Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Online Monitoring
of Business Constraints and Metaconstraints
Using LTL and LDL over Finite Traces
Based on our BPM2014 Pa...
Data-Awareness in Dynamic Systems
Traditional approach to model dynamic systems: divide et impera of
• static, data-relate...
Compliance Checking
Behaviors Compliance Checker
Regulatory Model
Feedback
Our setting:
• Behaviors are BP execution trace...
Key Dimensions
How to model traces?
When is compliance checked?
How to capture the regulatory model?
Marco Montali (unibz)...
How to Model Traces?
Two choices: finite vs infinite.
• A business process instance is expected to end.
• Hence, traces are ...
When is compliance checked?
Design-time.
A-posteriori.
Runtime.
Marco Montali (unibz) Monitoring Business Constraints UNI....
When is compliance checked?
Design-time.
• Traces generated from a process model (cf. temporal model checking).
• Too coar...
When is compliance checked?
Design-time.
A-posteriori.
• Traces extracted from an event log.
• Can only detect issues: no ...
When is compliance checked?
Design-time.
A-posteriori.
Runtime.
• Partial, evolving traces.
• Constant feedback to people....
How to Capture the Regulatory Model?
We want precision and understanding: logics!
We want to predicate about the (un)desir...
How to Capture the Regulatory Model?
We want precision and understanding: logics!
We want to predicate about the (un)desir...
Declarative Approach to Business Process Modeling -
Declare
Basic idea: Drop explicit representation of processes, and ltl...
Declare at a Glance
64 3 The ConDec Language
choose
item
pay
refuse
shipment
accept
shipment
deliver
receipt
0..1
accept
o...
Declare Patterns
Declare promotes the use of a controlled set of notable ltlf formulas
for process specification. [VanDerAa...
Parenthesis: the Subtlety of Finite Traces
Linear Temporal Logic (ltl) ubiquitous in AI and CS
However:
• Sometimes we int...
Parenthesis: the Subtlety of Finite Traces
Linear Temporal Logic (ltl) ubiquitous in AI and CS
However:
• Sometimes we int...
Parenthesis: the Subtlety of Finite Traces
Linear Temporal Logic (ltl) ubiquitous in AI and CS
However:
• Sometimes we int...
Parenthesis: the Subtlety of Finite Traces
Linear Temporal Logic (ltl) ubiquitous in AI and CS
However:
• Sometimes we int...
Parenthesis: the Subtlety of Finite Traces
Linear Temporal Logic (ltl) ubiquitous in AI and CS
However:
• Sometimes we int...
Blurring of ltl and ltlf
From [Edelkamp2006]
We can cast the Büchi automaton as an NFA, which accepts a word if it
termina...
Blurring of ltl and ltlf
Are these appealing intuitions correct?
Marco Montali (unibz) Monitoring Business Constraints UNI...
Blurring of ltl and ltlf
Are these appealing intuitions correct? NO!
Marco Montali (unibz) Monitoring Business Constraints...
Blurring of ltl and ltlf
Are these appealing intuitions correct? NO!
But why do they seem reasonable and were adopted for ...
Blurring of ltl and ltlf
Are these appealing intuitions correct? NO!
But why do they seem reasonable and were adopted for ...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Marco Montali (unibz) Monitoring Business Constrain...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider the following formula:
2(A → 3B) ∧...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider the following formula:
2(A → 3B) ∧...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider the following formula:
2(A → 3B) ∧...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider the following formula:
2(A → 3B) ∧...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider the following formula:
2(A → 3B) ∧...
ltl over finite traces
Assuming finite or infinite traces has big impact.
Example
Consider again the formula: 2(A → 3B) ∧ 2(B...
Process Mining
Marco Montali (unibz) Monitoring Business Constraints UNI.LU 16 / 42
Process Mining
Classicaly applied to post-mortem data.
Marco Montali (unibz) Monitoring Business Constraints UNI.LU 17 / 42
Operational Decision Support
Extension of classical process mining to current, live data.
Refined process mining framework...
Detecting Deviations
Auditing: find deviations between observed and expected behaviors.
e
o
e
ee
.
current
data
historic
da...
Detecting Deviations
Auditing: find deviations between observed and expected behaviors.
e
o
e
ee
.
current
data
historic
da...
On Promptness
Flight routes (thanks Claudio!)
• When the airplane takes off, it must eventually reach the destination airpo...
Boring Answer: Apparently Not
Reactive Monitor
• Checks the partial trace
observed so far.
• Suspends the judgment if no
c...
Boring Answer: Apparently Not
Reactive Monitor
• Checks the partial trace
observed so far.
• Suspends the judgment if no
c...
Prophetic Answer: YES
Proactive Monitor
• Checks the partial trace observed so far.
• Looks into the future(s).
Ciao
Marco...
Prophetic Answer: YES
Proactive Monitor
• Checks the partial trace observed so far.
• Looks into the future(s).
Ciao
Marco...
Prophetic Answer: YES
Proactive Monitor
• Checks the partial trace observed so far.
• Looks into the future(s).
Ciao
Marco...
Prophetic Answer: YES
Proactive Monitor
• Checks the partial trace observed so far.
• Looks into the future(s).
Ciao
Marco...
Logics on Finite Traces
Goal
Reasoning on finite partial traces and their finite suffixes.
Typical Solution: ltlf
Adopt LTL on...
Logics on Finite Traces
Goal
Reasoning on finite partial traces and their finite suffixes.
Typical Solution: ltlf
Adopt LTL on...
Problem #1: Monitoring
Proactive monitoring requires to refine the standard ltlf semantics.
RV-LTL
Given an LTL formula ϕ:
...
Problem #1: Monitoring
Proactive monitoring requires to refine the standard ltlf semantics.
RV-LTL
Given an LTL formula ϕ:
...
Problem #2: Contextual Business Constraints
Need for monitoring constraints only when specific circumstances hold.
• Compen...
Problem #2: Contextual Business Constraints
Need for monitoring constraints only when specific circumstances hold.
• Compen...
Suitability of the Constraint Specification Language
ltlf
FOL over
finite traces
Star-free
regular
expressions
Marco Montali...
Suitability of the Constraint Specification Language
ltlf
MSOL over
finite traces
FOL over
finite traces
Regular
expressions
...
Suitability of the Constraint Specification Language
ltlf
MSOL over
finite traces
FOL over
finite traces
Regular
expressions
...
Suitability of the Constraint Specification Language
ldlf
Linear Dynamic
Logic over
finite traces
ltlf
MSOL over
finite trace...
The Logic ldlf [De Giacomo&Vardi,IJCAI13]
Merges ltlf with regular expressions, through the syntax of Propositional
Dynami...
Runtime ldlf Monitors
Check partial trace π = e1, . . . , en against formula ϕ.
From ad-hoc techniques . . .
e1 . . . en |...
Runtime ldlf Monitors
Check partial trace π = e1, . . . , en against formula ϕ.
From ad-hoc techniques . . .
e1 . . . en |...
How is This Magic Possible?
Starting point: ltlf /ldlf formula ϕ and its RV semantics.
Marco Montali (unibz) Monitoring Bu...
How is This Magic Possible?
Starting point: ltlf /ldlf formula ϕ and its RV semantics.
1. Good and bad prefixes
• Lposs_goo...
How is This Magic Possible?
Starting point: ltlf /ldlf formula ϕ and its RV semantics.
1. Good and bad prefixes
• Lposs_goo...
How is This Black Magic Possible?
3. Prefixes as regular expressions
Every nfa can be expressed as a regular expression.
; ...
How is This Black Magic Possible?
3. Prefixes as regular expressions
Every nfa can be expressed as a regular expression.
; ...
How is This Black Magic Possible?
3. Prefixes as regular expressions
Every nfa can be expressed as a regular expression.
; ...
Monitoring declare with ldlf
Step 1. Good prefixes of declare patterns.
name notation pref possible RV states
existence
Exi...
Monitoring declare with ldlf
Step 1. Good prefixes of declare patterns.
name notation pref possible RV states
existence
Exi...
One Step Beyond: Metaconstraints
ldlf monitors are simply ldlf formulae.
They can be combined into more complex ldlf formu...
Compensation Constraints
• An order cannot be canceled anymore if it is closed.
ϕcanc = close order •−− • cancel order
• I...
Compensation Constraints
• An order cannot be canceled anymore if it is closed.
ϕcanc = close order •−− • cancel order
• I...
Metaconstraints Revisited
Business metaconstraint with temporal consequence
1. Take Φpre and Ψexp as before.
2. Compute ρ:...
Metaconstraints Revisited
Business metaconstraint with temporal consequence
1. Take Φpre and Ψexp as before.
2. Compute ρ:...
Compensation Revisited
• An order cannot be canceled anymore if it is closed.
ϕcanc = close order •−− • cancel order
• Aft...
Compensation Revisited
• An order cannot be canceled anymore if it is closed.
ϕcanc = close order •−− • cancel order
• Aft...
From ldlf to nfa
Direct calculation of nfa corresponding to ldlf formula ϕ
Algorithm
1: algorithm ldlf 2nfa()
2: input ltl...
Implemented in ProM!
Approach
1. Input ltlf /ldlf constraints and metaconstraints.
2. Produce the corresponding RV ldlf mo...
Colored Automata [BPM2011]
Ad-hoc technique for monitoring ltlf formulae according to RV-LTL.
1. Bulild a local automaton ...
Colored Automata
resulting in a complex or over-restrictive model.
Low_Risk
High_YieldMoney Stocks
Bonds
=
alternate
respo...
Correctness of Colored Automata
Why is coloring correct?
1. Take the ltlf formula ϕ of each business constraint constraint...
Conclusion
• Focus on finite traces.
• Avoid unneeded detour to infinite traces.
• ldlf : essentially, the maximal expressiv...
Marco Montali (unibz) Monitoring Business Constraints UNI.LU 42 / 42
Upcoming SlideShare
Loading in …5
×

UNI.LU Seminar Jan2015 - Montali - Online Monitoring of Business Constraints and Metaconstraints

127 views

Published on

Invited seminar on "Online Monitoring of Business Constraints and Metaconstraints using LTL and LDL over Finite Traces" given at the University of Luxembourg on January 16, 2015.

  • Be the first to comment

  • Be the first to like this

UNI.LU Seminar Jan2015 - Montali - Online Monitoring of Business Constraints and Metaconstraints

  1. 1. Online Monitoring of Business Constraints and Metaconstraints Using LTL and LDL over Finite Traces Based on our BPM2014 Paper Marco Montali KRDB Research Centre for Knowledge and Data Free University of Bozen-Bolzano Joint work with: G. De Giacomo, R. De Masellis, M. Grasso, F.M. Maggi Marco Montali (unibz) Monitoring Business Constraints UNI.LU 1 / 42
  2. 2. Data-Awareness in Dynamic Systems Traditional approach to model dynamic systems: divide et impera of • static, data-related aspects • dynamic, process/interaction-related aspects. Notable examples: • In BPM: data and business processes are conceptually isolated from each other, and only integrated at the implementation level. • In MAS: a plethora of logics for reasoning about the behavior of agents and their interaction, but completely neglecting the exchanged information. ; No coherent understanding of what the system is doing. Our ultimate goals 1. Provide formal models that simultaneously account for the system dynamics and the manipulation of data (databases/ontologies). 2. Devise logic-based techniques for the verification and monitoring of such integrated systems. This combination poses major challenges to verification. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 2 / 42
  3. 3. Compliance Checking Behaviors Compliance Checker Regulatory Model Feedback Our setting: • Behaviors are BP execution traces: linear sequences of atomic tasks. • Regulatory model: set of business constraints about the accepted dynamics. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 3 / 42
  4. 4. Key Dimensions How to model traces? When is compliance checked? How to capture the regulatory model? Marco Montali (unibz) Monitoring Business Constraints UNI.LU 4 / 42
  5. 5. How to Model Traces? Two choices: finite vs infinite. • A business process instance is expected to end. • Hence, traces are finite sequences of tasks. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 5 / 42
  6. 6. When is compliance checked? Design-time. A-posteriori. Runtime. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 6 / 42
  7. 7. When is compliance checked? Design-time. • Traces generated from a process model (cf. temporal model checking). • Too coarse-grained when the process model is only partially compliant. A-posteriori. Runtime. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 6 / 42
  8. 8. When is compliance checked? Design-time. A-posteriori. • Traces extracted from an event log. • Can only detect issues: no live support to people. Runtime. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 6 / 42
  9. 9. When is compliance checked? Design-time. A-posteriori. Runtime. • Partial, evolving traces. • Constant feedback to people. • Fine-grained notion of compliance (things may change). • A whole space of possibilities on the power of monitors. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 6 / 42
  10. 10. How to Capture the Regulatory Model? We want precision and understanding: logics! We want to predicate about the (un)desired BP dynamics. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 7 / 42
  11. 11. How to Capture the Regulatory Model? We want precision and understanding: logics! We want to predicate about the (un)desired BP dynamics. Hence: • Linear • Temporal/Dynamic Logics • over finite traces. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 7 / 42
  12. 12. Declarative Approach to Business Process Modeling - Declare Basic idea: Drop explicit representation of processes, and ltlf formulas specify the allowed (finite) traces. [VanDerAalstPesic06,ACM-TWEB10] 178 M. Pesic forbidden optional allowed possible (a) forbidden, optional and allowed in business processes (b) procedural workflow control-flow (c) declarative workflow constraints constraints constraints constraints Fig. 6.3 Declarative vs. procedural workflows the constraint-based approach can provide for all types of flexibility listed in the previous paragraph. A concrete implementation that enables creating decomposi-Marco Montali (unibz) Monitoring Business Constraints UNI.LU 8 / 42
  13. 13. Declare at a Glance 64 3 The ConDec Language choose item pay refuse shipment accept shipment deliver receipt 0..1 accept order close order cancel order refuse order C C C C S S S W W 0..1 Fig. 3.2. Complete ConDec model capturing the order management choreography Table 3.7. Some cognitive dimensions closeness of mapping Closeness of representation to domain abstraction Types and availability of abstraction mechanisms From [LNBIP-56]. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 9 / 42
  14. 14. Declare Patterns Declare promotes the use of a controlled set of notable ltlf formulas for process specification. [VanDerAalstPesic06,ACM-TWEB10] Example (Some Declare Patterns) name notation ltlf description Existence 1..∗ a 3a a must be executed at least once Resp. existence a •−−−− b 3a → 3b If a is executed, then b must be executed as well Response a •−−− b 2(a → 3b) Every time a is executed, b must be executed afterwards Precedence a −−− • b ¬b W a b can be executed only if a has been executed before Alt. Response a •=== b 2(a → ◦(¬a U b)) Every a must be followed by b, without any other a inbetween Chain Response a •=−=−=− b 2(a → ◦b) If a is executed then b must be executed next Chain Precedence a =−=−=− • b 2(◦b → a) Task b can be executed only immediately after a Not Coexistence a •−−−• b ¬(3a ∧ 3b) Only one among tasks a and b can be executed Neg. Succession a •−− • b 2(a → ¬3b) Task a cannot be followed by b, and b cannot be pre- ceded by a Marco Montali (unibz) Monitoring Business Constraints UNI.LU 10 / 42
  15. 15. Parenthesis: the Subtlety of Finite Traces Linear Temporal Logic (ltl) ubiquitous in AI and CS However: • Sometimes we interpret temporal logic on infinite traces as originally proposed [Pnueli1977]. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 11 / 42
  16. 16. Parenthesis: the Subtlety of Finite Traces Linear Temporal Logic (ltl) ubiquitous in AI and CS However: • Sometimes we interpret temporal logic on infinite traces as originally proposed [Pnueli1977]. • Sometimes we interpret temporal logic on finite traces [DeGiacomoVardi13]. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 11 / 42
  17. 17. Parenthesis: the Subtlety of Finite Traces Linear Temporal Logic (ltl) ubiquitous in AI and CS However: • Sometimes we interpret temporal logic on infinite traces as originally proposed [Pnueli1977]. • Sometimes we interpret temporal logic on finite traces [DeGiacomoVardi13]. • Often, we blur the distinction interpreting ltl on infinite or on finite traces. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 11 / 42
  18. 18. Parenthesis: the Subtlety of Finite Traces Linear Temporal Logic (ltl) ubiquitous in AI and CS However: • Sometimes we interpret temporal logic on infinite traces as originally proposed [Pnueli1977]. • Sometimes we interpret temporal logic on finite traces [DeGiacomoVardi13]. • Often, we blur the distinction interpreting ltl on infinite or on finite traces. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 11 / 42
  19. 19. Parenthesis: the Subtlety of Finite Traces Linear Temporal Logic (ltl) ubiquitous in AI and CS However: • Sometimes we interpret temporal logic on infinite traces as originally proposed [Pnueli1977]. • Sometimes we interpret temporal logic on finite traces [DeGiacomoVardi13]. • Often, we blur the distinction interpreting ltl on infinite or on finite traces. • Temporally extended goals - infinite/finite • Temporal constraints on trajectories - finite • Declarative and Procedural control knowledge on trajectories - finite • Temporal specification in planning domains - infinite • Planning via model checking - infinite • Declarative Business Processes Specification: Declare - finite Marco Montali (unibz) Monitoring Business Constraints UNI.LU 11 / 42
  20. 20. Blurring of ltl and ltlf From [Edelkamp2006] We can cast the Büchi automaton as an NFA, which accepts a word if it terminates in a final state. From [GereviniEtAl2009] Since PDDL 3.0 constraints are normally evaluated over finite trajectories, the Büchi acceptance condition “an accepting state is visited infinitely often”, reduces to the standard acceptance condition that the automaton is in an accepting state at the end of the trajectory. From [VanDerAalstPesic06] We use the original (ltl) algorithm, but we specify that each execution eventually ends. • We introduce an “invisible” activity end, the ending activity in the model. • We use this activity to specify that the service will end: 3end ∧ 2(end → ◦end)) Marco Montali (unibz) Monitoring Business Constraints UNI.LU 12 / 42
  21. 21. Blurring of ltl and ltlf Are these appealing intuitions correct? Marco Montali (unibz) Monitoring Business Constraints UNI.LU 13 / 42
  22. 22. Blurring of ltl and ltlf Are these appealing intuitions correct? NO! Marco Montali (unibz) Monitoring Business Constraints UNI.LU 13 / 42
  23. 23. Blurring of ltl and ltlf Are these appealing intuitions correct? NO! But why do they seem reasonable and were adopted for several years? Marco Montali (unibz) Monitoring Business Constraints UNI.LU 13 / 42
  24. 24. Blurring of ltl and ltlf Are these appealing intuitions correct? NO! But why do they seem reasonable and were adopted for several years? See [AAAI14] In summary: • For many widely used ltlf patterns, the intuition in [VanDerAalstPesic06] is indeed correct. • But it cannot be generalized to the entire logic. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 13 / 42
  25. 25. ltl over finite traces Assuming finite or infinite traces has big impact. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  26. 26. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider the following formula: 2(A → 3B) ∧ 2(B → 3A) Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  27. 27. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider the following formula: 2(A → 3B) ∧ 2(B → 3A) • On infinite traces: Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  28. 28. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider the following formula: 2(A → 3B) ∧ 2(B → 3A) • On infinite traces: ...A B A B ...A B Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  29. 29. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider the following formula: 2(A → 3B) ∧ 2(B → 3A) • On infinite traces: ...A B A B ...A B • On finite traces: Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  30. 30. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider the following formula: 2(A → 3B) ∧ 2(B → 3A) • On infinite traces: ...A B A B ...A B • On finite traces: A A B Marco Montali (unibz) Monitoring Business Constraints UNI.LU 14 / 42
  31. 31. ltl over finite traces Assuming finite or infinite traces has big impact. Example Consider again the formula: 2(A → 3B) ∧ 2(B → 3A) • Büchi automaton accepting its infinite traces: • NFA accepting its finite traces: Marco Montali (unibz) Monitoring Business Constraints UNI.LU 15 / 42
  32. 32. Process Mining Marco Montali (unibz) Monitoring Business Constraints UNI.LU 16 / 42
  33. 33. Process Mining Classicaly applied to post-mortem data. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 17 / 42
  34. 34. Operational Decision Support Extension of classical process mining to current, live data. Refined process mining framework PAGE information system(s) current data “world”people machines organizations business processes documents historic data resources/ organization data/rules control-flow de jure models resources/ organization data/rules control-flow de facto models provenance explore predict recommend detect check compare promote discover enhance diagnose cartographynavigation auditing event logs models “pre mortem” “post mortem” Marco Montali (unibz) Monitoring Business Constraints UNI.LU 18 / 42
  35. 35. Detecting Deviations Auditing: find deviations between observed and expected behaviors. e o e ee . current data historic data resources/ organization data/rules control-flow de jure models resources/ organization data/rules control-flow de facto models detect check compare promote auditing event logs models “pre mortem” “post mortem” Marco Montali (unibz) Monitoring Business Constraints UNI.LU 19 / 42
  36. 36. Detecting Deviations Auditing: find deviations between observed and expected behaviors. e o e ee . current data historic data resources/ organization data/rules control-flow de jure models resources/ organization data/rules control-flow de facto models detect check compare promote auditing event logs models “pre mortem” “post mortem” Our setting: Model Declarative business constraints. • E.g., Declare. Monitoring • Online, evolving observations. • Prompt deviation detection. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 19 / 42
  37. 37. On Promptness Flight routes (thanks Claudio!) • When the airplane takes off, it must eventually reach the destination airport. • When the airplane is re-routed, it cannot reach the destination airport anymore. • If a dangerous situation is detected at the destination, airplane must be re-routed. take-off reach re-route danger Question Consider trace: take-off danger Is there any deviation? Marco Montali (unibz) Monitoring Business Constraints UNI.LU 20 / 42
  38. 38. Boring Answer: Apparently Not Reactive Monitor • Checks the partial trace observed so far. • Suspends the judgment if no conclusive answer can be given. take-off reach re-route danger take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 21 / 42
  39. 39. Boring Answer: Apparently Not Reactive Monitor • Checks the partial trace observed so far. • Suspends the judgment if no conclusive answer can be given. take-off reach re-route danger take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 21 / 42
  40. 40. Prophetic Answer: YES Proactive Monitor • Checks the partial trace observed so far. • Looks into the future(s). Ciao Marco Montali (unibz) Monitoring take-off reach re-route danger take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 22 / 42
  41. 41. Prophetic Answer: YES Proactive Monitor • Checks the partial trace observed so far. • Looks into the future(s). Ciao Marco Montali (unibz) Monitoring take-off reach re-route danger take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 22 / 42
  42. 42. Prophetic Answer: YES Proactive Monitor • Checks the partial trace observed so far. • Looks into the future(s). Ciao Marco Montali (unibz) Monitoring take-off reach re-route danger take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 22 / 42
  43. 43. Prophetic Answer: YES Proactive Monitor • Checks the partial trace observed so far. • Looks into the future(s). Ciao Marco Montali (unibz) Monitoring 2(take-off → 3reach) ∧ ¬(3(reach) ∧ 3(re-route)) ∧ 2(danger → 3re-route) take-off danger Marco Montali (unibz) Monitoring Business Constraints UNI.LU 22 / 42
  44. 44. Logics on Finite Traces Goal Reasoning on finite partial traces and their finite suffixes. Typical Solution: ltlf Adopt LTL on finite traces and corresponding techniques based on Finite-State Automata.a a Not Büchi automata! Marco Montali (unibz) Monitoring Business Constraints UNI.LU 23 / 42
  45. 45. Logics on Finite Traces Goal Reasoning on finite partial traces and their finite suffixes. Typical Solution: ltlf Adopt LTL on finite traces and corresponding techniques based on Finite-State Automata.a a Not Büchi automata! Remember the difference, often neglected, between LTL on finite and infinite traces! See [AAAI2014] Marco Montali (unibz) Monitoring Business Constraints UNI.LU 23 / 42
  46. 46. Problem #1: Monitoring Proactive monitoring requires to refine the standard ltlf semantics. RV-LTL Given an LTL formula ϕ: • [ϕ]RV = true ; OK; • [ϕ]RV = false ; BAD; • [ϕ]RV = temp_true ; OK now, could become BAD in the future; • [ϕ]RV = temp_false ; BAD now, could become OK in the future. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 24 / 42
  47. 47. Problem #1: Monitoring Proactive monitoring requires to refine the standard ltlf semantics. RV-LTL Given an LTL formula ϕ: • [ϕ]RV = true ; OK; • [ϕ]RV = false ; BAD; • [ϕ]RV = temp_true ; OK now, could become BAD in the future; • [ϕ]RV = temp_false ; BAD now, could become OK in the future. However. . . • Typically studied on infinite traces: detour to Büchi automata. • Only ad-hoc techniques on finite traces [BPM2011]. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 24 / 42
  48. 48. Problem #2: Contextual Business Constraints Need for monitoring constraints only when specific circumstances hold. • Compensation constraints. • Contrary-do-duty “expectations” (yes, I’m scared about obligations). • . . . Marco Montali (unibz) Monitoring Business Constraints UNI.LU 25 / 42
  49. 49. Problem #2: Contextual Business Constraints Need for monitoring constraints only when specific circumstances hold. • Compensation constraints. • Contrary-do-duty “expectations” (yes, I’m scared about obligations). • . . . However. . . • Cannot be systematically captured at the level of constraint specification. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 25 / 42
  50. 50. Suitability of the Constraint Specification Language ltlf FOL over finite traces Star-free regular expressions Marco Montali (unibz) Monitoring Business Constraints UNI.LU 26 / 42
  51. 51. Suitability of the Constraint Specification Language ltlf MSOL over finite traces FOL over finite traces Regular expressions Star-free regular expressions Marco Montali (unibz) Monitoring Business Constraints UNI.LU 26 / 42
  52. 52. Suitability of the Constraint Specification Language ltlf MSOL over finite traces FOL over finite traces Regular expressions Star-free regular expressions pspace complexity Nondet. finite-state automata (nfa) • ltlf : declarative, but lacking expressiveness. • Regular expressions: rich formalism, but low-level. (t)ake-off (r)each ((r|other)∗ (t(t|other)∗ r)(r|other)∗ )∗ Marco Montali (unibz) Monitoring Business Constraints UNI.LU 26 / 42
  53. 53. Suitability of the Constraint Specification Language ldlf Linear Dynamic Logic over finite traces ltlf MSOL over finite traces FOL over finite traces Regular expressions Star-free regular expressions pspace complexity Nondet. finite-state automata (nfa) • ltlf : declarative, but lacking expressiveness. • Regular expressions: rich formalism, but low-level. (t)ake-off (r)each ((r|other)∗ (t(t|other)∗ r)(r|other)∗ )∗ • ldlf : combines the best of the two! Marco Montali (unibz) Monitoring Business Constraints UNI.LU 26 / 42
  54. 54. The Logic ldlf [De Giacomo&Vardi,IJCAI13] Merges ltlf with regular expressions, through the syntax of Propositional Dynamic Logic (PDL): ϕ ::= φ | tt | ff | ¬ϕ | ϕ1 ∧ ϕ2 | ρ ϕ | [ρ]ϕ ρ ::= φ | ϕ? | ρ1 + ρ2 | ρ1; ρ2 | ρ∗ ϕ: ltlf part; ρ: regular expression part. They mutually refer to each other: • ρ ϕ states that, from the current step in the trace, there is an execution satisfying ρ such that its last step satisfies ϕ. • [ρ]ϕ states that, from the current step in the trace, all execution satisfying ρ are such that their last step satisfies ϕ. • ϕ? checks whether ϕ is true in the current step and, if so, continues to evaluate the remaining execution. Of special interest is end = [true?]ff , to check whether the trace has been completed (the remaining trace is the empty one). Marco Montali (unibz) Monitoring Business Constraints UNI.LU 27 / 42
  55. 55. Runtime ldlf Monitors Check partial trace π = e1, . . . , en against formula ϕ. From ad-hoc techniques . . . e1 . . . en |= ϕ RV =    temp_true temp_false true false Marco Montali (unibz) Monitoring Business Constraints UNI.LU 28 / 42
  56. 56. Runtime ldlf Monitors Check partial trace π = e1, . . . , en against formula ϕ. From ad-hoc techniques . . . e1 . . . en |= ϕ RV =    temp_true temp_false true false . . . To standard techniques e1 . . . en |=    ϕtemp_true ϕtemp_false ϕtrue ϕfalse Marco Montali (unibz) Monitoring Business Constraints UNI.LU 28 / 42
  57. 57. How is This Magic Possible? Starting point: ltlf /ldlf formula ϕ and its RV semantics. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 29 / 42
  58. 58. How is This Magic Possible? Starting point: ltlf /ldlf formula ϕ and its RV semantics. 1. Good and bad prefixes • Lposs_good(ϕ) = {π | ∃π .ππ ∈ L(ϕ)} • Lnec_good(ϕ) = {π | ∀π .ππ ∈ L(ϕ)} • Lnec_bad(ϕ) = Lnec_good(¬ϕ) = {π | ∀π .ππ ∈ L(ϕ)} Marco Montali (unibz) Monitoring Business Constraints UNI.LU 29 / 42
  59. 59. How is This Magic Possible? Starting point: ltlf /ldlf formula ϕ and its RV semantics. 1. Good and bad prefixes • Lposs_good(ϕ) = {π | ∃π .ππ ∈ L(ϕ)} • Lnec_good(ϕ) = {π | ∀π .ππ ∈ L(ϕ)} • Lnec_bad(ϕ) = Lnec_good(¬ϕ) = {π | ∀π .ππ ∈ L(ϕ)} 2. RV-LTL values as prefixes • π |= [ϕ]RV = true iff π ∈ Lnec_good(ϕ); • π |= [ϕ]RV = false iff π ∈ Lnec_bad(ϕ); • π |= [ϕ]RV = temp_true iff π ∈ L(ϕ) Lnec_good(ϕ); • π |= [ϕ]RV = temp_false iff π ∈ L(¬ϕ) Lnec_bad(ϕ). Marco Montali (unibz) Monitoring Business Constraints UNI.LU 29 / 42
  60. 60. How is This Black Magic Possible? 3. Prefixes as regular expressions Every nfa can be expressed as a regular expression. ; We can build regular expression prefϕ s.t. L(prefϕ) = Lposs_good(ϕ). Marco Montali (unibz) Monitoring Business Constraints UNI.LU 30 / 42
  61. 61. How is This Black Magic Possible? 3. Prefixes as regular expressions Every nfa can be expressed as a regular expression. ; We can build regular expression prefϕ s.t. L(prefϕ) = Lposs_good(ϕ). 4. Regular expressions can be immersed into ldlf Hence: π ∈ Lposs_good(ϕ) iff π |= prefϕ end π ∈ Lnec_good(ϕ) iff π |= prefϕ end ∧ ¬ pref¬ϕ end Marco Montali (unibz) Monitoring Business Constraints UNI.LU 30 / 42
  62. 62. How is This Black Magic Possible? 3. Prefixes as regular expressions Every nfa can be expressed as a regular expression. ; We can build regular expression prefϕ s.t. L(prefϕ) = Lposs_good(ϕ). 4. Regular expressions can be immersed into ldlf Hence: π ∈ Lposs_good(ϕ) iff π |= prefϕ end π ∈ Lnec_good(ϕ) iff π |= prefϕ end ∧ ¬ pref¬ϕ end 5. RV-LTL can be immersed into ldlf ! • π |= [ϕ]RV = true iff prefϕ end ∧ ¬ pref¬ϕ end; • π |= [ϕ]RV = false iff pref¬ϕ end ∧ ¬ prefϕ end; • π |= [ϕ]RV = temp_true iff π |= ϕ ∧ pref¬ϕ end; • π |= [ϕ]RV = temp_false iff π |= ¬ϕ ∧ prefϕ end. Ending point: 4 ldlf monitor formulae under standard semantics. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 30 / 42
  63. 63. Monitoring declare with ldlf Step 1. Good prefixes of declare patterns. name notation pref possible RV states existence Existence 1..∗ a (a + o)∗ temp_false, true Absence 2 0..1 a o∗ + (o∗; a; o∗) temp_true, false choice Choice a −− ♦ −− b (a + b + o)∗ temp_false, true Exclusive Choice a −− −− b (a + o)∗ + (b + o)∗ temp_false, temp_true, false relation Resp. existence a •−−−− b (a + b + o)∗ temp_true, temp_false, true Response a •−−− b (a + b + o)∗ temp_true, temp_false Precedence a −−− • b o∗; (a; (a + b + o)∗)∗ temp_true, true, false negation Not Coexistence a •−−−• b (a + o)∗ + (b + o)∗ temp_true, false Neg. Succession a •−− • b (b + o)∗; (a + o)∗ temp_true, false Marco Montali (unibz) Monitoring Business Constraints UNI.LU 31 / 42
  64. 64. Monitoring declare with ldlf Step 1. Good prefixes of declare patterns. name notation pref possible RV states existence Existence 1..∗ a (a + o)∗ temp_false, true Absence 2 0..1 a o∗ + (o∗; a; o∗) temp_true, false choice Choice a −− ♦ −− b (a + b + o)∗ temp_false, true Exclusive Choice a −− −− b (a + o)∗ + (b + o)∗ temp_false, temp_true, false relation Resp. existence a •−−−− b (a + b + o)∗ temp_true, temp_false, true Response a •−−− b (a + b + o)∗ temp_true, temp_false Precedence a −−− • b o∗; (a; (a + b + o)∗)∗ temp_true, true, false negation Not Coexistence a •−−−• b (a + o)∗ + (b + o)∗ temp_true, false Neg. Succession a •−− • b (b + o)∗; (a + o)∗ temp_true, false Step 2. Generate ldlf monitors. • Local monitors: 1 formula for possible RV constraint state. • Global monitors: 4 RV formulae for the conjunction of all constraints. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 31 / 42
  65. 65. One Step Beyond: Metaconstraints ldlf monitors are simply ldlf formulae. They can be combined into more complex ldlf formulae! • E.g., expressing conditional/contextual monitoring. Business metaconstraint An ldlf formula of the form Φpre → Ψexp • Φpre combines membership assertions of business constraints to their RV truth values. • Ψexp combines business constraints to be checked when Φpre holds. ldlf metaconstraint monitors • Φpre → Ψexp is a standard ldlf formula. • Hence, just reapply our technique and get the 4 ldlf monitors. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 32 / 42
  66. 66. Compensation Constraints • An order cannot be canceled anymore if it is closed. ϕcanc = close order •−− • cancel order • If this happens, then the customer has to pay a supplement: ϕdopay = 1..∗ pay supplement • Formally: {[ϕcanc]RV = false} → ϕdopay • In ldlf : ( pref¬ϕcanc end ∧ ¬ prefϕcanc end) → ϕdopay Marco Montali (unibz) Monitoring Business Constraints UNI.LU 33 / 42
  67. 67. Compensation Constraints • An order cannot be canceled anymore if it is closed. ϕcanc = close order •−− • cancel order • If this happens, then the customer has to pay a supplement: ϕdopay = 1..∗ pay supplement • Formally: {[ϕcanc]RV = false} → ϕdopay • In ldlf : ( pref¬ϕcanc end ∧ ¬ prefϕcanc end) → ϕdopay Observation When the violation occurs, the compensation is monitored from the beginning of the trace: OK to “compensate in advance”. • Trace close order → pay supplement → cancel order is OK. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 33 / 42
  68. 68. Metaconstraints Revisited Business metaconstraint with temporal consequence 1. Take Φpre and Ψexp as before. 2. Compute ρ: regular expression denoting those paths that satisfy Φpre 3. Make ρ part of the compensation: Φpre→ [ρ] Ψexp Marco Montali (unibz) Monitoring Business Constraints UNI.LU 34 / 42
  69. 69. Metaconstraints Revisited Business metaconstraint with temporal consequence 1. Take Φpre and Ψexp as before. 2. Compute ρ: regular expression denoting those paths that satisfy Φpre 3. Make ρ part of the compensation: Φpre→ [ρ] Ψexp Ψexp has now to be enforced after Φpre becomes true. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 34 / 42
  70. 70. Compensation Revisited • An order cannot be canceled anymore if it is closed. ϕcanc = close order •−− • cancel order • After this happens, then the customer has to pay a supplement: ϕdopay = 1..∗ pay supplement • Formally: {[ϕcanc]RV = false}→ [re{[ϕcanc]RV =false}] ϕdopay Marco Montali (unibz) Monitoring Business Constraints UNI.LU 35 / 42
  71. 71. Compensation Revisited • An order cannot be canceled anymore if it is closed. ϕcanc = close order •−− • cancel order • After this happens, then the customer has to pay a supplement: ϕdopay = 1..∗ pay supplement • Formally: {[ϕcanc]RV = false}→ [re{[ϕcanc]RV =false}] ϕdopay All traces violating ϕcanc Marco Montali (unibz) Monitoring Business Constraints UNI.LU 35 / 42
  72. 72. From ldlf to nfa Direct calculation of nfa corresponding to ldlf formula ϕ Algorithm 1: algorithm ldlf 2nfa() 2: input ltlf formula ϕ 3: output nfa Aϕ = (2P , S, {s0}, , {sf }) 4: s0 ← {"ϕ"} single initial state 5: sf ← ∅ single final state 6: S ← {s0, sf }, ← ∅ 7: while (S or change) do 8: if (q ∈ S and q |= ("ψ"∈q) δ("ψ", Θ)) 9: S ← S ∪ {q } update set of states 10: ← ∪ {(q, Θ, q )} update transition relation Note • Standard nfa. • No detour to Büchi automata. • Easy to code. • Implemented! Auxiliary rules δ("tt", Π) = true δ("ff ", Π) = false δ("φ", Π) = true if Π |= φ false if Π |= φ (φ propositional) δ("ϕ1 ∧ ϕ2", Π) = δ("ϕ1", Π) ∧ δ("ϕ2", Π) δ("ϕ1 ∨ ϕ2", Π) = δ("ϕ1", Π) ∨ δ("ϕ2", Π) δ(" φ ϕ", Π) =    "ϕ" if last ∈ Π and Π |= φ (φ propositional) δ("ϕ", ) if last ∈ Π and Π |= φ false if Π |= φ δ(" ψ? ϕ", Π) = δ("ψ", Π) ∧ δ("ϕ", Π) δ(" ρ1 + ρ2 ϕ", Π) = δ(" ρ1 ϕ", Π) ∨ δ(" ρ2 ϕ", Π) δ(" ρ1; ρ2 ϕ", Π) = δ(" ρ1 ρ2 ϕ", Π) δ(" ρ∗ ϕ", Π) = δ("ϕ", Π) if ρ is test-only δ("ϕ", Π) ∨ δ(" ρ ρ∗ ϕ", Π) o/w δ("[φ]ϕ", Π) =    "ϕ" if last ∈ Π and Π |= φ (φ propositional) δ("ϕ", ) if last ∈ Π and Π |= φ (φ propositional) true if Π |= φ δ("[ψ?]ϕ", Π) = δ("nnf (¬ψ)", Π) ∨ δ("ϕ", Π) δ("[ρ1 + ρ2]ϕ", Π) = δ("[ρ1]ϕ", Π) ∧ δ("[ρ2]ϕ", Π) δ("[ρ1; ρ2]ϕ", Π) = δ("[ρ1][ρ2]ϕ", Π) δ("[ρ∗ ]ϕ", Π) = δ("ϕ", Π) if ρ is test-only δ("ϕ", Π) ∧ δ("[ρ][ρ∗]ϕ", Π) o/w Marco Montali (unibz) Monitoring Business Constraints UNI.LU 36 / 42
  73. 73. Implemented in ProM! Approach 1. Input ltlf /ldlf constraints and metaconstraints. 2. Produce the corresponding RV ldlf monitoring formulae. 3. Apply the direct algorithm and get the corresponding nfas. 4. (Incrementally) run nfas the monitored trace. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 37 / 42
  74. 74. Colored Automata [BPM2011] Ad-hoc technique for monitoring ltlf formulae according to RV-LTL. 1. Bulild a local automaton for each of the business constraints. 2. Color states of each local automaton according to the 4 RV-LTL truth values. 3. Combine colored automata into a global colored automaton. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 38 / 42
  75. 75. Colored Automata resulting in a complex or over-restrictive model. Low_Risk High_YieldMoney Stocks Bonds = alternate response response precedence not co-existence Fig. 1. Reference Model 000 (N)(P)(R) 001 (N)(P)r M 010 (N)(R) C 202 (N)(P)R E 320 (N)P(R) S 011 (N)r C E 321 (N)Pr S M 212 (N)R E 310 (N)(R) S E 311 (N)r S 112 R 122 PR S C S E M E E M E Marco Montali (unibz) Monitoring Business Constraints UNI.LU 39 / 42
  76. 76. Correctness of Colored Automata Why is coloring correct? 1. Take the ltlf formula ϕ of each business constraint constraint. 2. Produce the 4 corresponding ldlf monitoring formulae. 3. Generate the 4 corresponding nfas. 4. Determinize them ; they are identical but with = acceptance states! 5. Hence they can be combined into a unique colored local dfa. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 40 / 42
  77. 77. Conclusion • Focus on finite traces. • Avoid unneeded detour to infinite traces. • ldlf : essentially, the maximal expressive logic for finite traces with good computational properties (≡ MSO). • Monitoring is a key problem. • ldlf goes far beyond declare. • ldlf captures monitors directly as formulae. Clean. Meta-constraints. • Implemented in ProM! Future work: declarative, data-aware processes. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 41 / 42
  78. 78. Marco Montali (unibz) Monitoring Business Constraints UNI.LU 42 / 42

×