Presentation is loading. Please wait.

Presentation is loading. Please wait.

Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2)

Published byQuentin Ball Modified over 8 years ago

Similar presentations

Presentation on theme: "Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2)"— Presentation transcript:

1 Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2) (1) IBM Research - Zurich (2) ETH Zurich 1

2 Outline Problem  Control-flow analysis of business process models Contribution  Graphical in-model diagnostic information for control- flow errors Conclusion and Outlook 2

3 A Business Process Model (1/2) 3

4 A Business Process Model (2/2) Usage of a business process model  Execution on a process engine  Simulation  Documentation Up to 50% of the processes contain a control-flow error 4

5 Workflow Graph and Corresponding Free-Choice Workflow Net Workflow graph  control flow graph (flow chart) with unique source and sink  concurrent fork and join (besides alternative choice and merge)  maps the core of process languages, but not all 5

6 Lack of synchronization  Two tokens on one edge  aka unsafeness Sound  no deadlock and  no lack of synchronization  Soundness guarantees that the workflow terminates with unique token on the sink (when loops are terminating) XOR-split XOR-join AND-join AND-split Control-Flow Errors / Soundness (Local) Deadlock  A token blocked in the graph 6

7 Simplest Examples 7 Sound Unsound

8 A Complex Sound Example 8

9 Workflow Graph and Corresponding Free-Choice Workflow Net Workflow graph is sound iff connected version of corresponding Petri net is  safe = no two tokens on the same place and  live = from each reachable marking, for each transition t: a marking can be reached that enables t 9

10 Prior Work Approaches based on free-choice Petri nets theory  polynomial time complexity (!)  no diagnostic information Approaches based on state space exploration  state space explosion (can be successfully addressed)  provide a counterexample trace as diagnostic information detours/build up not contributing to error (esp. DFS) arbitrary interleaving difficult to visualize in model in case of loops Fahland, Lohmann [12]: heuristics can reduce size of trace by a factor of 10 not all modelers have a technical background 10

11 Anti-Patterns Modeling manuals show anti-patterns in terms of instructive examples 11

12 Problem Can we build graphical diagnostic information such that:  every error pattern implies unsoundness  unsoundness implies existence one of the error pattern  capture the essence of these simple examples 12

13 Outline Problem Contribution Conclusion and Outlook 13

14 Contribution New characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm that  returns one of the graph structures for each unsound graph Experimental evaluation 14

15 Overview Error Patterns 15 Path to sink with AND-XOR handle Empty siphon DQ-siphon with XOR-AND handle

16 G G Handle A handle on a subgraph G is a directed path from an element of G to another element b of G that is disjoint from G apart from start and end AND-XOR handle refers to the logic of start and end node 16

17 Error Patterns (1/3) 17 Path from some node to sink with AND/XOR-handle

18 A subgraph G such that each transition that adds a token to G also takes a token from G  with an XOR node in G, all incoming edges belong to G  with an AND node - at least one incoming edge An empty siphon will remain empty Siphon 18

19 empty Error Patterns (2/3) 19 A siphon that does not contain the source

20 A DQ-siphon is a siphon G such that no AND-split has more than one outgoing edge in G the number of tokens is always 1 or less DQ Siphon 20 Not a DQ-siphon

21 Error Patterns (3/3) 21 A DQ siphon with an XOR/AND handle

22 Structural characterization of soundness A workflow graph is unsound iff one of the following statements holds: 1. There exists a siphon that is not initially marked 2. There exists a DQ siphon with an XOR/AND handle 3. There exists a simple path to the sink with an AND/XOR handle 22

23 Strongly Related to and Making Use of Esparza/Silva [9] characterization:  A strongly connected free-choice net is safe and live iff none of the following exist: an empty siphon a circuit with a T/P handle a circuit with a P/T handle without bridges 23

24 Contribution New characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm that  returns one of the graph structures for each unsound graph Experimental evaluation 24

25 Check for empty siphons Decomposition into S-components Check rank equation sound unsound Known Algorithm - Based on the Rank Theorem 25

26 Check for empty siphons Decomposition into S-components Check rank equation Reduce & decompose into S-components empty sound unsound New Algorithm 26

27 Decomposition into S-Components A sound graph is decomposable into sequential components Each S-component has always exactly one token Decomposition can be computed in polynomial time 27

28 Another Sound Example 28

29 A Minimal Siphon Generates an S-component (in a Sound Graph) A minimal siphon that is not an S-component contains: From which we obtain an error pattern: 29 or

30 Check for empty siphons Decomposition into S-components Check rank equation Reduce & decompose into S-components empty sound unsound New Algorithm 30

31 Check for empty siphons Decomposition into S-components Check rank equation Reduce & decompose into S-components empty sound unsound New Algorithm 31

32 Lucky Decomposition Failure of an Unsound Graph 32

33 Unlucky Decomposition Success of the Same Graph 33

34 A Reduction Step 34

35 Decomposition Failure on Reduced Graph 35 Decomposition failure Error pattern generated Error pattern on original graph

36 Algorithm - Conclusion Prove that reduction eventually leads to a graph that is not decomposable Prove that error pattern in reduced graph are valid in the original (unreduced) graph Soundness of N can be decided in time O(|P| 2 * (max(|P|,|T|) 3 ) such that the algorithm returns one of the structural error patterns in case N is unsound. 36

37 Contribution New Characterization of soundness in terms of offending graph-structures and Polynomial-time algorithm such that Experimental evaluation 37

38 Experimental Evaluation - Data Set - 1353 (703 unique original) business process models from the financial domain - Average number of nodes between 89 and 107 per library - Several large nets with up to 627 nodes - 47 nets from library B3 have 200 or more nodes. - Some models have state spaces with more than 1 million states - We validated the correctness of the results with other model checkers 38

39 Results Fast enough to support demanding use cases  checking while modeling  checking while loading entire libraries into workspace 2-6 times faster than some state space exploration approaches  but those were already fast enough for most use cases 39

40 Visualization in Modeling Tool 40

41 Outline Problem Contribution Conclusion and Outlook 41

42 Conclusion Graphical in-model diagnostic information can be obtained in polynomial time  avoiding some problems of traces Limited expressiveness of free-choice (e.g. no races) allows for polynomial-time verification  sufficient for data set in case study  still applicable in more expressive BPMN models Can be combined with SESE decomposition for further error localization (and speed-up) 42

43 SESE Decomposition Can be done in linear time Soundness is compositional wrt SESE blocks Errors can be localized to a SESE block 43

44 What is still missing User study Soundness under data (except one first paper) Control-flow errors dues to message/event passing across processes (orthogonal) 44

Download ppt "Diagnostic Information for Control-Flow Analysis of Workflow Graphs (aka Free-Choice Workflow Nets) Cédric Favre(1,2), Hagen Völzer(1), Peter Müller(2)"

Similar presentations

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.

Automatic Verification Book: Chapter 6. How can we check the model? The model is a graph. The specification should refer the the graph representation.
Chapter 5: Tree Constructions

Chapter 5: Tree Constructions
On 1-soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and Lü Jian Department of Computer Science Nanjing University

On 1-soundness and Soundness of Workflow Nets Lu Ping, Hu Hao and Lü Jian Department of Computer Science Nanjing University
Techniques to analyze workflows (design-time)

Techniques to analyze workflows (design-time)
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.

1 Analysis of workflows : Verification, validation, and performance analysis. Wil van der Aalst Eindhoven University of Technology Faculty of Technology.
A university for the world real R © 2009, www.yawlfoundation.org Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.

A university for the world real R © 2009, Chapter 3 Advanced Synchronization Moe Wynn Wil van der Aalst Arthur ter Hofstede.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.

1 Nondeterministic Space is Closed Under Complement Presented by Jing Zhang and Yingbo Wang Theory of Computation II Professor: Geoffrey Smith.
CONFORMANCE CHECKING IN THE LARGE: PARTITIONING AND TOPOLOGY Jorge Munoz-Gama, Josep Carmona and Wil M.P. van der Aalst.

CONFORMANCE CHECKING IN THE LARGE: PARTITIONING AND TOPOLOGY Jorge Munoz-Gama, Josep Carmona and Wil M.P. van der Aalst.
Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.

Model Checker In-The-Loop Flavio Lerda, Edmund M. Clarke Computer Science Department Jim Kapinski, Bruce H. Krogh Electrical & Computer Engineering MURI.
Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Model Transformation Lab From UML Activities to Petri nets.

Budapesti Műszaki és Gazdaságtudományi Egyetem Méréstechnika és Információs Rendszerek Tanszék Model Transformation Lab From UML Activities to Petri nets.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.

Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.
Soundness problem for Resource-Constrained Workflow nets.

Soundness problem for Resource-Constrained Workflow nets.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Synthesis of Embedded Software Using Free-Choice Petri Nets.

Synthesis of Embedded Software Using Free-Choice Petri Nets.
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

Similar presentations

Ads by Google