- The document discusses verification of Data-Centric Dynamic Systems (DCDSs), which combine data and processes. DCDSs have a data layer consisting of a relational database and constraints, and a process layer consisting of condition-action rules that can call external services.
- The verification problem involves checking if a DCDS satisfies a temporal/dynamic property, given as a formula in first-order μ-calculus. However, unrestricted first-order quantification and even simple temporal properties can make verification undecidable.
- The talk proposes restricting quantification and properties to obtain decidable verification, by constructing a finite-state abstraction of the DCDS transition system that soundly and completely represents its behavior.
Multi – Objective Two Stage Fuzzy Transportation Problem with Hexagonal Fuzzy...IJERA Editor
Fuzzy geometric programming approach is used to determine the optimal solution of a multi-objective two stage fuzzy transportation problem in which supplies, demands are hexagonal fuzzy numbers and fuzzy membership of the objective function is defined. This paper aims to find out the best compromise solution among the set of feasible solutions for the multi-objective two stage transportation problem. To illustrate the proposed method, example is used
Second part of my tutorial (jointly with Diego Calvanese) on the "Integrated Modeling and Verification of Processes and Data", held at the BPM 2017 conference. The second part focuses on a formal, minimalistic integrated model for processes and data, namely the model of Data-Centric Dynamic Systems, and provides a comprehensive overview of the main technical results related to the boundaries of verifiability for models integrating processes and data.
Presentation of the paper "Verification of Data-Aware Multiagent Systems" at the 13th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2014).
Presentation of the paper "Specification and Verification of Commitment-Regulated Data-Aware Multiagent Systems" at the 29th Italian Conference on Computational Logic (CILC 2014)
Multi – Objective Two Stage Fuzzy Transportation Problem with Hexagonal Fuzzy...IJERA Editor
Fuzzy geometric programming approach is used to determine the optimal solution of a multi-objective two stage fuzzy transportation problem in which supplies, demands are hexagonal fuzzy numbers and fuzzy membership of the objective function is defined. This paper aims to find out the best compromise solution among the set of feasible solutions for the multi-objective two stage transportation problem. To illustrate the proposed method, example is used
Second part of my tutorial (jointly with Diego Calvanese) on the "Integrated Modeling and Verification of Processes and Data", held at the BPM 2017 conference. The second part focuses on a formal, minimalistic integrated model for processes and data, namely the model of Data-Centric Dynamic Systems, and provides a comprehensive overview of the main technical results related to the boundaries of verifiability for models integrating processes and data.
Presentation of the paper "Verification of Data-Aware Multiagent Systems" at the 13th International Conference on Autonomous Agents and Multiagent Systems (AAMAS 2014).
Presentation of the paper "Specification and Verification of Commitment-Regulated Data-Aware Multiagent Systems" at the 29th Italian Conference on Computational Logic (CILC 2014)
Development of a family of products that satisfies different sectors of the market introduces significant challenges to today’s manufacturing industries – from development time to aftermarket services. A product family with a common platform paradigm offers a powerful solution to these daunting challenges. The Comprehensive Product Platform Planning (CP3) framework formulates a flexible product family model that (i) seeks to eliminate traditional boundaries between modular and scalable families, (ii) allows the formation of sub-families of products, and (iii) yield the optimal depth and number of platforms. In this paper, the CP3 framework introduces a solution strategy that obviates common assumptions; namely (i) the identification of platform/non-platform design variables and the determination of variable values are separate processes, and (ii) the cost reduction of creating product platforms is independent of the total number of each product manufactured. A new Cost Decay Function (CDF) is developed to approximate the reduction in cost with increasing commonalities among products, for a specified capacity of production. The Mixed Integer Non-Liner Programming (MINLP) problem, presented by the CP3 model, is solved using a novel Platform Segregating Mapping Function (PSMF). The proposed CP3 framework is implemented on a family of universal electric motors.
Applying Linear Optimization Using GLPKJeremy Chen
A brief introduction to linear optimization with a focus on applying it with the high-quality open-source solver GLPK.
Originally prepared for an intra-department sharing session.
Distributed Ledger and Robust Consensus for AgreementsMiguel Rebollo
Word presented in EUMAS-AT '18 conference at Bergen (NO). Proposes a robust consensus model that allows detecting cheating nodes. Application to distributed ledger (DLT)
C*ollege Credit: CEP Distribtued Processing on Cassandra with StormDataStax
Cassandra provides facilities to integrate with Hadoop. This is sufficient for distributed batch processing, but doesn’t address CEP distributed processing. This webinar will demonstrate use of Cassandra in Storm. Storm provides a data flow and processing layer that can be used to integrate Cassandra with other external persistences mechanisms (e.g. Elastic Search) or calculate dimensional counts for reporting and dashboards. We’ll dive into a sample Storm topology that reads and writes from Cassandra using storm-cassandra bolts.
A new efficient fpga design of residue to-binary converterVLSICS Design
In this paper, we introduce a new 6n bit Dynamic Range Moduli set { 22n, 22n + 1, 22n – 1} and then present
its associated novel reverse converters. First, we simplify the Chinese Remainder Theorem in order to
obtain an efficient reverse converter which is completely memory less and adder based. Next, we present a
low complexity implementation that does not require the explicit use of modulo operation in the conversion
process and we demonstrate that theoretically speaking it outperforms state of the art equivalent reverse
converters. We also implemented the proposed converter and the best equivalent state of the art reverse
converters on Xilinx Spartan 6 FPGA. The experimental results confirmed the theoretical evaluation. The
FPGA synthesis results indicate that, on the average, our proposal is about 52.35% and 43.94% better in
terms of conversion time and hardware resources respectively.
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxlmelaine
Fall 2016 Insurance Case Study – Finance 360
Loss Control
Loss control activities of a business focus on finding and implementing solutions to reduce the probability of loss (loss prevention) and/or reduce the actual amount of loss (loss reduction), and therefore reduce the total cost of risk to maximize firm profitability.
Loss control techniques have been widely used in environmental loss prevention, catastrophic loss prevention, and employee-related risk management. Many firms face loss exposures caused by using, storing, and transporting hazardous materials, caustic substances, gasses, acids, etc., and may have unique issues posed by deployment of “greener” vehicle fleets using CNG, LNG, and bio-fuel solutions. Catastrophic risks, such as earthquakes, tornado, hurricanes or big fire, also pose significant threat to the property safety and business continuation for firms. Employee behavior-related risks and product safety are also important concern of corporate risk management.
Lack of effective loss control (such as inadequate systems, inadequate standards, and inadequate compliance with safety standards) may cause significant damage to a firm, such as injury costs, property damage, liability damage, bad press, lower sales, loss of employee morale, so on and so forth, as British Petroleum (BP) or Toyota had suffered in the past.
In this project, select an S&P 500 company and analyze its loss control policies focusing on either environmental loss prevention, or catastrophic loss prevention, or employee-related risk management.
Your analysis should address the following questions in the least:
· How likely the firm is subject to catastrophic losses?
· Has the business suffered losses of the kind in the past?
· What losses could be caused to the firm if a catastrophic event occurs?
A. Direct Property Loss
B. Indirect (or consequential) Property Loss
C. Liability Loss
D. Personnel Loss
E. Crime
F. Other Loss Exposures
· What loss control activities has the firm implemented to reduce the loss?
· E.g. For Property loss control, comment on Facility design and construction, Automatic Sprinkler Protection, Preventative maintenance, Equipment and Process controls and safeguards, Human Element programs, Pre-incident planning and Business continuity planning
· Proactive Safety procedures vs. Reactive Safety & Recovery policies
Requirements
1. Paper length: 8 page minimum, 12 page maximum; 12 point font—double-spaced
2. Paper sections
A. Title Page, including: (1) paper title, (2) course number and name, (3) instructor, (4) your name, and (5) date submitted
B. Executive Summary: This is a 1-2 paragraph overall summary of your paper.
C. Discussion and analysis: Cover all the individual topic areas set out above, each of which should be labeled with an appropriate subject heading.
D. Works Cited: List all secondary sources consulted in preparing this paper.
E. Attachments (if any). You may append any relevant attachment to ...
The Comprehensive Product Platform Planning (CP3) framework presents a flexible mathematical model of the platform planning process, which allows (i) the formation of sub-families of products, and (ii) the simultaneous identification and quantification of plat- form/scaling design variables. The CP3 model is founded on a generalized commonality matrix that represents the product platform plan, and yields a mixed binary-integer non- linear programming problem. In this paper, we develop a methodology to reduce the high dimensional binary integer problem to a more tractable integer problem, where the com- monality matrix is represented by a set of integer variables. Subsequently, we determine the feasible set of values for the integer variables in the case of families with 3 − 7 kinds of products. The cardinality of the feasible set is found to be orders of magnitude smaller than the total number of unique combinations of the commonality variables. In addition, we also present the development of a generalized approach to Mixed-Discrete Non-Linear Optimization (MDNLO) that can be implemented through standard non-gradient based op- timization algorithms. This MDNLO technique is expected to provide a robust and compu- tationally inexpensive optimization framework for the reduced CP3 model. The generalized approach to MDNLO uses continuous optimization as the primary search strategy, how- ever, evaluates the system model only at the feasible locations in the discrete variable space.
Seminar on "Verification of Relational Data-Centric Systems with External Services" at the KRDB Research Centre for Knowledge and Data, Faculty of Computer Science, Free University of Bozen-Bolzano (Italy), 03/05/2012.
Invited seminar in the Hasselt University BINF Research Seminar Series. I discuss the needed transition from case-centric process models where there is a single notion of case and process instances are evolved in isolation, to object-centric processes where multiple, interrelated objects are co-evolved synchronously ad asynchronously. Within this novel paradigm, I present two formal approaches, one extending declarative constraints with data correlations, the other enriching Petri nets with objects and relations.
Slides of our BPM 2022 paper on "Reasoning on Labelled Petri Nets and Their Dynamics in a Stochastic Setting", which received the best paper award at the conference. Paper available here: https://link.springer.com/chapter/10.1007/978-3-031-16103-2_22
More Related Content
Similar to PODS 2013 - Montali - Verification of Relational Data-Centric Dynamic Systems with External Services
Development of a family of products that satisfies different sectors of the market introduces significant challenges to today’s manufacturing industries – from development time to aftermarket services. A product family with a common platform paradigm offers a powerful solution to these daunting challenges. The Comprehensive Product Platform Planning (CP3) framework formulates a flexible product family model that (i) seeks to eliminate traditional boundaries between modular and scalable families, (ii) allows the formation of sub-families of products, and (iii) yield the optimal depth and number of platforms. In this paper, the CP3 framework introduces a solution strategy that obviates common assumptions; namely (i) the identification of platform/non-platform design variables and the determination of variable values are separate processes, and (ii) the cost reduction of creating product platforms is independent of the total number of each product manufactured. A new Cost Decay Function (CDF) is developed to approximate the reduction in cost with increasing commonalities among products, for a specified capacity of production. The Mixed Integer Non-Liner Programming (MINLP) problem, presented by the CP3 model, is solved using a novel Platform Segregating Mapping Function (PSMF). The proposed CP3 framework is implemented on a family of universal electric motors.
Applying Linear Optimization Using GLPKJeremy Chen
A brief introduction to linear optimization with a focus on applying it with the high-quality open-source solver GLPK.
Originally prepared for an intra-department sharing session.
Distributed Ledger and Robust Consensus for AgreementsMiguel Rebollo
Word presented in EUMAS-AT '18 conference at Bergen (NO). Proposes a robust consensus model that allows detecting cheating nodes. Application to distributed ledger (DLT)
C*ollege Credit: CEP Distribtued Processing on Cassandra with StormDataStax
Cassandra provides facilities to integrate with Hadoop. This is sufficient for distributed batch processing, but doesn’t address CEP distributed processing. This webinar will demonstrate use of Cassandra in Storm. Storm provides a data flow and processing layer that can be used to integrate Cassandra with other external persistences mechanisms (e.g. Elastic Search) or calculate dimensional counts for reporting and dashboards. We’ll dive into a sample Storm topology that reads and writes from Cassandra using storm-cassandra bolts.
A new efficient fpga design of residue to-binary converterVLSICS Design
In this paper, we introduce a new 6n bit Dynamic Range Moduli set { 22n, 22n + 1, 22n – 1} and then present
its associated novel reverse converters. First, we simplify the Chinese Remainder Theorem in order to
obtain an efficient reverse converter which is completely memory less and adder based. Next, we present a
low complexity implementation that does not require the explicit use of modulo operation in the conversion
process and we demonstrate that theoretically speaking it outperforms state of the art equivalent reverse
converters. We also implemented the proposed converter and the best equivalent state of the art reverse
converters on Xilinx Spartan 6 FPGA. The experimental results confirmed the theoretical evaluation. The
FPGA synthesis results indicate that, on the average, our proposal is about 52.35% and 43.94% better in
terms of conversion time and hardware resources respectively.
Fall 2016 Insurance Case Study – Finance 360Loss ControlLoss.docxlmelaine
Fall 2016 Insurance Case Study – Finance 360
Loss Control
Loss control activities of a business focus on finding and implementing solutions to reduce the probability of loss (loss prevention) and/or reduce the actual amount of loss (loss reduction), and therefore reduce the total cost of risk to maximize firm profitability.
Loss control techniques have been widely used in environmental loss prevention, catastrophic loss prevention, and employee-related risk management. Many firms face loss exposures caused by using, storing, and transporting hazardous materials, caustic substances, gasses, acids, etc., and may have unique issues posed by deployment of “greener” vehicle fleets using CNG, LNG, and bio-fuel solutions. Catastrophic risks, such as earthquakes, tornado, hurricanes or big fire, also pose significant threat to the property safety and business continuation for firms. Employee behavior-related risks and product safety are also important concern of corporate risk management.
Lack of effective loss control (such as inadequate systems, inadequate standards, and inadequate compliance with safety standards) may cause significant damage to a firm, such as injury costs, property damage, liability damage, bad press, lower sales, loss of employee morale, so on and so forth, as British Petroleum (BP) or Toyota had suffered in the past.
In this project, select an S&P 500 company and analyze its loss control policies focusing on either environmental loss prevention, or catastrophic loss prevention, or employee-related risk management.
Your analysis should address the following questions in the least:
· How likely the firm is subject to catastrophic losses?
· Has the business suffered losses of the kind in the past?
· What losses could be caused to the firm if a catastrophic event occurs?
A. Direct Property Loss
B. Indirect (or consequential) Property Loss
C. Liability Loss
D. Personnel Loss
E. Crime
F. Other Loss Exposures
· What loss control activities has the firm implemented to reduce the loss?
· E.g. For Property loss control, comment on Facility design and construction, Automatic Sprinkler Protection, Preventative maintenance, Equipment and Process controls and safeguards, Human Element programs, Pre-incident planning and Business continuity planning
· Proactive Safety procedures vs. Reactive Safety & Recovery policies
Requirements
1. Paper length: 8 page minimum, 12 page maximum; 12 point font—double-spaced
2. Paper sections
A. Title Page, including: (1) paper title, (2) course number and name, (3) instructor, (4) your name, and (5) date submitted
B. Executive Summary: This is a 1-2 paragraph overall summary of your paper.
C. Discussion and analysis: Cover all the individual topic areas set out above, each of which should be labeled with an appropriate subject heading.
D. Works Cited: List all secondary sources consulted in preparing this paper.
E. Attachments (if any). You may append any relevant attachment to ...
The Comprehensive Product Platform Planning (CP3) framework presents a flexible mathematical model of the platform planning process, which allows (i) the formation of sub-families of products, and (ii) the simultaneous identification and quantification of plat- form/scaling design variables. The CP3 model is founded on a generalized commonality matrix that represents the product platform plan, and yields a mixed binary-integer non- linear programming problem. In this paper, we develop a methodology to reduce the high dimensional binary integer problem to a more tractable integer problem, where the com- monality matrix is represented by a set of integer variables. Subsequently, we determine the feasible set of values for the integer variables in the case of families with 3 − 7 kinds of products. The cardinality of the feasible set is found to be orders of magnitude smaller than the total number of unique combinations of the commonality variables. In addition, we also present the development of a generalized approach to Mixed-Discrete Non-Linear Optimization (MDNLO) that can be implemented through standard non-gradient based op- timization algorithms. This MDNLO technique is expected to provide a robust and compu- tationally inexpensive optimization framework for the reduced CP3 model. The generalized approach to MDNLO uses continuous optimization as the primary search strategy, how- ever, evaluates the system model only at the feasible locations in the discrete variable space.
Seminar on "Verification of Relational Data-Centric Systems with External Services" at the KRDB Research Centre for Knowledge and Data, Faculty of Computer Science, Free University of Bozen-Bolzano (Italy), 03/05/2012.
Invited seminar in the Hasselt University BINF Research Seminar Series. I discuss the needed transition from case-centric process models where there is a single notion of case and process instances are evolved in isolation, to object-centric processes where multiple, interrelated objects are co-evolved synchronously ad asynchronously. Within this novel paradigm, I present two formal approaches, one extending declarative constraints with data correlations, the other enriching Petri nets with objects and relations.
Slides of our BPM 2022 paper on "Reasoning on Labelled Petri Nets and Their Dynamics in a Stochastic Setting", which received the best paper award at the conference. Paper available here: https://link.springer.com/chapter/10.1007/978-3-031-16103-2_22
Slides of the keynote speech on "Constraints for process framing in Augmented BPM" at the AI4BPM 2022 International Workshop, co-located with BPM 2022. The keynote focuses on the problem of "process framing" in the context of the new vision of "Augmented BPM", where BPM systems are augmented with AI capabilities. This vision is described in a manifesto, available here: https://arxiv.org/abs/2201.12855
Keynote speech at KES 2022 on "Intelligent Systems for Process Mining". I introduce process mining, discuss why process mining tasks should be approached by using intelligent systems, and show a concrete example of this combination, namely (anticipatory) monitoring of evolving processes against temporal constraints, using techniques from knowledge representation and formal methods (in particular, temporal logics over finite traces and their automata-theoretic characterization).
Presentation (jointly with Claudio Di Ciccio) on "Declarative Process Mining", as part of the 1st Summer School in Process Mining (http://www.process-mining-summer-school.org). The Presentation summarizes 15 years of research in declarative process mining, covering declarative process modeling, reasoning on declarative process specifications, discovery of process constraints from event logs, conformance checking and monitoring of process constraints at runtime. This is done without ad-hoc algorithms, but relying on well-established techniques at the intersection of formal methods, artificial intelligence, and data science.
Presentation on "From Case-Isolated to Object-Centric Processes - A Tale of Two Models" as part of the Hasselt University BINF Research Seminar Series (see https://www.uhasselt.be/en/onderzoeksgroepen-en/binf/research-seminar-series).
Invited seminar on "Modeling and Reasoning over Declarative Data-Aware Processes" as part of the KRDB Summer Online Seminars 2020 (https://www.inf.unibz.it/krdb/sos-2020/).
Presentation of the paper "Soundness of Data-Aware Processes with Arithmetic Conditions" at the 34th International Conference on Advanced Information Systems Engineering (CAiSE 2022). Paper available here: https://doi.org/10.1007/978-3-031-07472-1_23
Abstract:
Data-aware processes represent and integrate structural and behavioural constraints in a single model, and are thus increasingly investigated in business process management and information systems engineering. In this spectrum, Data Petri nets (DPNs) have gained increasing popularity thanks to their ability to balance simplicity with expressiveness. The interplay of data and control-flow makes checking the correctness of such models, specifically the well-known property of soundness, crucial and challenging. A major shortcoming of previous approaches for checking soundness of DPNs is that they consider data conditions without arithmetic, an essential feature when dealing with real-world, concrete applications. In this paper, we attack this open problem by providing a foundational and operational framework for assessing soundness of DPNs enriched with arithmetic data conditions. The framework comes with a proof-of-concept implementation that, instead of relying on ad-hoc techniques, employs off-the-shelf established SMT technologies. The implementation is validated on a collection of examples from the literature, and on synthetic variants constructed from such examples.
Presentation of the paper "Probabilistic Trace Alignment" at the 3rd International Conference on Process Mining (ICPM 2021). Paper available here: https://doi.org/10.1109/ICPM53251.2021.9576856
Abstract:
Alignments provide sophisticated diagnostics that pinpoint deviations in a trace with respect to a process model. Alignment-based approaches for conformance checking have so far used crisp process models as a reference. Recent probabilistic conformance checking approaches check the degree of conformance of an event log as a whole with respect to a stochastic process model, without providing alignments. For the first time, we introduce a conformance checking approach based on trace alignments using stochastic Workflow nets. This requires to handle the two possibly contrasting forces of the cost of the alignment on the one hand and the likelihood of the model trace with respect to which the alignment is computed on the other.
Presentation of the paper "Strategy Synthesis for Data-Aware Dynamic Systems with Multiple Actors" at the 7th International Conference on Principles of Knowledge Representation and Reasoning (KR 2020). Paper available here: https://proceedings.kr.org/2020/32/
Abstract: The integrated modeling and analysis of dynamic systems and the data they manipulate has been long advocated, on the one hand, to understand how data and corresponding decisions affect the system execution, and on the other hand to capture how actions occurring in the systems operate over data. KR techniques proved successful in handling a variety of tasks over such integrated models, ranging from verification to online monitoring. In this paper, we consider a simple, yet relevant model for data-aware dynamic systems (DDSs), consisting of a finite-state control structure defining the executability of actions that manipulate a finite set of variables with an infinite domain. On top of this model, we consider a data-aware version of reactive synthesis, where execution strategies are built by guaranteeing the satisfaction of a desired linear temporal property that simultaneously accounts for the system dynamics and data evolution.
Presentation of the paper "Extending Temporal Business Constraints with Uncertainty" at the 18th Int. Conference on Business Process Management (BPM 2020). Paper available here: https://doi.org/10.1007/978-3-030-58666-9_3
Abstract: Temporal business constraints have been extensively adopted to declaratively capture the acceptable courses of execution in a business process. However, traditionally, constraints are interpreted logically in a crisp way: a process execution trace conforms with a constraint model if all the constraints therein are satisfied. This is too restrictive when one wants to capture best practices, constraints involving uncontrollable activities, and exceptional but still conforming behaviors. This calls for the extension of business constraints with uncertainty. In this paper, we tackle this timely and important challenge, relying on recent results on probabilistic temporal logics over finite traces. Specifically, our contribution is threefold. First, we delve into the conceptual meaning of probabilistic constraints and their semantics. Second, we argue that probabilistic constraints can be discovered from event data using existing techniques for declarative process discovery. Third, we study how to monitor probabilistic constraints, where constraints and their combinations may be in multiple monitoring states at the same time, though with different probabilities.
Presentation of the paper "Extending Temporal Business Constraints with Uncertainty" at the CAiSE2020 Forum. The paper is available here: https://link.springer.com/chapter/10.1007/978-3-030-58135-0_8
Abstract: Conformance checking is a fundamental task to detect deviations between the actual and the expected courses of execution of a business process. In this context, temporal business constraints have been extensively adopted to declaratively capture the expected behavior of the process. However, traditionally, these constraints are interpreted logically in a crisp way: a process execution trace conforms with a constraint model if all the constraints therein are satisfied. This is too restrictive when one wants to capture best practices, constraints involving uncontrollable activities, and exceptional but still conforming behaviors. This calls for the extension of business constraints with uncertainty. In this paper, we tackle this timely and important challenge, relying on recent results on probabilistic temporal logics over finite traces. Specifically, we equip business constraints with a natural, probabilistic notion of uncertainty. We discuss the semantic implications of the resulting framework and show how probabilistic conformance checking and constraint entailment can be tackled therein.
Presentation of the paper "Modeling and Reasoning over Declarative Data-Aware Processes with Object-Centric Behavioral Constraints" at the 17th Int. Conference on Business Process Management (BPM 2019). Paper available here: https://link.springer.com/chapter/10.1007/978-3-030-26619-6_11
Abstract
Existing process modeling notations ranging from Petri nets to BPMN have difficulties capturing the data manipulated by processes. Process models often focus on the control flow, lacking an explicit, conceptually well-founded integration with real data models, such as ER diagrams or UML class diagrams. To overcome this limitation, Object-Centric Behavioral Constraints (OCBC) models were recently proposed as a new notation that combines full-fledged data models with control-flow constraints inspired by declarative process modeling notations such as DECLARE and DCR Graphs. We propose a formalization of the OCBC model using temporal description logics. The obtained formalization allows us to lift all reasoning services defined for constraint-based process modeling notations without data, to the much more sophisticated scenario of OCBC. Furthermore, we show how reasoning over OCBC models can be reformulated into decidable, standard reasoning tasks over the corresponding temporal description logic knowledge base.
Keynote speech at the Belgian Process Mining Research Day 2021. I discuss the open, critical challenge of data preparation in process mining, considering the case where the original event data are implicitly stored in (legacy) relational databases. This case covers the common situation where event data are stored inside the data layer of an ERP or CRM system. This is usually handled using manual, ad-hoc, error-prone ETL procedures. I propose instead to adopt a pipeline based on semantic technologies, in particular the framework of ontology-based data access (also known as virtual knowledge graph). The approach is code-less, and relies on three main conceptual steps: (1) the creation of a data model capturing the relevant classes, attributes, and associations in the domain of interest (2) the definition of declarative mappings from the source database to the data model, following the ontology-based data access paradigm (3) the annotation of the data model with indications on which classes/associations/attributes provide the relevant notions of case, events, event attributes, and event-to-case relation. Once this is done, the framework automatically extracts the event log from the legacy data. This makes extremely smooth to generate logs by taking multiple perspectives on the same reality. The approach has been operationalized in the onprom tool, which employs semantic web standard languages for the various steps, and the XES standard as the target format for the event logs.
Keynote speech at the 7th International Workshop on DEClarative, DECision and Hybrid approaches to processes ( DEC2H 2019) In conjunction with BPM 2019.
This is a talk about the combined modeling and reasoning techniques for decisions, background knowledge, and work processes.
The advent of the OMG Decision Model and Notation (DMN) standard has revived interest, both from academia and industry, in decision management and its relationship with business process management. Several techniques and tools for the static analysis of decision models have been brought forward, taking advantage of the trade-off between expressiveness and computational tractability offered by the DMN S-FEEL language.
In this keynote, I argue that decisions have to be put in perspective, that is, understood and analyzed within their surrounding organizational boundaries. This brings new challenges that, in turn, require novel, advanced analysis techniques. Using a simple but illustrative example, I consider in particular two relevant settings: decisions interpreted the presence of background, structural knowledge of the domain of interest, and (data-aware) business processes routing process instances based on decisions. Notably, the latter setting is of particular interest in the context of multi-perspective process mining. I report on how we successfully tackled key analysis tasks in both settings, through a balanced combination of conceptual modeling, formal methods, and knowledge representation and re
Presentation at "Ontology Make Sense", an event in honor of Nicola Guarino, on how to integrate data models with behavioral constraints, an essential problem when modeling multi-case real-life work processes evolving multiple objects at once. I propose to combine UML class diagrams with temporal constraints on finite traces, linked to the data model via co-referencing constraints on classes and associations.
Presentation at EDOC 2019 on connecting legacy relational data to ontologies on norms and their evolution via temporal ontology-based data access. The paper received the best paper award at the conference.
Presentation ad EDOC 2019 on monitoring multi-perspective business constraints accounting for time and data, with a specific focus on the (unsolvable in general) problem of conflict detection.
My presentation at "Fit for Digital 2019", organized by Informatica Alto Adige S.p.A. to discuss digital transformation in the public administration sector, with more than 200 participants. I discussed how the digitalization of models and data can boost a new way of managing processes based on factual information.
More from Faculty of Computer Science - Free University of Bozen-Bolzano (20)
Acorn Recovery: Restore IT infra within minutesIP ServerOne
Introducing Acorn Recovery as a Service, a simple, fast, and secure managed disaster recovery (DRaaS) by IP ServerOne. A DR solution that helps restore your IT infra within minutes.
Have you ever wondered how search works while visiting an e-commerce site, internal website, or searching through other types of online resources? Look no further than this informative session on the ways that taxonomies help end-users navigate the internet! Hear from taxonomists and other information professionals who have first-hand experience creating and working with taxonomies that aid in navigation, search, and discovery across a range of disciplines.
Sharpen existing tools or get a new toolbox? Contemporary cluster initiatives...Orkestra
UIIN Conference, Madrid, 27-29 May 2024
James Wilson, Orkestra and Deusto Business School
Emily Wise, Lund University
Madeline Smith, The Glasgow School of Art
0x01 - Newton's Third Law: Static vs. Dynamic AbusersOWASP Beja
f you offer a service on the web, odds are that someone will abuse it. Be it an API, a SaaS, a PaaS, or even a static website, someone somewhere will try to figure out a way to use it to their own needs. In this talk we'll compare measures that are effective against static attackers and how to battle a dynamic attacker who adapts to your counter-measures.
About the Speaker
===============
Diogo Sousa, Engineering Manager @ Canonical
An opinionated individual with an interest in cryptography and its intersection with secure software development.
This presentation by Morris Kleiner (University of Minnesota), was made during the discussion “Competition and Regulation in Professions and Occupations” held at the Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found out at oe.cd/crps.
This presentation was uploaded with the author’s consent.
Competition and Regulation in Professional Services – KLEINER – June 2024 OEC...
PODS 2013 - Montali - Verification of Relational Data-Centric Dynamic Systems with External Services
1. unibz.itunibz.it
Verification of
Relational Data-Centric Dynamic Systems
with External Services
Marco Montali
Joint work with: B. Bagheri Hariri, D. Calvanese, G. De Giacomo, A. Deutsch
KRDB Research Centre for Knowledge and Data
Free University of Bozen-Bolzano, Italy
PODS 2013
New York, USA
Marco Montali Verification of Relational DCDSs PODS 2013 1 / 25
2. unibz.itunibz.it
Introduction
This talk is about verification of systems merging data and processes.
See yesterday’s keynote by Diego Calvanese.
Process (Wil van der Aalst) looking at data (Victor Vianu) @BPM 2011
Marco Montali Verification of Relational DCDSs PODS 2013 2 / 25
3. unibz.itunibz.it
Introduction
Data-Centric Dynamic Systems (DCDSs)
An abstract, pristine framework to formally describe processes that manipulate
data.
• Captures virtually all existing approaches to data-aware processes, such as
the artifact-centric paradigm.
DCDS
Data Layer
Process Layer
external
service
external
service
external
service
UpdateRead
• Data layer: relational database (with constraints).
• Process layer: condition-action rules (include service calls that input new
data).
Marco Montali Verification of Relational DCDSs PODS 2013 3 / 25
4. unibz.itunibz.it
DCDS
A DCDS S is a pair D, P .
Data layer D
• Relational schema.
• Constraints (equality constraints/domain-independent FOL).
• Initial DB.
Marco Montali Verification of Relational DCDSs PODS 2013 4 / 25
5. unibz.itunibz.it
DCDS
A DCDS S is a pair D, P .
Data layer D
• Relational schema.
• Constraints (equality constraints/domain-independent FOL).
• Initial DB.
Process layer P
• Services to introduce new data into the system - results taken from a
countably infinite domain.
• Actions with parameters, specified in terms of effects that:
1 query the current DB (with UCQs + domain-independent FO filters);
2 transfer the obtained answers, together with service call results, into
facts that constitute the new DB.
• Declarative description of the process with condition-action rules.
Condition: (domain-independent) FO query.
Each rule queries the current DB and determines the executability of
the corresponding action with params.
Marco Montali Verification of Relational DCDSs PODS 2013 4 / 25
6. unibz.itunibz.it
An Example: Hotels and Price Conversion
Data Layer: Info about hotels and room prices
Cur = UserCurrency CH = Hotel, Currency PEntry = Hotel, Price, Date
Process Layer/1
User selection of a currency.
• Process: true −→ ChooseCur()
• Service call for currency selection: uInputCurr()
Models user input with non-deterministic behavior: same-argument calls
possibly return different values at different time moments.
• ChooseCur() :
true Cur(uInputCurr())
CH(h, c) CH(h, c)
PEntry(h, p, d) PEntry(h, p, d)
Marco Montali Verification of Relational DCDSs PODS 2013 5 / 25
7. unibz.itunibz.it
An Example: Hotels and Price Conversion
Data Layer: Info about hotels and room prices
Cur = UserCurrency CH = Hotel, Currency PEntry = Hotel, Price, Date
Process Layer/2
Price conversion for a hotel.
• Process: Cur(c) ∧ CurHotel(h, ch) ∧ ch = c −→ ApplyConv(h, c)
• Service call for currency selection: conv(price, from, to, date)
Models historical conversion with deterministic behavior: same-argument
calls always return the same value along a run.
• ApplyConv(h, c) :
PEntry(h, p, d) ∧ CH(h, cold) ∧ Cur(c) PEntry(h, conv(p, cold, c, d), d)
PEntry(h , p, d) ∧ h = h PEntry(h , p, d)
CH(h, cold) CH(h, c)
CH(h , c ) ∧ h = h CH(h , c )
Cur(c) Cur(c)
Marco Montali Verification of Relational DCDSs PODS 2013 5 / 25
10. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
11. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
ApplyConv(h1,usd)
ChooseCur()
ApplyConv(h2,usd)
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
12. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
ApplyConv(h1,usd):
conv(95,eur,usd,apr-25) = ?
conv(80,eur,usd,sep-18) = ?
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
13. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
HC
h1 usd
h2 eur
PEntry
h1 115 apr-25
h1 95 sep-18
h2 80 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
ApplyConv(h1,usd):
conv(95,eur,usd,apr-25) = 115
conv(80,eur,usd,sep-18) = 95
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
14. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
HC
h1 usd
h2 eur
PEntry
h1 115 apr-25
h1 95 sep-18
h2 80 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
ApplyConv(h1,usd):
conv(95,eur,usd,apr-25) = 115
conv(80,eur,usd,sep-18) = 95
ChooseCur()
ApplyConv(h2,usd)
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
15. unibz.itunibz.it
Run
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
HC
h1 usd
h2 eur
PEntry
h1 115 apr-25
h1 95 sep-18
h2 80 sep-18
Cur
usd
HC
h1 usd
h2 usd
PEntry
h1 115 apr-25
h1 95 sep-18
h2 95 sep-18
Cur
usd
ChooseCur(): uInputCurr() = usd
ApplyConv(h1,usd):
conv(95,eur,usd,apr-25) = 115
conv(80,eur,usd,sep-18) = 95
ApplyConv(h2,usd)
conv(80,eur,usd,sep-18) = 95
Marco Montali Verification of Relational DCDSs PODS 2013 6 / 25
16. unibz.itunibz.it
Execution Semantics
Transition system accounting for all possible runs of the DCDS:
• States: each linked to a DB - instance of the data layer;
• Transitions: legal applications of action+params+service call evals.
Action+params: executable according to the process rules.
Deterministic services behave consistently with the previous results.
We obtain a possibly infinite-state (relational) transition system:
• from the initial DB;
• by applying transitions in all possible ways.
Marco Montali Verification of Relational DCDSs PODS 2013 7 / 25
17. unibz.itunibz.it
Sources of Unboundedness/Infinity
In general: service calls cause. . .
.....
.
.....
.
. . .
• Infinite branching (due to all possible results
of service calls).
• Infinite runs (usage of values obtained from
unboundedly many service calls).
• Unbounded DBs
(accumulation of such values).
HC
h1 eur
h2 eur
PEntry
h1 95 apr-25
h1 80 sep-18
h2 80 sep-18
Cur
usd
. . .
. . .
. . .
.
.
.
ApplyConv(h1,usd): exchange rate = 1.2
ApplyConv(h1,usd): exchange rate = 1.23
ApplyConv(h1,usd): exchange rate = 1.3
ApplyConv(h1,usd): exchange rate = ...
Marco Montali Verification of Relational DCDSs PODS 2013 8 / 25
18. unibz.itunibz.it
Verification of DCDSs
Verification
Given a DCDS S (with transition system ΥS), and a temporal/dynamic
property Φ, check whether
ΥS |= Φ
Requirements for temporal/dynamic properties:
• to capture data ; first-order queries;
• to capture dynamics ; temporal modalities;
• to capture evolution of data ; quantification across states.
Marco Montali Verification of Relational DCDSs PODS 2013 9 / 25
19. unibz.itunibz.it
Verification of DCDSs
Verification
Given a DCDS S (with transition system ΥS), and a temporal/dynamic
property Φ, check whether
ΥS |= Φ
Requirements for temporal/dynamic properties:
• to capture data ; first-order queries;
• to capture dynamics ; temporal modalities;
• to capture evolution of data ; quantification across states.
Our goal
Investigate “robust” conditions on decidability of verification:
• for sophisticated branching- and linear-time temporal properties;
• exploiting conventional, finite-state model checking via construction
of a faithful (sound and complete), finite-state abstraction.
Marco Montali Verification of Relational DCDSs PODS 2013 9 / 25
20. unibz.itunibz.it
Design Space
We employ variants of first-order µ-calculus (µLFO):
Φ ::= Q | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | − Φ | Z | µZ.Φ
• Employs fixpoint constructs to express sophisticated
properties defined via induction or co-induction.
• Subsumes virtually all logics used in verification,
such as LTL, CTL, CTL*.
PDLLTL CTL
µL
µLFO
Marco Montali Verification of Relational DCDSs PODS 2013 10 / 25
21. unibz.itunibz.it
Design Space
We employ variants of first-order µ-calculus (µLFO):
Φ ::= Q | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | − Φ | Z | µZ.Φ
• Employs fixpoint constructs to express sophisticated
properties defined via induction or co-induction.
• Subsumes virtually all logics used in verification,
such as LTL, CTL, CTL*.
PDLLTL CTL
µL
µLFO
Problem 1
Unrestricted first-order quantification: no hope of reducing verification to
finite-state model checking.
See: ∃x1, . . . , xn. i=j xi = xj ∧ i∈{1,...,n} − Q(xi)
; We need to consider fragments of µLFO with controlled quantification.
Marco Montali Verification of Relational DCDSs PODS 2013 10 / 25
22. unibz.itunibz.it
Design Space
We employ variants of first-order µ-calculus (µLFO):
Φ ::= Q | ¬Φ | Φ1 ∧ Φ2 | ∃x.Φ | − Φ | Z | µZ.Φ
• Employs fixpoint constructs to express sophisticated
properties defined via induction or co-induction.
• Subsumes virtually all logics used in verification,
such as LTL, CTL, CTL*.
PDLLTL CTL
µL
µLFO
Problem 1
Unrestricted first-order quantification: no hope of reducing verification to
finite-state model checking.
See: ∃x1, . . . , xn. i=j xi = xj ∧ i∈{1,...,n} − Q(xi)
; We need to consider fragments of µLFO with controlled quantification.
Problem 2
Verification is undecidable for simple propositional CTL ∩ LTL properties.
; We need to pose restrictions on DCDSs.
Marco Montali Verification of Relational DCDSs PODS 2013 10 / 25
23. unibz.itunibz.it
History-Preserving µ-calculus (µLA)
Active-domain quantification: restricted to those
individuals present in the current database.
∃x.Φ ; ∃x.live(x) ∧ Φ
where live(x) states that x is present in the current
active domain. PDLLTL CTL
µL
µLA
µLFO
Example
νX.(∀x.live(x) ∧ Stud(x) →
µY .(∃y.live(y) ∧ Grad(x, y) ∨ − Y ) ∧ [−]X)
Along every path, it is always true, for each student x, that there exists an
evolution eventually leading to a graduation of the student (with some
final mark y).
Marco Montali Verification of Relational DCDSs PODS 2013 11 / 25
24. unibz.itunibz.it
Persistence-Preserving µ-calculus (µLP)
In some cases, objects maintain their identity only if they persist in the
active domain (cf. business artifacts and their IDs).
. . .
StudId : 123
. . .
StudId : 123
. . .dismiss(123) newStud()
ID() = 123
Marco Montali Verification of Relational DCDSs PODS 2013 12 / 25
25. unibz.itunibz.it
Persistence-Preserving µ-calculus (µLP)
In some cases, objects maintain their identity only if they persist in the
active domain (cf. business artifacts and their IDs).
. . .
StudId : 123
. . .
StudId : 123
. . .dismiss(123) newStud()
ID() = 123
µLP restricts µLA to quantification over persisting
objects only, i.e., objects that continue to be live.
∃x.Φ ; ∃x.live(x) ∧ Φ
− Φ(x) ; live(x) ∧ − Φ(x)
[−]Φ(x) ; live(x) ∧ [−]Φ(x) PDLLTL CTL
µL
µLP
µLA
µLFO
Marco Montali Verification of Relational DCDSs PODS 2013 12 / 25
26. unibz.itunibz.it
Persistence-Preserving µ-calculus (µLP)
In some cases, objects maintain their identity only if they persist in the
active domain (cf. business artifacts and their IDs).
. . .
StudId : 123
. . .
StudId : 123
. . .dismiss(123) newStud()
ID() = 123
µLP restricts µLA to quantification over persisting
objects only, i.e., objects that continue to be live.
∃x.Φ ; ∃x.live(x) ∧ Φ
− Φ(x) ; live(x) ∧ − Φ(x)
[−]Φ(x) ; live(x) ∧ [−]Φ(x) PDLLTL CTL
µL
µLP
µLA
µLFO
Example (“strong persistence”)
νX.(∀x.live(x) ∧ Stud(x) →
µY .(∃y.live(y) ∧ Grad(x, y) ∨ (live(x) ∧ − Y )) ∧ [−]X)
Along every path, it is always true, for each student x, that there exists an
evolution in which x persists in the database until she eventually graduates.
Marco Montali Verification of Relational DCDSs PODS 2013 12 / 25
27. unibz.itunibz.it
Persistence-Preserving µ-calculus (µLP)
In some cases, objects maintain their identity only if they persist in the
active domain (cf. business artifacts and their IDs).
. . .
StudId : 123
. . .
StudId : 123
. . .dismiss(123) newStud()
ID() = 123
µLP restricts µLA to quantification over persisting
objects only, i.e., objects that continue to be live.
∃x.Φ ; ∃x.live(x) ∧ Φ
− Φ(x) ; live(x) ∧ − Φ(x)
[−]Φ(x) ; live(x) ∧ [−]Φ(x) PDLLTL CTL
µL
µLP
µLA
µLFO
Example (“weak persistence”)
νX.(∀x.live(x) ∧ Stud(x) →
µY .(∃y.live(y) ∧ Grad(x, y) ∨ (live(x) → − Y )) ∧ [−]X)
Along every path, it is always true, for each student x, that there exists an
evolution in which either x does not persist, or she eventually graduates.
Marco Montali Verification of Relational DCDSs PODS 2013 12 / 25
28. unibz.itunibz.it
Bisimulations
We introduce two novel notions of bisimulation to account for µLA/µLP.
History-Preserving
Bisimulation Invariant Languages
Persistence-Preserving
Bisimulation Invariant Languages
Propositional Bisimulation
Invariant Languages
PDLLTL CTL
µL
µLP
µLA
µLFO
These bisimulation relations capture:
• dynamics ; standard notion of bisimulation;
• data ; DB isomorphism;
• evolution of data ; compatibility of the bijections witnessing the
isomorphisms along a run.
Marco Montali Verification of Relational DCDSs PODS 2013 13 / 25
29. unibz.itunibz.it
Bisimulations
History-preserving bisimulation requires each isomorphism to be witnessed
by a bijection that extends the bijection used in the previous step.
Theorem
If Υ1 and Υ2 are history-preserving bisimilar, then for every µLA closed
formula Φ, we have:
Υ1 |= Φ if and only if Υ2 |= Φ.
Marco Montali Verification of Relational DCDSs PODS 2013 14 / 25
30. unibz.itunibz.it
Bisimulations
History-preserving bisimulation requires each isomorphism to be witnessed
by a bijection that extends the bijection used in the previous step.
Theorem
If Υ1 and Υ2 are history-preserving bisimilar, then for every µLA closed
formula Φ, we have:
Υ1 |= Φ if and only if Υ2 |= Φ.
Persistence-preserving bisimulation requires each isomorphism to be
witnessed by a bijection that extends the bijection used in the previous
step, restricted only to the persisting objects.
Theorem
If Υ1 and Υ2 are persistence-preserving bisimilar, then for every µLP
closed formula Φ, we have:
Υ1 |= Φ if and only if Υ2 |= Φ.
Marco Montali Verification of Relational DCDSs PODS 2013 14 / 25
31. unibz.itunibz.it
Conditions for DCDSs
We devise two conditions over the transition system ΥS of a DCDS S.
Run boundedness
Each run of ΥS accumulates only a bounded number of objects.
• No bound on the overall number of objects: ΥS is still infinite-state, due to
infinite branching induced by service calls.
• Unboundedly many deterministic service calls can still be issued with a bounded
number of inputs.
• Only boundedly many nondeterministic service calls can be issued.
Marco Montali Verification of Relational DCDSs PODS 2013 15 / 25
32. unibz.itunibz.it
Conditions for DCDSs
We devise two conditions over the transition system ΥS of a DCDS S.
Run boundedness
Each run of ΥS accumulates only a bounded number of objects.
• No bound on the overall number of objects: ΥS is still infinite-state, due to
infinite branching induced by service calls.
• Unboundedly many deterministic service calls can still be issued with a bounded
number of inputs.
• Only boundedly many nondeterministic service calls can be issued.
State boundedness
Each state of ΥS contains only bounded number of objects.
• Relaxation of run-boundedness: unboundedly many objects along a run, provided
that they are not accumulated in the same state.
• ΥS can contain infinite branches and infinite runs.
Marco Montali Verification of Relational DCDSs PODS 2013 15 / 25
42. unibz.itunibz.it
Run-Bounded Systems: Decidability for µLA
Theorem
Verification of µLA over run-bounded DCDSs is decidable and can be
reduced to model checking of propositional µL over a finite TS.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite branching.
..
.
..
.
..
.
..
.
. . .
Marco Montali Verification of Relational DCDSs PODS 2013 17 / 25
43. unibz.itunibz.it
Run-Bounded Systems: Decidability for µLA
Theorem
Verification of µLA over run-bounded DCDSs is decidable and can be
reduced to model checking of propositional µL over a finite TS.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite branching.
• We use isomorphic types instead of actual
service call results.
..
.
..
.
..
.
..
.
. . .
≈
representatives for all
isomorphic types
Marco Montali Verification of Relational DCDSs PODS 2013 17 / 25
44. unibz.itunibz.it
State-bounded Systems: Undecidability for µLA
Theorem
Verification of µLA over state-bounded DCDSs is undecidable.
Intuition: µLA can use quantification to store and compare the
unboundedly many values encountered along the runs.
Crux: reduction from satisfiability of LTL with freeze quantifiers.
• µLA can express LTL with freeze quantifier by making registers
explicit.
• There is a state-bounded DCDS that simulates all the possible traces
with register assignments (i.e., data words).
• Satisfiability via model checking.
Marco Montali Verification of Relational DCDSs PODS 2013 18 / 25
45. unibz.itunibz.it
State-bounded Systems: Decidability for µLP
Theorem
Verification of µLP over state-bounded DCDSs is decidable and can be
reduced to model checking of propositional µ-calculus over a finite
transition system.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite
branching and compacting infinite runs.
1 Prune infinite branching (isomorphic types).
.....
.
.....
.
.....
.
.....
.
. . .
Marco Montali Verification of Relational DCDSs PODS 2013 19 / 25
46. unibz.itunibz.it
State-bounded Systems: Decidability for µLP
Theorem
Verification of µLP over state-bounded DCDSs is decidable and can be
reduced to model checking of propositional µ-calculus over a finite
transition system.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite
branching and compacting infinite runs.
1 Prune infinite branching (isomorphic types).
.....
.
.....
.
.....
.
.....
.
. . .
∼
representatives for
isomorphic types
Marco Montali Verification of Relational DCDSs PODS 2013 19 / 25
47. unibz.itunibz.it
State-bounded Systems: Decidability for µLP
Theorem
Verification of µLP over state-bounded DCDSs is decidable and can be
reduced to model checking of propositional µ-calculus over a finite
transition system.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite
branching and compacting infinite runs.
1 Prune infinite branching (isomorphic types).
.....
.
.....
.
.....
.
Marco Montali Verification of Relational DCDSs PODS 2013 19 / 25
48. unibz.itunibz.it
State-bounded Systems: Decidability for µLP
Theorem
Verification of µLP over state-bounded DCDSs is decidable and can be
reduced to model checking of propositional µ-calculus over a finite
transition system.
Crux: construct a faithful abstraction ΘS for ΥS, collapsing infinite
branching and compacting infinite runs.
1 Prune infinite branching (isomorphic types).
2 Finite abstraction along the runs:
Recycle old, non-persisting objects instead of
inventing new ones.
..
.
..
.
..
.
Marco Montali Verification of Relational DCDSs PODS 2013 19 / 25
49. unibz.itunibz.it
Sufficient Syntactic Conditions
State- and run-boundedness are semantic conditions.
We show they are undecidable to check.
We then introduce two incomparable sufficient syntactic conditions:
• Weak acyclicity (cf. data exchange), to check whether a DCDS with
deterministic services is run-bounded.
• Generate-recall acyclicity, to check whether a DCDS is state-bounded.
Both conditions are checked against a dependency graph that abstracts
the data-flow of the DCDS process layer.
Marco Montali Verification of Relational DCDSs PODS 2013 20 / 25
50. unibz.itunibz.it
Sufficient Syntactic Conditions - Example 1
Example
Consider a DCDS S with process {true −→ α()},
action α() :
P(x) P(x)
P(x) Q(f (x))
Q(x) Q(x)
P,1 Q,1*
Consider nondeterministic service calls.
S is not state-bounded.
The problem comes from the interplay between:
• a generate cycle that continuously feeds a path issuing service calls;
• a recall cycle that accumulates the obtained results.
• (+ the fact that both cycles are active at the same time)
GR-acycliclity detects exactly these undesired situations.
Marco Montali Verification of Relational DCDSs PODS 2013 21 / 25
51. unibz.itunibz.it
Sufficient Syntactic Conditions - Example 2
Example
Consider a DCDS S with process {true −→ α(), true −→ β()},
actions
α() : {P(x) Q(f (x))}
β() : {Q(x) P(x)} P,1 Q,1
*
Consider deterministic service calls.
S is not run-bounded.
The problem comes from:
• repeated calls to the same service. . .
• every time using fresh values that are directly (or indirectly) obtained
by manipulating previous results produced by the same service.
Weak acycliclity detects these undesired situations.
Marco Montali Verification of Relational DCDSs PODS 2013 22 / 25
52. unibz.itunibz.it
Conclusions
• Our work is grounded in real-world data-aware processes.
• We study robust conditions for decidability.
no conditions on the structure of the database;
the database changes over time;
suitable restrictions are posed on the process layer.
• Complexity wise, our techniques are exponential in the size of the
initial database.
• However, most often processes change only a small (logarithmic ?)
portion of the entire database.
• Next step: formalize this intuition.
Marco Montali Verification of Relational DCDSs PODS 2013 23 / 25
53. unibz.itunibz.it
History-Preserving Bisimulation
Given Υ1, Υ2 over = data domains ∆1 and ∆2, with states Σ1 and Σ2. . .
• Is a ternary relation ≈⊆ Σ1 × H × Σ2, connecting pais of states under a bijection
that tracks the history.
• In particular, s1 ≈h s2 implies that:
1 h is a partial bijection between ∆1 and ∆2 that induces an
isomorphism between db1(s1) and db2(s2);
2 for each s1, if s1 ⇒1 s1 then there is an s2 with s2 ⇒2 s2 and a
bijection h that extends h, such that s1 ≈h s2;
3 for each s2, if s2 ⇒2 s2 then there is an s1 with s1 ⇒1 s1 and a
bijection h that extends h, such that s1 ≈h s2.
• Υ1 ≈ Υ2 if there exists a partial bijection h0 such that s01 ≈h0 s02.
Marco Montali Verification of Relational DCDSs PODS 2013 24 / 25
54. unibz.itunibz.it
History-Preserving Bisimulation
Given Υ1, Υ2 over = data domains ∆1 and ∆2, with states Σ1 and Σ2. . .
• Is a ternary relation ≈⊆ Σ1 × H × Σ2, connecting pais of states under a bijection
that tracks the history.
• In particular, s1 ≈h s2 implies that:
1 h is a partial bijection between ∆1 and ∆2 that induces an
isomorphism between db1(s1) and db2(s2);
2 for each s1, if s1 ⇒1 s1 then there is an s2 with s2 ⇒2 s2 and a
bijection h that extends h, such that s1 ≈h s2;
3 for each s2, if s2 ⇒2 s2 then there is an s1 with s1 ⇒1 s1 and a
bijection h that extends h, such that s1 ≈h s2.
• Υ1 ≈ Υ2 if there exists a partial bijection h0 such that s01 ≈h0 s02.
Theorem
If Υ1 ≈ Υ2, then for every µLA closed formula Φ, we have:
Υ1 |= Φ if and only if Υ2 |= Φ.
Marco Montali Verification of Relational DCDSs PODS 2013 24 / 25
55. unibz.itunibz.it
Persistence-Preserving Bisimulation
Given Υ1, Υ2 over = data domains ∆1 and ∆2, with states Σ1 and Σ2. . .
• It is a ternary relation ∼⊆ Σ1 × H × Σ2, connecting pairs of states under a
bijection that tracks the history of persisting objects.
• In particular, s1 ∼h s2 implies that:
1 h is a partial bijection between ∆1 and ∆2 that induces an
isomorphism between db1(s1) and db2(s2);
2 for each s1, if s1 ⇒1 s1 then there exists an s2 with s2 ⇒2 s2 and a
bijection h that extends h restricted on
adom(db1(s1)) ∩ adom(db1(s1)), such that s1 ∼h s2;
3 for each s2, if s2 ⇒2 s2 then there exists an s1 with s1 ⇒1 s1 and a
bijection h that extends h restricted on
adom(db1(s1)) ∩ adom(db1(s1)), such that s1 ∼h s2.
• Υ1 ∼ Υ2 if there exists a partial bijection h0 such that s01 ∼h0 s02.
Marco Montali Verification of Relational DCDSs PODS 2013 25 / 25
56. unibz.itunibz.it
Persistence-Preserving Bisimulation
Given Υ1, Υ2 over = data domains ∆1 and ∆2, with states Σ1 and Σ2. . .
• It is a ternary relation ∼⊆ Σ1 × H × Σ2, connecting pairs of states under a
bijection that tracks the history of persisting objects.
• In particular, s1 ∼h s2 implies that:
1 h is a partial bijection between ∆1 and ∆2 that induces an
isomorphism between db1(s1) and db2(s2);
2 for each s1, if s1 ⇒1 s1 then there exists an s2 with s2 ⇒2 s2 and a
bijection h that extends h restricted on
adom(db1(s1)) ∩ adom(db1(s1)), such that s1 ∼h s2;
3 for each s2, if s2 ⇒2 s2 then there exists an s1 with s1 ⇒1 s1 and a
bijection h that extends h restricted on
adom(db1(s1)) ∩ adom(db1(s1)), such that s1 ∼h s2.
• Υ1 ∼ Υ2 if there exists a partial bijection h0 such that s01 ∼h0 s02.
Theorem
If Υ1 ∼ Υ2, then for every µLP closed formula Φ, we have:
Υ1 |= Φ if and only if Υ2 |= Φ.
Marco Montali Verification of Relational DCDSs PODS 2013 25 / 25