Cooking with Data and Processes

x
Cooking
with data and
processes
Marco Montali
Free University of Bozen-Bolzano
credits to

Andy Rivkin

2
Management
[models]
Workers
[reality]
Experience Dichotomy

3
Management Dichotomy
Business
[decision making]
IT
[infrastructure]

4
Expertise Dichotomy
Master Data
Management
Business Process
Management

Travel Reimbursement
Financial
accounting
review
Employee
prepare
travel request
prepare
reimbursement
request
request
info
send
result
Travel
log data

Travel Reimbursement
Financial
accounting
review
Employee
prepare
travel request
prepare
reimbursement
request
request
info
send
result
Travel
log data
Persistent
data
Local, case
data
External
inputs

General Recipe
• Explicit control-ﬂow

• Local data (case perspective)

• Global data (persistent storage)

• Updatable global data

• External inputs

• Support of automated analysis
“REAL” PROCESS

Why Automated Analysis?
• Classical motivations

• Multi-perspective process discovery

• Typical approach: different perspectives mined with
different techniques

• A-posteriori recombination

• No guarantee of overall correctness

• Verification in the loop!

Formal Veriﬁcation
The Conventional, Propositional Case
Process control-ﬂow
(Un)desired property
Abstract model underlying variants of artifact-centric systems.
Semantically equivalent to the most expressive models for business proc
systems (e.g., GSM).
Data Process Data+Process
Data Layer: Relational databases / ontologies
Data schema, specifying constraints on the allowed states
Data instance: state of the DCDS
Process Layer: key elements are
Atomic actions
Condition-action-rules for application of actions
Service calls: communication with external environment, new data!
alvanese (FUB) Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016

Finite-state
transition
system
Propositional
temporal formula|=
Process control-ﬂow
Atomic actions

Finite-state
transition
system
Propositional
temporal formula|=
Process control-ﬂow Veriﬁcation
via model checking
2007 Turing award:
Clarke, Emerson, Sifakis
Atomic actions

The Data-Aware Case
Data-aware process
el underlying variants of artifact-centric systems.
quivalent to the most expressive models for business process
GSM).
elational databases / ontologies
ma, specifying constraints on the allowed states
nce: state of the DCDS
key elements are
tions
action-rules for application of actions
alls: communication with external environment, new data!
Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016 (24/1)

First-order
temporal formula|=
Inﬁnite-state, relational
transition system [Vardi 2005]
GSM).
key elements are
tions
Data-aware process
The Data-Aware Case

First-order
temporal formula|=
?
Inﬁnite-state, relational
transition system [Vardi 2005]
GSM).
key elements are
tions
Data-aware process
The Data-Aware Case

Why FO Temporal Logics
• To inspect data: FO queries
• To capture system dynamics: temporal modalities
• To track the evolution of objects: FO
quantiﬁcation across states

• Example: It is always the case that if an order is
order, then that order is eventually either
cancelled, or paid and then delivered
• N.B.: the interplay between FO quantiﬁcation and
temporal modalities is subtle!

BPMNProcesses and Data
The process model
The data model
Modeling and In-Database Management of Relational, Data-Aware Processes
start
Start
Workﬂow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workﬂow
rejected
end
Pending
ID: int empl : string dest : string
Accepted
ID :int empl : string dest : string cost : int
Rejected
ID : int empl : string dest : string
TrvlMaxAmnt
ID : int FID : int maxAmnt : int
CurrReq
ID: int empl : string dest : string status : string
{submitd, acceptd, reimbd, rejd, complete} TrvlCost
ID : int FID : int cost : int
FK_TrvlMaxAmnt_CurrReq FK_TrvlCost_CurrReq

Processes and Data
The process model
The data model
start
Start
Workﬂow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workﬂow
rejected
end
Pending
Accepted
Rejected
TrvlMaxAmnt
CurrReq
BPMN

Cooking with BPMN




• External inputs

TASTELESS DATA
~
~

Real WfMS
Review
Request
Fill Reim-
bursement
Review Reim-
bursement
Rejected
Accepted

Case and Persistent Data
Review
Request
Fill Reim-
bursement
Review Reim-
bursement
Rejected
Accepted
req info result reimbursement
personal
info

Persistent Data Engineering
persistent
storage
Review
Request
Fill Reim-
bursement
Review Reim-
bursement
Rejected
Accepted
personal
info
framework data model custom code

Case Data Engineering
persistent
storage
Review
Request
Fill Reim-
bursement
Review Reim-
bursement
Rejected
Accepted
personal
info
user forms
external services

Decision Modeling
persistent
storage
Review
Request
Fill Reim-
bursement
Review Reim-
bursement
Rejected
Accepted
personal
info
external services 24

Cooking with WfMS




• External inputs

DATA AS “PROCEDURAL ATTACHMENT"
~
~

Becoming a Chef…
Diets
Process-
centric
Data-
centric
Balanced
Modeling Enactment Veriﬁcation
Courses

Business Entities/Artifacts
Data-centric paradigm for process modeling
• First: elicitation of relevant business entities that are
evolved within given organizational boundaries

• Then: deﬁnition of the lifecycle of such entities, and how
tasks trigger the progression within the lifecycle

• Active research area, with concrete languages (e.g., IBM
GSM, OMG CMMN)

• Cf. EU project ACSI (completed)

Cooking with Artifacts




• External inputs

TASTELESS FLOWS
~
~
~

Key Foundational Results
Artifact-centric systems can be formalized using Data-
Centric Dynamic Systems (DCDSs) [PODS 2013]

DCDSs provide:

• an execution semantics based on relational transition
systems

• verification results when the system is studied starting
from an initial, fixed instance

Confront with the line of research on parameterised
verification

DCDS Modeling
Data layer: persistent data

•Relational database with integrity constraints

Process layer: evolves the data

•Atomic actions: update the data

•CA rules: a control-flow component that determines when actions  
can be executed

•Service calls: interact with external world, inject new data!
Data-centric Dynamic Systems (DCDSs) [PODS’13]
DCDS
Data
Layer
Process
Layer ...
Services
Data layer: maintains data of interest
I Relational database with integrity constraints
Process layer: evolves the data
I Atomic actions: update the data
I CA rules: a control-flow component that determines when actions
can be executed
I Service calls: interact with external world, inject new data!
[PODS’13] Bagheri Hariri B., Calvanese D., De Giacomo G., Deutsch A., and Montali M. â ˘AIJVerification of Relational
Data-centric Dynamic Systems with External Servicesâ ˘A˙I. In: Proc. of PODS. ACM, 2013, pp. 163â ˘A ¸S174
Modeling, Enactment and Verification of Data-Aware Processes 17 / 55

DCDS Modeling
“… examine an employee’s trip request and, if accepted,
assign the maximum reimbursable amount to it …”
Data-centric Dynamic Systems (DCDSs)
“. . . examine an employee’s trip request and, if accepted, assign the
maximum reimbursable amount to it. . . ”
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt

DCDS Modeling
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
CA rule:
CurrReq(id, e, d, submitted) 7! REVIEWREQUEST(id, e, d)
Select the request of Kriss
Run REVIEWREQUEST actionExample: ReviewRequest executable for Kriss

DCDS Modeling
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Example:
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Action REVIEWREQUEST(id, e, d) :
8
>>><
>>>:
true del{CurrReq(id, e, d, submitd)}
add{CurrReq(id, e, d, status(e, d)),
TrvlMaxAmnt(genpk(), id, maxAmnt(e, d))}
9
>>>=
>>>;
status(Kriss, Rome) = accepted
maxAmnt(Kriss, Rome) = 900
genpk() = 10
Update the database
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome accepted
CurrReq
ID FID maxAmnt
10 2 900
TrvlMaxAmnt

DCDS Modeling
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Example:
ID Empl Dest Status
1 Bob NY submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Action REVIEWREQUEST(id, e, d) :
8
>>><
>>>:
true del{CurrReq(id, e, d, submitd)}
add{CurrReq(id, e, d, status(e, d)),
TrvlMaxAmnt(genpk(), id, maxAmnt(e, d))}
9
>>>=
>>>;
status(Kriss, Rome) = accepted
maxAmnt(Kriss, Rome) = 900
genpk() = 10
Update the database
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome accepted
CurrReq
ID FID maxAmnt
10 2 900
TrvlMaxAmnt
How to model?
The Review Request action representation in dapSL
RVWREQUES T(id, empl, dest):
DELETE FROM CurrReq WHERE CurrReq.id = id;
INSERT INTO CurrReq(id, empl, dest, status)
VALUES(id, empl, dest, @status(empl, dest));
INSERT INTO TrvlMaxAmnt(tid, tﬁd, tmaxAmnt)
VALUES(@genpk(), id, @maxAmnt(empl, dest))
Modeling, Enactment and Veriﬁcation of Data-Aware Processes

DCDS Enactment
DAPHNE: SQL+Java executor for DCDSs [Hopefully CAiSE 2019]

• SQL-like frontend

• Translation into procedural SQL stored procedures

• Management of external services

• Execution directly on top of the database, with diﬀerent
execution modalities (including state-space construction)
Towards implementing RDSs
A RDS model is maintained by the RDBMS (e.g., PostgreSQL)
Interaction provided by the Flow Engine, which:
I executes calls to the RDBMS
I interplays with external services through a Service Manager

DCDS Verification
Highly-undecidable in general
Attacked for “state-bounded” systems
[PODS 2013]

In a state-bounded system, the number of
tuples accumulated in a single state cannot
exceed a pre-defined bound

• Still, infinitely many distinct values can be
encountered within and across runs

Verification of State-Bounded DCDSs
[PODS 2013, Inf. Com. 2018]
Branching-time FO logics (contain reachability, soundness,..)

• decidable and reducible to standard finite-state model
checking 
—> hence, so are soundness properties

Linear-time FO logics

• Undecidable in general: the system is not Turing-powerful
on its own, but the logics isolate runs and separate
spurious from genuine ones

• Decidable and reducible to standard finite-state model
checking by controlling the interplay between FO
quantifiers and temporal modalities (object persistency)

Is My System State-Bounded?
• For a ﬁxed k: decidable.

• For “some” bound: undecidable.

• Classes with decidable state boundedness

• Reasonable for the control layer, not for the data
logic [KR2014,ACSD2018,Formal Asp. Comp.2016]

• Suﬃcient, syntactic conditions [PODS2013,KR2014]

• Methodologies to guarantee state-boundedness by
design [ICSOC2013,CIKM14,STTT16,Formal Asp.
Comp.2016]

ν-Petri Nets 
[Rosa-Velardo and de Frutos-Escrig, Fund. Inf. 2008]
Petri nets with name creation and management

• Tokens carry names: ids coming from an inﬁnite domain,
can be compared for equality via arc inscriptions

• ν variables indicate the generation of fresh names not
present in the net

• ν-PNs are WSTS —> termination, coverability,
boundedness decidable

Modeling with ν-Petri Nets 
#1: multiple cases
properties that predicate about the evolution of names across states, but we also
implicitly isolate a class of DCDSs for which state-boundedness is decidable. This
is achieved by leveraging the decidability of state-boundedness for ‹-PNs and the
connection provided via the translation.
Let us now comment on the modeling power of the Petri net classes presented
in this chapter and show how the travel reimbursement example can be represented
in di erent contexts using RIAW-nets and ‹-PNs.
Get
Pending
Request
Start
Workﬂow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
Financial Accounting
manager
‘
‘
‘
Figure 5.9: RIAW-net that represents the travel reimbursement process from Section 1.4,
extended with a Financial Accounting resource
As we have shown in Section5.1.4, RIAW-nets contribute to the concept of
Emitter
(new case id generation)

#1: multiple cases
Get
Pending
Request
Start
Workﬂow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
manager
‘
‘
‘
Emitter
req0
req1
req2
req3
req4
req5
req6
…
…

#1: multiple cases with resources
Get
Pending
Request
Start
Workﬂow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
manager
‘
‘
‘
Emitter
req0
req1
req2
req3
req4
req5
req6
…
…
Resource
(bounds simultaneously

active cases)

#2: single case with case variables
te that in this case the data are abstracted away or, whenever data based diversion
nts of the business process flow have to be implemented, “hardcoded” in the
kflow definition (for example, Got Rejected represents the failed request approval
d models the diversion point of the process in Figure 1.1).
Pending Start
Workflow
CurrReq
Submitd
Review
Request
Rejected
Review
Request
Accepted
TrvlMax
Amount
CurrReq
Acceptd
Fill
Reimb
TrvlCost
CurrReq
Complete
Review Reimb
Rejd
Review Reimb
Reimbd
CurrReq
Reimbd
CurrReq
Rejd
Log
Accepted
Log
Rejected
x x
x
x
x
‹
‹
x x
‹
x
x
x
x
x
x
x
x
x
x x
gure 5.10: ‹-PN that represents the travel reimbursement process from Section 1.4
y
y
y
y
Not very satisfactory: ν variables only useful to represent the
generation of new ids

Model Ceckhing ν-Petri Nets
[Formal Asp. Comp. 2016]
Encoding of ν-PNs into DCDSs

Bounded ν-PNs translate into state-bounded DCDSs

—> An interesting class of DCDSs with decidable state-
boundedness

<— Veriﬁcation against FO temporal logics

Data Petri Nets
[Mannhardt PhD Thesis 2018]
• Petri nets with external (case) variables

• Each variable has a datatype (with possibly inﬁnite domain)

• Transitions read and write variables

• Boolean formulae used to express

• guards

• constraints on value insertion

• In [ER 2018] we argued that DPNs elegantly capture decision-
aware process models with DMN tables [Batoulis et al, ER 2017]
D
M
Ndiscoverable

DPN ExampleM. de Leoni, P. Felli, M. Montali
i
credit
request
[amountw
≥ 0]
p1
verify
[okw
]
renegotiate
request
!
amountr
> 15000
∧ okr
== false
"
skip
assessment
!
okr
== false
"
p2
simple
assessment
!
okr
== true ∧ okw
∧ amountr
< 5000
"
advanced
assessment
!
okr
== true ∧ okw
∧ amountr
≥ 5000
"
p3
AND split p5p4
open
credit loan
[okr
== true]
inform acceptance
customer VIP
inform acceptance
customer normal
!
okr
== true
∧ amountr
< 10000
"
inform rejection
customer VIP
!
okr
== true
∧ amountr
≥ 10000
"!
okr
== false
∧ amountr
≥ 10000
"
p7p6 AND join
o
1. Our working example of a DPN. Writing operations exist every time guards mention
Managing a request with 2 case variables

Soundness of DPNs 
with variable-constant conditions
[ER 2018]
Definition of data-aware soundness (soundness with “some”
variable assignment)

Data abstraction technique that preserves soundness

• Consider representative values instead of actual values

• There are finitely many constants used in the net, so
representatives are finite

• Propositionalize the data and analyze the resulting net

Recently extended to variable-variable conditions, using
constraints instead of representative values

• Implementation in CPN Tools / ProM

1. Translate the DPN into a CPN

• Each variable becomes a coloured place

• The place always contains a single token tracking the variable value

• Read-write operations —> outgoing/incoming arcs

2. Fix the domain of a variable place to contain only its ﬁnitely many
representatives —> bounded CPN!
[ER 2018]
Soundness Veriﬁcation of Decision-Aware Process Models 9
i
A
[xw
] p1
B
[xr
> 10]
C
[xr
≤ 10]
Fig. 2. Conversion of a simple DPN to CPN (left to right). The green token represents a token with
value 0. Arcs without annotations are considered annotated by v• and places with no color are
associated with •. Double-headed arcs stand for two arcs with same inscription in both directions.

• Implementation in CPN Tools / ProM

1. Translate the DPN into a CPN

• Each variable becomes a coloured place

• The place always contains a single token tracking the variable value

• Read-write operations —> outgoing/incoming arcs

2. Fix the domain of a variable place to contain only its finitely many
representatives —> bounded CPN!
[ER 2018]
Soundness Verification of Decision-Aware Process Models 9
i
A
[xw
] p1
B
[xr
> 10]
C
[xr
≤ 10]
Fig. 2. Conversion of a simple DPN to CPN (left to right). The green token represents a token with
value 0. Arcs without annotations are considered annotated by v• and places with no color are
associated with •. Double-headed arcs stand for two arcs with same inscription in both directions.
Soundness Verification of Decision-Aware Process Models





• External inputs

Cooking with PNs and Cases
MISSING KEY INGREDIENTS…
~

What about Multiple Cases?
• Each case has its own variables

• Inﬁnitely many cases may be seen over time

• So each case has to carry its own variables!

—> Coloured Petri Nets were each  
“case token” carries a tuple of values

• No clear representation of “external” inputs

• CPNs usually studied with ﬁnite color domains

• With unbounded color domains: everything becomes
undecidable





• External inputs

Cooking with CPNs
STILL MISSING KEY INGREDIENTS…
~
~

DB-Nets 
[ToPNoC 2017]
Relational DB with constraints
Persistence
layer
“basic” CPN
Control
layer

DB-Nets 
[ToPNoC 2017]
Persistence
layer
“basic” CPN
Control
layer
Data logic layer
query action

DB-Nets 
[ToPNoC 2017]
Persistence
layer
“basic” CPN
Control
layer
SQL/DCDSquery action
view place
Data logic
layer

DB-Nets 
[ToPNoC 2017]
Persistence
layer
“basic” CPN
Control
layer
SQL/DCDSquery action
view place
a(x,y)
action-bound trans.
X
Data logic
layer

Example
Emp
name: string
Ticket
id: int descr: string
Resp
emp: string ticket: int
Each employee can handle at
most one ticket at a given time
Log
ticket: int emp: string descr: string

Example: Queries
Get tickets and their description

Get “idle” employees
plying the update on the given database in
over deletions (this is a standard approach
situation in which the same fact is asserted
The data logic simply exposes a set of q
be used by the control layer to obtain data
induce updates on the persistence layer.
Definition 14 (Data logic layer). Given
typed data logic layer over P is a pair hQ, Ai,
queries over P; (ii) A is a finite set of action
Example 2. We make the scenario of Example
layer L over P. L exposes two queries to inspec
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract id
• Qt(t, d):- Ticket(t, d), to extract tickets and t
In addition, L provides three main functionalit
layer: ticket registration, assignment/release, a
alized through four actions (where, for simplic
action and its name). The registration of a ne
that, given an integer t, and two strings e and
ously creates a ticket identified by t and descri
assigns the employee identified by e to such tic

Example: Actions
REGISTER(t,d,e): register ticket t with description d, assigning it
to employee e
•Add Ticket(t,d), Resp(e,t)
ASSIGN(e,t): assign employee e to ticket t
•Add Resp(e,t)

RELEASE(e,t): release employee e from managing ticket t
•Del Resp(e,t)

LOG(t,e,d): ﬂush and log the info related to ticket t
•Del Ticket(t,d), Resp(e,t)

•Add Log(t,e,d)

Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P defined in E
control layer realize
int int ⇥ string int ⇥ string
↵✓ can be successfully applied to I if apply(↵✓, I) complies
The application of an action instance amounts to ground all
in the definition of the action as specified by the given su
plying the update on the given database instance, giving p
over deletions (this is a standard approach, which unambi
situation in which the same fact is asserted to be added and
The data logic simply exposes a set of queries and a set
be used by the control layer to obtain data from the persi
Definition 14 (Data logic layer). Given a D-typed persi
typed data logic layer over P is a pair hQ, Ai, where: (i) Q is
queries over P; (ii) A is a finite set of actions over P.
Example 2. We make the scenario of Example 1 operational, in
layer L over P. L exposes two queries to inspect the persistence
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract idle employees;Qt(t, d):- Ticket(t, d), to extract tickets and their description.
n addition, L provides three main functionalities to manipulate tickets in persistence
ayer: ticket registration, assignment/release, and logging. Such functionalities are re-
lized through four actions (where, for simplicity, we blur the distinction between an
ction and its name). The registration of a new ticket is managed by an action reg
hat, given an integer t, and two strings e and d, (reg·params = ht, e, di, simultane-
Case variables:
- ticket id
- name of responsible employee
int ⇥ string

Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P deﬁned in E
control layer realize

Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Emp
Andy
Marco
TicketResp Log
hAndyi
hMarcoi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
TicketResp Log
hAndyi
hMarcoi
⌫t = 1
emp = Andy
descr = blah
Emp
Andy
Marco

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi
tid = 1
emp = Andy

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Resp Log
hAndyi
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
h1, blahi
h1, Andyi

DB-nets Enactment
CPN Tools extension (works also for the previous PN models we have seen)

Verification of DB-nets
Encoding of DB-nets into DCDSs

Bounded DB-nets translate into state-bounded DCDSs

<— Verification against FO temporal logics, limited to string 
and real domains without arithmetics

—> Unfortunately, CPN Tools does not allow to extend the 
state space construction mechanism

• We have provided an encoding from DB-nets to CPNs,
restricting the query language to UCQs with filters





• External inputs

Cooking with DB-Nets
FINALLY!

Conclusion
A cookbook for integrated models of data and processes

• with increasing sophistication of the data component

• paying attention to modeling, enactment, and automated analysis

Which models for which scenarios?

• Application of DB-nets to application integration patterns [EDOC
2018]

Some open points for modeling

• Arithmetics?

• Connection with front-end languages  
(data-aware BPMN soon to come)

• Connection with interaction models (Proclets)

Parameterized Veriﬁcation
Split the persistent storage into a read-only database, and a read-
write working memory

Veriﬁcation “irrespectively” of the content of the read-only DB

• Extensively studied in database theory (Deutsch, Hull, Vianu, …)

• by carefully limiting the expressive power of all components
(fragile setting)

• by considering arithmetic in the picture

• Recently attacked by us using SMT model checking for array-
based systems

Declarative Data-Aware
Processes: the OCBC Approach
10 A. Artale, D. Calvanese, M. Montali, and W. van der Aalst
is about
1
1
creates
1
promotes
1
creates
1
1
stops
1
closes
1
Person
Candidate Application Job Offer Job Proﬁle1
/ made by
1..⇤ ⇤
responds to
1 ⇤
refers to
1
register
data submit
mark as
eligible
post
offer
cancel
hiring
determine
winner
Fig. 5: Activity-object relationships in the job hiring scenario of Section 2.1

Declarative Data-Aware
Processes: the OCBC Approach
Enriching Data Models with Behavioral Constraints 13
is about
1
1
creates
1
promotes
1
creates
1
1
stops
1
closes
1
Person
Candidate Application Job Offer Job Proﬁle1
/ made by
1..⇤ ⇤
responds to
1 ⇤
refers to
1
register
data submit
mark as
eligible
post
offer
cancel
hiring
determine
winner
Fig. 7: OCBC model for the job hiring scenario of Section 2.1, where each one of
C.1–C.11 therein corresponds to either an activity-object relationship or a co-reference
temporal constraint in the OCBC model. The lightweight constraint is redundant: it is
implied by the other constraints in the diagram.
Formal semantics with temporal description logics
(Satisﬁability EXPTIME-complete)

ExampleProcesses and Data
The process model
The data model
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
Accepted
Rejected
TrvlMaxAmnt
CurrReq
start

workflow
submitted

request
review

request
<ν,e,d,“submitted”> <id,e,d,status><e,d>

ExampleProcesses and Data
The process model
The data model
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
Accepted
Rejected
TrvlMaxAmnt
CurrReq
start

workflow
submitted

request
review

request
<ν,e,d,“submitted”> <id,e,d,status>

Persistence Layer
Typed relational DB with constraints

• DB: set of relation schemas with typed components

• Type: data domain with rigidly deﬁned predicates

• Constraints: Domain-independent FO sentences

• Keys, FKs, dependencies, multiplicities, …

DB Instance: ﬁnite set of typed facts over DB, satisfying all
constraints

Example: Queries
• Get tickets and their description

• Get “idle” employees
plying the update on the given database in
over deletions (this is a standard approach
situation in which the same fact is asserted
The data logic simply exposes a set of q
be used by the control layer to obtain data
Definition 14 (Data logic layer). Given
typed data logic layer over P is a pair hQ, Ai,
queries over P; (ii) A is a finite set of action
Example 2. We make the scenario of Example
layer L over P. L exposes two queries to inspec
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract id
• Qt(t, d):- Ticket(t, d), to extract tickets and t
In addition, L provides three main functionalit
layer: ticket registration, assignment/release, a
alized through four actions (where, for simplic
action and its name). The registration of a ne
that, given an integer t, and two strings e and
ously creates a ticket identified by t and descri
assigns the employee identified by e to such tic

Control Layer
A “data-oriented” CPN

• Process control-ﬂow

• Evolution of tokens and their “case” data

• Interaction with the persistence layer via the
data logic layer

Normal Place
• Represent case states and resources

• Color: schema of the local data carried by tokens

• May be seen as a special relation of the persistence layer

• Tokens explicitly manipulated by the control layer, as
customary in CPNs Tickets
h
Fig. 2. Th

View Place
• “View” of the persistence layer provided to the control
layer

• Hosts the answers to a query from the data logic

• Clearly identiﬁes where the control layer needs to “read”
from the persistence layer

• Not modiﬁed explicitly by the control layer

• Implicitly updated by applying actions on the persistence
layer, and recomputing the view
Tickets
h
Fig. 2. Th

Transition
Atomic unit of work within the control layer

• Input data: obtained by

• Consuming tokens from its input places

• Reading tokens from its input view places

• To access tokens and their data: multisets of tuples of
“matching” variables

• Data guard over the input variables

Transition
Atomic unit of work within the control layer

• Output data: inputs + additional variables (external input)
+ ν variables (new ids)

• Output data used to

• Bind to an action of the data logic, updating the
persistence layer

• Produce tokens and insert them into the output places

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Resp Log
hAndyi
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
h1, blahi
h1, Andyi
⌫t = 5
emp = Andy
descr = blah

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, blahi
h1, Andyi
Resp
Andy 2
h2, Andyi
h2, blahi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi

Run?
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
Andy 1
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi

Rollback Flow
Accounts for the production and routing of tokens when the
application of a ground action fails

• update ok: update committed on the DB, normal output
flow used, rollback flow ignored

• update violates some constraint: rollback on the DB,
rollback flow used, normal output flow ignored

The rollback flow can be used to model “undo” or
“compensation” in the control layer when the persistence
layer rejects an update

Example: “Undo”
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
Andy 1
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi

Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
htid,em
p
htid, empi
hempi
htid, descri
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi

Cooking with Data and Processes

Recommended

Recommended

More Related Content

Similar to Cooking with Data and Processes

Similar to Cooking with Data and Processes (20)

More from Faculty of Computer Science - Free University of Bozen-Bolzano

More from Faculty of Computer Science - Free University of Bozen-Bolzano (20)

Recently uploaded

Recently uploaded (20)

Cooking with Data and Processes