Option processes often occur in a business procedure with respect to resource competition. In a business procedure modeled with a workflow net (WF-net), all decision behavior and option operations for business tasks are modeled and performed by the conflicts in corresponding WF-net. Concurrency in WF-nets is applied to keep a high-performance operation of business procedures. However, the firing of concurrent transitions in a WF-net may lead to the disappearance of conflicts in the WF-net. The phenomenon is usually called confusions that produces difficulties for the resolution of conflicts. This paper investigates confusion detection problems in WF-nets. First, confusions are formalized as a class of marked subnets with special conflicting and concurrent features. Second, a detection approach based on the characteristics of confusion subnets and the integer linear programming (ILP) is developed, which is not required to compute the reachability graph of a WF-net. Examples of the confusion detection in WF-nets are presented. Finally, the impact of confusions on the properties of WF-nets is specified.
1. Introduction
The workflow net (WF-net) [1, 2] of a business procedure is constructed to depict the logical relations among business tasks and to detect the potential faults in the procedure. Multithreaded tasks and option processes in a business procedure are usually implemented by concurrent and conflicting operations that can promote exact and efficient execution of the procedure. In its WF-net model, concurrent structures and conflicts are constructed to model and analyze multithreaded tasks and option processes, respectively.
However, WF-nets suffer from a class of faults that are called confusions such that the disappearance of conflicts occur, which implies that the conflicting transitions in a conflict become disabled before the resolution of the conflict in a WF-net. Confusions are caused by the interlacements between concurrent and conflicting processes, which generate nondeterministic occurrence of conflicts and produce difficulties for the resolution of conflicts.
The subnet shown in Figure 1(a) is a confusion that may occur in WF-nets, which includes two concurrent transitions t1 and t2 at the shown marking and a structural conflict between transitions t2 and t3. The confusion may lead to the disappearance of the conflict between t2 and t3, which is undesired. The defect is illustrated in the example. If the two concurrent transitions t1 and t2 fire, the marking shown in Figure 1(d) can be reached. In this process, different sequential transition firing sequences (σ1=t1t2 and σ2=t2t1) with respect to the concurrent firing of t1 and t2 implicate completely different conflict behavior. Suppose that there are two observers who observe the firing of the sequences σ1=t1t2 and σ2=t2t1, respectively. Their observation for system behavior can be described as follows.
t1 fires first, which results in a conflict between t2 and t3. Then, the conflict is resolved in favor of t2 and t2 fires (σ1=t1t2).
t2 fires first, which does not conflict with other transitions. Then, t1 fires (σ2=t2t1).
(a) A subnet system, (b) the subnet system obtained by firing the transition t1 in Figure 1(a), (c) the subnet system obtained by firing the transition t2 in Figure 1(a), and (d) the subnet system obtained by concurrently firing the transitions t1 and t2 in Figure 1(a).
There occurs the conflict between t2 and t3 and the conflict can be resolved by firing transition t2 in observation 1. However, observation 2 shows that no conflict occurs except sequentially firing t2 and t1. Hence, the confusion leads to the fact that the occurrence of the conflict between t2 and t3 is nondeterministic owing to the concurrent firing between t1 and t2. The conflict behavior described in observation 1 will not occur; that is, the disappearance of the conflict occurs, when the system fires the sequence σ2=t2t1.
In a real-world workflow system, the construction of conflicts and concurrency usually attempts to reach a kind of balance between the resource utilization and the fulfillment of the performance requirements. Such balance can be achieved through the timing constraints reported in [3] and the bottlenecks of performance a workflow mentioned in [4]. However, the meaningful balance can only be presented between independent conflicts and concurrency; that is, the conflicts and concurrency contain different transitions in a WF-net, since their behavior will not be mutually interfered. Conversely, if there are dependent conflicts and concurrency in a WF-net, that is, confusions, conflicts can only be considered rather than the balance between conflicts and concurrency. The reason can be presented by considering the different importance of conflicts and concurrency in a workflow procedure.
The significance of conflicts lies in the fact that they perform all option processes that are usually considered as the procedure interfaces to its external environment, for example, switches and decisions of humans. The interfaces should be determined such that the external environment can intervene a target result. Hence, the occurrence of conflicts should be observable and unambiguous in the evolution of a workflow procedure.
Concurrency in a workflow procedure only facilitates the implement of performance requirements to obtain a desired running period, which does not contribute to the logical judgments and the correctness of the procedure. Assuming that the tasks in a procedure are not performed concurrently, researchers can still get an execution result except a higher execution performance. However, if there are no conflicts, the behavior of the procedure may not be completed or the procedure performing a desired work cannot be constructed.
As aforementioned, a policy is required to determine whether a WF-net will be such an ambiguous conflict owing to concurrency. Hence, this paper aims at dealing with the formal description of confusions and providing a policy to decide whether a WF-net is confusion-free and where may appear confusions in the WF-net.
Petri nets (PNs) [5–7] as a formalism to describe the behavior of discrete event systems have drew much attention from different areas, for example, workflow management [2, 8, 9], web services [10, 11], and flexible manufacturing systems (FMSa) [12, 13]. Confusion problems and their defects were first investigated in PNs by Rozenberg et al. in [14, 15]. Their work considers the defects of PNs with confusions and mentions that it is not always possible to avoid confusion in a PN system although conflict behavior in the system with confusions is difficult to analyze. This is due to the fact that the intermediate states, for example, the markings shown in Figures 1(b) and 1(c), determined by different sequential transition sequences, for example, t1t2 and t2t1, of concurrent transitions, are different from each other.
If one requires to determine whether a conflict occurs in a PN with confusions, all possible sequential transition sequences generated by concurrent transitions in the PN have to be analyzed. However, the number of these sequences grows quickly with the increase of concurrent transitions. On the other hand, a confusion cannot be analyzed by using a reachability graph since independent concurrency (no concurrent transitions belonging to conflicting transitions) and concurrency in confusions cannot be differentiated in the reachability graph of a PN.
Some studies are devoted to the analysis of the confusions in PNs, where the phenomenon of confusions is extensively reported by many PN applications such as workflow nets (WF-nets) [2, 8, 9], occurrence nets [16, 17], safe nets [18–20], generalized (unsafe) nets [19], and generalized stochastic PNs (GSPNs) [21, 22].
The study on occurrence nets focuses on the PNs whose behavior can be interpreted by branching unfolding semantics [23]. In PNs, the behavior such as sequences, concurrency, conflicts, trails, choices, and alternatives can be described and analyzed by decomposing an occurrence net into substructures given by the node relations associated with the behavior. However, confusions cannot be described by the existing branching semantics. Hence, Smith and Haar consider the independence of events in occurrence nets and the indirect influences among concurrent events in [16, 17]. Furthermore, interference structural conflict clusters are developed in [17] in order to describe confusions. The clusters belong to a kind of the substructures of occurrence nets. In the work of Smith and Haar, confusion detection problems are not considered.
In [18, 19], a confusion detection approach based on trace theory is proposed. Furthermore, communicating sequential process (CSP) model checker is used to verify the detected confusions. However, the precondition of the confusion detection is that a PN is converted into an interleaving process algebra CSP. The transformation can produce additional costs and is infeasible for an arbitrary PN. A feasible offline confusion detection policy is reported in [20], which requires computing the reachability graph of a PN and cannot be used in complex systems owing to state space explosions.
Confusions in GSPNs are discussed in [21, 22]. The marking graph of a GSPN is not a stochastic process if the GSPN contains confusions, which implies that continuous-time Markov chains (CTMCs) cannot be used to analyze the GSPNs with confusions. Generally, a classical analytical approach for GSPNs is to assume that the subnets of immediate transitions are confusion-free in order that the analysis can proceed. However, the assumption does not intrinsically solve the problem of confusions since they really exist in GSPNs.
A PN which models the control-flow dimension of a workflow is a WF-net. Both dynamic behavior and control of a case in a workflow can be specified in its WF-net [1, 24]. van der Aalst and Hee deal with the existence of confusions in WF-nets and show the defects of WF-nets with confusions [2, 8, 9]. First, a WF-net is said to be correct with a singleton token in its source place if the WF-net holds for the properties “soundness” and “well-structured,” which is reported in [9]. If a WF-net is sound, an arbitrary reachable marking generated by the WF-net can terminate properly. A well-structured WF-net has a number of nice properties. For example, the soundness of a WF-net can be verified in polynomial time and a sound well-structured WF-net is safe. However, the existence of confusions in WF-nets leads to nondeterministic conflicting processes. Hence, it is not amenable to say that a sound or a well-structured WF-net is correct since the properties “soundness” and “well-structured” in WF-nets cannot avoid confusions. Furthermore, confusions can affect the property “well-structured” of a WF-net under the acyclic (no directed cycle in the structure of a WF-net) restrictions. To be more specific,
a sound and well-structured WF-net with cycles may cause confusions; this fact will be illustrated by giving an example in this paper;
if an acyclic sound WF-net contains a confusion, it is certainly not well structured; the conclusion will be specified in this work.
Second, in a workflow management system (WFMS), four important building blocks (AND-split, AND-join, OR-split, and OR-join) are introduced to specify the functions of the WFMS, where OR-splits are said to be case variables and modeled with conflicts in the corresponding WF-system, which lead to different routings of a case (transition sequences). According to the requirements of WFMSs and the work of van der Aalst in [9], the routings of a case should be independent of the order in which tasks are executed; that is, the choice between conflicting transitions cannot be influenced by the order in which a nonconflicting transition fires. It is shown that the behavior of confusions should not occur in a WF-system modeling a WFMS.
Third, in WF-net, only free choice is usually allowed due to the existence of confusions since the structures of confusions are nonfree choice. However, as discussed in [2], there are nonfree choice WF-nets that correspond to sensible workflows. They can be applied if confusion detection problems are solved.
Fault detection and control in PNs is an important and computationally difficult problem owing to resource sharing, state space explosions, and complex conflicting and concurrent behavior. For example, some excellent deadlock detection and prevention methods of FMSs are proposed in PNs [25–31]. WF-nets belong to a subclass of PNs and the occurrence of confusions in a WF-net is undesired. Hence, this paper is intended to investigate the confusion problems in a WF-net. The main contributions include the following three aspects.
The formalization of confusions is presented by defining a special class of subnets.
The impact of confusions on the properties of WF-nets is discussed.
A confusion detection policy is proposed without considering the reachability graph of WF-nets, which can return whether and where may occur a confusion in WF-nets.
If a sound or well-structured WF-net is reported to be confusion-free according to the proposed detection policy, the WF-net can be used in any real-world workflow procedure. Correspondingly, once the proposed policy finds a confusion in WF-nets, researchers or engineers will be able to give up the use of such WF-nets or design a method to ensure the occurrence of conflicts before using them.
This paper is organized as follows. Section 2 introduces basic concepts of PNs and WF-nets. Section 3 formulates two classes of confusions and specifies their behavior by some examples. Section 4 presents algorithms for confusion detection. The proposed algorithms are applied to some examples and a real-world case. Section 5 deals with the impact of confusions on the properties of WF-nets. Conclusions and future work are presented in Section 6.
2. Basics of Petri Nets and Workflow Nets
This section provides the basics of PNs and WF-nets, where the definitions and the properties of PNs presented in this paper come from [6] and the details of WF-nets can be found in [9].
A PN N is a four-tuple (P,T,F,W), where P and T are finite, nonempty, and disjoint sets. P is the set of places and T is the set of transitions. F⊆(P×T)∪(T×P) is called a flow relation of the net, represented by arcs with arrows from places to transitions or from transitions to places. W:(P×T)∪(T×P)→ℕ is a mapping that assigns a weight to an arc: W(x,y)>0 if (x,y)∈F, and W(x,y)=0 otherwise, where x,y∈P∪T and ℕ={0,1,2,…} is a set of nonnegative integers. A net is self-loop-free (pure) if ∄x,y∈P∪T, (x,y)∈F∧(y,x)∈F. N=(P,T,F,W) is called an ordinary net, denoted as N=(P,T,F), if ∀f∈F,W(f)=1.
Let x∈P∪T be a node in a net N=(P, T, F, W). The preset of x is defined as •x={y∈P∪T∣(y,x)∈F}, while the postset of x is defined as x•={y∈P∪T∣(x,y)∈F}. Let X be a set of nodes with X⊆P∪T. We have •X=∪x∈X•x, and X•=∪x∈Xx•. The structure of a self-loop-free PN can be represented by its incidence matrix [N]; that is, a |P|×|T| integer matrix with [N](p,t)=W(t,p)-W(p,t).
A marking M of N is a mapping from P to ℕ. M(p) denotes the number of tokens contained in place p. p is marked at marking M if M(p)>0. (N,M0) is called a net system or a marked net and M0 is called an initial marking of N. A marking M can be denoted by ∑p∈PM(p)p that is presented as multiset or formal sum notations. For example, a marking M=(2,0,2,4)T in a net with four places can be denoted by M=2p1+2p3+4p4.
A transition t∈T is enabled at marking M if ∀p∈t•, M(p)≥W(p,t), which is denoted as M[t〉. If t is enabled, it can fire. Its firing yields another marking M′ such that ∀p∈P,M′(p)=M(p)-W(p,t)+W(t,p), which is denoted by M[t〉M′. Marking M′ is said to be reachable from M if there exists a transition sequence σ=t1t2⋯tn and markings M1,M2,…, and Mn-1 such that M[t1〉M1[t2〉M2⋯Mn-1[tn〉M′. This is denoted by M[σ〉M′. The set of markings reachable from M in N defines the reachability set of (N,M), denoted as R(N,M).
A transition t∈T in a PN system (N,M0) is live at M0 if ∀M∈R(N,M0),∃M′∈R(N,M0), M′[t〉 holds. The system (N,M0) is live if ∀t∈T, t is live at M0. A PN (N,M0) is safe if ∀M∈R(N,M0), ∀p∈P,M(p)≤1. Generally, safe PNs are used to depict and analyze business processes, logistic systems, and workflow management systems. In a safe PN, a transition t∈T is enabled at marking M if ∀p∈•t, M(p)=1, and ∀p∈t•, M(p)=0.
A P-vector is a column vector I:P→ℤ indexed by P, where ℤ is the set of integers. I is a P-invariant if I≠0 and [N]T·I=0, where the bold 0 denotes a column vector whose every entry equals 0. Let I be a P-invariant of N. Then ∀M∈(R,M0); IT·M=IT·M0 holds. ∥I∥={p∣I(p)≠0} is called the support of I. I is called a minimal P-invariant if ∥I∥ is not a superset of the support of any other one and its components are mutually prime.
Let N=(P,T,F) be a PN and n1,nk∈P∪T be two nodes in N, where k∈{1,2,…,|P∪T|}. A string C=n1n2⋯nk is called a path of N if ∀i∈{1,2,…,k-1}, (ni,ni+1)∈F. C=n1n2⋯nk is called a directed path if ∀i∈{1,2,…,k-1}, ni+1∈ni•. C=n1n2⋯nk is called elementary path if for any two nodes ni and nj in Ci≠j⇒ni≠nj.
Definition 1 (see [9]).
A PN N=(P,T,F) is said to be a workflow net (WF-net) if and only if
N has a source place pin∈P and a sink place pout∈P such that •pin=∅ and pout•=∅.
For any node x∈P∪T, x belongs to a directed path from pin to pout.
(N,Min) is said to be a workflow system (WF-system) if Min is the initial marking that contains only a singleton token in place pin in the system.
In this paper, “WF-net” and “WF-system” are used to distinguish an arbitrary net structure N and the structure N at initial marking Min, that is, (N,Min), respectively. WF-nets are a subclass of PNs. Hence, any analytical methods involved in PNs can be applied to WF-nets. In this paper, safe WF-system is considered only.
Definition 2 (see [9]).
A PN N~=(P~,T~,F~) is said to be the extended WF-net from a WF-net N=(P,T,F) if an extra transition t* exists such that P~=P, T~=T∪{t*}, and F~=F∪{(pout,t*),(t*,pin)}. (N~,Min) is called an extended WF-system if (N,Min) is a WF-system and N~ is extended from N.
The description of a business procedure in a WF-system is shown in Table 1.
Description of a business procedure in a WF-system.
Business process
WF-system
Task
Transition
Condition
Place
Start condition
Marked source place pin
End condition
Marked sink place pout
Live task
Live transition in extended WF-system
Dead task
Dead transition in extended WF-system
Case
Path from pin to pout
The life cycle of a business procedure is depicted by the logical relations among transitions in a WF-net. Marked source place pin and sink place pout in a WF-system are used to identify the beginning and the termination of a business procedure. A task in a business procedure contains three status: idle, ready, and finished, which implies that a transition in corresponding WF-system is disabled, enabled, and fires, respectively.
A WF-system cannot allow the retention of tokens in other places if pout is marked, which is ensured by condition (2) in Definition 1. Figures 2(a) and 2(b) show a WF-system (N,Min) at initial marking Min=(1,0,0,0,0,0)T and its extended WF-system (N~,Min), respectively.
(a) A sound WF-system (N,Min), (b) the extended WF-system (N~,Min) of (N,Min), and (c) a sound and well-structured WF-system (N′,Min′).
Definition 3 (see [9]).
A WF-system (N,Min) with P={pin,p1,p2,…,pn,pout} is said to be sound if
∀M∈R(N,Min), Min[σ1〉M⇒∃σ2, [σ2〉Mout, where Min=(1,0,0,…,0︸n+1)T and Mout=(0,0,…,0︸n+1,1)T.
∀M∈R(N,Min), Min[σ1〉M∧M≥Mout⇒M=Mout.
∀t∈T~, ∀M∈R(N~,Min),∃M′∈R(N~,Min), M′[t〉 holds.
Condition (1) in Definition 3 guarantees that the marking Mout in a sound WF-system can be reached by firing an existing transition sequence at an arbitrary reachable marking, which implies that any case in a business procedure can be terminated eventually. Condition (2) in Definition 3 ensures that marking Mout is the only terminal marking. The fact that no dead transitions exist in the extended WF-system (N~,Min) of (N,Min) is ensured by condition (3) in Definition 3.
A WF-system (N,Min) is sound if and only if the extended WF-system (N~,Min) of (N,Min) is live and bounded. For example, the WF-system shown in Figure 2(a) is sound since its extended WF-system shown in Figure 2(b) is live and bounded.
Definition 4 (see [9]).
A PN N is said to be well handled if for any pair of nodes x∈P∪T and y∈P∪T such that one of the nodes is a place and the other is a transition and for any pair of elementary paths C1 and C2 from x to y; the formula α(C1)∩α(C2)={x,y}⇒C1=C2 holds, where α(C1) and α(C2) denote the set of all nodes in path C1 and C2, respectively. A WF-net N is well structured if the extended N~ from N is well handled.
The WF-system (N,Min) shown in Figure 2(a) is not well structured and the WF-system (N′,Min′) shown in Figure 2(c) is well structured. A well-structured WF-net has a number of nice properties. For example, the soundness of a WF-system can be verified in polynomial time and a sound well-structured WF-system is safe. A reasonable WF-system usually holds for soundness and well structure.
3. Conflicts, Concurrency, and Confusions
This section formalizes confusions in a PN system to a class of marked subnets with respect to special conflicting and concurrent characteristics. The formalization allows us to obtain a confusion detection policy in WF-systems.
Definition 5 (see [32]).
A structural conflict in a net N=(P,T,F) is a pair K=〈p,T(K)〉, where p∈P is called the structural conflicting place and T(K)={t1,t2,…,tn} is the set of output transitions of p with n=|p•|≥2. The elements in T(K) are called structural conflicting transitions.
Definition 6 (see [32]).
An effective conflict in a marked net (N,M0), denoted by KM=〈p,T(KM),M〉, is associated with a structural conflict K=〈p,T(K)〉 and a marking M∈R(N,M0) such that ∀t∈T(KM), M[t〉 is true, and M(p)<∑t∈T(KM)W(p,t), where T(KM)⊆T(K) is the set of enabled transitions in T(K) at marking M.
The cardinality of T(KM), that is, |T(KM)|, is said to be the size of effective conflict KM. An effective conflict is said to be complete (resp., incomplete) if |T(KM)|=|T(K)| (resp., 1≤|T(KM)|<|T(K)|). Figures 3(a) and 3(b) show a structural conflict K=〈p2,{t1,t2,t3,t4}〉 and an effective conflict KM=〈p2,{t2,t3,t4},p2+p3〉 associated with K, respectively, where T(K)={t1-t4} and T(KM)={t2-t4}. The effective conflict KM is incomplete since |T(KM)|=3<|T(K)|=4.
(a) A structural conflict K=〈p2,{t1-t4}〉, (b) an effective conflict KM=〈p2,{t2-t4},p2+p3〉, and (c) illustration of concurrency.
Definition 7.
(1) Transitions t1 and t2 are said to be concurrent at marking M in a marked net (N,M) if M[t1〉, M[t2〉, and (•t1∪t1•)∩(•t2∪t2•)=∅.
(2) Let DM={t1,t2,…,tn} be a transition set. It is said to be a set of concurrent transitions at marking M if ∀ti,tk∈DM, i≠k; transitions ti and tk are concurrent at marking M.
(3) The concurrent degree of a set DM of concurrent transitions, denoted by λ, is defined as λ=|DM|.
(4) Let DM be a set of concurrent transitions in a marked net (N,M) with λ=|DM|. It is said to be λ-max-concurrent in (N,M) if there does not exist a set of concurrent transitions D^M≠DM with λ^=|D^M| in (N,M) such that λ^>λ. A transition in DM is said to be λ-max-concurrent if DM is λ-max-concurrent in (N,M).
(5) Let 𝔻M={D1M,D2M,…,DρM} be the set of concurrent transition sets in (N,M); that is, ∀DjM∈𝔻M; DjM is a set of concurrent transitions in (N,M). 𝔻M is said to be λ-max-concurrent if ∀DjM∈𝔻M; DjM is λ-max-concurrent in (N,M).
Figure 3(c) shows a marked PN that contains totally seven sets D1M={t1,t4}, D2M={t1,t5}, D3M={t1,t6}, D4M={t4,t5}, D5M={t4,t6}, D6M={t1,t4,t5}, and D7M={t1,t4,t6} of concurrent transitions at marking M=p1+p4+p5. Two sets D6M and D7M with λ6=λ7=3 are 3-max-concurrent since there does not exists a set of concurrent transitions from D1M to D7M, whose cardinality is greater than three. Suppose that 𝔻1M={D6M,D7M} and 𝔻2M={D1M,D2M,D7M} are two sets of concurrent transition sets. Then, 𝔻1M is 3-max-concurrent and 𝔻2M is not 3-max-concurrent since the concurrent degrees of D1M and D2M in 𝔻2M are less than three.
Definition 8.
A marked PN (N¯=(P¯,T¯,F¯),M¯) is said to be a marked subnet of a PN system (N=(P,T,F),M) if P¯⊆P, T¯⊆T, F¯=F∩[(P¯×T¯)∪(T¯×P¯)], and M¯ is a natural projection of marking M on place set P¯. M¯ is said to be valid (resp., invalid), denoted by M¯≺M (resp., M¯⊀M), if ∃p∈P¯, M¯(p)=1 (resp., ∀p∈P¯, M¯(p)=0).
Definition 9.
A confusion, denoted by (N¯,T(K),M¯,𝔻M¯) or abbreviated to (N¯,M¯), is a marked subnet in a net system (N,M0) such that
there exists a structural conflict K=〈p,T(K)〉 with p∈P¯ and T(K)⊂T¯;
there exists a nonempty set 𝔻M¯ that is composed of all 2-max-concurrent transition sets at the submarking M¯ in (N¯,M¯);
∀DjM¯∈𝔻M¯, ∃ti∈DjM¯∖T(K) such that M¯[ti〉M¯′ and |T(KM¯)|≠|T(KM¯′)|;
there exist two reachable markings M and M′ in R(N,M0) such that M¯≺M and M¯′≺M′ are true.
A confusion is said to be a conflict-increasing confusion (CIC) if |T(KM¯)|<|T(KM¯′)|. It is said to be a conflict-decreasing confusion (CDC) if |T(KM¯)|>|T(KM¯′)|.
Confusions are tackled as the marked subnets in a PN system, which are distinguished into CICs and CDCs. Two requirements on confusions are imposed by Conditions (1) and (2) in Definition 9, respectively. If a marked subnet (N¯,M¯) is a confusion, it necessarily contains a structural conflict and all the sets of concurrent transitions in (N¯,M¯) are 2-max-concurrent at marking M¯.
Condition (3) in Definition 9 implies the behavior characteristics of confusions. For a structural conflict K in a confusion, there exists at least a transition t not belonging to T(K) in the confusion. Firing t changes the size of effective conflicts associated with K. Condition (4) in Definition 9 ensures that the behavior described in Condition (3) can actually occur in the original net system. Finally, confusions are classified into CICs and CDCs according to the relations of the size change of effective conflicts in Definition 9.
If a marked subnet of a PN system satisfies Definition 9, the disappearance of complete effective conflicts will occur in the marked subnet. The limitation of the 2-max-concurrency can limit the size of a subnet at a marking such that the marked subnet is exactly a CIC or a CDC. In other words, the behavior of a confusion defined in Definition 9 with the limitation of 2-max-concurrency can only be one of the two results, that is, increasing or decreasing the size of effective conflicts. Examples 1 and 2 are given to show the structures and behavior of CICs and CDCs defined in Definition 9, respectively.
Example 1.
The marked subnet shown in Figure 4(a) is a CIC (N¯1,T(K1),M¯1,𝔻M¯1), where T(K1)={t1,t2,t3,t4}, M¯1=p1+p4, 𝔻M¯1={D1M¯1,D2M¯1}, D1M¯1={t1,t5}, and D2M¯1={t2,t5}. The confusion holds for Conditions (1) and (2) in Definition 9. N¯1 contains a structural conflict K1=〈p1,{t1-t4}〉 and two 2-max-concurrent transition sets D1M¯1 and D2M¯1 exist in the confusion such that 𝔻M¯≠∅ is true.
The partial reachability graph of a CIC (N¯1,M¯1) with |T(K1)|=4 by concurrently firing transitions in D1M¯1={t1,t5} and D2M¯1={t2,t5}.
The partial reachability graph of the confusion is shown in Figures 4(b) and 4(c), which are obtained by concurrently firing transitions in D1M¯1={t1,t5} and D2M¯1={t2,t5}, respectively, where two transition firing sequences σ1=t1t5 and σ2=t5t1 (resp., σ3=t2t5 and σ4=t5t2) can be observed from the initial marking M¯1=p1+p4 to the terminal marking M¯4=p2+p3+p5 (resp., M¯6=p2+p3+p6) in Figure 4(b) (resp., Figure 4(c)) and any marking M¯j in Figure 4 is represented with the size of the effective conflict K1M¯j; that is, |T(K1M¯j)|.
According to Condition (3) in Definition 9, (N¯1,M¯1) is a CIC since firing the nonconflicting transition t5∉K1 in D1M¯1 (resp., D2M¯1) can expand the size of the effective conflicts associated with K1 from |T(K1M¯1)|=2 to |T(K1M¯3)|=|T(K1)|=4, where K1M¯1=〈p1,{t1,t2},p1+p4〉 is incomplete and K1M¯3=〈p1,{t1-t4},p1+p2+p3〉 is complete.
The fact whether the complete effective conflict K1M¯3 occurs according to the concurrent firing of transitions in D1M¯1={t1,t5} and D2M¯1={t2,t5} is nondeterministic. If σ2=t5t1 and σ4=t5t2 fire, the complete effective conflict K1M¯3 with size |T(K1M¯3)|=|T(K1)|=4 at marking M¯3=p1+p2+p3 can occur. If σ1=t1t5 and σ3=t2t5 fire, the processes M¯1[t1〉M¯2[t5〉M¯4 and M¯1[t2〉M¯5[t5〉M¯6 do not expand the size of the effective conflicts associated with K1 such that a complete effective conflict occurs, where M¯1=p1+p2, M¯2=p4+p5, M¯4=p2+p3+p5, M¯5=p4+p6, and M¯6=p2+p3+p6.
The complete K1M¯3 is expected to occur since all the structural conflicting transitions in K1 are enabled such that the options can be done among transitions t1-t4. In this case, we can say that the disappearance of the effective conflict K1M¯3 occurs if the CIC fires the transition sequences σ1=t1t5 and σ3=t2t5.
Example 2.
The marked subnet shown in Figure 5(a) is a CDC that consists of two structural conflicts K2=〈p1,{t1-t4}〉 and K3=〈p2,{t3-t6}〉 at the initial marking M¯1=p1+p2. Only K2 in the confusion is considered due to the symmetry. In other words, the confusion (N¯2,T(K2),M¯1,𝔻M¯1) is analyzed, where T(K2)={t1-t4}, 𝔻M¯1={D1M¯1, D2M¯1, D3M¯1, D4M¯1}, D1M¯1={t1,t5}, D2M¯1={t1,t6}, D3M¯1={t2,t5}, and D4M¯1={t2,t6}.
The confusion is a CDC since firing transition t5∉T(K2) in D1M¯1 and D3M¯1 or firing another transition t6∉T(K2) in D2M¯1 and D4M¯1 reduces the size of the effective conflict K2M¯1=〈p1,{t1,t2,t3,t4},M¯1〉 such that the options cannot be done in the complete effective conflict K2M¯1.
The partial reachability graph obtained by concurrently firing transitions t1 and t5 in D1M¯1 is shown in Figure 5(b). Two transition firing sequences σ1=t1t5 and σ2=t5t1 can be obtained. The complete effective conflict K2M¯1=〈p1,{t1-t4},M¯1〉 with |T(K2M¯1)|=|T(K2)|=4 can be found at the initial marking M¯1=p1+p2. Hence, the options on conflicting transitions from t1 to t4 should be done for the effective conflict K2M¯1. However, an unfortunate transition t5∉T(K2) can concurrently fire such that the size is reduced from |T(K2M¯1)|=4 to |T(K2M¯3)|=2, which leads to disabled conflicting transitions t3 and t4 before the options among conflicting transitions t1-t4 are executed, where M¯3=p1+p7. In this case, we can say that the disappearance of the effective conflict K2M¯1 occurs if the confusion fires transition sequence σ2=t5t1.
The concurrent firing of the transitions in other sets D2M¯1, D3M¯1, and D4M¯1 can be analyzed by the similar procedures of the analysis for transitions t1 and t5 in D1M¯1. Specifically, the disappearance of the effective conflict K2M¯1 occurs if the confusion fires transition sequence σ3=t6t1, σ4=t5t2, or σ5=t6t2.
The partial reachability graph of a CDC (N¯2,M¯1) with |T(K2)|=4 by concurrently firing transitions in D1M¯1={t1,t5}, D2M¯1={t1,t6}, D3M¯1={t2,t5}, and D4M¯1={t2,t6}.
4. Detection of Confusions in WF-Systems
Conflicts and concurrency are used to control the option processes and to keep a high-performance operation of a WF-system. However, confusions may lead to the incomplete and nondeterministic conflicting behavior.
This section deals with the detection problem of confusions in WF-systems. A confusion is tied to a special structure and a marking. Hence, the detection method is divided into two steps. First, the structure N¯ of a confusion (N¯,M¯) in a WF-system is detected. Then, whether there exists a marking M¯ such that the confusion occurs is decided by a method of integer linear programming (ILP), which does not require computing the reachability graph of the WF-system.
Property 1.
If N¯ is a CIC subnet in a WF-net N, then ∃ti,tj,tk∈T¯, i≠j≠k such that (•ti∪ti•)∩(•tj∪tj•)=∅∧tk∈(tj•)•∧ti•∩tk•≠∅ is true. If N¯ is a CDC subnet in a WF-net N, then ∃ti,tj∈T, i≠j such that (•ti∪ti•)∩(•tj∪tj•)=∅∧(•ti)•∩(•tj)•≠∅ is true.
Property 1 depicts the structural characteristics of a CIC and a CDC described in Definition 9. Algorithm 1 is developed to capture all confusion subnets in a WF-net according to Property 1. Let T(K,t):={t′∣t′∈T∧t•∩t′•} in Algorithm 1 denote the conflicting transition set containing t.
Algorithm 1: Detection of confusion subnets in WF-net N.
(1)Input: WF-net N=(P,T,F).
(2)Output: The set Qci of CIC subnets and the set Qcd of CDC subnets.
(16) Capture a CDC subnet N-h=(P-h,T-h,F-h), where
(1)P-h:=•T(K,ti)∪T(K,ti)•∪•T(K,tj)∪T(K,tj)•,
(2)T-h:=T(K,ti)∪T(K,tj), and
(3)F-h:=F∩((P-h×T-h)∪(T-h×P-h)).
(17)ifN-h∉Qcdthen
(18)h:=h+1, Qcd:=Qcd∪N-h.
(19)else
(20)Qcd:=Qcd.
(21)end if
(22)end if
(23)end for
(24)Output: Qci and Qcd.
In a WF-system, the captured confusion subnets cannot perfectly describe the phenomenon of confusions since they are not related to markings. It does not mean that a confusion (N¯,M¯) necessarily exists if there is a confusion subnet N¯ in a WF-system. Hence, we need to decide whether there exists a marking M¯ such that confusion (N¯,M¯) occurs.
Theorem 10.
Let (N,Min) be a sound WF-system. Let I1,I2,…, and In denote all the minimal P-invariants computed by IT[N]=0T. Then (N,Min) is covered by I1,I2,…, and In and ∀j∈{1,2,…,n}; Σp∈∥Ij∥M(p)=Min(pin)=1 is true.
Proof.
According to Definition 1, we have ∀pi∈P; pi belongs to an elementary directed path from pin to pout in N. Any elementary directed path in a WF-system (N,Min) can deduce a minimal P-invariant. Hence, (N,Min) is covered by I1,I2,…, and In if there are total n minimal P-invariants. A P-invariant Ij holds for IjT·M=IjT·Min=1. Hence, we have Σp∈∥Ij∥M(p)=Min(pin)=1.
Algorithm 2 is proposed according to Theorem 10, which is referred to find the places that may lead to the disappearance of an effective conflict in a confusion if they are marked. Then, an ILP is developed to decide whether a marking exists such that all these places are marked. If the result of the ILP equals the number of the places, an existing confusion in a WF-system can be finally determined.
Algorithm 2: Detection of confusions by the ILP in WF-system (N,Min).
(1)Input: WF-system (N,Min), Qci, and Qcd.
(2)Output: The set Q^ci of CICs and the set Q^cd of CDCs.
(3)Q^ci:=∅, Q^cd:=∅,
(4)for each N-h∈Qcido
(5) Compute [N]T·I=0 to obtain all minimal P-invariants I1,I2,…, and In.
Let (N,Min) be a WF-system and Qci and Qcd denote the sets of its CIC and CDC subnets obtained by Algorithm 1, respectively. Suppose that N¯=(P¯,T¯,F¯)∈Qci is a CIC subnet in (N,Min), where T(K) is the transition set of a structural conflict K in N, Ω1=T¯∖T(K) is a set containing all nonconflicting transitions in T¯, and Ω2=T(K)∖(T(K)∩(Ω1•)•) is a transition set with respect to K in T¯. If there exists a marking M¯≺M∈R(N,Min) with Σp∈•(Ω1∪Ω2)M(p)=|•(Ω1∪Ω2)|, that is, ∀p∈(Ω1∪Ω2)•, p is marked at M, we can decide that (N¯,M¯) is a CIC that can occur in the WF-system (N,Min). Similarly, for a CDC subnet N¯ in a WF-system (N,Min), if there exists a marking M¯≺M∈R(N,Min) with Σp∈T¯•M(p)=|•T¯|, we can decide that (N¯,M¯) is a CDC in the WF-system (N,Min). The decision processes are formulated in Algorithm 2.
Two WF-systems (N,Min) and (N′,Min′) are used to illustrate the proposed detection policy of confusions, which are shown in Figures 6(a) and 6(b), respectively. The WF-system (N,Min) is sound and another WF-system (N′,Min′) is sound and well structured, where anyone of them contains a CIC.
(a) A sound WF-system (N,Min), (b) a sound and well-structured WF-system (N′,Min′), (c) a CIC (N¯,M¯) in (N,Min), and (d) a CIC (N¯′,M¯′) in (N′,Min′).
If Algorithm 1 is applied in WF-net N, the CIC subnet N¯ shown in Figure 6(c) can be obtained, where ti:=t2, tj:=t3, tk:=t5, and (•t2∪t2•)∩(•t3∪t3•)=∅∧t5∈(t3•)•∧•t2∩•t5≠∅ is true. Hence, the sets P¯, T¯, and F¯ in N¯ can be computed; that is,
Algorithm 2 is applied to decide whether there exists a reachable marking M¯ in (N,Min) such that (N¯,M¯) is a CIC. First, the supports of three minimal P-invariants I1-I3, that is, ∥I1∥={pin,p1,p3,pout}, ∥I2∥={pin,p1,pout}, and ∥I3∥={pin,p2,p4,pout}, are obtained by computing [N]T·I=0. Then, the ILP depicted in line 8 of Algorithm 2 can be implemented and returns a value v=2. It implies that there exists a marking in WF-system (N,Min) such that places p1 and p2 in N¯ are marked. In other words, a confusion (N¯,M¯) with M¯=p1+p2 is detected, which will occur in the WF-system (N,Min). Similarly, in WF-system (N′,Min′), the confusion (N¯′,M¯′) shown in Figure 6(d) can be detected by the procedures of Algorithms 1 and 2. These examples show that the detection method developed in this paper can effectively detect confusions in WF-systems.
The WF-system (N′′,Min′′) shown in Figure 7(a) depicts a real-world case of complaint processes, which is reported in [9]. There are four structural conflicts K1=〈p3,{t3,t4}〉, K2=〈p4,{t8,t13}〉, K3=〈p6,{t6,t7}〉, and K4=〈p11,{t11,t12}〉, which implement the logical judgments of WF-system (N′′,Min′′) such that a complaint case can be complete. According to the study in this paper, the prerequisite of implementing reasonable logical judgment is that the WF-system (N′′,Min′′) is confusion-free. Hence, Algorithms 1 and 2 are considered in (N′′,Min′′). First, the confusion subnet N′′ shown in Figure 7(b) can be detected by Algorithm 1. However, a confusion with respect to N′′ will not occur in the WF-system (N′′,Min′′) since the ILP in Algorithm 2 returns the value v=2. It is shown that no reachable marking exists in the WF-system such that all the places p4, p6, and p7 in N′′ are marked. Finally, a conclusion that the complaint process will not cause a confusion and its WF-system is confusion-free is obtained. The WF-system can be correctly used to model and analyze complaint cases without considering the disappearance of any conflict.
(a) A real-world WF-system (N′′,Min′′) of complaint processes and (b) a CIC subnet N′′ in (N′′,Min′′).
5. Impact of Confusions on the Properties of WF-Systems
The algorithms developed in Section 4 show a policy to detect confusions in a WF-system. In the following, the impact of confusions on the properties of WF-systems is specified.
Property 2.
A sound and well-structured WF-net (N,Min) with cycles may contain confusions.
Proof.
The example shown in Figure 6(b) that is a sound and well-structured with a cycle. According to Algorithms 1 and 2, a CIC shown in Figure 6(d) can be obtained. Hence, a sound and well-structured WF-net (N,Min) with cycles may contain confusions.
Property 3.
An acyclic sound WF-system (N,Min) is not well structured if (N,Min) contains a confusion (N¯,M¯) with M¯≺M∈R(N,Min).
Proof.
There are two cases only for confusion subnet N¯.
Case (1). If N¯ is a CIC subnet, there must be three differentiable transitions ti, tj, and tk holding for (•ti∪ti•)∩(•tj∪tj•)=∅, tk∈(tj•)•, and •ti∩tk•≠∅. According to Definitions 1 and 3, and •ti∩tj•=∅, there must be some places and a transition t∈T¯ modeling an AND-split such that two different elementary paths C1=pin,…,t,…,pa,…,pout and C2=pin,…,t,…,pb,…,pout in N exist, where pa∈ti•, pb∈tj•, and pa≠pb. Otherwise, if t∉T¯, ∄M¯≺M∈R(N,Min) holding for M¯[ti〉 and M¯[tj〉. In other words, there is a dead transition between ti and tj in the extended WF-system (N~,Min), which violates the sound property. Hence, transition t necessarily exists.
(N,Min) is sound and transition t splits a token into multiple tokens. Hence, there must be some transitions and places with p∈P¯ modeling an AND-join such that the tokens in different places can converge to p. We can deduce that there exist two different elementary paths C1=pin,…,t,…,pa,…,p,…,pout and C2=pin,…,t,…,pb,…,p,…,pout in N. Otherwise, if p∉P¯, we can conclude that ∃M∈R(N,Min)∧M≥Mout⇏M=Mout. In other words, there are tokens in the places belonging to P¯∖{pin∪pout} at the terminal state in (N,Min), which also violates the sound property. According to C1 and C2, we have two different elementary paths C1′=t,…,pa,…,p and C2′=t,…,pb,…,p owing to pa≠pb. However, α(C1′)∩α(C2′)={t,p} cannot deduce C1′=C2′. According to Definition 4, (N,Min) is not well structured.
Case (2). If N¯ is a CDC subnet, there must be three differentiable transitions ti, tj, and tk holding for (•ti∪ti•)∩(•tj∪tj•)=∅, (•ti)•∩(•tj)•≠∅, and tk∈(•ti)•∩(•tj)•. WF-system (N,Min) is sound. Hence, there exists a marking M¯ with respect to M¯≺M∈R(N,Min) holding for M¯[ti〉 and M¯[tj〉. Otherwise, if M¯ does not exist, transition tk will be dead owing to tk∈(•ti)•∩(•tj)•≠∅. According to Definition 1, •ti∩tj•=∅ and ti•∩tj•=∅, there must be some places and a transition t∈T¯ modeling an AND-split and also exist some transitions and places with p∈P¯ modeling an AND-join to product two different elementary paths C1=pin,…,t,…,pa,…,p,…,pout and C2=pin,…,t,…,pb,…,p,…,pout, where pa∈ti•, pb∈tj•, and pa≠pb. Similarly, C1′=t,…,pa,…,p and C2′=t,…,pb,…,p are also two different elementary paths. According to Definition 4, (N,Min) is not well structured.
According to Property 3, confusions can affect the property “well-structured” of an acyclic sound WF-system. As an example, the acyclic sound WF-system shown in Figure 6(a) is not well structured owing to the existence of a CIC.
6. Conclusions and Future Work
Confusion detection problems in WF-systems are tackled in this paper. First, the work explores CICs and CDCs in a WF-system by formalizing them as a class of marked subnets with respect to the limitation of conflicts and concurrency. The disappearance of conflicts in a confusion can be described in such marked subnets, which motivates us to develop confusion detection methods proposed in this paper.
Second, a policy is developed to capture confusions, in which a detection algorithm is proposed to find confusion subnets in a WF-system and a decision algorithm based on ILP is proposed to decide whether the found subnets will eventually cause confusions at a reachable marking. The policy avoids computing the reachability graph of a WF-system. Two examples and a real-world case of WF-systems reported by van der Aalst [9] are used to illustrate the detection of confusions. The results show that the detection method is feasible and efficient.
Third, the impact of confusions on the properties of WF-systems is specified. A conclusion is obtained; that is, if an acyclic WF-system contains a confusion, it is certainly not well structured. Future work attempts to find the avoidance policy of confusions in WF-systems by using timing constraints in [3] or supervisory control in [6].
Conflict of Interests
The first author and any of the coauthors do not have any conflict of interests regarding this paper.
Acknowledgment
This work was supported in part by the National Natural Science Foundation of China under Grant no. 61374068, the Fundamental Research Funds for the Central Universities under Grant no. JB-ZR1130, and the National Natural Science Foundation of China under Grant no. 61304051.
TanW.ZhouM. C.2013Wiley-IEEE Pressvan der AalstW. M. P.AzmaP.BalboG.Verification of workflow nets19971248Berlin, GermanySpringer407426Lecture Notes in Computer Science10.1007/3-540-63139-9_48MR1606663LiJ. Q.FanY. S.ZhouM. C.Timing constraint workflow nets for workflow analysis20033321791932-s2.0-004187765310.1109/TSMCA.2003.811771LiJ. Q.FanY. S.ZhouM. C.Performance modeling and analysis of workflow20043422292422-s2.0-154239565710.1109/TSMCA.2003.819490MurataT.Petri nets: properties, analysis and applications19897745415802-s2.0-002464593610.1109/5.24143LiZ. W.ZhouM. C.2009London, UKSpringerLiZ. W.WuN. Q.ZhouM. C.Deadlock control of automated manufacturing systems based on Petri nets—a literature review20124244374622-s2.0-8005355132910.1109/TSMCC.2011.2160626van der AalstM. W. P.HeeK.2004Cambridge, UKThe MIT Pressvan der AalstM. W. P.van der AalstW.DeselJ.OberweisA.Workflow verification: finding control-flow errors using Petri-net-based tech niques20001806Berlin, GermanySpringer19128Lecture Notes in Computer ScienceXiongP. C.FanY. S.ZhouM. C.A Petri net approach to analysis and composition of web services20104023763872-s2.0-7724917654510.1109/TSMCA.2009.2037018LiX. T.FanY. S.ShengQ. Z.MaamarZ.ZhuH. W.A Petri net approach to analyzing behavioral compatibility and similarity of web services20114135105212-s2.0-7995546910510.1109/TSMCA.2010.2093884ChenY. F.LiZ. W.Design of a maximally permissive liveness-enforcing supervisor with a compressed supervisory structure for flexible manufacturing systems20114751028103410.1016/j.automatica.2011.01.070MR2878373LiZ. W.ZhouM. C.Two-stage method for synthesizing liveness-enforcing supervisors for flexible manufacturing systems using Petri nets2006243133252-s2.0-3375151113510.1109/TII.2006.885185RozenbergG.ThiagarajanP. S.de BakkerJ.de RoeverW.RozenbergG.Petri nets: basic notions, structure, behaviour1986224Berlin, GermanySpringer585668Lecture Notes in Computer Science10.1007/BFb0027048MR864726RozenbergG.EngelfrietJ.ReisigW.RozenbergG.Elementary net systems19981491Berlin, GermanySpringer12121Lecture Notes in Computer ScienceSmithE.On the border of causality: contact and confusion19961531-224527010.1016/0304-3975(95)00123-9MR1365742HaarS.Clusters, confusion and unfoldings2001473-4259270MR2009790BoltonC.FitzgeraldJ.HayesJ.TarleckiA.Adding conflict and confusion to CSP3582Proceedings of the International Symposium of Formal Methods Europe (FM '05)July 2005Springer205220Lecture Notes in Computer Science2-s2.0-26444584392BoltonC.DaviesJ.GibbonsJ.Capturing conflict and confusion in CSP4591Proceedings of the 6th International Conference on Integrated Formal Methods2007Springer413438Lecture Notes in Computer ScienceChenX.-L.LiZ.-W.Al-AhmariA. M.El-TamimiA. M.Abouel NasrE. S.Confusion diagnosis and control of descrete event systems using synchronized Petri nets20131561736175110.1002/asjc.690MR3130250KatoenJ.GSPNs revisited: simple semantics and new analysis algorithmsProceedings of the International Conference on Application of Concurrency to System Design2012Hamburg, Germany611MarsanM.BalboG.ConteG.DonatelliS.FranceschinisG.1995New York, NY, USAJohn Wiley & SonsHaarS.Occurrence net logics2000431–4105127MR1803265DuY. Y.JiangC. J.ZhouM. C.FuY.Modeling and monitoring of E-commerce workflows20091797995100610.1016/j.ins.2008.11.025MR2494130ChenY. F.LiZ. W.KhalguiM.MosbahiO.Design of a maximally permissive liveness-enforcing Petri net supervisor for flexible manufacturing systems2011823743932-s2.0-7995379710010.1109/TASE.2010.2060332LiZ. W.ZhouM. C.Elementary siphons of Petri nets and their application to deadlock prevention in flexible manufacturing systems200434138512-s2.0-074230743310.1109/TSMCA.2003.820576LiZ. W.ZhouM. C.Control of elementary and dependent siphons in Petri nets and their application20083811331482-s2.0-4094912427710.1109/TSMCA.2007.909548LiZ. W.ZhouM. C.WuN. Q.A survey and comparison of Petri net-based deadlock prevention policies for flexible manufacturing systems20083821731882-s2.0-4094911190510.1109/TSMCC.2007.913920LiZ. W.ZhouM. C.JengM. D.A maximally permissive deadlock prevention policy for FMS based on Petri net siphon control and the theory of regions2008511821882-s2.0-3814907254910.1109/TASE.2006.884674LiZ. W.ZhaoM.On controllability of dependent siphons for deadlock prevention in generalized Petri nets20083823693842-s2.0-4114913012710.1109/TSMCA.2007.914741LiZ. W.LiuG. Y.HanischH.-M.ZhouM. C.Deadlock prevention based on structure reuse of Petri net supervisors for flexible manufacturing systems20124211781912-s2.0-8465516486410.1109/TSMCA.2011.2147308DavidR.AllaH.2005Berlin, GermanySpringerMR2104104