Figure 6 - uploaded by Rik Eshuis
Content may be subject to copyright.
Source publication
We describe a tool that supports verification of workflow models specified in UML activity graphs. The tool translates an activity graph into an input format for a model checker according to a semantics we published earlier. With the model checker arbitrary propositional requirements can be checked against the input model. If a requirement fails to...
Context in source publication
Similar publications
Software architecture's interoperability faces many problems when it comes to integrating different components or formalisms in describing the architecture. Even within the same modeling language such as UML, the diversity of notations and the lack of semantic information make the interoperability between models difficult. In this paper, we propose...
In this paper we present an algorithm for efficiently comput-ing the minimum cost of reaching a goal state in the model of Uniformly Priced Timed Automata (UPTA). This model can be seen as a submodel of the recently suggested model of lin-early priced timed automata, which extends timed automata with prices on both locations and transitions. The pr...
Model checking often faces the problem of reducing the large exponential sizes of state-space representations. Several reduction techniques such as bisimulation equivalence, partial-order semantics, and symmetry-based reduction have been proposed, but existing tools do not completely allow a user the flexibility in manipulating state spaces. We pro...
Orc is a computation orchestration language which is designed to specify computational services, such as distributed communication
and data manipulation, in a concise and elegant way. Four concurrency primitives allow programmers to orchestrate site calls
to achieve a goal, while managing timeouts, priorities, and failures. To guarantee the correct...
On the basis of a case-study, we demonstrate the usefulness of topology invariants for model-driven systems development. Considering a graph grammar semantics for a relevant fragment of UML, where a graph represents an object diagram, allows us to apply Topology Analysis, a particular abstract interpretation of graph grammars. The outcome of this a...
Citations
... This way, our approach can help to alleviate the burden of manually encoding consistency constraints, and therefore, increase productivity and avoid potential translation errors. Whilst Task T2 might be efficiently achieved by adapting and extending existing approaches on transforming behaviour models to formal descriptions accepted by the model checkers such as those presented in [20][21][22][23], no existing techniques can be leveraged for accomplishing Task T1. We propose an automated method for transforming the high-level and low-level behaviour models into temporal logic based consistency constraints and formal behaviour descriptions, respectively. ...
... Eshuis and Wieringa present the formal semantics of UML 1.3 activity diagrams for workflow models based on STATEMATE semantics (see [56]) of statecharts and also introduce data integrity constraints [8]. In [20], they also propose a verification approach for verifying workflow models represented in UML 1.4 activity diagrams. In this approach, first an activity diagram is converted into an activity hypergraph, then the hypergraph is encoded into a Kripke structure. ...
... In our approach, we create a state variable of type boolean in the SMV descriptions (i.e., input language of NuSMV model checker) for each construct of a UML activity diagram. Similar to Eshuis and Wieringa's technique [20], we abstract and encode guards and constraints that are associated with nodes or edges as boolean variables. Compared to these previous works, our formalisation makes several different choices, such as our treatment of merge and decision nodes. ...
Models are extensively used in many areas of software engineering to represent the behaviour of software systems at different levels of abstraction. Because of the involvement of different stakeholders in constructing these models and their independent evolution, inconsistencies might occur between the models. It is thus crucial to detect these inconsistencies at early phases of the software development process, and especially as soon as refined models deviate from their abstract counterparts. In this article, we introduce a containment checking approach to verify whether a certain low-level behaviour model, typically created by refining and enhancing a high-level model, still is consistent with the specification provided in its high-level counterpart. We interpret the containment checking problem as a model checking problem, which has not received special treatment in the literature so far. Because the containment checking is based on model checking, it requires both formal consistency constraints and specifications of these models. Unfortunately, creating formal consistency constraints and specifications is currently done manually, and therefore, labour-intensive and error prone. To alleviate this issue, we define and develop a fully automated transformation of behaviour models into formal specifications and properties. The generated formal specifications and properties can directly be used by existing model checkers for detecting any discrepancy between the input models and yield corresponding counterexamples. Moreover, our approach can provide the developers more informative and comprehensive feedback regarding the inconsistency issues, and therefore, help them to efficiently identify and resolve the problems. The evaluation of various scenarios from industrial case studies demonstrates that the proposed approach efficiently translates the behaviour models into formal specifications and properties.
... At last, for an efficient distributed and ubiquitous system, it seems appropriate to develop the system using the framework offered by Computational Grids [1], through an interface that allows hiding the complexity of a Grid, e.g., the real location of applications and data resources and the submission of jobs. Our goal has been the design and implementation of a system that allows, through our editor, to use a well known graphical formalism such as Unified Modelling Language (UML) [2] for simulating a biological experiment. Using an easy-to-use GUI, the user can select some tools, compose them, synchronising some operations (using join and fork symbols) and monitoring the execution of these applications, visualizing also the intermediate results. ...
In this paper we describe a Workflow Management System, named ProGenGrid (Proteomics and Genomics Grid, developed at the University of Lecce) which aims at providing a tool where e-scientists can simulate biological experiments through the composition of existing analysis and visualization tools, wrapped as Web Services. Since bioinformatics applications are compute-and data-intensive, needing clusters or many workstations to reduce the execution time, we exploit a Grid infrastructure for interconnecting wide-spread tools and hardware resources. As an example, we are considering some algorithms and tools needed for alignment of sequences, providing them as services, through easy to use Web interfaces and Web services built using the open source gSOAP Toolkit. As Grid middleware, we are using the Globus Toolkit 4.1, exploiting some protocols such as GSI and GridFTP.
... Yang and Zhang [7] transform UML activity diagrams into the π-calculus [8] for verifying whether a model satisfies requirements specified in modal µ-calculus. Eshuis and Wieringa [9] propose an approach for verifying workflow models represented in UML activity diagrams. An activity diagram is first translated into an activity hypergraph, then encoded as a Kripke structure and finally implemented in NuSMV input language. ...
The major problem of UML activity diagrams is the lack of a rigorous approach for verifying the correctness of a model. In this paper, we examine how activity diagrams defined in UML 2.0 standard are formally analyzed using NuSMV model checker. A model represented as activity diagrams is first transformed into NuSMV input language and then verified that a set of system specifications is satisfied using NuSMV.
... Some analysis were conceived to address problems that are specific to workflows. Examples of these include workflow concurrency analysis [13], graph-based partitioning of workflows [1], model checking of activity graphs [5] and checking the protocols of Web Service composition by multiagent systems [27]. ...
E-Scienceexperimentstypicallyinvolvemanydistributedservicesmain- tained by different organisations. After an experiment has been executed, it is use- ful for a scientist to verify that the execution was performed correctly or is com- patible with some existing experimental criteria or standards. Scientists may also want to review and verify experiments performed by their colleagues. There are no exsiting frameworks for validating such experiments in today's e-Science sys- tems. Users therefore have to rely on error checking performed by the services, or adopt other ad hoc methods. This paper introduces a platform-independent frame- work for validating workflow executions. The validation relies on reasoning over the documented provenance of experiment results and semantic descriptions of services advertised in a registry. This validation process ensures experiments are performed correctly, and thus results generated are meaningful. The framework is tested in a bioinformatics application that performs protein compressibility anal- ysis.
... This is modeled by the activities " Receive goods " and " Deliver goods " of the carrier. It is possible to give activity diagrams a formal execution semantics [11]. Here, we make three remarks about our intended execution semantics: First, a parallel split starts two or more processes whose actions may be interleaved in any other. ...
... So the formula is true if in all execution paths, ReceiveGoods(Consignee), Receive- M oney(Shipper), ReceiveT ransportF ee(Carrier) and DeliverGoods(Carrier ) become true before the execution terminates (but necessarily all at the same time). We can check this by mapping the activity diagram to the input of a model checker [9] and using the model checker to check this formula [11] [12]. However, we are not concerned with formalization of correctness criteria in this paper, but with the analysis of possible definitions of correctness, and with the methodological support for the service designer we can extract from that. ...
The rapid growth of service coordination languages creates a need for methodological support for coordination design. Coordination design differs from workflow design because a coordination process connects different businesses that can each make design decisions independently from the others, and no business is interested in supporting the business processes of others. In multi-business cooperative design, design decisions are only supported by all businesses if they contribute to the profitability of each participating business. So in order to make coordination design decisions supported by all participating businesses, requirements for a coordination process should be derived from the business model that makes the coordination profitable for each participating business. We claim that this business model is essentially a model of intended value exchanges. We model the intended value exchanges of a business model as e3 -value value models and coordination processes as UML activity diagrams. The contribution of the paper is then to propose and discuss a criterion according to which a service coordination process must be correct with respect to a value exchange model. This correctness is necessary to gain business support for the process. Finally, we discuss methodological consequences of this approach for service coordination process design.
... After Van Der Aalst et al identified workflow patterns [9], it has been shown that they can be modeled using Activity diagrams [10]. There have been efforts for defining semantics for activity diagram, so that execution of the workflow models can be done ( [6], [7], [8]). ...
In this paper we present a new approach to workflow analysis. We model the workflow using Activity diagrams, convert the Activity diagrams to Petri nets and use the theoretical results in the Petri nets domain to analyze the equivalent Petri nets and infer properties of the original workflow. We have demonstrated the possibility by developing an Eclipse plug-in, which can be used to model workflows using Activity Diagrams and then analyze these workflow models using Petri nets.
... Some analysis were conceived to address problems that are specific to workflows. Examples of these include workflow concurrency analysis [10], graph-based partitioning of workflows [1], and model checking of activity graphs [5]. Yang et al. [17] devised a static analysis to infer workflow quality of service. ...
E-science experiments typically involve many distributed services maintained by different organisations.
As part of the scientific process, it is important for scientists to be able to verify the
correctness of their own experiments, or to review the correctness of their peers’ work. There is no
existing framework for validating such experiments. Users therefore have to rely on error checking
performed by the services, or adopt other ad hoc methods. This paper introduces a platform independent
framework for validating workflow executions. The validation relies on reasoning over the
documented provenance of experiment results and semantic descriptions of services advertised in a
registry. This validation process ensures experiments are performed correctly, and thus results generated
are meaningful. The framework is tested in a bioinformatics application that performs protein
compressibility analysis.
... Nevertheless, model checking of process and workflow languages has the potential for verifying the properties stated directly in the process without the need for a great deal of human intervention in the extraction of a model. Indeed, various researchers (such as [18] [9] [15] [11] [12] [8]) have applied model checking techniques to the analysis of processes written in a variety of languages, including UML activity diagrams [1], WSFL [13], and BPEL4WS [5]. The technique normally applied is to translate the process language into the input language of a model checker and then apply the model checker to do the analysis. ...
Software process and work flow languages are increasingly used to define loosely-coupled systems of systems. These languages focus on coordination issues such as data flow and control flow among the subsystems and exception handling activities. The resulting systems are often highly concurrent with activities distributed over many computers. Adequately testing these systems is not feasible due to their size, concurrency, and distributed implementation. Furthermore, the concurrent nature of their activities makes it likely that errors related to the order in which activities are interleaved will go undetected during testing. As a result, verification using static analysis seems necessary to increase confidence in the correctness of these systems. In this paper, we describe our experiences applying LTSA to the analysis of software processes written in Little-JIL. A key aspect to the approach taken in this analysis is that the model that is analyzed consists of a reusable portion that defines language semantics and a process-specific portion that uses parameterization and composition of pieces of the reusable portion to capture the semantics of a Little-JIL process. While the reusable portion was constructed by hand, the parameterization and composition required to model a process is automated. Furthermore, the reusable portion of the model encodes the state machines used in the implementation of the Little-JIL interpreter. As a result, analysis is based not just on the intended semantics of the Little-JIL constructs but on their actual execution semantics. This paper describes how Little-JIL processes are translated into models and reports on analysis results, which have uncovered seven errors in the Little-JIL interpreter that were previously unknown as well as an error in a software process that had previously been analyzed with a different approach without finding the error.
... [12,11]) or analysis procedure (cf. [21,9,30,10,13]). ...
... Having larger initial markings would also allow to apply formal analysis and verification techniques on Activities (cf. [9,10,13]) in a natural way. In particular, time analysis (see e.g. ...
One of the major improvements of UML 2.0 over UML 1.5 is the reengineering of Activity Diagrams. It is claimed in the standard that they now have a Petri-net like meaning. In this paper, this claim is examined by defining a denotational semantics for Activities based on Colored Petri-nets. The definition closely following the UML 2.0 standard. It covers flat control-flow, and dataflow, but excludes exception-handling, expansion-regions, and procedure-calling.
... Using UML to model business processes is not new; authors like [17, 18] have already acknowledged its feasibility and excellence for non-Web applications. From the set of modeling techniques provided by the UML, the activity diagram, which is the most suitable mechanism to model the business workflow, has been adopted to define the different processes at analysis level [24]. In activity diagrams, activity states represent the process steps, and transitions capture the process flow, including forks and joins to express sets of activities that can be processed in arbitrary order. ...
Business processes, regarded as heavy-weighted flows of control consisting of activities and transitions, play an increasingly important role in Web applications. In order to address these business processes, Web methodologies are evolving to support its definition and integration with the Web specific aspects of content, navigation and presentation. This paper presents the modeling support provided for this kind of processes by the Object-Oriented Hypermedia method (OO-H) and the UML-based Web Engineering (UWE) approach. Both methods apply UML use cases and activity diagrams, and supply UML standard modeling extensions. Additionally, the connection mechanisms between the navigation and the process specific modeling elements are discussed. As a representative example to illustrate our approach we present the requirements, analysis and design models for the www.amazon.com Website with focus on the checkout process. Our approach includes requirements and analysis models shared by OO-H and UWE and provides the basis on which each method applies its particular design notation for business processes.
