Presen sew-35-12(beamer)

IntroductionFormalization of BPMN

Basic ideas for proofs/implementationConclusions and future work

Automating the Transformation from BPMNModels to CSP+T Specifications

M.I. Capel1 L.E. Mendoza2

1School of Computer Engineeringand Telecommunications

University of Granada (Spain)Email: [email protected]

2Processes and Systems DepartmentSimón Bolívar University

Caracas (Venezuela)Email: [email protected]

35th IEEE Annual Software Engineering Workshop, Heraklion, Crete (Greece) 10/13-2012

Capel, Mendoza From BPMN to CSP+T



Agenda

1 IntroductionMotivationBusiness Process Modelling notationsPrevious workOur approach to BPMN formalization

2 Formalization of BPMNBusiness Process graphical specificationFormalization of a BPD subset

3 Basic ideas for proofs/implementationProduct–Service Sell case studyBTransformer utilization




MotivationBusiness Process Modelling notationsPrevious workOur approach to BPMN formalization

Open issues

Business Process Models’ Analysis:Transformation of BPMN models into executable modelsEnvironmental conditions and non–functional requirementsare influential and decisive to obtain any useful model

BPMN–semantics formalizationThe specification of this notation developed by the BusinessProcess Management Initiative (BPMI) does not include aformal semanticsThe lack of a formal semantics impedes “compiling" BPMNand generating code into a business process executionlanguage (BPEL)





Validation or verification of business processes?

Formalization of BPMN semantics: opens the way tobusiness process models verification

Verification of Business Processes: supports analysts toimprove the quality of IT target models

BPM validation or verification?: not everyone in theCommunity agrees which one to take on

Strengths and weaknesses of each way





Different approaches to BPM formalization

Analyser and workflow nets [Verbeek 2001]

PA approach and BPMN formalization [Wong 2007]

UML–activity semantics and verification [Eshuis 2002]

Business Process Model for formal verification [Arias 2008]





Main objectives

Compositional verification of of non–functionalrequirements,including temporal behaviour of the model

Formal semantics of BPD modelling entities that precludesany ambiguity in business process behaviour specification

Integrate model–checkers or other state-of-the-artverification tools for software





The proposal

A set of transformation rules:{temporal contructs} ⊆ BPMN → {CSP + T} processcalculus

An easy verification method for BPM task models

Modification of an ideal development cycle of BPMs bymerging the verification of BP properties with the designprocess of the task model





Fundamental insight of the proposal

We take full advantage of strengths that formalization ofBPMN–constructs can provide to the analysis of businessprocesses properties at design time, which will have an im-portant impact when these models are executed.




Business Process graphical specificationFormalization of a BPD subset

A specific type of flowchart: the Business ProcessDiagram (BPD)

GatewaysEventsActivitiesFlows

Figure: Example of a BPDCapel, Mendoza From BPMN to CSP+T




BPMN graphical representation of a state

Type

in

out

error

send

/rec

eive

exit_1exit_2exit_3

links & dependences

Type

N

Figure: Black–box model of a BPMN-entity state.





Denotation of a state

Each BPD has a semantic state entity associated to itRepresented by the following semantic function :

[bpmn]bpmn : P Name 7→ Local 7→ Processhide : P Name 7→ Local 7→ PEvent

function name = (Y | [αY ]X )\hide(| S |))Where X = ✷i : αY\hide(fin,abt) •(i → X ✷ fin → null ✷abt → stop)And Y = (‖i : Process set • α(Pi ) ◦ P(i))

Only the sequence of external interactions of the BPDThe transformed executable specification is a parallelcomposition of CSP subprocesses





BPD representation of BPMN modelling entities

Figure: BPMN Elements Extended Graphical Representation.





Extended Business Process Modelling Notation

Firstly, EBPMN needs the semantic precision given by aformal language to its basic elements to transformbusiness processes into executable models

A set of EBPMN constructs can be transformed intoCSP+T terms with soundness

Parallel Fork GatewayParallel Join GatewayData–based OR gatewaysEvent–based OR gatewaysOR–join gateways





Parallel Fork Gateway

One branch P(i) for each outgoing control flow depicted bythe gate state

Pagate.1(m,R,P(1) . . .P(n)) = (init .R → SKIP;P(R); ‖m

i=1 [A] : N • init .P(i) → SKIP; P(i))✷ fin → SKIP





Data–based OR Gateway

Inclusive gateways that are used for selection of a set ofoutput branches among all the outgoing flows

Pinclusive(n,R,P(1) . . .P(n)) =(init .R → SKIP; X (n))✷ fin → SKIP

X (i) = (i > 1&(condition(i)& init .P(i)→ SKIP; P(i)✷¬condition(i)&SKIP) ‖ X (i − 1))

✷(i = 1& condition(i)& init .P(i)→ SKIP; P(i))





Data–based OR Gateway(2)

Exclusive gateways that are used for selecting only oneamong a set of mutually exclusive alternative output flows

Pexclusive(n,R,P(1) . . .P(n),P(Def )) =(init .R → SKIP; X (n))✷ fin → SKIP

X (n) = (✷i=ni=1condition(i)& init .P(i) → SKIP; P(i))

✷(∧i=ni=1¬condition(i)& init .P(Def ) → SKIP ; P(Def ))





Event–based OR Gateway

An external events–based choice for selecting a set ofalternative sequence flowsP(event .based) = init .P(m) → SKIP; P(m);

P(inclusive|exclusive)(n,P(m),P(1), . . . ,P(n))P(x) =? x





OR–Join Gateway

The exclusive OR–Join (XOR.join) can be modelled by a“select” of mutually exclusive alternativesPXOR.join(n,P(1) . . .P(n),R) =

(✷i=ni=1init .P(i) → SKIP; P(i); init .R →; P(R))

✷ fin → SKIP

The inclusive OR-Merge is equivalent to a barriersynchronizationPincl .join(n,P(1) . . .P(n),R) =

|||i=ni=1 (condition(i)& init .P(i) → SKIP; P(i)

✷¬condition(i)&SKIP); init .R →; P(R)✷ fin → SKIP





Formalization of temporal extensions of EBPMN

In many models, not to abide time constraints or resourcesabuse causes the violation of business process rules

The definition of delays associated to BPMN 2.0intermediate event timers is not enough to define preciseconstraints in business process specifications

New analysis entities should be included in BPMN that canaddress temporal and resource constraints

And they have to have associated quantifiable operators toexpress enabled intervals, deadlines, etc.





Start event, maximum and minimum time of an Activity

We opted for an extension that includes a maximum andminimum duration time for each BPMN activity:

Figure: Temporal Annotations of the Activity





Semantical interpretation

The execution time of bpmn S1 activity does not overrun itsmaximum range, nor occurs before its minimum startingtime elapses:

vS1 + S1.ran.min ≤ s(ǫS2) ≤ vS1 + S1.ran.max .

The corresponding CSP+T process term:

P(S1) =ǫS1 ✶ vS1 → SKIP; (I(Time, vS1 + S1.ran.min).ǫS2 → SKIP;P(S2)✷ǫend → SKIP)Time = S1.ran.max − S1.ran.min





Service Tasks

Message sending/reception must be carried out within thetime limits of the activities that sends/receives

These activities do not enter a deadlock state

1) (vS1 < s(ǫm1) ≤ (vS1 + S1.ran.min))

∧ (vS2 < s(ǫm1) < (vS2 + S2.ran.min))

2) (vS2 < s(ǫm2) ≤ (vS2 + S2.ran.min))

∧ (vS1 < s(ǫm2) < (vS1 + S1.ran.min))





Semantical interpretation

The communication must take place within the intervalsdefined by the conditions:

s(ǫm1), s(ǫm2) ∈[max{vS1, vS2},min{vS1 + S1.ran.min, vS2 + S2.ran.min}]

The corresponding CSP+T process terms areP(S1) =(ǫS1 ✶ vS1 → SKIP;

(I(MI, MA).ǫm1!(x, vS1) → SKIP; I(MI, MA).ǫm2?(y, vS2) → SKIP;I(Time, vS1 + S1.ran.min).ǫS3 → P(S3)✷ǫend.1 → SKIP))

P(S2) =(ǫS2 ✶ vS2 → SKIP;(I(MI, MA).ǫm1?(x, vS1) → SKIP; I(MI, MA).ǫm2!(y, vS2) → SKIP;I(Time, vS2 + S2.ran.min).ǫS4 → P(S4)✷ǫend.2 → SKIP))




Product–Service Sell case studyBTransformer utilization

BTransformer Tool

This tool has been invented as model transformationmanager: BPMN model → CSP+T modelImplemented in Eclipse

Includes Model Transformation Language (MTL) andATLAS Transformation Language (ATL) featuresFamiliar environment to the business process analystAutomatic generation of CSP+T formal specifications fromany BPMN model





Btransformer Tool (2)





Case Study

A significant complex process of any CustomerRelationship Management (CRM) business process

Each BPD is encapsulated by a BPMN state, showing ahigh collaboration between business–model participants





BPD of the Product–Service Sell

taskCo_s1

taskCo_s21

end.2start taskCo_s3

taskCo_s4

abort

agate agate

task Co_s6

task Co_s5

taskCo_s7

taskCo_s8

taskCo_s2st

art 2 end.2

agate

taskCu_s1st

art 1 task

Cu_s2N

end.1

abort

vs2

m1.min m1.max

m2.min m2.max

vs1

m4.min m4.max

m3.min m3.max

m5.min m5.max

m6.min m6.max m7.min m7.max

vs21

task Cu_s3

task Cu_s6t.Cu_s4 task Cu_s5

Ycus = (P(start.1)‖Pserv.1()‖Pserv.2()‖Pxgate.1())Pserv.1(P(cu s1), P(co s1), Pmiseq(cu s2), Pmiseqs(co s2))Pserv.2(Pmiseq(cu s2), Pmysub(co s2), Pxgate.1(), Pinterr ())Pinterr (P(co s3), (Pagate.1()‖Pagate.2()), ( P(co s4)‖P(abort.2)))Pxgate.1(2, Pmiseq(cu s2), (P(cu s4)‖Pserv.3()‖P(cu s6)‖

P(end.1)), (P(cu s3)‖Psend (m)‖P(abort.1)))Pserv.3(P(cu s5), P(co s3), P(cu s6), Pagate.2())Pagate.1(2, Pinterr (), P(co s6), P(co s5))Pagate.2(2, P(co s6), P(co s5), (P(co s7)‖P(co s8)‖P(end.2)))

Ycom = (P(start.2)‖Pserv.1()‖Pmiseqs(co s2)‖Pinterr ()‖

Pagate.2()‖P(co s7)‖P(co s8)‖P(end.2))Pmiseqs(co s2) = (P(start.3) ‖ P(co s21) ‖P(end.3))





Definition and specification of PSS business process

The specification of BPMN modelling entities thatrepresent the business participants:[bpmnCompany ]Com = (P(start.2)‖Pserv .1()‖Pmiseqs(co s2)‖Pinterr ()

and the Customer:[bpmnCustomer ]

(P(start.1)‖Pserv .1()‖Pserv .2()‖Pxgate.1())

The collaboration between Customer and Company is denotedby the parallel composition CSP+T process term:

PSS = (Cus | [αCus‖αCom] | Com)\{| msg1}





PSS Properties definition(1)

Some properties of interest for the PSS areabsolute deadline for complete task model execution,task execution according to a predefined order,safety properties preservation,any product/service request will be finally responded,the model participants cannot be unsynchronized, anda product/service should only be delivered/performed afterreceiving a previous request.

We will only demonstrate the following liveness property:

φ = AG[a,b](Communication request ⇒ (1)

AF[a+1,b]Receive and acknowledge)





PSS Properties definition(2)

Figure: Büchi automaton for Customer properties specification

Figure: Büchi automaton for Company properties specification





Model Verification with FDR 2.0(1)

According to trace/failures semantics of CSP, it can beascertained that the following refinements satisfied:

T (φCus) ⊑F Cus, T (φCom) ⊑F Com, (2)

However, FDR 2.0 gives the following counter–example:(〈starts.Cus.cu s1, starts.Cus.cu s2〉, {starts.Cus s3})

After requesting information about the product, the modelwill get blocked if the cutomer cancels the product sell!





Model Verification with FDR 2.0(1)

There is two ways to solve the mismatch between theCustomer process and its specification:

To change the internal design of the bpmn–Customer orthe specification of the Customer process

It makes much more sense to change the specification inthis case, since the business rules allow cancellations upuntil the product has been delivered

We changed Customer specification formula accordingly,to avoid deadlock situation:

φ = AG[a,b](P/S delivery request ⇒ (3)

AF[a+1,b]Receive and acknowledge)




Summary

Set of transformation rules fro BPMN 2.0 constructs, inorder to advance towards the verification of task modelsderived from business processesTemporal EBPMN constructs formalization A formalsemantics based on CSP+T has been proposed to gve aprecise semantics to the duretion of bpmn tasks andprocessesCase study discussed A Customer RelationshipManagement (CRM) system has been presented, as abusiness process model to verifyOutlook

Ongoing work focuses on modelling task models ofindustrial–case size which are amenable to fornalverification with model–checking techniques




References I

W. Aalst. Challenges in business process analysis. In:Enterprise Information Systems. Lecture Notes in BusinessInformation Processing, v. 12: 27–42. Heidelberg: Springer,2009.

J.Arias, L.Sánchez, C.Delgado. Formal verification ofbpel4ws business collaborations. E-Commerce and WebTechnologies. LNCS 3182:76-85, 2008

H.Eshuis. semantics and verification of uml activitydiagrams for workflow modelling. PhD, University ofTweente, 2002




References II

Formal Systems Europe Ltd. Failures–DivergenceRefinement – FDR2 User Manual. Formal Systems EuropeLtd., Oxford, 2005

L.E. Mendoza, M.I. Capel, M.A. Pérez. Conceptualframework for business processes compositionalverification. Information and SoftwareTechnology,54,149:161, 2012.

S. Morimoto. A survey of formal verification for businessprocess modeling. I. Journal of Operations and QuantitativeManagement, 14(4): 237–247, 2008.




References III

F. Scuglik and M. Sveda. Automatically Generated CSPSpecifications. Journal of Universal Computer Science, v. 9(11):1277-1295, 2003.

H.Verbeek, T.Basten, W.Van der Aalst. Diagnosingworkflow processes using woflan. The Computer Journal44(4):246-279(2001)

P.Y.H. Wong, J. Gibbons.A Relative Timed Semantics forBPMN. Electronic Notes in Theoretical Computer Science229, 59:75, Elsevier, 2009.


Presen sew-35-12(beamer)

Technology

Transcript of Presen sew-35-12(beamer)