Verification support for workflow design with UML activity graphs

We describe a tool that supports verification of workflow models specified in UML activity graphs. The tool translates an activity graph into an input format for a model checker according to a semantics we published earlier. With the model checker arbitrary propositional requirements can be checked against the input model. If a requirement fails to hold an error trace is returned by the model checker. The tool automatically translates such an error trace into an activity graph trace by high-lighting a corresponding path in the activity graph. One of the problems that is dealt with is that model checkers require a finite state space whereas workflow models in general have an infinite state space. Another problem is that strong fairness is necessary to obtain realistic results. Only model checkers that use a special model checking algorithm for strong fairness are suitable for verifying workflow models. We analyse the structure of the state space. We illustrate our approach with some example verifications.

[1]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[2]  Erich Mikk,et al.  Semantics and verification of statecharts , 2000 .

[3]  Wil M. P. van der Aalst,et al.  Diagnosing Workflow Processes using Woflan , 2001, Comput. J..

[4]  Karl Aberer,et al.  CrossFlow: Cross-Organizational Workflow Management in Dynamic Virtual Enterprises , 2000 .

[5]  Rik Eshuis,et al.  A Formal Semantics for UML Activity Diagrams - Formalising Workflow Models , 2001 .

[6]  W. Janssen,et al.  Verifying business processes using spin , 1998 .

[7]  Dennis Dams,et al.  Abstract interpretation and partition refinement for model checking , 1996 .

[8]  Roel Wieringa,et al.  Design methods for reactive systems - Yourdon, Statemate, and the UML , 2003 .

[9]  Johan Lilius,et al.  vUML: a tool for verifying UML models , 1999, 14th IEEE International Conference on Automated Software Engineering.

[10]  Bernd Grahlmann,et al.  The PEP Tool , 1997, CAV.

[11]  Kees M. van Hee,et al.  Ex Spect 6.4: An Executable Specification Tool for Hierarchical Colored Petri Nets , 2000, ICATPN.

[12]  Rik EshuisRoel Wieringa,et al.  A Comparison of Petri Net and Activity Diagram Variants , 2001 .

[13]  Richard M. Karp,et al.  Parallel Program Schemata , 1969, J. Comput. Syst. Sci..

[14]  Amir Pnueli,et al.  Algorithmic Verification of Linear Temporal Logic Specifications , 1998, ICALP.

[15]  Amir Pnueli,et al.  On the Development of Reactive Systems , 1989, Logics and Models of Concurrent Systems.

[16]  Randall P. Sadowski,et al.  Simulation with Arena , 1998 .

[17]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[18]  Amir Pnueli,et al.  A Platform for Combining Deductive with Algorithmic Verification , 1996, CAV.

[19]  Javier Esparza,et al.  Decidability of model checking for infinite-state concurrent systems , 1997, Acta Informatica.

[20]  Christoph Bussler Enterprise-Wide Workflow Management , 1999, IEEE Concurr..

[21]  Wil M. P. van der Aalst,et al.  Advanced Workflow Patterns , 2000, CoopIS.

[22]  R. Goldblatt Logics of Time and Computation , 1987 .

[23]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[24]  Rik Eshuis,et al.  An Execution Algorithm for UML Activity Graphs , 2001, UML.

[25]  Peter Kelb,et al.  An OBDD-representation of statecharts , 1994, Proceedings of European Design and Test Conference EDAC-ETC-EUROASIC.

[26]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[27]  Roelf J. Wieringa,et al.  Toolkit for Conceptual Modeling (TCM): User's Guide and Reference , 1997 .

[28]  Stephan Merz,et al.  Model Checking , 2000 .

[29]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[30]  P. Varaiya,et al.  Discretization of timed automata , 1994, Proceedings of 1994 33rd IEEE Conference on Decision and Control.

[31]  Diego Latella,et al.  Automatic Verification of a Behavioural Subset of UML Statechart Diagrams Using the SPIN Model-checker , 1999, Formal Aspects of Computing.

[32]  Rik Eshuis,et al.  A Real-Time Execution Semantics for UML Activity Diagrams , 2001, FASE.

[33]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[34]  Gerhard Weikum,et al.  Enterprise-wide workflow management based on state and activity charts , 1998 .