Automatic Verification of Database-Centric Systems

Automatic Verification of Database-Centric Systems Alin Deutsch Richard Hull Victor Vianu UC San Diego IBM Yorktown Research Center UC San Diego & INRIA Saclay deutsch@cs.ucsd.edu vianu@cs.ucsd.edu hull@us.ibm.com INTRODUCTION area of business process management, concomitantly with an evolution from the traditional process-centric approach towards data awareness. A notable expo- nent of this class is the business artifact model pio- neered in [63, 51], deployed by IBM in professional services. Business artifacts (or simply “artifacts”) model key business-relevant entities, which are up- dated by a set of services that implement business process tasks. A collection of artifacts and services is called an artifact system. This modeling approach has been successfully deployed in practice [7, 6, 21, 27, 69], and has been adopted in the OMG standard for Case Management [9]. Tools such as the above automatically generate the database-centric application code from the high- level specification. This not only allows fast proto- typing and improves programmer productivity but, as a side effect, provides new opportunities for au- tomatic verification. Indeed, the high-level specifi- cation is a natural target for verification, as it ad- dresses the most likely source of errors (the applica- tion’s specification, as opposed to the less likely er- rors in the automatic generator’s implementation). The theoretical and practical results obtained so far concerning the verification of such systems are quite encouraging. They suggest that, unlike arbi- trary software systems, significant classes of data- driven systems may be amenable to automatic veri- fication. This relies on a novel marriage of database and model checking techniques, and is relevant to both the database and the computer-aided verifica- tion communities. In this article, we describe several models and re- sults on automatic verification of database-driven systems, focusing on temporal properties of their underlying workflows. To streamline the presenta- tion, we focus on verification of business artifacts, and use it as a vehicle to introduce the main con- cepts and results. We then summarize some of the work pertaining to other applications such as data- driven web services. Software systems centered around a database are pervasive in numerous applications. They are en- countered in areas as diverse as electronic commerce, e-government, scientific applications, enterprise in- formation systems, and business process manage- ment. Such systems are often very complex and prone to costly bugs, whence the need for verifica- tion of critical properties. Classical software verification techniques that can be applied to such systems include model check- ing and theorem proving. However, both have se- rious limitations. Indeed, model checking usually requires performing finite-state abstraction on the data, resulting in loss of semantics for both the sys- tem and properties being verified. Theorem proving is incomplete, requiring expert user feedback. Recently, an alternative approach to verification of database-centric systems has taken shape, at the confluence of the database and computer-aided ver- ification areas. It aims to identify restricted but sufficiently expressive classes of database-driven ap- plications and properties for which sound and com- plete verification can be performed in a fully auto- matic way. This approach leverages another trend in database-driven applications: the emergence of high-level specification tools for database-centered systems, such as interactive web applications and data-driven business processes. We review next a few representative examples. A commercially successful high-level specification tool for web applications is Web Ratio [1], an out- growth of the earlier academic prototype WebML [20, 17]. Web Ratio allows to specify a Web ap- plication using an interactive variant of the E-R model augmented with a workflow formalism. Non- interactive variants of Web page specifications had already been proposed in Strudel [39], Araneus [58] and Weave [40], targeting the automatic generation of Web sites from an underlying database. High- level specification tools have also emerged in the

[1]  Alin Deutsch,et al.  Automatic Verification of Data-Centric Business Processes , 2011, BPM.

[2]  Akhil Kumar,et al.  A Framework for Document-Driven Workflow Systems , 2005, Business Process Management.

[3]  Faron Moller,et al.  Verification on Infinite Structures , 2001, Handbook of Process Algebra.

[4]  Diego Calvanese,et al.  Verification of relational data-centric dynamic systems with external services , 2012, PODS.

[5]  Dan Suciu,et al.  Declarative specification of Web sites with Strudel , 2000, The VLDB Journal.

[6]  Anil Nigam,et al.  Business artifacts: An approach to operational specification , 2003, IBM Syst. J..

[7]  Serge Abiteboul,et al.  Relational transducers for electronic commerce , 1998, J. Comput. Syst. Sci..

[8]  Marco Montali,et al.  Verification of Artifact-Centric Systems: Decidability and Modeling Issues , 2013, ICSOC.

[9]  Santhosh Kumaran,et al.  Adaptive Business Objects - A new Component Model for Business Integration , 2005, ICEIS.

[10]  Tran Cao Son,et al.  Semantic Web Services , 2001, IEEE Intell. Syst..

[11]  Santhosh Kumaran,et al.  ADoc-oriented programming , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[12]  Alin Deutsch,et al.  Automatic verification of data-centric business processes , 2009, ICDT '09.

[13]  Marcin Jurdzinski,et al.  Alternation-free modal mu-calculus for data trees , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[14]  Jerry R. Hobbs,et al.  DAML-S: Semantic Markup for Web Services , 2001, SWWS.

[15]  Richard Hull,et al.  On the equivalence of incremental and fixpoint semantics for business artifacts with Guard-Stage-Milestone lifecycles , 2013, Inf. Syst..

[16]  Kamal Bhattacharya,et al.  Modeling Business Contexture and Behavior Using Business Artifacts , 2007, CAiSE.

[17]  Leonid Libkin,et al.  Elements Of Finite Model Theory (Texts in Theoretical Computer Science. An Eatcs Series) , 2004 .

[18]  Szymon Torunczyk,et al.  Automata based verification over linearly ordered data domains , 2011, STACS.

[19]  Stefano Ceri,et al.  Designing Data-Intensive Web Applications , 2002 .

[20]  Alin Deutsch,et al.  Artifact systems with data dependencies and arithmetic , 2012, TODS.

[21]  Joël Ouaknine,et al.  Nets with Tokens which Carry Data , 2008, Fundam. Informaticae.

[22]  Henk de Man,et al.  Case Management: Cordys Approach , 2009 .

[23]  Richard Hull,et al.  Data Centric BPM and the Emerging Case Management Standard: A Short Survey , 2012, Business Process Management Workshops.

[24]  Ronald Fagin,et al.  Data exchange: semantics and query answering , 2005, Theor. Comput. Sci..

[25]  Thomas Schwentick,et al.  Two-Variable Logic on Words with Data , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[26]  Santhosh Kumaran,et al.  A model-driven approach to industrializing discovery processes in pharmaceutical research , 2005, IBM Syst. J..

[27]  Patricia Bouyer,et al.  An algebraic approach to data languages and timed languages , 2003, Inf. Comput..

[28]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[29]  Jianwen Su,et al.  Static Analysis of Business Artifact-centric Operational Models , 2007, IEEE International Conference on Service-Oriented Computing and Applications (SOCA '07).

[30]  Marc Spielmann,et al.  Verification of relational transducers for electronic commerce , 2003, J. Comput. Syst. Sci..

[31]  Ahmed Bouajjani,et al.  Automatic verification of recursive procedures with one integer parameter , 2003, Theor. Comput. Sci..

[32]  Ahmed Bouajjani,et al.  A Generic Framework for Reasoning About Dynamic Networks of Infinite-State Processes , 2007, TACAS.

[33]  Stéphane Demri,et al.  Model Checking Freeze LTL over One-Counter Automata , 2008, FoSSaCS.

[34]  Alin Deutsch,et al.  Verification of communicating data-driven web services , 2006, PODS '06.

[35]  Jianwen Su,et al.  Towards Formal Analysis of Artifact-Centric Business Process Models , 2007, BPM.

[36]  Marvin Minsky,et al.  Computation : finite and infinite machines , 2016 .

[37]  Jianwen Su,et al.  Optimization techniques for data-intensive decision flows , 2000, Proceedings of 16th International Conference on Data Engineering (Cat. No.00CB37073).

[38]  Alin Deutsch,et al.  Specification and verification of data-driven Web applications , 2007, J. Comput. Syst. Sci..

[39]  Paolo Merialdo,et al.  Araneus in the Era of XML , 1999, IEEE Data Eng. Bull..

[40]  Richard Hull,et al.  Business artifacts with guard-stage-milestone lifecycles: managing artifact interactions with conditions and events , 2011, DEBS '11.

[41]  Constantin Enea,et al.  A Generic Framework for Reasoning about Dynamic Networks of Infinite-State Processes , 2007, Log. Methods Comput. Sci..

[42]  Thomas Schwentick,et al.  Finite state machines for strings over infinite alphabets , 2004, TOCL.

[43]  Jianwen Su,et al.  Data management perspectives on business process management: tutorial overview , 2013, SIGMOD '13.

[44]  Alessio Lomuscio,et al.  Verification of GSM-Based Artifact-Centric Systems through Finite Abstraction , 2012, ICSOC.

[45]  John Vergo,et al.  Artifact-Based Transformation of IBM Global Financing , 2009, BPM.

[46]  Ahmed Bouajjani,et al.  Rewriting Systems with Data , 2007, FCT.

[47]  Diego Calvanese,et al.  Foundations of data-aware process analysis: a database theory perspective , 2013, PODS.

[48]  Patricia Bouyer,et al.  A logical characterization of data languages , 2002, Inf. Process. Lett..

[49]  Giuseppe De Giacomo,et al.  Verification of Conjunctive Artifact-Centric Services , 2012, Int. J. Cooperative Inf. Syst..

[50]  Liying Sui,et al.  A system for specification and verification of interactive, data-driven web applications , 2006, SIGMOD Conference.

[51]  Stéphane Demri,et al.  LTL with the Freeze Quantifier and Register Automata , 2006, 21st Annual IEEE Symposium on Logic in Computer Science (LICS'06).

[52]  Alin Deutsch,et al.  A verifier for interactive, data-driven web applications , 2005, SIGMOD '05.

[53]  Santhosh Kumaran,et al.  Artifact-centered operational modeling: Lessons from customer engagements , 2007, IBM Syst. J..

[54]  Serge Abiteboul,et al.  Collaborative data-driven workflows: think global, act local , 2013, PODS '13.

[55]  Robert J. Glushko,et al.  Document Engineering - Analyzing and Designing Documents for Business Informatics and Web Services , 2005 .

[56]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[57]  Diego Calvanese,et al.  Foundations of Relational Artifacts Verification , 2011, BPM.

[58]  Leonid Libkin,et al.  Elements of Finite Model Theory , 2004, Texts in Theoretical Computer Science.

[59]  Jianwen Su,et al.  Declarative workflows that support easy modification and dynamic browsing , 1999 .

[60]  Stephan Merz,et al.  Model Checking: A Tutorial Overview , 2000, MOVEP.

[61]  Valérie Issarny,et al.  Building and Customizing Data-Intensive Web Sites Using Weave , 2000, VLDB.

[62]  Jianwen Su,et al.  A Framework for Optimizing Distributed Workflow Executions , 1999, DBPL.

[63]  Ioana Manolescu,et al.  Specification and Design of Workflow-Driven Hypertexts , 2002, J. Web Eng..

[64]  John Vergo,et al.  Siena: From PowerPoint to Web App in 5 Minutes , 2008, ICSOC.

[65]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[66]  Alin Deutsch,et al.  Specification and verification of data-driven web services , 2004, PODS.

[67]  Jianwen Su,et al.  Specification and Verification of Artifact Behaviors in Business Process Models , 2007, ICSOC.

[68]  Jianwen Su,et al.  Tools for design of composite Web services , 2004, ACM SIGMOD Conference.