1. Polynomial analysis algorithms for free-choice workflow nets
Javier Esparza
Technical University of Munich
Joint work with
Jörg Desel, Philipp Hoffman, and Ratul Saha

2. Business process modeling
The activity of representing operational processes of an enterprise: purchasing, manufacturing, evaluating, marketing …
BPs coded as workflows describing the causal precedence of operations performed by staff, machines, etc.
Sophisticated graphical languages
Business Process Model and Notation, BPMN 2.0
(2011 standard of the Object Management Group)

3. BPMN models
Many commercial tools for modelling, simulating, visualizing.
No formal semantics, limited analysis capabilities

4. Business process analysis
Petri nets and process algebras are used to give (fragments of) BPNM a formal semantics, or alternative modeling formalisms apt for analysis.
Workflow Petri Nets probably the most successful model.
(for Petri nets aficionados: we conside here only the 1-safe variant)
YAWL [ : Yet Another Workflow Language. Developed and maintained since 2004, with ~ downloads.

5. Workflow Petri Nets

6. Workflow Petri Nets
Initial Place

7. Workflow Petri Nets
Initial Place
Final Place

8. Workflow Petri Nets

9. Workflow Petri Nets

10. Workflow Petri Nets

11. Workflow Petri Nets

12. Workflow Petri Nets

13. Workflow Petri Nets

14. Workflow Petri Nets

15. State explosion problem
Master Theorem
The following problem
Given: A workflow Petri net
Decide: Put your favourite property here
is PSPACE-hard.
Lots of work on heuristics; POR, BDDs, CEGAR …
Palliate the problem, but have worst-case complexity in very simple cases.
Goal: investigate algorithms that
can be applied to any workflow, and
come with a polynomial-time guarantee for a nontrivial, useful subclass.

16. State explosion problem
Master Theorem
The following problem
Given: A workflow Petri net
Decide: Put your favourite property here
is PSPACE-hard.
Lots of work on heuristics; POR, BDDs, CEGAR …
Palliate the problem, but have worst-case complexity in very simple cases.
Goal: investigate algorithms that
can be applied to any workflow, and
come with a polynomial-time guarantee for a nontrivial, useful subclass.

17. State explosion problem
Master Theorem
The following problem
Given: A workflow Petri net
Decide: Put your favourite property here
is PSPACE-hard.
Lots of work on heuristics; POR, BDDs, CEGAR …
Palliate the problem, but have worst-case complexity in very simple cases.
Goal: investigate algorithms that
can be applied to any workflow, and
come with a polynomial-time guarantee for a nontrivial, useful subclass.

18. Free-choice workflow nets
Non-free-choice
Process-oriented interpretation: no interference between choice and concurrency .

19. Free-choice workflow nets
Some modeling formalisms (Workflow Graphs) only produce free-choice nets.
Suite of ca workflow nets (IBM, SAP): Almost 1400 are free-choice

20. Theory of free-choice nets

21. A fundamental property: Soundness
Soundness: all partial computations can be completed

22. A fundamental property: Soundness
Soundness: all partial computations can be completed

23. Checking properties Soundness Hard problem in general: PSPACE-complete
(Several) polynomial algorithms for free-choice nets
Reachability for sound workflow nets
Polynomial algorithms for free-choice nets

24. Problem: Data, Time, Probability …
The activities of a workflow are always enhanced with informations
they may trigger an operation on data
they may have a duration and/or a cost
(they may have a probability)
Structure theory has not considered these aspects so far.
Models exist …
Nets + Data = Colored Petri Nets
Nets + Time = Time(d) Petri Nets
Nets + Probability = Stochastic Petri Nets
… but no structure theory for them!

25. Problem: Data, Time, Probability …
The activities of a workflow are always enhanced with informations
they may trigger an operation on data
they may have a duration and/or a cost
(they may have a probability)
Structure theory has not considered these aspects so far.
Models exist …
Nets + Data = Colored Petri Nets
Nets + Time = Time(d) Petri Nets
Nets + Probability = Stochastic Petri Nets
… but no structure theory for them!

26. Problem: Data, Time, Probability …
The activities of a workflow are always enhanced with informations
they may trigger an operation on data
they may have a duration and/or a cost
(they may have a probability)
Structure theory has not considered these aspects so far.
Models exist …
Nets + Data = Colored Petri Nets
Nets + Time = Time(d) Petri Nets
Nets + Probability = Stochastic Petri Nets
… but no structure theory for them.

27. Colored Petri Nets Assign types to places Assign variables to arcs
Assign functions to transitions
Tokens: values of the proper type
Firing as expected
𝑦 1 ≔ 𝑥 1 + 𝑥 2
𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3

28. Colored Petri Nets Assign types to places Assign variables to arcsℕ ℕ ℕ
Assign types to places
Assign variables to arcs
Assign functions to transitions
Tokens: values of the proper type
Firing as expected
𝑦 1 ≔ 𝑥 1 + 𝑥 2
𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3 ℕ ℕ

29. Colored Petri Nets Assign types to places Assign variables to arcsℕ ℕ ℕ
Assign types to places
Assign variables to arcs
Assign functions to transitions
Tokens: values of the proper type
Firing as expected 𝑦 𝑥 𝑧
𝑦 1 ≔ 𝑥 1 + 𝑥 2
𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3 𝑢 𝑣 ℕ ℕ

30. Colored Petri Nets Assign types to places Assign variables to arcsℕ ℕ ℕ
Assign types to places
Assign variables to arcs
Assign transfer functions to transitions
Tokens: values of the proper type
Firing as expected 𝑦 𝑥 𝑧
𝑢≔𝑥+𝑦
𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ

31. Colored Petri Nets Assign types to places Assign variables to arcsℕ 𝟑 ℕ 𝟐 ℕ 𝟎
Assign types to places
Assign variables to arcs
Assign transfer functions to transitions
Tokens: values of the proper type
Firing as expected 𝑦 𝑥 𝑧
𝑢≔𝑥+𝑦
𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ

32. Colored Petri Nets Assign types to places Assign variables to arcsℕ 𝟑 ℕ 𝟐 ℕ 𝟎
Assign types to places
Assign variables to arcs
Assign transfer functions to transitions
Tokens: values of the proper type
Firing as expected 𝑦 𝑥 𝑧
𝑢≔𝑥+𝑦
𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ

33. Colored Petri Nets Assign types to places Assign variables to arcsℕ ℕ ℕ
Assign types to places
Assign variables to arcs
Assign transfer functions to transitions
Tokens: values of the proper type
Firing as expected 𝑦 𝑥 𝑧
𝑢≔𝑥+𝑦
𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ 𝟓 ℕ 𝟎

34. Reduction Rules (Petri net transformations)
Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties
They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core.
Reduction-based verification:
Apply the rules for as long as possible
If the net is completely reduced, read out the result. Otherwise, check the irreducible core.
A set of rules is complete for a class if it completely reduces the nets of the class.

35. Reduction Rules (Petri net transformations)
Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties
They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core.
Reduction-based verification:
Apply the rules for as long as possible
If the net is completely reduced, read out the result. Otherwise, check the irreducible core.
A set of rules is complete for a class if it completely reduces the nets of the class.

36. Reduction Rules (Petri net transformations)
Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties
They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core.
Reduction-based verification:
Apply the rules for as long as possible
If the net is completely reduced, read out the result. Otherwise, check the irreducible core.
A set of rules is complete for a class if it completely reduces the nets of the class.

37. Reduction Rules (Petri net transformations)
Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties
They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core.
Reduction-based verification:
Apply the rules for as long as possible
If the net is completely reduced, read out the result. Otherwise, check the irreducible core.
A set of rules is complete for a class if it completely reduces the nets of the class.

38. Checking Soundness with Reduction Rules
There exists a reduction algorithm that:
Can be applied to arbitrary workflows to reduce their size.
Reduces all (and only the) sound free-choice workflow nets to the ``trivial’’ workflow net with only one transition (completeness).
Requires only a polynomial number of applications (polynomiality)
However, the rules do not preserve dataflow:

39. Checking Soundness with Reduction Rules
There exists a reduction algorithm that:
Can be applied to arbitrary workflows to reduce their size.
Reduces all (and only the) sound free-choice workflow nets to the ``trivial’’ workflow net with only one transition (completeness).
Requires only a polynomial number of applications (polynomiality)
However, the rules do not preserve dataflow:

40. The Quest for the Holy Grail …
Find new reduction rules that
preserve soundness/unsoundness,
preserve dataflow,
are complete for free-choice workflow nets, and
are as few and simple as possible.
E., Hoffmann: Reduction rules for Colored Workflow Nets, FASE 2016
E., Hoffmann, Saha: Polynomial Analysis Algorithms for Free-Choice Probabilistic Workflow Nets, QEST 16
E., Muscholl, Walukiewicz: Static Analysis of Deterministic Negotiations, to appear in LICS 17

41. Inspiration: Rules for sequential programs

42. Abstract description of a coloured transition

43. The new rules: Merge rule
Merge two transitions with the same input and output places into one
Red nodes may have other input and output transitions

44. The new rules: Merge rule
Simplified representation:

45. The new rules: Iteration rule
Move the effect of a loop to its exit transitions
Yellow places may have other input transitions

46. The new rules: Shortcut rule
Replace two consecutive transitions by one with the same effect.

47. The new rules: Shortcut rule II
Replace two consecutive transitions by one with the same effect.

48. The new rules: Shortcut rule II
Replace two consecutive transitions by one with the same effect.
Unclear in which sense this is a reduction rule.

49. The theorem
Theorem: There is an algorithm that reduces all (and only) sound free-choice coloured workflow nets to
𝑖→𝑅→𝑜
within a polynomial (cubic) number of rule applications.

50. An example

51. An example

52. An example

53. An example

54. An example

55. An example

56. An example

57. An example

58. An example

59. An example

60. An example

61. An example

62. An example

63. An example

64. An example

65. An example

66. An example

67. An example

68. The completeness proof …
… is surprisingly complex!

69. The completeness proof …
… is surprisingly complex!
First challenge: the (second) shortcut rule may loop.

70. The completeness proof …
… is surprisingly complex!
Second challenge: avoid exponentially many rule applications.

71. The completeness proof …
… is surprisingly complex!
Third challenge: reducing „loops“.
Synchronized loop
Non-synchronized loop

72. The completeness proof …
… is surprisingly complex!
Third challenge: reducing „loops“.
Synchronized loop
Non-synchronized loop
Theorem: Every loop of a sound free-choice workflow net is synchronized.

73. The algorithm

74. Experiments
Experiments on a suite of ca workflow nets [van Donguen et al., Fahland et al.]
Sound free-choice workflows completely reduced within a linear number of rule applications
Unsound free-choice workflows reduced by about 70%

75. Quantitative Analysis of Workflow Nets
Most research has concentrated on capturing design errors.
Recent interest in quantitative analysis:
$$ Cost $$

76. Quantitative Analysis of Workflow Nets
Most research has concentrated on capturing design errors.
Recent interest in quantitative analysis:
$$ Cost $$

77. Adding costs 1 2 15 3 40 10

78. Adding probabilities

79. Conflict sets (non-trivial)
Adding probabilities
Conflict sets (non-trivial)
Conflict set: maximal set of transitions with at least one common input place

80. Adding probabilities 1 2 1 5 3 2
Gola: computed the expected cost

81. MDP semantics 2 3 1
Enabled conflict set picked by a nondeterministic scheduler.
Conflicts resolved probabilistically

82. MDP semantics 2 3 1

83. MDP semantics 2 3 1

84. MDP semantics 2 3 1

85. MDP semantics 2 3 1

86. MDP semantics 2 3 1

87. MDP semantics 2 3 1

88. MDP semantics 2 3 1

89. MDP semantics 2 3 1

90. MDP semantics 2 3 1

91. MDP semantics 2 3 1

92. MDP semantics 2 3 1

93. MDP semantics 2 3 1

94. MDP semantics 2 3 1

95. MDP semantics 2 3 1

96. MDP semantics 2 3 1

97. Expected cost
Executions can terminate successfully or deadlock.
Cost of a successful execution: sum of the costs of the fired transitions.
Cost of a deadlocked execution: infinite.
Probability of an execution under a scheduler: product of the probabilities of the transitions fired.
Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6

98. Expected cost
Executions can terminate successfully or deadlock.
Cost of a successful execution: sum of the costs of the fired transitions.
Cost of a deadlocked execution: infinite.
Probability of an execution under a scheduler: product of the probabilities of the transitions fired.
Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6

99. Expected cost
Executions can terminate successfully or deadlock.
Cost of a successful execution: sum of the costs of the fired transitions.
Cost of a deadlocked execution: infinite.
Probability of an execution under a scheduler: product of the probabilities of the transitions fired.
Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6

100. Expected cost
Executions can terminate successfully or deadlock.
Cost of a successful execution: sum of the costs of the fired transitions.
Cost of a deadlocked execution: infinite.
Probability of an execution under a scheduler: product of the probabilities of the transitions fired.
Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6

101. Computing expected cost
Theorem: The expected cost of a free-choice workflow net is independent of the scheduler. Heuristic: fix a scheduler and compute only the states of the Markov chain it generates. However: the MDP can still be exponentially larger than the workflow net .

102. Merge rule
Merge two transitions with the same input and output places into one
Red nodes may have other input and output transitions

103. Iteration rule Move the effect of a loop to its exit transitions
Yellow places may have other input transitions

104. Shortcut rule I
Replace two consecutive transitions by one with the same effect.

105. Shortcut rule II
Replace two consecutive transitions by one with the same effect.

106. An Example

107. An Example

108. An Example

109. An Example

110. An Example

111. An Example

112. An Example

113. An Example

114. An Example

115. An Example

116. An Example

117. Main result
Theorem: Every sound free-choice workflow net 𝑊 can be reduced to a 1-transition net with 𝑂( |𝑊| 3 ) rule applications.
Theorem: Let 𝑊 be a free-choice workflow net. There is an 𝑂( |𝑊| 3 ) algorithm that
reduces 𝑊 completely, in which case it is sound and the label of the unique transition gives the expected cost, or
does not reduce 𝑊 completely, in which case it is unsound and the expected cost is ∞.

118. Some experiments
Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]).
Questions:
Is the final marking reached with probability 1 ?
If so, which is the expected number of firings?
Standard laptop (i CPU, 1GB)

119. Some experiments
Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]).
Questions:
Is the final marking reached with probability 1 ?
If so, which is the expected number of firings?
Standard laptop (i CPU, 1GB)
PRISM
explicit
bdd
sparse
30s limit
1309 (353s)
636 (others MO)
638(others MO)
10m limit
10 6 states

120. Some experiments
Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]).
Questions:
Is the final marking reached with probability 1 ?
If so, which is the expected number of firings?
Standard laptop (i CPU, 1GB)
PRISM
explicit
bdd
sparse
30s limit
1309 (353s)
636 (others MO)
638(others MO)
10m limit
10 6 states
Reduction: 5s combined for all 1385 workflows, at most 20ms for a workflow.

121. Conclusions
New set of reduction rules that preserve dataflow, and is still complete for sound free-choice workflows.
Extension to the computation of expected cost (even parametric).
Only the combination of soundness and free-choiceness does the trick: Arbitrary free-choice workflows “as hard as” arbitrary workflows.
Experiments show no disadvantages w.r.t. the old set of rules.