8. General Recipe
• Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
“REAL” PROCESS
9. Why Automated Analysis?
• Classical motivations
• Multi-perspective process discovery
• Typical approach: different perspectives mined with
different techniques
• A-posteriori recombination
• No guarantee of overall correctness
• Verification in the loop!
10. Formal Verification
The Conventional, Propositional Case
Process control-flow
(Un)desired property
Abstract model underlying variants of artifact-centric systems.
Semantically equivalent to the most expressive models for business proc
systems (e.g., GSM).
Data Process Data+Process
Data Layer: Relational databases / ontologies
Data schema, specifying constraints on the allowed states
Data instance: state of the DCDS
Process Layer: key elements are
Atomic actions
Condition-action-rules for application of actions
Service calls: communication with external environment, new data!
alvanese (FUB) Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016
11. (Un)desired property
Finite-state
transition
system
Propositional
temporal formula|=
Formal Verification
The Conventional, Propositional Case
Process control-flow
Abstract model underlying variants of artifact-centric systems.
Semantically equivalent to the most expressive models for business proc
systems (e.g., GSM).
Data Process Data+Process
Data Layer: Relational databases / ontologies
Data schema, specifying constraints on the allowed states
Data instance: state of the DCDS
Process Layer: key elements are
Atomic actions
Condition-action-rules for application of actions
Service calls: communication with external environment, new data!
alvanese (FUB) Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016
12. (Un)desired property
Finite-state
transition
system
Propositional
temporal formula|=
Formal Verification
The Conventional, Propositional Case
Process control-flow Verification
via model checking
2007 Turing award:
Clarke, Emerson, Sifakis
Abstract model underlying variants of artifact-centric systems.
Semantically equivalent to the most expressive models for business proc
systems (e.g., GSM).
Data Process Data+Process
Data Layer: Relational databases / ontologies
Data schema, specifying constraints on the allowed states
Data instance: state of the DCDS
Process Layer: key elements are
Atomic actions
Condition-action-rules for application of actions
Service calls: communication with external environment, new data!
alvanese (FUB) Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016
13. Formal Verification
The Data-Aware Case
(Un)desired property
Data-aware process
el underlying variants of artifact-centric systems.
quivalent to the most expressive models for business process
GSM).
Data Process Data+Process
elational databases / ontologies
ma, specifying constraints on the allowed states
nce: state of the DCDS
key elements are
tions
action-rules for application of actions
alls: communication with external environment, new data!
Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016 (24/1)
14. (Un)desired property
First-order
temporal formula|=
Infinite-state, relational
transition system [Vardi 2005]
el underlying variants of artifact-centric systems.
quivalent to the most expressive models for business process
GSM).
Data Process Data+Process
elational databases / ontologies
ma, specifying constraints on the allowed states
nce: state of the DCDS
key elements are
tions
action-rules for application of actions
alls: communication with external environment, new data!
Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016 (24/1)
Data-aware process
Formal Verification
The Data-Aware Case
15. (Un)desired property
First-order
temporal formula|=
?
Infinite-state, relational
transition system [Vardi 2005]
el underlying variants of artifact-centric systems.
quivalent to the most expressive models for business process
GSM).
Data Process Data+Process
elational databases / ontologies
ma, specifying constraints on the allowed states
nce: state of the DCDS
key elements are
tions
action-rules for application of actions
alls: communication with external environment, new data!
Foundations of Data-Aware Process Analysis INRIA Saclay Paris – 18/3/2016 (24/1)
Data-aware process
Formal Verification
The Data-Aware Case
16. Why FO Temporal Logics
• To inspect data: FO queries
• To capture system dynamics: temporal modalities
• To track the evolution of objects: FO
quantification across states
• Example: It is always the case that if an order is
order, then that order is eventually either
cancelled, or paid and then delivered
• N.B.: the interplay between FO quantification and
temporal modalities is subtle!
17. BPMNProcesses and Data
The process model
The data model
Modeling and In-Database Management of Relational, Data-Aware Processes
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
ID: int empl : string dest : string
Accepted
ID :int empl : string dest : string cost : int
Rejected
ID : int empl : string dest : string
TrvlMaxAmnt
ID : int FID : int maxAmnt : int
CurrReq
ID: int empl : string dest : string status : string
{submitd, acceptd, reimbd, rejd, complete} TrvlCost
ID : int FID : int cost : int
FK_TrvlMaxAmnt_CurrReq FK_TrvlCost_CurrReq
18. Processes and Data
The process model
The data model
Modeling and In-Database Management of Relational, Data-Aware Processes
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
ID: int empl : string dest : string
Accepted
ID :int empl : string dest : string cost : int
Rejected
ID : int empl : string dest : string
TrvlMaxAmnt
ID : int FID : int maxAmnt : int
CurrReq
ID: int empl : string dest : string status : string
{submitd, acceptd, reimbd, rejd, complete} TrvlCost
ID : int FID : int cost : int
FK_TrvlMaxAmnt_CurrReq FK_TrvlCost_CurrReq
BPMN
19. Cooking with BPMN
• Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
TASTELESS DATA
~
~
25. Cooking with WfMS
• Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
DATA AS “PROCEDURAL ATTACHMENT"
~
~
28. Business Entities/Artifacts
Data-centric paradigm for process modeling
• First: elicitation of relevant business entities that are
evolved within given organizational boundaries
• Then: definition of the lifecycle of such entities, and how
tasks trigger the progression within the lifecycle
• Active research area, with concrete languages (e.g., IBM
GSM, OMG CMMN)
• Cf. EU project ACSI (completed)
29. Cooking with Artifacts
• Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
TASTELESS FLOWS
~
~
~
30. Key Foundational Results
Artifact-centric systems can be formalized using Data-
Centric Dynamic Systems (DCDSs) [PODS 2013]
DCDSs provide:
• an execution semantics based on relational transition
systems
• verification results when the system is studied starting
from an initial, fixed instance
Confront with the line of research on parameterised
verification
31. DCDS Modeling
Data layer: persistent data
•Relational database with integrity constraints
Process layer: evolves the data
•Atomic actions: update the data
•CA rules: a control-flow component that determines when actions
can be executed
•Service calls: interact with external world, inject new data!
Data-centric Dynamic Systems (DCDSs) [PODS’13]
DCDS
Data
Layer
Process
Layer ...
Services
Data layer: maintains data of interest
I Relational database with integrity constraints
Process layer: evolves the data
I Atomic actions: update the data
I CA rules: a control-flow component that determines when actions
can be executed
I Service calls: interact with external world, inject new data!
[PODS’13] Bagheri Hariri B., Calvanese D., De Giacomo G., Deutsch A., and Montali M. â ˘AIJVerification of Relational
Data-centric Dynamic Systems with External Servicesâ ˘A˙I. In: Proc. of PODS. ACM, 2013, pp. 163â ˘A ¸S174
Modeling, Enactment and Verification of Data-Aware Processes 17 / 55
32. DCDS Modeling
“… examine an employee’s trip request and, if accepted,
assign the maximum reimbursable amount to it …”
Data-centric Dynamic Systems (DCDSs)
“. . . examine an employee’s trip request and, if accepted, assign the
maximum reimbursable amount to it. . . ”
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Modeling, Enactment and Verification of Data-Aware Processes 18 / 55
33. DCDS Modeling
“… examine an employee’s trip request and, if accepted,
assign the maximum reimbursable amount to it …”
Data-centric Dynamic Systems (DCDSs)
“. . . examine an employee’s trip request and, if accepted, assign the
maximum reimbursable amount to it. . . ”
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Modeling, Enactment and Verification of Data-Aware Processes 18 / 55
Data-centric Dynamic Systems (DCDSs)
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
CA rule:
CurrReq(id, e, d, submitted) 7! REVIEWREQUEST(id, e, d)
Select the request of Kriss
Run REVIEWREQUEST actionExample: ReviewRequest executable for Kriss
34. DCDS Modeling
“… examine an employee’s trip request and, if accepted,
assign the maximum reimbursable amount to it …”
Data-centric Dynamic Systems (DCDSs)
“. . . examine an employee’s trip request and, if accepted, assign the
maximum reimbursable amount to it. . . ”
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Modeling, Enactment and Verification of Data-Aware Processes 18 / 55
Example:
Data-centric Dynamic Systems (DCDSs)
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Action REVIEWREQUEST(id, e, d) :
8
>>><
>>>:
true del{CurrReq(id, e, d, submitd)}
add{CurrReq(id, e, d, status(e, d)),
TrvlMaxAmnt(genpk(), id, maxAmnt(e, d))}
9
>>>=
>>>;
status(Kriss, Rome) = accepted
maxAmnt(Kriss, Rome) = 900
genpk() = 10
Update the database
Data-centric Dynamic Systems (DCDSs)
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome accepted
CurrReq
ID FID maxAmnt
10 2 900
TrvlMaxAmnt
35. DCDS Modeling
“… examine an employee’s trip request and, if accepted,
assign the maximum reimbursable amount to it …”
Data-centric Dynamic Systems (DCDSs)
“. . . examine an employee’s trip request and, if accepted, assign the
maximum reimbursable amount to it. . . ”
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Modeling, Enactment and Verification of Data-Aware Processes 18 / 55
Example:
Data-centric Dynamic Systems (DCDSs)
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome submitted
CurrReq
ID FID maxAmnt
- – –
TrvlMaxAmnt
Action REVIEWREQUEST(id, e, d) :
8
>>><
>>>:
true del{CurrReq(id, e, d, submitd)}
add{CurrReq(id, e, d, status(e, d)),
TrvlMaxAmnt(genpk(), id, maxAmnt(e, d))}
9
>>>=
>>>;
status(Kriss, Rome) = accepted
maxAmnt(Kriss, Rome) = 900
genpk() = 10
Update the database
Data-centric Dynamic Systems (DCDSs)
ID Empl Dest Status
1 Bob NY submitted
2 Kriss Rome accepted
CurrReq
ID FID maxAmnt
10 2 900
TrvlMaxAmnt
How to model?
The Review Request action representation in dapSL
RVWREQUES T(id, empl, dest):
DELETE FROM CurrReq WHERE CurrReq.id = id;
INSERT INTO CurrReq(id, empl, dest, status)
VALUES(id, empl, dest, @status(empl, dest));
INSERT INTO TrvlMaxAmnt(tid, tfid, tmaxAmnt)
VALUES(@genpk(), id, @maxAmnt(empl, dest))
Modeling, Enactment and Verification of Data-Aware Processes
36. DCDS Enactment
DAPHNE: SQL+Java executor for DCDSs [Hopefully CAiSE 2019]
• SQL-like frontend
• Translation into procedural SQL stored procedures
• Management of external services
• Execution directly on top of the database, with different
execution modalities (including state-space construction)
Towards implementing RDSs
A RDS model is maintained by the RDBMS (e.g., PostgreSQL)
Interaction provided by the Flow Engine, which:
I executes calls to the RDBMS
I interplays with external services through a Service Manager
Modeling, Enactment and Verification of Data-Aware Processes 21 / 55
37. DCDS Verification
Highly-undecidable in general
Attacked for “state-bounded” systems
[PODS 2013]
In a state-bounded system, the number of
tuples accumulated in a single state cannot
exceed a pre-defined bound
• Still, infinitely many distinct values can be
encountered within and across runs
38. Verification of State-Bounded DCDSs
[PODS 2013, Inf. Com. 2018]
Branching-time FO logics (contain reachability, soundness,..)
• decidable and reducible to standard finite-state model
checking
—> hence, so are soundness properties
Linear-time FO logics
• Undecidable in general: the system is not Turing-powerful
on its own, but the logics isolate runs and separate
spurious from genuine ones
• Decidable and reducible to standard finite-state model
checking by controlling the interplay between FO
quantifiers and temporal modalities (object persistency)
39. Is My System State-Bounded?
• For a fixed k: decidable.
• For “some” bound: undecidable.
• Classes with decidable state boundedness
• Reasonable for the control layer, not for the data
logic [KR2014,ACSD2018,Formal Asp. Comp.2016]
• Sufficient, syntactic conditions [PODS2013,KR2014]
• Methodologies to guarantee state-boundedness by
design [ICSOC2013,CIKM14,STTT16,Formal Asp.
Comp.2016]
41. ν-Petri Nets
[Rosa-Velardo and de Frutos-Escrig, Fund. Inf. 2008]
Petri nets with name creation and management
• Tokens carry names: ids coming from an infinite domain,
can be compared for equality via arc inscriptions
• ν variables indicate the generation of fresh names not
present in the net
• ν-PNs are WSTS —> termination, coverability,
boundedness decidable
42. Modeling with ν-Petri Nets
#1: multiple cases
properties that predicate about the evolution of names across states, but we also
implicitly isolate a class of DCDSs for which state-boundedness is decidable. This
is achieved by leveraging the decidability of state-boundedness for ‹-PNs and the
connection provided via the translation.
Let us now comment on the modeling power of the Petri net classes presented
in this chapter and show how the travel reimbursement example can be represented
in di erent contexts using RIAW-nets and ‹-PNs.
Get
Pending
Request
Start
Workflow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
Financial Accounting
manager
‘
‘
‘
Figure 5.9: RIAW-net that represents the travel reimbursement process from Section 1.4,
extended with a Financial Accounting resource
As we have shown in Section5.1.4, RIAW-nets contribute to the concept of
Emitter
(new case id generation)
43. Modeling with ν-Petri Nets
#1: multiple cases
properties that predicate about the evolution of names across states, but we also
implicitly isolate a class of DCDSs for which state-boundedness is decidable. This
is achieved by leveraging the decidability of state-boundedness for ‹-PNs and the
connection provided via the translation.
Let us now comment on the modeling power of the Petri net classes presented
in this chapter and show how the travel reimbursement example can be represented
in di erent contexts using RIAW-nets and ‹-PNs.
Get
Pending
Request
Start
Workflow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
Financial Accounting
manager
‘
‘
‘
Figure 5.9: RIAW-net that represents the travel reimbursement process from Section 1.4,
extended with a Financial Accounting resource
As we have shown in Section5.1.4, RIAW-nets contribute to the concept of
Emitter
(new case id generation)
req0
req1
req2
req3
req4
req5
req6
…
…
44. Modeling with ν-Petri Nets
#1: multiple cases with resources
properties that predicate about the evolution of names across states, but we also
implicitly isolate a class of DCDSs for which state-boundedness is decidable. This
is achieved by leveraging the decidability of state-boundedness for ‹-PNs and the
connection provided via the translation.
Let us now comment on the modeling power of the Petri net classes presented
in this chapter and show how the travel reimbursement example can be represented
in di erent contexts using RIAW-nets and ‹-PNs.
Get
Pending
Request
Start
Workflow
Review
Request
Got
Rejected
Got
Accepted
Fill
Reimb
Review
Reimb
Reimburse
Reject
Log
Accepted
Log
Rejected
‹ x x x x
x
x
x x x x x x
x
x
x
x x
x
Financial Accounting
manager
‘
‘
‘
Figure 5.9: RIAW-net that represents the travel reimbursement process from Section 1.4,
extended with a Financial Accounting resource
As we have shown in Section5.1.4, RIAW-nets contribute to the concept of
Emitter
(new case id generation)
req0
req1
req2
req3
req4
req5
req6
…
…
Resource
(bounds simultaneously
active cases)
45. Modeling with ν-Petri Nets
#2: single case with case variables
te that in this case the data are abstracted away or, whenever data based diversion
nts of the business process flow have to be implemented, “hardcoded” in the
kflow definition (for example, Got Rejected represents the failed request approval
d models the diversion point of the process in Figure 1.1).
Pending Start
Workflow
CurrReq
Submitd
Review
Request
Rejected
Review
Request
Accepted
TrvlMax
Amount
CurrReq
Acceptd
Fill
Reimb
TrvlCost
CurrReq
Complete
Review Reimb
Rejd
Review Reimb
Reimbd
CurrReq
Reimbd
CurrReq
Rejd
Log
Accepted
Log
Rejected
x x
x
x
x
‹
‹
x x
‹
x
x
x
x
x
x
x
x
x
x x
gure 5.10: ‹-PN that represents the travel reimbursement process from Section 1.4
y
y
y
y
Not very satisfactory: ν variables only useful to represent the
generation of new ids
46. Model Ceckhing ν-Petri Nets
[Formal Asp. Comp. 2016]
Encoding of ν-PNs into DCDSs
Bounded ν-PNs translate into state-bounded DCDSs
—> An interesting class of DCDSs with decidable state-
boundedness
<— Verification against FO temporal logics
47. Data Petri Nets
[Mannhardt PhD Thesis 2018]
• Petri nets with external (case) variables
• Each variable has a datatype (with possibly infinite domain)
• Transitions read and write variables
• Boolean formulae used to express
• guards
• constraints on value insertion
• In [ER 2018] we argued that DPNs elegantly capture decision-
aware process models with DMN tables [Batoulis et al, ER 2017]
D
M
Ndiscoverable
48. DPN ExampleM. de Leoni, P. Felli, M. Montali
i
credit
request
[amountw
≥ 0]
p1
verify
[okw
]
renegotiate
request
!
amountr
> 15000
∧ okr
== false
"
skip
assessment
!
okr
== false
"
p2
simple
assessment
!
okr
== true ∧ okw
∧ amountr
< 5000
"
advanced
assessment
!
okr
== true ∧ okw
∧ amountr
≥ 5000
"
p3
AND split p5p4
open
credit loan
[okr
== true]
inform acceptance
customer VIP
inform acceptance
customer normal
!
okr
== true
∧ amountr
< 10000
"
inform rejection
customer VIP
!
okr
== true
∧ amountr
≥ 10000
"!
okr
== false
∧ amountr
≥ 10000
"
p7p6 AND join
o
1. Our working example of a DPN. Writing operations exist every time guards mention
Managing a request with 2 case variables
49. Soundness of DPNs
with variable-constant conditions
[ER 2018]
Definition of data-aware soundness (soundness with “some”
variable assignment)
Data abstraction technique that preserves soundness
• Consider representative values instead of actual values
• There are finitely many constants used in the net, so
representatives are finite
• Propositionalize the data and analyze the resulting net
Recently extended to variable-variable conditions, using
constraints instead of representative values
50. • Implementation in CPN Tools / ProM
1. Translate the DPN into a CPN
• Each variable becomes a coloured place
• The place always contains a single token tracking the variable value
• Read-write operations —> outgoing/incoming arcs
2. Fix the domain of a variable place to contain only its finitely many
representatives —> bounded CPN!
Soundness of DPNs
with variable-constant conditions
[ER 2018]
Soundness Verification of Decision-Aware Process Models 9
i
A
[xw
] p1
B
[xr
> 10]
C
[xr
≤ 10]
Fig. 2. Conversion of a simple DPN to CPN (left to right). The green token represents a token with
value 0. Arcs without annotations are considered annotated by v• and places with no color are
associated with •. Double-headed arcs stand for two arcs with same inscription in both directions.
51. • Implementation in CPN Tools / ProM
1. Translate the DPN into a CPN
• Each variable becomes a coloured place
• The place always contains a single token tracking the variable value
• Read-write operations —> outgoing/incoming arcs
2. Fix the domain of a variable place to contain only its finitely many
representatives —> bounded CPN!
Soundness of DPNs
with variable-constant conditions
[ER 2018]
Soundness Verification of Decision-Aware Process Models 9
i
A
[xw
] p1
B
[xr
> 10]
C
[xr
≤ 10]
Fig. 2. Conversion of a simple DPN to CPN (left to right). The green token represents a token with
value 0. Arcs without annotations are considered annotated by v• and places with no color are
associated with •. Double-headed arcs stand for two arcs with same inscription in both directions.
Soundness Verification of Decision-Aware Process Models
52. • Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
Cooking with PNs and Cases
MISSING KEY INGREDIENTS…
~
53. What about Multiple Cases?
• Each case has its own variables
• Infinitely many cases may be seen over time
• So each case has to carry its own variables!
—> Coloured Petri Nets were each
“case token” carries a tuple of values
• No clear representation of “external” inputs
• CPNs usually studied with finite color domains
• With unbounded color domains: everything becomes
undecidable
54. • Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
Cooking with CPNs
STILL MISSING KEY INGREDIENTS…
~
~
58. DB-Nets
[ToPNoC 2017]
Relational DB with constraints
Persistence
layer
“basic” CPN
Control
layer
SQL/DCDSquery action
view place
Data logic
layer
59. DB-Nets
[ToPNoC 2017]
Relational DB with constraints
Persistence
layer
“basic” CPN
Control
layer
SQL/DCDSquery action
view place
a(x,y)
action-bound trans.
X
Data logic
layer
60. Example
Emp
name: string
Ticket
id: int descr: string
Resp
emp: string ticket: int
Each employee can handle at
most one ticket at a given time
Log
ticket: int emp: string descr: string
61. Example: Queries
Get tickets and their description
Get “idle” employees
plying the update on the given database in
over deletions (this is a standard approach
situation in which the same fact is asserted
The data logic simply exposes a set of q
be used by the control layer to obtain data
induce updates on the persistence layer.
Definition 14 (Data logic layer). Given
typed data logic layer over P is a pair hQ, Ai,
queries over P; (ii) A is a finite set of action
Example 2. We make the scenario of Example
layer L over P. L exposes two queries to inspec
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract id
• Qt(t, d):- Ticket(t, d), to extract tickets and t
In addition, L provides three main functionalit
layer: ticket registration, assignment/release, a
alized through four actions (where, for simplic
action and its name). The registration of a ne
that, given an integer t, and two strings e and
ously creates a ticket identified by t and descri
assigns the employee identified by e to such tic
62. Example: Actions
REGISTER(t,d,e): register ticket t with description d, assigning it
to employee e
•Add Ticket(t,d), Resp(e,t)
ASSIGN(e,t): assign employee e to ticket t
•Add Resp(e,t)
RELEASE(e,t): release employee e from managing ticket t
•Del Resp(e,t)
LOG(t,e,d): flush and log the info related to ticket t
•Del Ticket(t,d), Resp(e,t)
•Add Log(t,e,d)
63. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P defined in E
control layer realize
int int ⇥ string int ⇥ string
↵✓ can be successfully applied to I if apply(↵✓, I) complies
The application of an action instance amounts to ground all
in the definition of the action as specified by the given su
plying the update on the given database instance, giving p
over deletions (this is a standard approach, which unambi
situation in which the same fact is asserted to be added and
The data logic simply exposes a set of queries and a set
be used by the control layer to obtain data from the persi
induce updates on the persistence layer.
Definition 14 (Data logic layer). Given a D-typed persi
typed data logic layer over P is a pair hQ, Ai, where: (i) Q is
queries over P; (ii) A is a finite set of actions over P.
Example 2. We make the scenario of Example 1 operational, in
layer L over P. L exposes two queries to inspect the persistence
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract idle employees;Qt(t, d):- Ticket(t, d), to extract tickets and their description.
n addition, L provides three main functionalities to manipulate tickets in persistence
ayer: ticket registration, assignment/release, and logging. Such functionalities are re-
lized through four actions (where, for simplicity, we blur the distinction between an
ction and its name). The registration of a new ticket is managed by an action reg
hat, given an integer t, and two strings e and d, (reg·params = ht, e, di, simultane-
Case variables:
- ticket id
- name of responsible employee
int ⇥ string
64. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P defined in E
control layer realize
65. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
66. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
67. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Emp
Andy
Marco
TicketResp Log
hAndyi
hMarcoi
68. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
TicketResp Log
hAndyi
hMarcoi
⌫t = 1
emp = Andy
descr = blah
Emp
Andy
Marco
69. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi
70. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi
tid = 1
emp = Andy
71. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Resp Log
hAndyi
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
h1, blahi
h1, Andyi
73. Verification of DB-nets
Encoding of DB-nets into DCDSs
Bounded DB-nets translate into state-bounded DCDSs
<— Verification against FO temporal logics, limited to string
and real domains without arithmetics
—> Unfortunately, CPN Tools does not allow to extend the
state space construction mechanism
• We have provided an encoding from DB-nets to CPNs,
restricting the query language to UCQs with filters
74. • Explicit control-flow
• Local data (case perspective)
• Global data (persistent storage)
• Updatable global data
• External inputs
• Support of automated analysis
Cooking with DB-Nets
FINALLY!
75. Conclusion
A cookbook for integrated models of data and processes
• with increasing sophistication of the data component
• paying attention to modeling, enactment, and automated analysis
Which models for which scenarios?
• Application of DB-nets to application integration patterns [EDOC
2018]
Some open points for modeling
• Arithmetics?
• Connection with front-end languages
(data-aware BPMN soon to come)
• Connection with interaction models (Proclets)
76. Parameterized Verification
Split the persistent storage into a read-only database, and a read-
write working memory
Verification “irrespectively” of the content of the read-only DB
• Extensively studied in database theory (Deutsch, Hull, Vianu, …)
• by carefully limiting the expressive power of all components
(fragile setting)
• by considering arithmetic in the picture
• Recently attacked by us using SMT model checking for array-
based systems
77. Declarative Data-Aware
Processes: the OCBC Approach
10 A. Artale, D. Calvanese, M. Montali, and W. van der Aalst
is about
1
1
creates
1
promotes
1
creates
1
1
stops
1
closes
1
Person
Candidate Application Job Offer Job Profile1
/ made by
1..⇤ ⇤
responds to
1 ⇤
refers to
1
register
data submit
mark as
eligible
post
offer
cancel
hiring
determine
winner
Fig. 5: Activity-object relationships in the job hiring scenario of Section 2.1
78. Declarative Data-Aware
Processes: the OCBC Approach
10 A. Artale, D. Calvanese, M. Montali, and W. van der Aalst
is about
1
1
creates
1
promotes
1
creates
1
1
stops
1
closes
1
Person
Candidate Application Job Offer Job Profile1
/ made by
1..⇤ ⇤
responds to
1 ⇤
refers to
1
register
data submit
mark as
eligible
post
offer
cancel
hiring
determine
winner
Fig. 5: Activity-object relationships in the job hiring scenario of Section 2.1
79. Declarative Data-Aware
Processes: the OCBC Approach
Enriching Data Models with Behavioral Constraints 13
is about
1
1
creates
1
promotes
1
creates
1
1
stops
1
closes
1
Person
Candidate Application Job Offer Job Profile1
/ made by
1..⇤ ⇤
responds to
1 ⇤
refers to
1
register
data submit
mark as
eligible
post
offer
cancel
hiring
determine
winner
Fig. 7: OCBC model for the job hiring scenario of Section 2.1, where each one of
C.1–C.11 therein corresponds to either an activity-object relationship or a co-reference
temporal constraint in the OCBC model. The lightweight constraint is redundant: it is
implied by the other constraints in the diagram.
Formal semantics with temporal description logics
(Satisfiability EXPTIME-complete)
82. ExampleProcesses and Data
The process model
The data model
Modeling and In-Database Management of Relational, Data-Aware Processes
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
ID: int empl : string dest : string
Accepted
ID :int empl : string dest : string cost : int
Rejected
ID : int empl : string dest : string
TrvlMaxAmnt
ID : int FID : int maxAmnt : int
CurrReq
ID: int empl : string dest : string status : string
{submitd, acceptd, reimbd, rejd, complete} TrvlCost
ID : int FID : int cost : int
FK_TrvlMaxAmnt_CurrReq FK_TrvlCost_CurrReq
start
workflow
submitted
request
review
request
<ν,e,d,“submitted”> <id,e,d,status><e,d>
83. ExampleProcesses and Data
The process model
The data model
Modeling and In-Database Management of Relational, Data-Aware Processes
start
Start
Workflow
Review
Request
Fill
Reimb.
accepted
Review
Reimb.
End
Workflow
rejected
end
Pending
ID: int empl : string dest : string
Accepted
ID :int empl : string dest : string cost : int
Rejected
ID : int empl : string dest : string
TrvlMaxAmnt
ID : int FID : int maxAmnt : int
CurrReq
ID: int empl : string dest : string status : string
{submitd, acceptd, reimbd, rejd, complete} TrvlCost
ID : int FID : int cost : int
FK_TrvlMaxAmnt_CurrReq FK_TrvlCost_CurrReq
start
workflow
submitted
request
review
request
<ν,e,d,“submitted”> <id,e,d,status>
84. Persistence Layer
Typed relational DB with constraints
• DB: set of relation schemas with typed components
• Type: data domain with rigidly defined predicates
• Constraints: Domain-independent FO sentences
• Keys, FKs, dependencies, multiplicities, …
DB Instance: finite set of typed facts over DB, satisfying all
constraints
85. Example
Emp
name: string
Ticket
id: int descr: string
Resp
emp: string ticket: int
Each employee can handle at
most one ticket at a given time
Log
ticket: int emp: string descr: string
86. Example: Queries
• Get tickets and their description
• Get “idle” employees
plying the update on the given database in
over deletions (this is a standard approach
situation in which the same fact is asserted
The data logic simply exposes a set of q
be used by the control layer to obtain data
induce updates on the persistence layer.
Definition 14 (Data logic layer). Given
typed data logic layer over P is a pair hQ, Ai,
queries over P; (ii) A is a finite set of action
Example 2. We make the scenario of Example
layer L over P. L exposes two queries to inspec
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract id
• Qt(t, d):- Ticket(t, d), to extract tickets and t
In addition, L provides three main functionalit
layer: ticket registration, assignment/release, a
alized through four actions (where, for simplic
action and its name). The registration of a ne
that, given an integer t, and two strings e and
ously creates a ticket identified by t and descri
assigns the employee identified by e to such tic
87. Example: Actions
REGISTER(t,d,e): register ticket t with description d, assigning it
to employee e
•Add Ticket(t,d), Resp(e,t)
ASSIGN(e,t): assign employee e to ticket t
•Add Resp(e,t)
RELEASE(e,t): release employee e from managing ticket t
•Del Resp(e,t)
LOG(t,e,d): flush and log the info related to ticket t
•Del Ticket(t,d), Resp(e,t)
•Add Log(t,e,d)
88. Control Layer
A “data-oriented” CPN
• Process control-flow
• Evolution of tokens and their “case” data
• Interaction with the persistence layer via the
data logic layer
89. Normal Place
• Represent case states and resources
• Color: schema of the local data carried by tokens
• May be seen as a special relation of the persistence layer
• Tokens explicitly manipulated by the control layer, as
customary in CPNs Tickets
h
Fig. 2. Th
90. View Place
• “View” of the persistence layer provided to the control
layer
• Hosts the answers to a query from the data logic
• Clearly identifies where the control layer needs to “read”
from the persistence layer
• Not modified explicitly by the control layer
• Implicitly updated by applying actions on the persistence
layer, and recomputing the view
Tickets
h
Fig. 2. Th
91. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P defined in E
control layer realize
int int ⇥ string int ⇥ string
↵✓ can be successfully applied to I if apply(↵✓, I) complies
The application of an action instance amounts to ground all
in the definition of the action as specified by the given su
plying the update on the given database instance, giving p
over deletions (this is a standard approach, which unambi
situation in which the same fact is asserted to be added and
The data logic simply exposes a set of queries and a set
be used by the control layer to obtain data from the persi
induce updates on the persistence layer.
Definition 14 (Data logic layer). Given a D-typed persi
typed data logic layer over P is a pair hQ, Ai, where: (i) Q is
queries over P; (ii) A is a finite set of actions over P.
Example 2. We make the scenario of Example 1 operational, in
layer L over P. L exposes two queries to inspect the persistence
• Qe(e):- Emp(e) ^ ¬9t.Resp(e, t), to extract idle employees;Qt(t, d):- Ticket(t, d), to extract tickets and their description.
n addition, L provides three main functionalities to manipulate tickets in persistence
ayer: ticket registration, assignment/release, and logging. Such functionalities are re-
lized through four actions (where, for simplicity, we blur the distinction between an
ction and its name). The registration of a new ticket is managed by an action reg
hat, given an integer t, and two strings e and d, (reg·params = ht, e, di, simultane-
Case variables:
- ticket id
- name of responsible employee
int ⇥ string
92. Transition
Atomic unit of work within the control layer
• Input data: obtained by
• Consuming tokens from its input places
• Reading tokens from its input view places
• To access tokens and their data: multisets of tuples of
“matching” variables
• Data guard over the input variables
93. Transition
Atomic unit of work within the control layer
• Output data: inputs + additional variables (external input)
+ ν variables (new ids)
• Output data used to
• Bind to an action of the data logic, updating the
persistence layer
• Produce tokens and insert them into the output places
94. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
(⌫t,
C
Tickets
hempi
hti
Fig. 2. The control
fresh input variable,
Example 3. Figure
layer P defined in E
control layer realize
95. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
96. Example
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
97. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Emp
Andy
Marco
TicketResp Log
hAndyi
hMarcoi
98. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
TicketResp Log
hAndyi
hMarcoi
⌫t = 1
emp = Andy
descr = blah
Emp
Andy
Marco
99. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi
100. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Ticket
1 blah
Resp
Andy 1
Log
hMarcoi
Emp
Andy
Marco
h1, Andyi
tid = 1
emp = Andy
101. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Resp Log
hAndyi
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
h1, blahi
h1, Andyi
102. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Resp Log
hAndyi
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
h1, blahi
h1, Andyi
⌫t = 5
emp = Andy
descr = blah
103. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, blahi
h1, Andyi
Resp
Andy 2
h2, Andyi
h2, blahi
104. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi
105. Run?
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
Andy 1
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi
106. Rollback Flow
Accounts for the production and routing of tokens when the
application of a ground action fails
• update ok: update committed on the DB, normal output
flow used, rollback flow ignored
• update violates some constraint: rollback on the DB,
rollback flow used, normal output flow ignored
The rollback flow can be used to model “undo” or
“compensation” in the control layer when the persistence
layer rejects an update
107. Example: “Undo”
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
108. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
Andy 1
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi
109. Run!
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
release
(tid, emp)
Stall
assign
(tid, emp)
Awake
Stalled tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, empi htid, empi
htid,em
pi
htid,em
pi
htid, empi
hempi
htid, descri
htid,em
pi
Fig. 2. The control layer of a db-net for ticket management. In CreateTicket, ⌫t is a
fresh input variable, and descr is an arbitrary input variable.
Example 3. Figure 2 shows the control layer of a db-net B, using the persistence
layer P defined in Example 1 and the data logic layer L defined in Example 2.2. The
control layer realizes a simple ticket processing workflow, where tickets are created,
Idle Employees
register
(⌫t, emp, descr)
CreateTicket
Active tickets
logData
(tid, emp, id)
ResolveTickets
h⌫t, empi htid, emp
htid,em
p
htid, empi
hempi
htid, descri
Fig. 2. The control layer of a db-net for ticket manage
fresh input variable, and descr is an arbitrary input var
Example 3. Figure 2 shows the control layer of a db
layer P defined in Example 1 and the data logic layer L
control layer realizes a simple ticket processing workfl
Log
hMarcoi
Emp
Andy
Marco
Ticket
1 blah
2 blah
h1, Andyi
Resp
Andy 2
h2, Andyi
tid = 1
emp = Andy
h1, blahi
h2, blahi