Formal Verification of Workflow Patterns with SPIN

More documents

Recommendations

Info

3 WORKFLOW PATTERNS TRANSLATION 4will start at the same time. This pattern is translated by the following inlinedenition, where each channel in the array qs is used to communicate with eachactivity.inline parallelSplit(qs, sizeq, msg){int n;n=0;atomic {do:: n qs[n]!msg[n]; n++;:: n>=sizeq -> break;od; }}The process in Promela which represents the activity that splits the processmust use the parallelSplit denition and the processes which represent theactivities to be initiated must use the recv denition.Synchronization - The Synchronization pattern combines the paths that weregenerated by the Parallel Split pattern. The nal set of activities withinthe ows must be completed before the process can continue. This pattern istranslated to the following inline denition.inline synchronization(qs, sizeq, msgs){int n, count;n=0; count=0;/* MAXARRAYSIZE: The capacity of the arrays defined in the file* which contains the translations of the workflow patterns */int aux[MAXARRAYSIZE];do::n aux[n]=0; n++;::n==sizeq -> n=0; break;od;skip;S:if::((aux[n]==0) && (len(q[n]) > 0) && countaux[n]=1; q[n]?msg[n]; count++::count>=sizeq -> goto E::else -> skip;fi;n++;if::n==sizeq -> n=0; timeout;::n skip;fi;goto S;E: skip;}The process in Promela that receives the input branches must use the abovedenition and the processes to be syncronized must use the send denition. It
3 WORKFLOW PATTERNS TRANSLATION 5is denoted by aux an auxiliary array of size sizeq to distinguish between theactivities already completed from the others. After nishing, each activity sendsa message through a channel in the array qs to report it (e.g. if the activity thatcomunicates through channel qs[n] is nished, it will send a message throughthis channel reporting that). In this pattern translation, all the channels inthe array qs are transverse to see if there is something to receive from eachone of them. If there is, it will be received and marked it in the array aux(e.g aux[n]=1). Thus, the process in Promela which use the syncronizationdenition will only continue if it has received a message from each channel. Theuse of the keyword timeout is to avoid process starvation, giving the opportunityto other processes to execute.ExclusiveChoice - This pattern is dened as being a split of the control owinto two or more exclusive alternative paths. The pattern is exclusive in thesense that only one of the alternative paths may be chosen for the process tocontinue. This pattern is translated by the following inline denition.inline exclusiveChoice(qs,sizeq,choice,msg){if :: (choice>=0 && choice qs[choice]!msg;:: else -> skip;fi;}The process representing the activity which makes the choice must use thisdenition, and the alternative processes must use the recv denition.Simple Merge - The Simple Merge pattern provides a means of merging twoor more control ows of distinct activities without synchronizing them. Thispattern corresponds to an exclusive OR-join and is translated as follows.inline simpleMerge(qs,sizeq,msg){int n;n=0;skip;S: if :: len(qs[n])>0 -> qs[n]?msg; goto E:: len(qs[n])==0 -> n++; goto Lfi;L: if :: n==sizeq -> n=0; timeout; goto S/* timeout: to give chance to another process to execute. */:: n goto Sfi;E: skip;}In this translation, each channel in the array qs will represent the communicationchannel between a specic Promela process and the process which mergesall the control ow paths. The process in Promela which merges the controlows of distinct processes must use the above denition. The processes thatrepresent the activities whose control ow will be joined must use the senddenition.
Page 3: 3 WORKFLOW PATTERNS TRANSLATION 3us
Page 7 and 8: 3 WORKFLOW PATTERNS TRANSLATION 7}:
Page 9 and 10: 3 WORKFLOW PATTERNS TRANSLATION 9}:
Page 11 and 12: 3 WORKFLOW PATTERNS TRANSLATION 11d
Page 13 and 14: 4 CASE STUDIES 13inline cancelCase(
Page 15 and 16: 4 CASE STUDIES 15qs1[0]=qs[8]; /* T
Page 17 and 18: 4 CASE STUDIES 17Figure 2: Message
Page 19 and 20: 4 CASE STUDIES 19Book - This Promel
Page 21 and 22: 5 RELATED WORK 21Properties Vericat
Page 23: REFERENCES 23[12] Stefansen, C.: SM

Formal Verification of Workflow Patterns with SPIN

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?