From Process Models to Concurrent Systems in Alvis Language

  • AGH University of Krakow
To read the full-text of this research, you can request a copy directly from the authors.


Business Process Model and Notation (BPMN) is the leading visual notation used for modelling business processes. This paper shows how the Alvis modelling language can be used for formal analysis of BPMN models. Alvis supports graphical modelling of interconnections among subsystems called agents as well as a high-level programming specification for describing the agents' behaviour. Its advantage is the possibility of formal verification using proven model checking techniques. We propose a translation from the BPMN model to the Alvis representation, which is discussed and evaluated using an illustrative example of a process for evaluation of a student assignment. Thanks to the translation it is possible to perform formal verification of a BPMN model in a high-level concurrent environment. As opposed to some low-level representations, such as Petri nets, semantics of Alvis is close to the original BPMN model. Moreover, if a concurrent system behaviour is specified using a BPMN model, it is possible to generate a formal model (a preliminary implementation) of the system.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The formal semantics is defined on BPMN elements in terms of First-Order Logic (FOL), rather than encoding into other formalisms. The FOL semantics provides a univer- 150 sal and comprehensive set of notions for describing business processes' execution behaviour and eliciting fundamental requirements. Further, to foster the use of the BPMN collaboration models in a wide range of application scenarios (e.g., IoT systems), a modular structure for incorporating seven generic communication models relating to message-passing behaviours between and within processes and their formal semantics definition is provided. ...
... In [150], the authors propose an approach to use the Alvis modelling language for the formal analysis of BPMN models. The authors focus on the control flow elements of BPMN, taking into account or-joins 1850 as well as multiple joins, split conditions and the interaction with external participants (presented as black box pools in BPMN models). ...
... [ [107][108][109], [139,141], [150] Property Sequence Chart is a language that extends a set of UML2.0 interaction sequence diagrams. ...
Business process models verification is crucial to detect possible errors at design time, rather than at execution on business process engines. BPMN is the primary notation for business process modelling. It is an ISO standard, widely used both in education and in industry. The semantics of BPMN are however defined in a semi-formal way within the standard. This is why many works have tackled the definition of formal semantics for BPMN. In this thesis, we first provided a detailed study of the main works relating to the verification of BPMN models. This allowed us to identify several fragments of the notation which are often put aside in the work of formalization, such as the different models of communication, the temporal management, or the multi-instance character. These aspects are however crucial for the extension of the field of application of BPMN to frameworks such as the Internet of Things or the Factory of the Future. We then defined an approach for the verification of business process collaboration models that supports several of these perspectives, namely the different communication models and time constraints. For this, we have defined formal execution semantics, in terms of first-order logic, to the BPMN fragment taken into account. We then defined implementations of this semantics in the formal languages TLA + and Alloy. Finally, this enabled the models to be verified using tools dedicated to these formal languages. Our approach is supported by a tool, fbpmn, allowing the formal transformation of BPMN models to TLA + and Alloy, the verification of models, and the animation of counter-examples when the properties to be verified are not satisfied. This feedback is done directly on the initial BPMN model which makes the approach practicable in a context of use by non-specialists of formal methods. A web application has also been developed to make it even easier to apply our formal approach in an industrial setting. Our tools, our TLA + and Alloy formal semantics implementations, and our library of examples are open sources and available online.
... BPMN formal verification. Studies that denote formal verification of BPMN as the main goal are: (Corradini et al., 2021;Dechsupa et al., 2018Dechsupa et al., , 2019Dechsupa et al., , 2021Dur an et al., 2018;Kheldoun et al., 2017;Kog et al., 2012;Lam, 2010;Meghzili et al., 2020;Mendoza et al., 2010;Nazaruka et al., 2016;Szpyrka et al., 2017;Wong and Gibbons, 2011;Yamasathien and Vatanawood, 2014). ...
... An example is shown, but no evaluation. Szpyrka et al. (2017) demonstrate a mapping from BPMN to the Alvis language, typically used to model concurrent systems, which can be used for visualization and model-checking. The Alvis XML file is then converted to Haskell. ...
Purpose Testing business processes is crucial to assess the compliance of business process models with requirements. Automating this task optimizes testing efforts and reduces human error while also providing improvement insights for the business process modeling activity. The primary purposes of this paper are to conduct a literature review of Business Process Model and Notation (BPMN) testing and formal verification and to propose the Business Process Evaluation and Research Framework for Enhancement and Continuous Testing (bPERFECT) framework, which aims to guide business process testing (BPT) research and implementation. Secondary objectives include (1) eliciting the existing types of testing, (2) evaluating their impact on efficiency and (3) assessing the formal verification techniques that complement testing. Design/methodology/approach The methodology used is based on Kitchenham's (2004) original procedures for conducting systematic literature reviews. Findings Results of this study indicate that three distinct business process model testing types can be found in the literature: black/gray-box, regression and integration. Testing and verification approaches differ in aspects such as awareness of test data, coverage criteria and auxiliary representations used. However, most solutions pose notable hindrances, such as BPMN element limitations, that lead to limited practicality. Research limitations/implications The databases selected in the review protocol may have excluded relevant studies on this topic. More databases and gray literature could also be considered for inclusion in this review. Originality/value Three main originality aspects are identified in this study as follows: (1) the classification of process model testing types, (2) the future trends foreseen for BPMN model testing and verification and (3) the bPERFECT framework for testing business processes.
... The complexity of these approaches is combinatorial for parallel behavior of activities and linear otherwise [2]. Some approaches directly encode the business process into the modeling language of a model checker, which may result in either a large amount of overhead resulting in state explosion [12,16] or major omissions in the formal properties of the underlying modeling (e.g. with respect to ORjoins) [21]. Conditions in process-centric business process models are usually modeled as boolean expressions using simple textual labels on outgoing flows of branching design elements (i.e., gateways). ...
Full-text available
When checking compliance of business processes against a set of business rules or regulations, the ability to handle and verify conditions in both the model and the rules is essential. Existing design-time verification approaches, however, either completely lack support for the verification of conditions or propose costly verification methods that also consider the full data perspective. This paper proposes a novel light-weight verification method, which is preferable over expensive approaches that include the data perspective when considering structural properties of a business process model. This novel approach generates partial models that capture only relevant execution states to the conditions under investigation. The resulting model can be verified using existing model checking techniques. The computation of such partial models fully abstracts conditions from the full models and specifications, thus avoiding the analysis of the full data perspective. The proposed method is complete with respect to the analyzed execution paths, while significantly reducing the state space complexity by pruning unreachable states given the conditions under investigation. This approach offers the ability to check if a process is compliant with rules and regulations on a much more fine-grained level, and it enables a more precise formulation of the conditions that should and should not hold in the processes. The approach is particularly useful in dynamic environments where processes are constantly changing and efficient conditional compliance checking is a necessity. The approach – implemented in Java and publicly available – is evaluated in terms of performance and practicability, and tested over both synthetic datasets and a real-life case from the Australian telecommunications sector.
Full-text available
Nowadays, business enterprises often need to dynamically reconfigure their internal processes in order to improve the efficiency of the business flow. However, modifications of the workflow usually lead to several problems in terms of deadlock freedom, completeness and security. A solid solution to these problems consists in the application of model checking techniques in order to verify if specific properties of the workflow are preserved by the change in configuration. Our goal in this work is to develop a formal verification procedure to deal with these problems. The first step consists in developing a formal definition of a BPMN model of a business workflow. Then, a given BPMN model is translated into a formal model specified in Promela. Finally, by using the SPIN model checker, the correctness of the reconfigured workflow is verified.
Full-text available
FSP and FLTL framework for specification and verification of middle-agents Agents are a useful abstraction frequently employed as a basic building block in modeling service, information and resource sharing in global environments. The connecting of requester with provider agents requires the use of specialized agents known as middle-agents. In this paper, we propose a formal framework intended to precisely characterize types of middle-agents with a special focus on matchmakers, brokers and front-agents by formally modeling their interactions with requesters and providers. Our approach is based on capturing interaction protocols between requesters, providers and middle-agents as finite state processes represented using FSP process algebra. The resulting specifications are formally verifiable using FLTL temporal logic. The main results of this work include (i) precise specification of interaction protocols depending on the type of middle-agent (this can also be a basis for characterizing types of middle-agents), (ii) improvement of communication between designers and developers and facilitation of formal verification of agent systems, (iii) guided design and implementation of agent-based software systems that incorporate middle-agents.
Full-text available
Purpose – The purpose of this paper is to demonstrate that process verification has matured to a level where it can be used in practice. This paper reports on new verification techniques that can be used to assess the correctness of real‐life models. Design/methodology/approach – The proposed approach relies on using formal methods to determine the correctness of business processes with cancellation and OR‐joins. The paper also demonstrates how reduction rules can be used to improve the efficiency. These techniques are presented in the context of the workflow language yet another workflow language (YAWL) that provides direct support for 20 most frequently used patterns found today (including cancellation and OR‐joins). But the results also apply to other languages with these features (e.g. BPMN, EPCs, UML activity diagrams, etc.). An editor has been developed that provides diagnostic information based on the techniques presented in this paper. Findings – The paper proposes four properties for business processes with cancellation and OR‐joins, namely: soundness, weak soundness, irreducible cancellation regions and immutable OR‐joins and develop new techniques to verify these properties. Reduction rules have been used as a means of improving the efficiency of the algorithm. The paper demonstrates the feasibility of this verification approach using a realistic and complex business process, the visa application process for general skilled migration to Australia, modelled as a YAWL workflow with cancellation regions and OR‐joins. Originality/value – Business processes sometimes require complex execution interdependencies to properly complete a process. For instance, it is possible that certain activities need to be cancelled mid‐way though the process. Some parallel activities may require complex “wait and see” style synchronisation depending on a given context. These types of business processes can be found in various domains, such as application integration, B2B commerce, web service composition and workflow systems. Even though cancellation and sophisticated join structures are present in many business processes, existing verification techniques are unable to deal with such processes. Hence, this paper plays an important role in making process verification a reality.
Full-text available
The Business Process Modelling Notation (BPMN) is a standard for capturing business processes in the early phases of systems development. The mix of constructs found in BPMN makes it possible to obtain models with a range of semantic errors. The ability to statically check the semantic correctness of models is thus a desirable feature for modelling tools based on BPMN. However, the static analysis of BPMN models is hindered by ambiguities in the standard specification and the complexity of the language. The fact that BPMN integrates constructs from graph-oriented process definition languages with features for concurrent execution of multiple instances of a subprocess and exception handling, makes it challenging to provide a formal semantics of BPMN. Even more challenging is to define a semantics that can be used to analyse BPMN models. This paper proposes a formal semantics of BPMN defined in terms of a mapping to Petri nets, for which efficient analysis techniques exist. The proposed mapping has been implemented as a tool that generates code in the Petri Net Markup Language. This formalisation exercise has also led to the identification of a number of deficiencies in the BPMN standard specification.
Conference Paper
The Decision Model and Notation (DMN) is a standard notation to capture decision logic in business applications in general and business processes in particular. A central construct in DMN is that of a decision table. The increasing use of DMN decision tables to capture critical business knowledge raises the need to support analysis tasks on these tables such as correctness and completeness checking. This paper provides a formal semantics for DMN tables, a formal definition of key analysis tasks and scalable algorithms to tackle two such tasks, i.e., detection of overlapping rules and of missing rules. The algorithms are based on a geometric interpretation of decision tables that can be used to support other analysis tasks by tapping into geometric algorithms. The algorithms have been implemented in an open-source DMN editor and tested on large decision tables derived from a credit lending dataset.
Conference Paper
Alvis is a formal modelling language for concurrent systems with the following advantages: a graphical modelling language used to define interconnections among agents, a high level programming language used to define the behaviour of agents and the possibility of a formal model verification. An Alvis model semantics find expression in an LTS graph (labelled transition system). Execution of any language statement is expressed as a transition between formally defined states of such a model. An LTS graph is generated using Haskell representation of an Alvis model and user defined Haskell functions can be used to explore the graph. The paper deals with the problem of translation of an Alvis model into its Haskell representation and discusses possibilities of model verification with the so-called Haskell filtering functions.
The paper presents a formal description of a subset of the Alvis language designed for the modelling and formal verification of concurrent systems. Alvis combines possibilities of a formal models verification with flexibility and simplicity of practical programming languages. Alvis provides a graphical modelling of interconnections among agents and a high level programming language used for the description of agents behaviour. Its semantic depends on the so-called system layer. The most universal system layer α0, described in the paper, makes Alvis similar to other formal languages like Petri nets, process algebras, time automata, etc.
Business process modelling has been widely applied by many companies to support the projects such as BPR or enterprize integration. In general, business modelling technique plays the role of pre-designing and evaluating the business flow before the final implementation. However, due to certain improper situations, the developed model might not be appropriate for the final analysis and evaluation. Therefore, model feasibility should be confirmed before the formal evaluation. This research proposed a Petri-net-based approach to evaluate the feasibility of a model defined by BPMN (business process modelling notation). Two kinds of invalid situations, deadlock and infinite loops, will be defined and analysed. There are four phases in the proposed approach. In problem analysis phase, a modified business process development approach would be proposed first. Then, the invalid model would be defined and classification. In the design stage, the developed BPMN model will be transferred to Modified BPEL4WS, which is an XML based language. By applying XSLT and Java, the transferred BPEL4WS will be translated to a Petri-net model specified as CPNXML (Colored Petri-net XML). In the simulation phase, the CPNXML file can be imported into a graphical simulation package CPN Tools for further analysis. Finally, in the implementation phase, the three kinds of property analysis (deadlock, infinite loops and execution time) will be evaluated in terms of the ‘liveness’, ‘reachability’ and ‘consumed time’ of the converted Petri net model.
In this paper we define and study a propositional μ-calculus Lμ, which consists essentially of propositional modal logic with a least fixpoint operator. Lμ is syntactically simpler yet strictly more expressive than Propositional Dynamic Logic (PDL). For a restricted version we give an exponential-time decision procedure, small model property, and complete deductive system, theory subsuming the corresponding results for PDL.
The chapter presents a description of a novel modelling language called Alvis defined for the design of concurrent especially real-time systems. Alvis combines the advantages of formal methods and practical modelling languages. Based on CCS and XCCS process algebras, Alvis utilizes flexible graphical modelling of interconnections among agents and a high level programming language used for the description of agents behaviour. Each agent in a model can use rule-based systems to support its decisions. A small set of language statements and graphical concepts make Alvis easy to learn and use. The possibility of a formal model verification, makes Alvis a formal modelling language. Alvis modelling environment creates in parallel a model of the considered system and a labelled transition system (LTS graph) that is its formal representation. The LTS graph can be formally verified with the CADP toolbox. A survey of main Alvis features from practical point of view, is given in the chapter.
Model-checking is a successful technique for automatically verifying concurrent finite-state systems. When designing a model-checker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the model-checking problem, and the user-friendliness of the interface. We present a temporal logic and an associated model-checking method that attempt to fulfill these criteria. The logic is an extension of the alternation-free μ-calculus with ACTL-like action formulas and PDL-like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The model-checking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal formulas. This method is at the heart of the EVALUATOR 3.0 model-checker that we implemented within the CADP toolbox using the generic OPEN/CAESAR environment for on-the-fly verification.
Conference Paper
Business process modeling is performed during the requirements analysis and specification of business software systems. Checking qualitative aspects of business processes is required for quality assurance, as well as for compliance with non-functional requirements. We show how business process models represented as Role Activity Diagrams can be formally checked using process algebras and temporal logics.
We outline an approach to hierarchical modelling of complex patterns that is based on operations of sums with constraints on information systems. We show that such operations can be treated as a universal tool in hierarchical modelling of complex patterns.
In Process-Aware Information Systems, business processes are often modeled in an explicit way. Roughly speaking, the available business process modeling languages can be divided into two groups.Languages from the first group are preferred by academic people but shunned by business people, and include Petri nets and process algebras. These academic languages have a proper formal semantics, which allows the corresponding academic models to be verified in a formal way. Languages from the second group are preferred by business people but disliked by academic people, and include BPEL, BPMN, and EPCs. These business languages often lack any proper semantics, which often leads to debates on how to interpret certain business models. Nevertheless, business models are used in practice, whereas academic models are hardly used. To be able to use, for example, the abundance of Petri net verification techniques on business models, we need to be able to transform these models to Petri nets. In this paper, we investigate a number of Petri net transformations that already exist.For every transformation, we investigate the transformation itself, the constructs in the business models that are problematic for the transformation and the main applications for the transformation.
The paper discusses a new knowledge representation for rule-based systems called XTT2. It combines decision trees and decision tables forming a transparent and hierarchical visual representation of the decision units linked into a workflow-like structure. There are two levels of abstraction in the XTT2 model: the lower level, where a single knowledge component defined by a set of rules working in the same context is represented by a single decision table, and the higher level, where the structure of the whole knowledge base is considered. This model has a concise formalization which opens up possibility of well-defined, structured design and verification of formal characteristics. Based on the visual XTT2 model, a textual representation of the rule base is generated. A dedicated engine provides a unified run-time environment for the XTT2 rule bases. The focus of the paper is on the formalization of the presented approach. It is based on the so-called ALSV(FD) logic that provides an expressive calculus for rules.
. There is a growing recognition of the need to apply formal mathematical methods in the design of "high confidence" computing systems. Such systems operate in safety critical contexts (e.g., air traffic control systems) or where errors could have major adverse economic consequences (e.g., banking networks). The problem is especially acute in the design of many reactive systems which must exhibit correct ongoing behavior, yet are not amenable to thorough testing due to their inherently nondeterministic nature. One useful approach for specifying and reasoning about correctness of such systems is temporal logic model checking, which can provide an efficient and expressive tool for automatic verification that a finite state system meets a correctness specification formulated in temporal logic. We describe model checking algorithms and discuss their application. To do this, we focus attention on a particularly important type of temporal logic known as the Mu-calculus. 1 Intro...
Principles of Model Checking
  • C Baier
  • J P Katoen
  • U K London
  • E Börger
Baier, C., Katoen, J.P. (2008). Principles of Model Checking. The MIT Press, London, UK. Börger, E. (2012). Approaches to Modeling Business Processes: A Critical Analysis of BPMN, Workow Patterns and YAWL. Software and System Modeling, 11(3), 305318.
Transforming BPMN Diagrams into YAWL Nets
  • G Decker
  • R Dijkman
  • M Dumas
  • L García-Bañuelos
Decker, G., Dijkman, R., Dumas, M., García-Bañuelos, L. (2008). Transforming BPMN Diagrams into YAWL Nets. In: Dumas, M., Reichert, M., Shan, M.C. (Eds.), Business Process Management. Vol. 5240 of Lecture Notes in Computer Science. Springer, pp. 386389.
  • H Garavel
  • F Lang
  • R Mateescu
  • W Serwe
Garavel, H., Lang, F., Mateescu, R., Serwe, W. (2007). CADP 2006: A Toolbox for the Construction and Analysis of Distributed Processes. In: Computer Aided Verication. Vol. 4590 of LNCS. Springer-Verlag, pp. 158163.
Enriching Business Processes with Rules using the Oryx BPMN Editor
  • K Kluza
  • K Kaczor
  • G J Nalepa
Kluza, K., Kaczor, K., Nalepa, G.J. (2012). Enriching Business Processes with Rules using the Oryx BPMN Editor. In: Rutkowski, L., [etal.] (Eds.), Articial Intelligence and Soft Computing: 11th International Conference, ICAISC 2012: Zakopane, Poland, April 29May 3, 2012. Vol. 7268 of Lecture Notes in Articial Intelligence. Springer, pp. 573581.
Modeling and Analysis of Business Processes with Business Rules
  • G J Nalepa
  • K Kluza
  • S Ernst
Nalepa, G.J., Kluza, K., Ernst, S. (2011b). Modeling and Analysis of Business Processes with Business Rules. In: Beckmann, J. (Ed.), Business Process Modeling: Software Engineering, Analysis and Applications. Business Issues, Competition and Entrepreneurship. Nova Science Publishers, pp. 135156.
Proposal of an Inference Engine Architecture for Business Rules and Processes
  • G J Nalepa
  • K Kluza
  • K Kaczor
Nalepa, G.J., Kluza, K., Kaczor, K. (2013). Proposal of an Inference Engine Architecture for Business Rules and Processes. In: Rutkowski, L., [etal.] (Eds.), Articial Intelligence and Soft Computing: 12th International Conference, ICAISC 2013: Zakopane, Poland, June 913, 2013. Vol. 7895 of Lecture Notes in Articial Intelligence. Springer, pp. 453464.
Business Process Model and Notation (BPMN): Version 2.0 Specication
OMG (January 2011). Business Process Model and Notation (BPMN): Version 2.0 Specication. Tech. Rep. formal/2011-01-03, Object Management Group.
Decision Model and Notation (DMN): Version 1.0. Specication
OMG (September 2015). Decision Model and Notation (DMN): Version 1.0. Specication. Tech. Rep. formal/2015-09-01, Object Management Group.
Workow Control-Flow Patterns. A Revised View
  • N Russell
  • A Terhofstede
  • W Van Deraalst
  • N Mulyar
Russell, N., terHofstede, A., van derAalst, W., Mulyar, N. (2006). Workow Control-Flow Patterns. A Revised View. Tech. Rep. Report BPM-06-22, BPM Center.
DMN Method and Style
  • B Silver
Silver, B. (2016) DMN Method and Style. Cody-Cassidy Press.
BPMN Modeling and Reference Guide: Understanding and Using BPMN
  • S A White
  • D Miers
White, S.A., Miers, D. (2008). BPMN Modeling and Reference Guide: Understanding and Using BPMN. Future Strategies Inc., Lighthouse Point, Florida, USA.
Transformation of BPMN to YAWL
  • J Ye
  • S Sun
  • L Wen
  • W Song
Ye, J., Sun, S., Wen, L., Song, W. (December 2008). Transformation of BPMN to YAWL. In: Computer Science and Software Engineering, 2008 International Conference on. Vol. 2. pp. 354359.
He obtained MSc in Automatics and Robotics in 2009 at AGH University, Krakow, and MA in Cultural Studies in 2010 at Jagiellonian University, Krakow. In 2015, he obtained PhD in Computer Science at AGH University. He published over 50 papers related to knowledge and software engineering
  • Poland
Poland, Department of Applied Computer Science. His main scientic interests focus on software and knowledge engineering, especially business processes and business rules. He obtained MSc in Automatics and Robotics in 2009 at AGH University, Krakow, and MA in Cultural Studies in 2010 at Jagiellonian University, Krakow. In 2015, he obtained PhD in Computer Science at AGH University. He published over 50 papers related to knowledge and software engineering. Krzysztof Kluza is also a Secretary of the Board of the Polish Articial Intelligence Society.