Workflow Verification Project
BY:
Toomas Kütt
Fraz Tabassam
Jens Kaae Christensen
Check
Order
a1_ch
a2_ch
AND
Get
Products
a3_ch
a2_ch
Save Order
Information in Archive
a7_ch
a4_ch
a11_ch
Assemble
Bundle
a10_ch
Test
Computer
a5_ch
OR
a9_ch
AND
OR
a8_ch
Test
Monitor
a5_ch
a2_ch
Check
Order
a1_ch
Get
Products
a3_ch
a2_ch
Save Order
Information in Archive
a7_ch
a4_ch
a11_ch
Assemble
Bundle
a10_ch
Test
Computer
a5_ch
a9_ch
a8_ch
Test
Monitor
a5_ch
Variable declarations:
Number of running activity nodes
int running;
Resources:
int r1, r2, r3, r4, r5, r6;
Global declaration of channels:
urgent chan letsstart, a1_channel, a2_channel,
a3_channel, a4_channel, a5_channel, a7_channel,
a8_channel, a9_channel, a10_channel, a11_channel;
Clocks
(local, one for each activity):
clock clock1, clock2, clock3, clock4, clock5, clock6;
Node declarations
(Communicating Finite Automatas)
Figure 2: Activity
Parameters:
- clock &processclock,
- const int mintime,
- const int maxtime,
- int &resource,
- urgent chan &in_channel,
- urgent chan &out_channel
System declarations:
- CheckOrder = Activity(clock1,1,2,r1, letsstart, a1_channel);
- Split1 = ANDsplit(a1_channel, a2_channel);
- GetProducts = Activity(clock2,1,2,r2, a2_channel, a3_channel);
- SaveOrderInformInArchive = Activity(clock3,1,2, r3, a2_channel, a4_channel);
- Split2 = ORsplit(a3_channel, a5_channel);
- TestComputer = Activity(clock4,1,2, r4, a5_channel,a7_channel);
- TestMonitor = Activity(clock5,1,2, r5, a5_channel, a8_channel);
- Join1 = ORjoin(a7_channel, a8_channel, a9_channel);
- Join2 = ANDjoin(a4_channel, a9_channel, a10_channel);
- AssembleBundle = Activity(clock6, 1, 2, r6, a10_channel, a11_channel);
- end = EndNode(a11_channel);
System definition:
StartNode,
CheckOrder,
GetProducts,
SaveOrderInformInArchive,
TestComputer,
TestMonitor,
AssembleBundle,
end,
Split1,
Split2,
Join1,
Join2;
Answers to questions:
• Use UPPAAL to verify that:
1) The end node will always be reached
- A<> p: p holds in some state along every path
- Query: A<> end.finished
2) When the end node is reached no activities are waiting to get finished
- A[] p: p holds in every reachable state
- Query: A[] end.finished imply running == 0
3) The workflow is structurally incorrect if the implicit join is modeled as a merge
- Query: A<> end.finished (deadlock)
4) Assemble bundle and get products may share a resource without conflict
- A[] p: p holds in every reachable state
- Query: A[] r6<2 : (property is satisfied)
5) There is a conflict if “get products” and “save order information” share a resource
- Query: A[] r2<2 : (property is not satisfied)
6) With time intervals [1,2] the entire workflow can be completed in 8 units
- E<> p: p holds in some reachable state.
- Query: E<> end.finished and clock1<=8
- Query: A<> end.finished and clock1<=8
7) This still holds even if “save order information” gets interval [2,3] (explain why)
- Same queries, “save order” set to [2,3]:
- Query: E<> end.finished and clock1<=8
8) Show that “get products” is always executed before “assemble bundle”
- A[] AssembleBundle.working imply GetProducts.finished
Thank You!