model Checking

Lezione 14 Model Transformations for BP Analysis and Execution

An Algebraic Method for Analysing Control Flow of BPMN Models

Assignment # 4 Selected Solutions

CHAPTER 5 GENERATING TEST SCENARIOS AND TEST CASES FROM AN EVENT-FLOW MODEL

Qualitative Analysis of WorkFlow nets using Linear Logic: Soundness Verification

Business Processes Modelling MPB (6 cfu, 295AA)

INF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen

Fundamental Properties of Graphs

Business Process Modeling. Version 25/10/2012

Formal Process Modelling

Embedded Systems 7. Models of computation for embedded systems

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Part II Workflow discovery algorithms

Bidimensional Process Discovery for Mining BPMN Models

Detecting, Understanding, and Fixing Control-Flow Errors in Business Process Models

Joint Entity Resolution

Finding Strongly Connected Components

CSE 417 Branch & Bound (pt 4) Branch & Bound

Strongly connected: A directed graph is strongly connected if every pair of vertices are reachable from each other.

Simplified Computa/on and Generaliza/on of the Refined Process Structure Tree

Application of an Exact Transversal Hypergraph in Selection of SM-Components

State Machine Diagrams

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

CSE 417 Network Flows (pt 2) Modeling with Max Flow

Graph Algorithms. Tours in Graphs. Graph Algorithms

JENAER SCHRIFTEN MATHEMATIK UND INFORMATIK

Automata-Theoretic LTL Model Checking. Emptiness of Büchi Automata

CSE 417 Network Flows (pt 3) Modeling with Min Cuts

Semantics of ARIS Model

Business Process Modeling. Version /10/2017

Timed Automata: Semantics, Algorithms and Tools

Sound Recoveries of Structural Workflows with Synchronization

Petri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.

JOURNAL OF OBJECT TECHNOLOGY

Efficient test case generation for validation of UML activity diagrams

Business Process Management Seminar 2007/ Oktober 2007

Strongly Connected Components. Andreas Klappenecker

Network monitoring: detecting node failures

sflow: Towards Resource-Efficient and Agile Service Federation in Service Overlay Networks

Runtime Atomicity Analysis of Multi-threaded Programs

Business Process Modelling with Continuous Validation

The UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN

Generation of Interactive Questionnaires Using YAWL-based Workflow Models

Parallel Discrete Event Simulation

Process Mining Discovering Workflow Models from Event-Based Data

BPMN2BPEL transformation with Fujaba - a Case Study

Translating Unstructured Workflow Processes to Readable BPEL: Theory and Implementation

Treewidth and graph minors

Propagate the Right Thing: How Preferences Can Speed-Up Constraint Solving

The ComFoRT Reasoning Framework

Using Petri Nets To Test Concurrent Behavior Of Web Applications

Byzantine Consensus in Directed Graphs

Process Model Consistency Measurement

Lecture 4: Walks, Trails, Paths and Connectivity

An Introduction to Modular Process Nets

On the transformation of Petri nets into BPMN models

NP-Completeness. Algorithms

Opleiding Informatica & Economie

Euler s formula n e + f = 2 and Platonic solids

Lecture 3: Graphs and flows

EXTENDED DISTRIBUTED UML-BASED PROTOCOL SYNTHESIS METHOD

Eindhoven University of Technology MASTER. Translation of process modeling languages. Vijverberg, W.M. Award date: Link to publication

20b -Advanced-DFA. J. L. Peterson, "Petri Nets," Computing Surveys, 9 (3), September 1977, pp

Preserving correctness during business process model configuration

Page # 20b -Advanced-DFA. Reading assignment. State Propagation. GEN and KILL sets. Data Flow Analysis

CSE 101. Algorithm Design and Analysis Miles Jones and Russell Impagliazzo Miles Office 4208 CSE Building

Business-Driven Software Engineering Lecture 5 Business Process Model and Notation

Deadlock Avoidance For Flexible Manufacturing Systems With Choices Based On Digraph Circuit Analysis

Analysis of BPMN Models

Introduction to the Case- Study: A Model-Checker

For example, in an assembly sub-floor technicians engaged in making a product,

Algorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)

CS612 Algorithms for Electronic Design Automation

BOOLEAN FUNCTIONS Theory, Algorithms, and Applications

Constraint Programming. Global Constraints. Amira Zaki Prof. Dr. Thom Frühwirth. University of Ulm WS 2012/2013

Self Stabilization. CS553 Distributed Algorithms Prof. Ajay Kshemkalyani. by Islam Ismailov & Mohamed M. Ali

Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn. 2.3 Timed Automata and Real-Time Statecharts

Verifying Concurrent Programs

Transcription:

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2) (1) IBM Research - Zurich (2) ETH Zurich 1

Outline Problem - Control-flow analysis of business process models Contribution - Graphical in-model diagnostic information for control-flow errors Conclusion and Outlook 2

A Business Process Model (1/2) 3

A Business Process Model (2/2) Usage of a business process model - Execution on a process engine - Simulation - Documentation Up to 50% of the processes contain a control-flow error 4

Workflow Graph and Corresponding Free-Choice Workflow Net Workflow graph - control flow graph (flow chart) with unique source and sink - concurrent fork and join (besides alternative choice and merge) - maps the core of process languages, but not all 5

Control-Flow Errors / Soundness (Local) Deadlock - A token blocked in the graph XOR-split XOR-join Lack of synchronization - Two tokens on one edge - aka unsafeness AND-split AND-join Sound - no deadlock and - no lack of synchronization - Soundness guarantees that the workflow terminates with unique token on the sink (when loops are terminating) 6

Simplest Examples Sound Unsound 7

A Complex Sound Example 8

Workflow Graph and Corresponding Free-Choice Workflow Net Workflow graph is sound iff connected version of corresponding Petri net is - safe = no two tokens on the same place and - live = from each reachable marking, for each transition t: a marking can be reached that enables t 9

Prior Work Approaches based on free-choice Petri nets theory - polynomial time complexity (!) - no diagnostic information Approaches based on state space exploration - state space explosion (can be successfully addressed) - provide a counterexample trace as diagnostic information detours/build up not contributing to error (esp. DFS) arbitrary interleaving difficult to visualize in model in case of loops Fahland, Lohmann [12]: heuristics can reduce size of trace by a factor of 10 not all modelers have a technical background 10

Anti-Patterns Modeling manuals show anti-patterns in terms of instructive examples 11

Problem Can we build graphical diagnostic information such that: - every error pattern implies unsoundness - unsoundness implies existence one of the error pattern - capture the essence of these simple examples 12

Outline Problem Contribution Conclusion and Outlook 13

Contribution New characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm that - returns one of the graph structures for each unsound graph Experimental evaluation 14

Overview Error Patterns Path to sink with AND-XOR handle Empty siphon DQ-siphon with XOR-AND handle 15

Handle A handle on a subgraph G is a directed path from an element of G to another element b of G that is disjoint from G apart from start and end G G AND-XOR handle refers to the logic of start and end node 16

Error Patterns (1/3) Path from some node to sink with AND/XOR-handle 17

Siphon A subgraph G such that each transition that adds a token to G also takes a token from G - with an XOR node in G, all incoming edges belong to G - with an AND node - at least one incoming edge An empty siphon will remain empty 18

Error Patterns (2/3) empty A siphon that does not contain the source 19

DQ Siphon A DQ-siphon is a siphon G such that no AND-split has more than one outgoing edge in G the number of tokens is always 1 or less Not a DQ-siphon 20

Error Patterns (3/3) A DQ siphon with an XOR/AND handle 21

Structural characterization of soundness A workflow graph is unsound iff one of the following statements holds: 1. There exists a siphon that is not initially marked 2. There exists a DQ siphon with an XOR/AND handle 3. There exists a simple path to the sink with an AND/XOR handle 22

Strongly Related to and Making Use of Esparza/Silva [9] characterization: - A strongly connected free-choice net is safe and live iff none of the following exist: an empty siphon a circuit with a T/P handle a circuit with a P/T handle without bridges 23

Contribution New characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm that - returns one of the graph structures for each unsound graph Experimental evaluation 24

Known Algorithm - Based on the Rank Theorem Check for empty siphons unsound Decomposition into S-components unsound Check rank equation unsound sound 25

New Algorithm Check for empty siphons empty Decomposition into S-components Check rank equation sound unsound Reduce & decompose into S-components 26

Decomposition into S-Components A sound graph is decomposable into sequential components Each S-component has always exactly one token Decomposition can be computed in polynomial time 27

Another Sound Example 28

A Minimal Siphon Generates an S-component (in a Sound Graph) A minimal siphon that is not an S-component contains: or From which we obtain an error pattern: 29

New Algorithm Check for empty siphons empty Decomposition into S-components Check rank equation sound unsound Reduce & decompose into S-components 30

New Algorithm Check for empty siphons empty Decomposition into S-components Check rank equation sound unsound Reduce & decompose into S-components 31

Lucky Decomposition Failure of an Unsound Graph 32

Unlucky Decomposition Success of the Same Graph 33

A Reduction Step 34

Decomposition Failure on Reduced Graph Decomposition failure Error pattern generated Error pattern on original graph 35

Algorithm - Conclusion Prove that reduction eventually leads to a graph that is not decomposable Prove that error pattern in reduced graph are valid in the original (unreduced) graph Soundness of N can be decided in time O( P 2 * (max( P, T )3) such that the algorithm returns one of the structural error patterns in case N is unsound. 36

Contribution New Characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm such that Experimental evaluation 37

Experimental Evaluation - Data Set - 1353 (703 unique original) business process models from the financial domain - Average number of nodes between 89 and 107 per library - Several large nets with up to 627 nodes - 47 nets from library B3 have 200 or more nodes. - Some models have state spaces with more than 1 million states - We validated the correctness of the results with other model checkers 38

Results Fast enough to support demanding use cases - checking while modeling - checking while loading entire libraries into workspace 2-6 times faster than some state space exploration approaches - but those were already fast enough for most use cases 39

Visualization in Modeling Tool 40

Outline Problem Contribution Conclusion and Outlook 41

Conclusion Graphical in-model diagnostic information can be obtained in polynomial time - avoiding some problems of traces Limited expressiveness of free-choice (e.g. no races) allows for polynomial-time verification - sufficient for data set in case study - still applicable in more expressive BPMN models Can be combined with SESE decomposition for further error localization (and speed-up) 42

SESE Decomposition Can be done in linear time Soundness is compositional wrt SESE blocks Errors can be localized to a SESE block 43

What is still missing User study Soundness under data (except one first paper) Control-flow errors dues to message/event passing across processes (orthogonal) 44

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback