The Biconnected Verification of Workflow Nets

1. The Biconnected Verification of Workflow Nets Cooperative Information Systems October 2010, Crete, Greece Artem Polyvyanyy Matthias Weidlich Mathias Weske

2. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Correctness of Process Models A process model is correct if and only if the corresponding workflow net is sound A sound workflow net always terminates properly and each transition can contribute to the completion of the net

3. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Research Problem: Correctness and Connectedness Soundness Connectedness To which extent … Strong Connectedness Theorem A net N for which there exists a marking M0, such that (N,M0) is live and bounded, is strongly connected Soundness Connectedness live and bounded short-circuit net Strong …

4. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity ■ A separating set of a graph is a set of elements, each a vertex or an edge, whose removal renders the graph disconnected ■ A graph is k-connected if it has no separating set of size k−1 ■ The vertex Cv (edge Ce) connectivity of a graph is the size of the smallest separating set composed of vertices (edges) Cv ≤ Ce

5. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity-based Decomposition (I) A k-connected graph can be decomposed into (k+1)-connected components If a connected graph has no separating sets, then the graph is complete

6. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity-based Decomposition (II) The connectivity-based graph decomposition produces separating sets, connected components, and their relations “ ” The derived structural information can be used for analysis purposes 1 2 3 4 1 2

7. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity-based Decomposition Framework (I) A graph is (n,e)-connected if there exists no set of n nodes and there exists no set of e edges, whose removal renders the graph disconnected An (n,e)-connected graph An (n1,e1)-connected graph can be decomposed into (n2,e2)-connected components

8. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity-based Decomposition Framework (II): Node vs. Edge Edge-based decomposition Node-based decomposition

9. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 Connectivity-based Decomposition Framework (III): Related Work O(|G|)* O(|G|n+e-1 )** single-entry- single-exit edge (SESE-edge) [Johnson et al 94] single-entry- single-exit node (SESE-node) [Tarjan and Valdes 80, Vanhatalo et al 08, Polyvyanyy et al 10] * |G| is the size of the graph ** n,e are parameters of the (n,e)-connected decomposition

10. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 0 The Biconnected Verification (I) 1. A WF-net can be sound only if all the cutvertices of the corresponding short-circuit net are places 2. Each biconnected WF-net of a WF-net is safe and sound, if and only if the WF- net is safe and sound

11. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 1 The Biconnected Verification (II) Transition t1 and the biconnected WF-net A3 constitute valuable diagnostic information: ■ t1 is never enabled ■ A3 is not sound (t4 is never enabled in A3)

12. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 2 Towards the Triconnected Verification The Refined Process Structure Tree The triconnected subnets Future work: How do separation pairs and triconnected subnets influence soundness?

13. Artem Polyvyanyy | Crete, Greece | October 2010 30.01.15 3 Conclusion ■ Connectivity-based decomposition is a stepwise approach to a discovery of structural information in WF-nets, i.e., separating sets, connected subnets, and their relations ■ Connectivity-based decomposition has various applications: Translation between process languages, control-flow and data-flow analysis, process comparison and merging, process abstraction, process comprehension, model layout, pattern application in process modeling, etc ■ In this work, we have investigated the relation between the connectivity property of a workflow net and its behavioral correctness (soundness) ■ In case of unsoundness, the method provides diagnostic information ■ The biconnected verification can be performed in linear time and requires linear space to the size of the WF-net, whereas more fine grained decomposition steps can be accomplished in low-polynomial time ■ Future Work: Follow the research agenda defined by the decomposition framework to obtain new results on behavioral correctness