Polynomial analysis algorithms for free-choice workflow nets Javier Esparza Technical University of Munich Joint work with Jörg Desel, Philipp Hoffman, and Ratul Saha
Business process modeling The activity of representing operational processes of an enterprise: purchasing, manufacturing, evaluating, marketing … BPs coded as workflows describing the causal precedence of operations performed by staff, machines, etc. Sophisticated graphical languages Business Process Model and Notation, BPMN 2.0 (2011 standard of the Object Management Group)
BPMN models Many commercial tools for modelling, simulating, visualizing. No formal semantics, limited analysis capabilities
Business process analysis Petri nets and process algebras are used to give (fragments of) BPNM a formal semantics, or alternative modeling formalisms apt for analysis. Workflow Petri Nets probably the most successful model. (for Petri nets aficionados: we conside here only the 1-safe variant) YAWL [www.yawlfoundation.org] : Yet Another Workflow Language. Developed and maintained since 2004, with ~ 10 5 downloads.
Workflow Petri Nets
Workflow Petri Nets Initial Place
Workflow Petri Nets Initial Place Final Place
Workflow Petri Nets
Workflow Petri Nets
Workflow Petri Nets
Workflow Petri Nets
Workflow Petri Nets
Workflow Petri Nets
Workflow Petri Nets
State explosion problem Master Theorem The following problem Given: A workflow Petri net Decide: Put your favourite property here is PSPACE-hard. Lots of work on heuristics; POR, BDDs, CEGAR … Palliate the problem, but have worst-case complexity in very simple cases. Goal: investigate algorithms that can be applied to any workflow, and come with a polynomial-time guarantee for a nontrivial, useful subclass.
State explosion problem Master Theorem The following problem Given: A workflow Petri net Decide: Put your favourite property here is PSPACE-hard. Lots of work on heuristics; POR, BDDs, CEGAR … Palliate the problem, but have worst-case complexity in very simple cases. Goal: investigate algorithms that can be applied to any workflow, and come with a polynomial-time guarantee for a nontrivial, useful subclass.
State explosion problem Master Theorem The following problem Given: A workflow Petri net Decide: Put your favourite property here is PSPACE-hard. Lots of work on heuristics; POR, BDDs, CEGAR … Palliate the problem, but have worst-case complexity in very simple cases. Goal: investigate algorithms that can be applied to any workflow, and come with a polynomial-time guarantee for a nontrivial, useful subclass.
Free-choice workflow nets Non-free-choice Process-oriented interpretation: no interference between choice and concurrency .
Free-choice workflow nets Some modeling formalisms (Workflow Graphs) only produce free-choice nets. Suite of ca. 2000 workflow nets (IBM, SAP): Almost 1400 are free-choice
Theory of free-choice nets
A fundamental property: Soundness Soundness: all partial computations can be completed
A fundamental property: Soundness Soundness: all partial computations can be completed
Checking properties Soundness Hard problem in general: PSPACE-complete (Several) polynomial algorithms for free-choice nets Reachability for sound workflow nets Polynomial algorithms for free-choice nets
Problem: Data, Time, Probability … The activities of a workflow are always enhanced with informations they may trigger an operation on data they may have a duration and/or a cost (they may have a probability) Structure theory has not considered these aspects so far. Models exist … Nets + Data = Colored Petri Nets Nets + Time = Time(d) Petri Nets Nets + Probability = Stochastic Petri Nets … but no structure theory for them!
Problem: Data, Time, Probability … The activities of a workflow are always enhanced with informations they may trigger an operation on data they may have a duration and/or a cost (they may have a probability) Structure theory has not considered these aspects so far. Models exist … Nets + Data = Colored Petri Nets Nets + Time = Time(d) Petri Nets Nets + Probability = Stochastic Petri Nets … but no structure theory for them!
Problem: Data, Time, Probability … The activities of a workflow are always enhanced with informations they may trigger an operation on data they may have a duration and/or a cost (they may have a probability) Structure theory has not considered these aspects so far. Models exist … Nets + Data = Colored Petri Nets Nets + Time = Time(d) Petri Nets Nets + Probability = Stochastic Petri Nets … but no structure theory for them.
Colored Petri Nets Assign types to places Assign variables to arcs Assign functions to transitions Tokens: values of the proper type Firing as expected 𝑦 1 ≔ 𝑥 1 + 𝑥 2 𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3
Colored Petri Nets Assign types to places Assign variables to arcs ℕ ℕ ℕ Assign types to places Assign variables to arcs Assign functions to transitions Tokens: values of the proper type Firing as expected 𝑦 1 ≔ 𝑥 1 + 𝑥 2 𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3 ℕ ℕ
Colored Petri Nets Assign types to places Assign variables to arcs ℕ ℕ ℕ Assign types to places Assign variables to arcs Assign functions to transitions Tokens: values of the proper type Firing as expected 𝑦 𝑥 𝑧 𝑦 1 ≔ 𝑥 1 + 𝑥 2 𝑦 2 ≔ 𝑥 2 ∗ 𝑥 3 𝑢 𝑣 ℕ ℕ
Colored Petri Nets Assign types to places Assign variables to arcs ℕ ℕ ℕ Assign types to places Assign variables to arcs Assign transfer functions to transitions Tokens: values of the proper type Firing as expected 𝑦 𝑥 𝑧 𝑢≔𝑥+𝑦 𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ
Colored Petri Nets Assign types to places Assign variables to arcs ℕ 𝟑 ℕ 𝟐 ℕ 𝟎 Assign types to places Assign variables to arcs Assign transfer functions to transitions Tokens: values of the proper type Firing as expected 𝑦 𝑥 𝑧 𝑢≔𝑥+𝑦 𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ
Colored Petri Nets Assign types to places Assign variables to arcs ℕ 𝟑 ℕ 𝟐 ℕ 𝟎 Assign types to places Assign variables to arcs Assign transfer functions to transitions Tokens: values of the proper type Firing as expected 𝑦 𝑥 𝑧 𝑢≔𝑥+𝑦 𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ ℕ
Colored Petri Nets Assign types to places Assign variables to arcs ℕ ℕ ℕ Assign types to places Assign variables to arcs Assign transfer functions to transitions Tokens: values of the proper type Firing as expected 𝑦 𝑥 𝑧 𝑢≔𝑥+𝑦 𝑣≔𝑦∗𝑧 𝑢 𝑣 ℕ 𝟓 ℕ 𝟎
Reduction Rules (Petri net transformations) Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core. Reduction-based verification: Apply the rules for as long as possible If the net is completely reduced, read out the result. Otherwise, check the irreducible core. A set of rules is complete for a class if it completely reduces the nets of the class.
Reduction Rules (Petri net transformations) Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core. Reduction-based verification: Apply the rules for as long as possible If the net is completely reduced, read out the result. Otherwise, check the irreducible core. A set of rules is complete for a class if it completely reduces the nets of the class.
Reduction Rules (Petri net transformations) Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core. Reduction-based verification: Apply the rules for as long as possible If the net is completely reduced, read out the result. Otherwise, check the irreducible core. A set of rules is complete for a class if it completely reduces the nets of the class.
Reduction Rules (Petri net transformations) Reduction rules transform a workflow net into a ``simpler‘‘ one while preserving some properties They either reduce the net completely to the smallest workflow net 𝑖→𝑡→𝑜 or produce an irreducible core. Reduction-based verification: Apply the rules for as long as possible If the net is completely reduced, read out the result. Otherwise, check the irreducible core. A set of rules is complete for a class if it completely reduces the nets of the class.
Checking Soundness with Reduction Rules There exists a reduction algorithm that: Can be applied to arbitrary workflows to reduce their size. Reduces all (and only the) sound free-choice workflow nets to the ``trivial’’ workflow net with only one transition (completeness). Requires only a polynomial number of applications (polynomiality) However, the rules do not preserve dataflow:
Checking Soundness with Reduction Rules There exists a reduction algorithm that: Can be applied to arbitrary workflows to reduce their size. Reduces all (and only the) sound free-choice workflow nets to the ``trivial’’ workflow net with only one transition (completeness). Requires only a polynomial number of applications (polynomiality) However, the rules do not preserve dataflow:
The Quest for the Holy Grail … Find new reduction rules that preserve soundness/unsoundness, preserve dataflow, are complete for free-choice workflow nets, and are as few and simple as possible. E., Hoffmann: Reduction rules for Colored Workflow Nets, FASE 2016 E., Hoffmann, Saha: Polynomial Analysis Algorithms for Free-Choice Probabilistic Workflow Nets, QEST 16 E., Muscholl, Walukiewicz: Static Analysis of Deterministic Negotiations, to appear in LICS 17
Inspiration: Rules for sequential programs
Abstract description of a coloured transition
The new rules: Merge rule Merge two transitions with the same input and output places into one Red nodes may have other input and output transitions
The new rules: Merge rule Simplified representation:
The new rules: Iteration rule Move the effect of a loop to its exit transitions Yellow places may have other input transitions
The new rules: Shortcut rule Replace two consecutive transitions by one with the same effect.
The new rules: Shortcut rule II Replace two consecutive transitions by one with the same effect.
The new rules: Shortcut rule II Replace two consecutive transitions by one with the same effect. Unclear in which sense this is a reduction rule.
The theorem Theorem: There is an algorithm that reduces all (and only) sound free-choice coloured workflow nets to 𝑖→𝑅→𝑜 within a polynomial (cubic) number of rule applications.
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
An example
The completeness proof … … is surprisingly complex!
The completeness proof … … is surprisingly complex! First challenge: the (second) shortcut rule may loop.
The completeness proof … … is surprisingly complex! Second challenge: avoid exponentially many rule applications.
The completeness proof … … is surprisingly complex! Third challenge: reducing „loops“. Synchronized loop Non-synchronized loop
The completeness proof … … is surprisingly complex! Third challenge: reducing „loops“. Synchronized loop Non-synchronized loop Theorem: Every loop of a sound free-choice workflow net is synchronized.
The algorithm
Experiments Experiments on a suite of ca. 2000 workflow nets [van Donguen et al., Fahland et al.] Sound free-choice workflows completely reduced within a linear number of rule applications Unsound free-choice workflows reduced by about 70%
Quantitative Analysis of Workflow Nets Most research has concentrated on capturing design errors. Recent interest in quantitative analysis: $$ Cost $$
Quantitative Analysis of Workflow Nets Most research has concentrated on capturing design errors. Recent interest in quantitative analysis: $$ Cost $$
Adding costs 1 2 15 3 40 10
Adding probabilities
Conflict sets (non-trivial) Adding probabilities Conflict sets (non-trivial) Conflict set: maximal set of transitions with at least one common input place
Adding probabilities 1 2 1 5 3 2 Gola: computed the expected cost
MDP semantics 2 3 1 Enabled conflict set picked by a nondeterministic scheduler. Conflicts resolved probabilistically
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
MDP semantics 2 3 1
Expected cost Executions can terminate successfully or deadlock. Cost of a successful execution: sum of the costs of the fired transitions. Cost of a deadlocked execution: infinite. Probability of an execution under a scheduler: product of the probabilities of the transitions fired. Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6
Expected cost Executions can terminate successfully or deadlock. Cost of a successful execution: sum of the costs of the fired transitions. Cost of a deadlocked execution: infinite. Probability of an execution under a scheduler: product of the probabilities of the transitions fired. Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6
Expected cost Executions can terminate successfully or deadlock. Cost of a successful execution: sum of the costs of the fired transitions. Cost of a deadlocked execution: infinite. Probability of an execution under a scheduler: product of the probabilities of the transitions fired. Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6
Expected cost Executions can terminate successfully or deadlock. Cost of a successful execution: sum of the costs of the fired transitions. Cost of a deadlocked execution: infinite. Probability of an execution under a scheduler: product of the probabilities of the transitions fired. Expected cost under a scheduler: weighted sum of the costs under the scheduler 7 5 2 3 1 5 8 4 6 6
Computing expected cost Theorem: The expected cost of a free-choice workflow net is independent of the scheduler. Heuristic: fix a scheduler and compute only the states of the Markov chain it generates. However: the MDP can still be exponentially larger than the workflow net .
Merge rule Merge two transitions with the same input and output places into one Red nodes may have other input and output transitions
Iteration rule Move the effect of a loop to its exit transitions Yellow places may have other input transitions
Shortcut rule I Replace two consecutive transitions by one with the same effect.
Shortcut rule II Replace two consecutive transitions by one with the same effect.
An Example
An Example
An Example
An Example
An Example
An Example
An Example
An Example
An Example
An Example
An Example
Main result Theorem: Every sound free-choice workflow net 𝑊 can be reduced to a 1-transition net with 𝑂( |𝑊| 3 ) rule applications. Theorem: Let 𝑊 be a free-choice workflow net. There is an 𝑂( |𝑊| 3 ) algorithm that reduces 𝑊 completely, in which case it is sound and the label of the unique transition gives the expected cost, or does not reduce 𝑊 completely, in which case it is unsound and the expected cost is ∞.
Some experiments Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]). Questions: Is the final marking reached with probability 1 ? If so, which is the expected number of firings? Standard laptop (i7-3820 CPU, 1GB)
Some experiments Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]). Questions: Is the final marking reached with probability 1 ? If so, which is the expected number of firings? Standard laptop (i7-3820 CPU, 1GB) PRISM explicit bdd sparse 30s limit 1309 (353s) 636 (others MO) 638(others MO) 10m limit 10 6 states
Some experiments Experiments on a suite of 1385 free-choice workflow nets (IBM, [van Donguen et al., Fahland et al.]). Questions: Is the final marking reached with probability 1 ? If so, which is the expected number of firings? Standard laptop (i7-3820 CPU, 1GB) PRISM explicit bdd sparse 30s limit 1309 (353s) 636 (others MO) 638(others MO) 10m limit 10 6 states Reduction: 5s combined for all 1385 workflows, at most 20ms for a workflow.
Conclusions New set of reduction rules that preserve dataflow, and is still complete for sound free-choice workflows. Extension to the computation of expected cost (even parametric). Only the combination of soundness and free-choiceness does the trick: Arbitrary free-choice workflows “as hard as” arbitrary workflows. Experiments show no disadvantages w.r.t. the old set of rules.