![Page 1: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/1.jpg)
Methods for the specification and verification of business processes
MPB (6 cfu, 295AA)
Roberto Brunihttp://www.di.unipi.it/~bruni
13 - Analysis of WF nets
1
martedì 12 novembre 13
![Page 2: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/2.jpg)
Object
2
We study suitable soundness properties of Workflow nets
martedì 12 novembre 13
![Page 3: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/3.jpg)
Structural analysis
3
No entry / exit point for a case
no entry: when should the case start?no exit: when should the case end?
ruled out in workflow nets
martedì 12 novembre 13
![Page 4: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/4.jpg)
Structural analysis
4
Tasks t without incoming and/or outgoing arcs
no input: when should t be carried out?no output: t does not contribute to case completion
ruled out in workflow nets
martedì 12 novembre 13
![Page 5: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/5.jpg)
Structural analysis
5
Wrong decoration of transitions
split with only one outgoing arcjoin with only one incoming arcleft to designer responsibility
martedì 12 novembre 13
![Page 6: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/6.jpg)
Activity analysis
6
Dead tasks
Tasks that can never be carried outEach transitions lies on a path from i to o: not sufficient
can arise in workflow nets
martedì 12 novembre 13
![Page 7: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/7.jpg)
Token analysis
7
Some tokens left in the net after case completion
when a token is in the end place o the case should endcan arise in workflow nets
martedì 12 novembre 13
![Page 8: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/8.jpg)
Activity analysis
8
Activities still take place after case completion
it can be a (worse) consequence of the previous flawcan arise in workflow nets
martedì 12 novembre 13
![Page 9: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/9.jpg)
Token analysis
9
More than one token reach the end place
it can be a consequence of the above flawscan arise in workflow nets
martedì 12 novembre 13
![Page 10: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/10.jpg)
Net analysis
10
Deadlock (stop before producing output)
a case blocks without coming to an endcan arise in workflow nets
martedì 12 novembre 13
![Page 11: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/11.jpg)
Net analysis
11
Livelock (diverge without producing output)
a case is trapped in a cycle with no opportunity to endcan arise in workflow nets
martedì 12 novembre 13
![Page 12: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/12.jpg)
Remark
12
All the previous flaws are typical errors that can be detected
without any knowledge about the actual content of the Business Process
martedì 12 novembre 13
![Page 13: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/13.jpg)
Verification and validation
13
Verification aims to answer qualitative questionsIs there a deadlock possible?
Is it possible to successfully handle a specific case?Will all cases terminate eventually?
Is it possible to execute a certain task?
Validation is concerned with the relation between the model and the reality
How does a model fit log files?Which model does fit better?
martedì 12 novembre 13
![Page 14: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/14.jpg)
Verification by simulation
14
Test analysisTry and see if certain firing sequences are allowed by the
workflow net
Using WoPeD:Play (forward and backward) with net tokens
Record certain runs (to replay or explain)Randomly select alternatives
Problem: how to make sure that all possible runs have been examinated?
martedì 12 novembre 13
![Page 15: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/15.jpg)
Reachability analysis
15
Verification by inspectionAll possible runs of a workflow net are represented in its
Reachability Graph (if finite)
Using WoPeD:Total number of states is evident
(a single run does not necessarily visit all nodes)
End states are evident (no outgoing arc)
Easy to check if dangerous or undesired states can arise(e.g. the green-green states in the two-traffic-lights)
martedì 12 novembre 13
![Page 16: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/16.jpg)
16
Boundedness (for Nets)
Proposition:The reachability graph of a net is finite
if and only if
the net is bounded
martedì 12 novembre 13
![Page 17: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/17.jpg)
17
Boundedness (for Nets)
Proposition:A net is unbounded
if and only if
its reachability graph is not finite
martedì 12 novembre 13
![Page 18: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/18.jpg)
18
Coverability graph
A coverability graph is a finiteover-approximation of the reachability graph
It allows for markings with infinitely many tokens in one place (called extended bags)
B : P �⇥ N ⌅ {⇤}
martedì 12 novembre 13
![Page 19: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/19.jpg)
Suppose
M0t1�⇤ M1
t2�⇤ M2 ...ti�⇤ Mi ...
tj�⇤ Mj
with Mi ⇥ Mj
Let M = Mi and M ⇥ = Mj and L = M ⇥ �M
By the monotonicity Lemma we have, for any n ⌅ N:M ⇤� M + L ⇤� M + 2L ⇤� ... ⇤� M + nL
Hence all places p marked by L (i.e. if L(p) > 0) are unbounded19
Discover unbounded places
martedì 12 novembre 13
![Page 20: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/20.jpg)
20
Cover unbounded places
Idea:When computing the RG, if M ⇥ is found s.t.
M0 ⇤� M ⇤� M ⇥ with M ⇥ M ⇥
Add the extended bag B (instead of M ⇥) to the graph
where B(p) =
�M ⇥(p) if M ⇥(p)�M(p) = 0⌅ otherwise
martedì 12 novembre 13
![Page 21: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/21.jpg)
21
A few remarks
Idea: mark unbounded places by ⇧
Remind: M ⇤ M ⇥ means that M � M ⇥ � M ⌥= M ⇥, i.e.,1. for any p ⌃ P , M ⇥(p) ⇥ M(p)2. there exists at least one place q ⌃ P such that M ⇥(q) > M(q)
Remark:Requiring M0 ⌅� M ⌅� M ⇥ is di�erent thatrequiring M,M ⇥ ⌃ [M0
martedì 12 novembre 13
![Page 22: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/22.jpg)
22
Operations on extended bags
Inclusion: Let B,B� : P ⌅ N ⌥ {⇧}We write B ⇥ B� if for any p we haveB�(p) = ⇧ or B(p), B�(p) ⌃ N � B(p) ⇤ B�(p)
Sum: Let B,B� : P ⌅ N ⌥ {⇧}
(B +B�)(p) =
�⇧ if B(p) = ⇧ or B�(p) = ⇧B(p) +B�(p) if B(p), B�(p) ⌃ N
Di�erence: Let B : P ⌅ N ⌥ {⇧} and M : P ⌅ N with M ⇥ B
(B �M)(p) =
�⇧ if B(p) = ⇧B(p)�M(p) if B(p) ⌃ N
martedì 12 novembre 13
![Page 23: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/23.jpg)
23
Compute a coverability graph1. Initially N = { M0 } and A = ∅2. Take a bag B ∈ N and a transition t ∈ T such that
1. B enables t and there is no arc labelled t leaving from B
3. Let B' = B - •t + t•
4. Let Bc' such that for any p ∈ P 1. Bc'(p) = ω if there is a node B'' ∈ N such that
1. B'' ⊆ B', 2. B''(p) < B'(p)3. there is a direct path from B'' to B in the coverability graph
computed so far2. Bc'(p) = B'(p) otherwise
5. Add Bc' to N and (B,t,Bc') to A6. Repeat steps 2,3,4,5 until no new arc can be added
martedì 12 novembre 13
![Page 24: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/24.jpg)
Properties of coverability graphs
24
A coverability graph is always finite, but it is not always uniquely defined
(it depends on which B and t are selected at step 2)
Every firing sequence corresponds to a path in the CGthe converse is not necessarily true
Any path in a CG that visits only finite markings corresponds to a valid firing sequence
If the RG is finite, then it coincides with the CG
martedì 12 novembre 13
![Page 25: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/25.jpg)
Example
25
martedì 12 novembre 13
![Page 26: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/26.jpg)
Reachability analysis by coverability
26
All possible behaviours of a workflow net are represented in the Reachability Graph (if finite)
We use Coverability Graph when necessary (RG not finite)
martedì 12 novembre 13
![Page 27: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/27.jpg)
Exercise
27
Do you see any problem in the workflow net below?
martedì 12 novembre 13
![Page 28: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/28.jpg)
Exercise
28
Do you see any problem in the workflow net below?
martedì 12 novembre 13
![Page 29: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/29.jpg)
Exercise
29
Do you see any problem in the workflow net below?
martedì 12 novembre 13
![Page 30: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/30.jpg)
Exercise
30
Do you see any problem in the workflow net below?
martedì 12 novembre 13
![Page 31: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/31.jpg)
Exercise
31
Do you see any problem in the workflow net below?
martedì 12 novembre 13
![Page 32: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/32.jpg)
Exercise
32
Which problem(s) in the workflow net below?How would you redesign the business process?
martedì 12 novembre 13
![Page 33: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/33.jpg)
Soundness
33
martedì 12 novembre 13
![Page 34: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/34.jpg)
Soundness of Business Processes
34
martedì 12 novembre 13
![Page 35: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/35.jpg)
Soundness of Business Processes
35
A process is called sound if
1. it contains no unnecessary tasks
2. every case is always completed in full
3. no pending items are left after case completion
martedì 12 novembre 13
![Page 36: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/36.jpg)
36
BusinessProcess
i o
Soundness of Business Processes
martedì 12 novembre 13
![Page 37: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/37.jpg)
Soundness of Workflow nets
37
A workflow net is called sound if
1. for each transition t,
there is a marking M (reachable from i) that enables t
2. for each token put in place i,
one and only one token eventually appears in the place o
3. when a token is in place o, all other places are empty
martedì 12 novembre 13
![Page 38: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/38.jpg)
Fairness assumption
38
Remark:Condition 2 does not mean that iteration must be forbidden or bound
It says that from any reachable marking Mthere must be possible to reach o in some steps
Fairness assumption:A task cannot be postponed indefinitely
martedì 12 novembre 13
![Page 39: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/39.jpg)
1: no dead tasks
39
c14
start
t2c1
t1
t3c2 t4c3 t5c4 t6c5
c6
t7c7 t8c8
t9
c9
t11
c11
t12
c13
t13
c15 t14
c16
t15
c17
t16
c18
t10c10
c12
c20t17
t18
c22
t21 t21
t20
t19
c19
t22
c23
klaar
?
Reachable marking that enables the transition
martedì 12 novembre 13
![Page 40: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/40.jpg)
1: no dead tasks
40
The check must be repeated for each task
martedì 12 novembre 13
![Page 41: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/41.jpg)
2: option to complete
41
c14
start
t2c1
t1
t3c2 t4c3 t5c4 t6c5
c6
t7c7 t8c8
t9
c9
t11
c11
t12
c13
t13
c15 t14
c16
t15
c17
t16
c18
t10c10
c12
c20t17
t18
c22
t21 t21
t20
t19
c19
t22
c23
klaar
?
Able to produce one token in o
martedì 12 novembre 13
![Page 42: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/42.jpg)
2: option to complete
42
The check must be repeated for each reachable marking
martedì 12 novembre 13
![Page 43: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/43.jpg)
3: proper completion
43
c14
start
t2c1
t1
t3c2 t4c3 t5c4 t6c5
c6
t7c7 t8c8
t9
c9
t11
c11
t12
c13
t13
c15 t14
c16
t15
c17
t16
c18
t10c10
c12
c20t17
t18
c22
t21 t21
t20
t19
c19
t22
c23
klaar
?We should show that it is not a reachable marking
martedì 12 novembre 13
![Page 44: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/44.jpg)
3: proper completion
44
The check must be repeated for each marking Msuch that M(o) = 1
martedì 12 novembre 13
![Page 45: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/45.jpg)
45
Soundness, FormallyA workflow net is called sound if
no dead task no transition is dead
8t 2 T. 9M 2 [ i i. M t!
option to complete place o is eventually marked
8M 2 [ i i. 9M 0 2 [M i. M 0(o) � 1
proper completion when o is marked, no other token is left
8M 2 [ i i. M(o) � 1 ) M = o
martedì 12 novembre 13
![Page 46: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/46.jpg)
Dead, live or non-live
46
A remark about terminology:
t is dead: its firing is always ruled out
t is live: its firing can never be ruled out
t is non-live = its firing is possibly ruled out
martedì 12 novembre 13
![Page 47: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/47.jpg)
Brute-force analysis
47
First, check if the Petri net is a workflow neteasy "syntactic" check
Second, check soundness (more involved)build the Reachability Graph
to check 1: for each transition t there must be an arc in the RG that is labelled with t
to check 2&3: the RG must have only one final state (sink) and it must consists of one token in o
martedì 12 novembre 13
![Page 48: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/48.jpg)
Some Pragmatic Considerations
48
All checks can better be done automatically (computer aided)
but nevertheless RG construction...1. can be computationally expensive for large nets
(because of state explosion)2. provides little support in repairing unsound processes
3. can be infinite (CG can be used, but it is not exact)
martedì 12 novembre 13
![Page 49: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/49.jpg)
N*
49
martedì 12 novembre 13
![Page 50: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/50.jpg)
Advanced support
50
Translate soundness to other well-known properties that can be checked more efficiently:
boundedness and liveness
martedì 12 novembre 13
![Page 51: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/51.jpg)
51
BusinessProcess
i o
Play once
martedì 12 novembre 13
![Page 52: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/52.jpg)
52
BusinessProcess
i o
reset
Play Twice
martedì 12 novembre 13
![Page 53: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/53.jpg)
From N to N*
53
martedì 12 novembre 13
![Page 54: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/54.jpg)
MAIN THEOREM
54
Let us denote by N : i � o a workflow netwith entry place i and exit place o
Let N� be the net obtained by adding the ”reset” transition to Nreset : o � i
Theorem:N is sound i� N� is live and bounded
martedì 12 novembre 13
![Page 55: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/55.jpg)
Proof of MAIN THEOREM (1)
55
N� live and bounded implies N sound:
Since N� is live: for each t ⌅ T there is M ⌅ [ i ⇧. M t⇤
Take any M ⌅ [ i ⇧ enabling reset : o ⇤ i, hence M ⇥ o
Let Mreset�⇤ M ⇥. Then M ⇥ ⌅ [ i ⇧ and M ⇥ ⇥ i
Since N� is bound, it must be M ⇥ = i (and M = o)Otherwise all places marked by M ⇥ � i = M � o would be unbounded
Hence N� just allows multiple runs of N :”option to complete” and ”proper completion” hold (see above)”no dead task” holds because N� is live
martedì 12 novembre 13
![Page 56: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/56.jpg)
A technical lemma
56
Lemma:If N is sound, M is reachable in N i� M is reachable in N⇥
⌅) straightforward
⇤) Let i��⇥ M in N⇥ for � = t1t2...tn
We proceed by induction on the number r of instances of reset in �If r = 0, then reset does not occur in � and M is reachable in NIf r > 0, let k be the least index such that tk = resetLet � = �⇤tk�⇤⇤ with �⇤ = t1t2...tk�1 fireable in N
Since N is sound: i���⇥ o and i
����⇥ M
Since �⇤⇤ contains r � 1 instances of reset :by inductive hypothesis M is reachable in N
martedì 12 novembre 13
![Page 57: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/57.jpg)
Proof of MAIN THEOREM (2)
57
N sound implies N� bounded :We proceed by contradiction, assuming N� is unbounded
Since N� is unbounded:⌃M,M ⇥ such that i ⇤� M ⇤� M ⇥ with M ⇥ M ⇥
Let L = M ⇥ �M ⇧= ⌥
Since N is sound:⌃� ⌅ T � such that M
�⇤ o
By the monotonicity Lemma: M ⇥ �⇤ o+ L and thus o+ L ⌅ [ i �Which is absurd, because N is sound
martedì 12 novembre 13
![Page 58: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/58.jpg)
Proof of MAIN THEOREM (3)
58
N sound implies N� live:Take any transition t and let M be a marking reachable in N�
By the technical lemma, M is reachable in N
Since N is sound: ⌅� ⇤ T � with M��⇥ o
Since N is sound: ⌅�⇥ ⇤ T � with i���⇥ M ⇥ and M ⇥ t⇥
Let �⇥⇥ = � reset �⇥, then:
M����⇥ M ⇥ in N� and M ⇥ t⇥
martedì 12 novembre 13
![Page 59: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/59.jpg)
Exercise
59
Use some tools to check if the net below is a sound workflow net or not
martedì 12 novembre 13
![Page 60: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/60.jpg)
Exercise
60
Use some tools to check if the net below is a sound workflow net or not
martedì 12 novembre 13
![Page 61: Methods for the specification and verification of business processes …didawiki.cli.di.unipi.it/.../mpb/13-wfnets-analysis.pdf · 2013. 11. 12. · nets 37 A workflow net is called](https://reader033.vdocuments.mx/reader033/viewer/2022060910/60a51df314a0bc05e3305a1e/html5/thumbnails/61.jpg)
Exercise
61
Analyse the following net
martedì 12 novembre 13