Timed data-centric analysis of graphical business process models in Reo Natallia Kokash and Christian Krause Centrum Wiskunde & Informatica (CWI) Erik de Vink, TU Eindhoven The Netherlands SEFM 2010, 15/09/2010 1
Overview § Channel-based coordination language Reo § Graphical notation, semantic models § Formalization of business process models with Reo § m. CRL 2 specification language and model checking toolset § Translation from Reo to m. CRL 2 § Basic mapping § Compositional translation § Data and time support § Abstraction § Tool support § Example – Auction process § Related work § Conclusions and future work SEFM 2010, 15/09/2010 2
Motivation: analysis of business processes § Goal: automatically analyze workflow models § Safety properties § “Something bad will not happen” § Liveness properties § “Something good will eventually happen” § Control flow analysis § Deadlocks/livelocks/temporal constraints in data-agnostic models § Data flow analysis § Deadlocks/livelocks/temporal constraints in data-aware models (with multiple variables, abstract data types and data manipulation) § Service compatibility checking SEFM 2010, 15/09/2010 3
Channel-based coordination with Reo § Channels are binary components that define constraints on input and output data items § Channel ends (ports) can be both source ends or both sink ends § Channel ends can be joint together and form source, sink or mixed nodes § Source nodes behave like synchronous replicators § Sink nodes behave like non-deterministic mergers SEFM 2010, 15/09/2010 4
Formalization of business process models with Reo § § § Arbab, F. , N. Kokash and M. Sun, Towards using Reo for Compliance-aware Business Process, ISo. LA 2008 (2008), pp. 108– 123. Tasharofi, S. , M. Vakilian, R. Z. Moghaddam and M. Sirjani, Modeling web service interactions using the coordination language Reo, Proc. of the Int. Workshop on Web Services and Formal Methods, LNCS 4937 (2008), pp. 108– 123. Changizi, B. , Kokash, N. , Arbab, F. : A Unified Toolset for Business Process Model Formalization, proc of the Int. Workshop on Formal Engineering approaches to Software Components and Architectures (FESCA), 2010. SEFM 2010, 15/09/2010 5
Semantic models for Reo § Basic model § Constraint automata (Baier, C. , Sirjani, M. , Arbab, F. , Rutten, J. : Modeling Component Connectors in Reo by Constraint Automata. Science of Computer Programming 61 (2006) 75– 113) § Reo with context dependent channels § Coloring semantics (Clarke, D. , Costa, D. , Arbab, F. : Connector coloring I: Synchronization and context dependency. Science of Computer Programming 66 (2007) 205– 225) § Intentional automata (Costa, D. : Formal Models for Context Dependent Connectors for Distributed Software Components and Services. Ph. D thesis, CWI (2010)) § Reo automata (Bonsangue, M. , Clarke, D. , Silva, A. : Automata for contextdependent connectors. In: Proc. Coordination’ 09. Volume 5521 of LNCS. , Springer (2009) 184– 203) § Reo with timed channels § Timed constraint automata (Arbab, F. , Baier, C. , de Boer, F. , Rutten, J. : Models and temporal logical specifications for timed component connectors. Software and Systems Modeling 6(1) (2007) 59– 82) § Reo with probabilistic channels § Probabilistic constraint automata (Baier, C. : Probabilistic models for Reo connector circuits. Journal of Universal Computer Science 11(10) (2005) 1718– 1748) SEFM 2010, 15/09/2010 6
Constraint automata semantics for basic Reo channels and nodes SEFM 2010, 15/09/2010 7
(Timed) constraint automata A constraint automaton SEFM 2010, 15/09/2010 8
m. CRL 2 § Behavioral specification language § Associated toolset § Developed at TU Eindhoven (+ La. Qu. So, CWI and Twente University) § Based on the algebra of communicating processes (ACP) § Extended with data and time § Built-in data types: Bool, Nat, Pos, Int, Real § Algebraic data types § constructors, recognition and projection functions § Built-in support for lists, sets and bags § User-defined functions (λ calculus) § Number of industrial case studies § http: //www. mcrl 2. org/ SEFM 2010, 15/09/2010 9
m. CRL 2 specification language § Actions are atomic events (e. g. a firing of a port or a request arrival in a Reo connector) § Processes are the active entities defined as expressions over actions and other processes § § § Multiaction: a|b (synchronized actions) Alternative composition: a + b (nondeterministic choice) Sequence composition: a. b (b started after a) Conditional: exp → a ◊ b (if-then-else) At operator: act (action a happens at time t) Parallel composition: a||b (interleavings a. b + b. a + a|b) § Actions and processes can be parametrized with data § Summation: ∑d∈D a(d) (a(d 1) + a(d 2) + a(d 3)…) SEFM 2010, 15/09/2010 10
m. CRL 2 specification language § Renaming: ρR(a) where R is a set of renamings of the form b → c, meaning that every occurrence of b in a is replaced by c § Hiding: τH(a) renames all actions of H in a to τ § Restriction (allow): ∇R(a) where R specifies which actions are allowed to occur in a § Blocking: ∂B(a) where B is a set of actions that is not allowed to occur in a § Communication: ΓC(p), where C is a set of allowed communications of the form a 0|. . . |an→ c, n ≥ 1 which means that every group of actions a 0|. . . |an within a multiaction is replaced by an action c SEFM 2010, 15/09/2010 11
Reo to m. CRL 2 (Constraint automata semantics) § Data flow observed at a channel end = action § Synchronous channel, synchronous drain § Sync = A|B. Sync; § Non-deterministic synchronous lossy channel § Lossy. Sync = (A|B + A). Lossy. Sync; § Asynchronous drain § Async. Drain = (A + B). Async. Drain; § FIFO § Fifo = A. B. Fifo; § Full. Fifo = B. Fifo; § Alternative encoding: Fifo(f: Bool) = (¬f → A ◊ B). Fifo(¬f); § Replication node § Replication. Node = X|Y|Z. Replication. Node; § Merge node § Merge. Node = (X|Z + Y|Z). Merge. Node; SEFM 2010, 15/09/2010 12
Channel composition Synchronize and hide actions corresponding to the connected channels A B C D A B|C →E Reduce the size of the state space while building the LTS for the m. CRL 2 specification of a Reo connector by Iterated connector construction 1. P 0 = ∂ends of connected channels(Γhandshaking at Node 1(Node 1 || Sync 1 || Lossy. Sync 2 || Sync. Drain 1)) A B 2. P 1 = ∂ends of connected channels(Γhandshaking at Node 2(Node 2 || Sync 3 || P 0 )) A B A D 3. P 2 = ∂ends of connected channels (Γhandshaking at Node 3(Node 3 || Sync 4 || P 1 )) B A 4. P 3 = ∂ends of connected channels (Γhandshaking at Node 4(Node 4 || Sync 5 || P 2 )) D C SEFM 2010, 15/09/2010 13 D
Correctness of the mapping § N. Kokash, C. Krause, and E. de Vink, “Verification of context-dependent channel-based service models, ” in Proc. FMCO 2009, ser. LNCS. Springer, 2010. SEFM 2010, 15/09/2010 14
Reo to m. CRL 2: Data support act A, B: Data § Sync = ∑d∈Data. A(d)|B(d). Sync; § Sync. Drain = ∑d 1, d 2 ∈Data. A(d 1)|B(d 2). Sync. Drain; § Lossy. Sync = ∑d∈Data. (A(d)|B(d) + A(d)). Lossy. Sync; § Async. Drain = ∑d∈Data. (A(d) + B(d)). Async. Drain; § Filter = sum ∑d∈Data. (exp(d) → A(d)|B(d) ◊ A(d)). Filter, where exp(d) is a boolean expression § Transformer = ∑d∈Data. A(d)|B(exp(d)). Transformer; § Replication. Node = ∑d∈Data. X(d)|Y(d)|Z(d). Replication. Node; § Merge. Node = ∑d∈Data. (X(d)|Z(d) + Y(d)|Z(d)). Merge. Node; § FIFO § Data. FIFO = struct empty? is. Empty | full(e: Data)? is. Full; § Fifo(f: Data. FIFO) = ∑d∈Data is. Empty(f)→A(d). Fifo(full(d)) ◊ B(e(f)). Fifo(empty)) SEFM 2010, 15/09/2010 15
Reo to m. CRL 2: Global data types § A connector should deal with any data items consumed by its source nodes § Given a set of elementary data types DT 1, …, DTn (e. g. , inferred from web service interface specifications), the global data type is described as follows: § Data = struct D 1(e 1: DT 1)|…|Dn(e 1: DTn) § Join. Node = ∑ d 1, d 2 ∈Data. (X(d 1)|Y(d 2)|Z(tuple(d 1, d 2)). Join. Node; § For m-join node tuple(e 1: Data, e 2: Data, …, em: Data) is added to the Data description, e. g. , § Data = struct D 1(e 1: DT 1)|…|Dn(e 1: DTn) |tuple(e 1: Data, e 2: Data) § Note: expressions for filter and transformer channels become dependent on the structure of the Reo connector SEFM 2010, 15/09/2010 16
Reo to m. CRL 2: time support T-timer with off- and reset- options § Reacts differently to different data inputs: § Data. Timer = struct reset? is. Reset | off? is. Off | timeout | other(e: Data)? is. Other § Has two states § State = struct OFF? is. OFF | ON? is. ON § State s (timer ON or OFF), current time x, timer delay t § Timer(s: State, x: Real, t: Real ) = is. OFF(s)→∑d∈Data. Timer is. Other(d)→A(d). Timer(ON, 0, t) + is. ON (s) → ((x < t) → ∑d∈Data. Timer is. Reset(d) → A(d). Timer(ON, 0, t) + is. Off (d) → A(d). Timer(OFF, x, t) + tickcx. Timer(ON, x + 1, t)) ◊ B(timeout). Timer(OFF, x, t) SEFM 2010, 15/09/2010 17
Abstraction SEFM 2010, 15/09/2010 18
Case study: auction process with data transformation SEFM 2010, 15/09/2010 19
Tool support SEFM 2010, 15/09/2010 20
LTS and examples of control flow and timed properties SEFM 2010, 15/09/2010 21
LTS and examples of data flow properties Input constraints: SEFM 2010, 15/09/2010 22
Comparison of model checking tools for Reo § Vereofy (University of Dresden) http: //www. vereofy. de/ § § § Developed specifically for Reo and Constraint Automata Dedicated property specification format Counterexamples No support for abstract data types Global domain for all components Primitive data constraint specification language (for filter channels) § m. CRL 2 toolset http: //www. mcrl 2. org/ § § § Powerful support for data Rich property specification format (μ calculus) Hard to extract counterexamples Inability to define some useful data domains Performance depends on the structure of the program § CADP toolset (INRIA) http: //www. inrialpes. fr/vasy/cadp/ § Compatible with the generated m. CRL 2 code (. lps →. aut) § Efficient model checking + other useful functionality (e. g. , model-based testing, performance evaluation, advanced action sequence search) § License SEFM 2010, 15/09/2010 23
Conclusions and future work § Model checking for Reo § Control + data flow analysis with abstract data types § Automated generation of m. CRL 2 code from graphical models § Useful toolset for business process and service composition analysis § Good alternative to Petri nets § Better fits service-oriented computing paradigm § Compositional modeling and analysis Future work § Extend the m. CRL 2 property specification language with some missing but useful features: § The ability to check that some action occurs as part of a multi-action § The ability to refer to the system states by combination of data values stored in FIFO buffers. SEFM 2010, 15/09/2010 24
Скачать презентацию Timed data-centric analysis of graphical business process models
ec0cf86db544f717f170245b516ed47c.ppt