Decidability Results for Soundness Criteria of Resource ... - UAIC

Download PDF
1 downloads 0 Views 395KB Size Report
Comment
whether the RCWF net is sound with respect to that marking. These soundness ...... Dunedin, New Zealand: Australian Computer Society, January. 2004, pp.
IEEE Transactions on SMC (Part A), vol. 42(1), 2012, 238-249.

1

Decidability Results for Soundness Criteria of Resource-Constrained Workflow Nets Ferucio Laurent¸iu T¸iplea and Corina Boc˘aneal˘a

Abstract—This paper focuses on the decidability status of various forms of behavioral correctness criteria for resource constrained workflow nets (Petri net models of resource constrained workflow systems). These behavioral correctness criteria, usually called soundness criteria, are natural extensions of similar correctness criteria for workflow nets (Petri net models of workflow systems). While all forms of soundness are known to be decidable for workflow nets, only soundness for resource constrained workflow nets with just one resource type is known to be decidable. In this paper we show that, if we limit the number of cases, then soundness for resource constrained workflow nets with arbitrarily many resource types is decidable. Moreover, we show that some “intermediate” forms of soundness, as well as a restrictive form of structural soundness for resource constrained workflow nets, are decidable too. The proof technique is based on instantiation nets as a general tool for dealing with arbitrarily many cases and arbitrarily large resources in workflow nets and resource constrained workflow nets. It is also shown why this technique cannot be extended to the most general form of soundness. Index Terms—Workflow system, Petri net, workflow net, resource constrained workflow net, soundness, decidability.

C ONTENTS I

Introduction

1

II

Preliminaries on Petri Nets and Workflow Nets

2

III Soundness of Resource-constrained Workflow Nets III-A Resource-constrained Workflow Nets . . III-B Soundness of Resource-constrained Workflow Nets . . . . . . . . . . . . . . III-C Closure Nets and Instantiation Nets . .

3 3 4 6

IV Deciding Soundness of Resource-constrained Workflow Nets 7 IV-A Deciding Soundness of RCWF Nets Under Specified Resources . . . . . . . . . 7 IV-B Deciding Soundness of RCWF Nets Under Unspecified Resources . . . . . . . 8 IV-C Deciding Structural Soundness of RCWF Nets . . . . . . . . . . . . . . . 11 V

Related Work and Conclusions

12

Ferucio Laurentiu Tiplea is with the Department of Computer Science, “Al.I.Cuza” University of Ias¸i, Ias¸i, Romania (e-mail: [email protected]). Corina Boc˘aneal˘a is with the Department of Mathematics and Computer Science, “Dun˘area de Jos” University, Galat¸i, Romania (e-mail: [email protected]).

References

12 I. I NTRODUCTION

The term workflow is used to specify the way of execution (and automation) of a collection of tasks of a well-defined complex process, such as a business process in an enterprise. Workflows can be classified in various ways. For instance, based on the repetitiveness and predictability of tasks and on the functionality of the workflow, the trade press classifies workflows into ad-hoc, production, and administrative workflows. The classification in [1] distinguishes between human-oriented and system-oriented workflows, while [2] divides workflow into three categories: mail-centric, documentcentric, and process-centric workflows. A specification of a workflow should incorporate execution dependencies between tasks, information flow between tasks, temporal constraints, resource constraints, exception handling and so on. Traditionally, workflow modeling has only focused on the control flow aspect in the specification [3], [4]. More recently, workflow models which take into consideration time constraints [5], [6], [7], [8], [9], [10], [11], [12], [13] and/or resource constraints [14], [15], [9], [16], [17], [18], [19], [12], [20], [21], have been proposed. As our paper deals with soundness properties of resource constrained workflows modeled by Petri nets, we will focus in the following on resource constrained workflows modeled by Petri nets and related soundness properties. a) Petri net based models of resource constraint workflows: The way in which Petri nets model workflows starts from the remark that tasks in a workflow usually have preconditions and post-conditions. Pre-conditions should hold before the task is executed, and post-conditions should hold after the task is executed. Thus, a Petri net model of a workflow models tasks by transitions and conditions by places. Cases, which are enactments of processes, are modeled by tokens. Petri net models of workflows are called workflow nets (WF nets). As with respect to resources, these are modeled in workflow nets by resource places. A resource place is a plain place associated with some resource type, which is connected to transitions according to the system specifications. The number of tokens in a resource place gives the number of resources of the same type that are available at a given moment in the workflow. Following this idea, [14] (see also [19]) has proposed the model of Workflow nets with resources (WFR nets). Closely related to WFR nets are resource-constrained workflow nets (RCWF nets) [16]. The main difference between WFR nets

2

and RCWF nets is that a WFR net is an RCWF net where each resource place has associated a place invariant. This supplementary requirement ensures resource preservation along executions in WFR nets, while resource preservation in RCWF nets is obtained by imposing soundness criteria. The approach in [9] has proposed the model of multidimension workflow nets as an extension of workflow nets with time, resource and organization information, while the one in [12] has proposed workflow nets with time and resource information where tasks are modeled by places. Colored Petri nets [18], general stochastic Petri nets [20], and nested Petri nets [21] have also been advocated as suitable models for the modeling and analysis of resource constrained workflows. The approaches in [15], [17] propose graph models for the analysis of resourceconstrained workflow specifications. b) Behavioral correctness criteria for workflow nets: A necessary prerequisite for the deployment of a workflow model is the verification of the model against some structural or behavioral correctness criteria. One of the most appealing behavioral correctness criterion is soundness [22], which means that proper termination of an workflow execution is ensured and no anomaly has occurred, such as deadlock or livelock. Soundness was originally formulated for unconstrained WF nets [22] and it gained much attention from researchers [14], [23], [24], [25], [19], [26]. Later, soundness was extended to WF nets with time constrains [10], [11], [27], [13] and to WF nets with resource constraints [14], [16], [19], [26], [28], [21]. The structural soundness criterion for WFR nets in [14] is a natural extension of the structural soundness criterion from WF nets [14], [24]. This criterion can be formulated for RCWF nets too. Another three behavioral correctness criteria for WFR nets and RCWF nets, called (k, R)-soundness, k-soundness, and soundness, were proposed in [19] and [16], respectively. These behavioral correctness criteria are obtained by extending the k-soundness and soundness criteria from WF nets in order to cope with resource allocation. Resources should be durable, that is, they can be claimed and released but not created or destroyed. Thus, no reachable marking on resource places should exceed the initial amount of resources, and, once all cases are completed all resources are released. Moreover, for k-soundness and soundness, the net should behave properly not only with some fixed amount of resources but also with any greater amount. Undoubtedly, it is of a crucial importance to know whether a workflow net with resource constraints satisfies a behavioral correctness criterion as the ones mentioned above. Thus, [14] proposes a characterization of structural soundness for circuitfree WFR nets, while [19] provides a characterization result for (k, R)-soundness of WFR nets, based on closure nets. According to it, an WFR net is (k, R)-sound if and only if its closure is bounded and live. As the boundedness and liveness are decidable properties for Petri nets, (k, R)-soundness for WFR nets is decidable too. Moreover, [19] provides some other interesting characterization results for k-soundness and soundness of particular subclasses of WFR nets, and all these results lead to decidability of k-soundness and soundness for particular subclasses of WFR nets. As with respect to RCWF nets, the only result known so far is the one announced in [28]

according to which soundness for RCWF nets with just one resource type is decidable. None of the Petri net based models of resource constrained workflow nets, except for WFR nets and RCWF nets, uses soundness or variations of it as a behavioral correctness criterion. c) Paper contribution and organization: As far as we are concerned, the decidability status of the k-soundness and soundness problems for general WF nets with (arbitrarily many) resources is still open. In this paper we make a step further and show that the k-soundness for general RCWF nets is decidable. For this, we gradually refine the soundness criteria for RCWF nets by taking into consideration the number of cases a RCWF net should be able to correctly process and the amount of available resources. These soundness criteria can be grouped into three classes. The first class is that of soundness criteria under specified resources, where some marking on resource places is given and the main question is to decide whether the RCWF net is sound with respect to that marking. These soundness criteria are studied in an uniform way by using instantiation nets, and it is shown that all of them are decidable. The second class of soundness criteria is that under unspecified resources. In this case, the main question is to decide whether there is a marking on resource places that makes sound the RCWF net. It is shown that k-soundness for RCWF nets is equivalent to the k-soundness with respect to some minimal marking on resources. Moreover, it is decidable if this minimal marking exists and, it can be effectively computed when exists. Thus, k-soundness for general RCWF nets is shown decidable. The characterization above cannot be extended to soundness due to the fact that in this case no minimal markings as those obtained for k-soundness might exist. The last class of soundness criteria consists of two forms of structural soundness for RCWF nets. One of these, namely structural R-soundness, is shown decidable, while the other one “seems” as hard as the soundness problem. Although k-soundness can be thought as a sufficient behavioral correctness criterion for RCWF nets in practice, the decidability of soundness for RCWF nets remains a challenging open problem in the theory of workflow nets. To this, we add one more open problem, namely, the problem of deciding structural soundness for RCWF nets under unspecified resources. The paper is organized into five sections. The second one introduces basic concepts and notations on Petri nets and workflow nets. In Section III we recall the concept of an RCWF net as well as various forms of soundness criteria for RCWF nets. The decidability status of these soundness criteria is studied in Section IV. The last section discusses related work to the topic of our paper and presents final conclusions and a few open problems. II. P RELIMINARIES ON P ETRI N ETS AND W ORKFLOW N ETS In this section we review the basic terminology, concepts, notations, and results concerning Petri nets and workflow nets.

3

The set of integers is denoted by Z, and N stands for the set of non-negative integers (natural numbers). The free monoid generated by a set A under the concatenation operation is denoted by A∗ , and λ is its unity (the empty word); A+ stands for A∗ − {λ}. If f : A → B is a function and C ⊆ A, then f |C denotes the restriction of f to C (i.e., f |C : C → B and f |C (a) = f (a), for any a ∈ C). A Petri net [29] is a tuple Σ = (S, T, F, W ), where S and T are two finite sets (of places and transitions, respectively), S ∩ T = ∅, F ⊆ (S × T ) ∪ (T × S) is the flow relation, and W : (S × T ) ∪ (T × S) → N is the weight function of Σ verifying W (x, y) = 0 iff (x, y) ∈ / F . Given x ∈ S ∪ T , denote • x = {y|(y, x) ∈ F } and x• = {y|(x, y) ∈ F }. A marking of Σ is any function M ∈ NS from S into N, usually denoted as an S-indexed vector. The transition relation of a Petri net Σ states that a transition t is enabled at a marking M , denoted M [tiΣ , if M (s) ≥ W (s, t) for all s ∈ S. If t is enabled at M , then it can fire yielding a new marking M ′ given by M ′ (s) = M (s) − W (s, t) + W (t, s) for all s ∈ S; we denote this by M [tiΣ M ′ . The transition relation is usually extended to sequences of transitions. When there is a sequence w ∈ T ∗ such that M [wiΣ M ′ we say that M ′ is reachable (from M in Σ). We denote by [M iΣ the set of all reachable markings (from M ) in Σ. When no confusion may arise we simplify the notation [·iΣ to [·i. Given a Petri net Σ and a non-empty sequence x ∈ T + , define the functions ∆x : S → Z and x− : S → N as follows: • if x = t ∈ T , then ∆t(s) = W (t, s) − W (s, t) and t− (s) = W (s, t), for any s ∈ S; + • if x = yt, where y ∈ T and t ∈ T , then ∆x = ∆y +∆t and  − y (s), if t− (s) ≤ y − (s) + ∆y(s) x− (s) = − t (s) − ∆y(s), otherwise,

1) Σ has two special places i and o called the input and, respectively, the output place of Σ. They satisfy • i = ∅ and o• = ∅; 2) Any node x ∈ S ∪ T in the graph of Σ is on a path from i to o. Given a WF net Σ, a place s of it, and an integer k ≥ 1, we denote by Mks the marking given by Mks (s) = k and Mks (s′ ) = 0, for all s′ 6= s. When k = 1 the notation is simplified to Ms . A WF net should satisfy some “behavioral correctness criteria”. The first such criterion (for WF nets) was formulated in [3] and it was called soundness. It corresponds to one case handling by a WF net and consists of: • for any case, the procedure (represented by the WF net) eventually terminate; • when the procedure terminates the place o should be marked by exactly one token and the other places should be unmarked; • there are no dead tasks (that is, it should be possible to execute each task by following the appropriate route through the WF net). Later, soundness was generalized to k-soundness [14] which corresponds to multiple case handling, and to generalized soundness [23] which corresponds to arbitrarily many case handling by WF nets. Structural soundness, which means ksoundness for some k, was also considered [14], [24]. ksoundness, generalized soundness, and structural soundness are all decidable for WF nets [14], [23], [24]. In this paper we will use the soundness criteria in a simplified form as they are defined in [16]. Thus, we say that a workflow net Σ is k-sound, where k ≥ 1, if Mko ∈ [M i for all M ∈ [Mki i. Σ is called sound if it is k-sound for all k ≥ 1.

for any s ∈ S. x gives the minimal marking at which x can fire at in Σ. Therefore, x is enabled at a marking M if and only if x− ≤ M . Moreover, if x is enabled at M and M [xiM ′ , then M ′ = M + ∆x. Let M0 be a marking of a Petri net Σ. We say that: • Σ is bounded with respect to M0 if [M0 i is finite (this is equivalent to saying that there exists n ≥ 1 such that M (s) ≤ n for all reachable markings M and all places s); ′ ′ ′ • Σ is M -bounded on S with respect to M0 , where S is a subset of places and M ′ is a marking on S ′ , if M |S ′ ≤ M ′ , for all M ∈ [M0 i; • a transition t of Σ is live with respect to M0 if for any M ∈ [M0 i there exists M ′ ∈ [M i such that M ′ [ti; • Σ is live with respect to M0 if all its transitions are live with respect to M0 ; • a marking M is a home marking of Σ with respect to M0 if M ∈ [M ′ i for all M ′ ∈ [M0 i. All the properties above (boundedness, liveness, home marking) are decidable for Petri nets [30], [31]. A workflow net [3] (WF net) is a Petri net Σ with the following two properties:

III. S OUNDNESS OF R ESOURCE - CONSTRAINED W ORKFLOW N ETS



In this section we recall the workflow model we are going to use throughout this paper (Section III-A), the soundness properties we are going to study (Section III-B), and two basic constructions, closure nets and instantiation nets, that will intensively be used in order to develop the basic results of the paper (Section III-C). A. Resource-constrained Workflow Nets As we have already mentioned in Section I, the goal of this paper is to advance the research on the decidability status of the soundness properties of resource constrained workflow nets (RCWF nets) as introduced in [16]. Therefore, we shall recall here the concept of an RCWF net. For this, we will use place-extensions of workflow nets, i.e., Petri nets obtained by adding new places to a given workflow net and connecting the transitions of the workflow net with the new places in an arbitrary but fixed manner. Definition 3.1: A place-extension of a Petri net Σ is any Petri net Σ′ such that S ⊆ S ′ , T ′ = T , F ′ |S×T ∪T ×S = F , and W ′ |S×T ∪T ×S = W .

4

A place-extension Σ′ of Σ is called empty if S ′ = S. Otherwise, it is called non-empty. Definition 3.2: Let Σ be a WF net. A resource constrained workflow net (RCWF net, for short) associated to Σ, is any non-empty place-extension Σr of Σ. If Σr is an RCWF net associated to Σ, then Σ will be called the underlying WF net or the production net of Σr . Places in Σr which are not in Σ are called resource places. In what follows we will simply say “Σr is an RCWF net” instead of “Σr is an RCWF net associated to the WF net Σ”, understanding implicitly that the production net of Σr is Σ. Moreover, we will write Σr as a 4-tuple Σr = (S ∪ S r , T, F ∪ F r , W ∪ W r ), where S ∩ S r = ∅, F r ⊆ S r × T ∪ T × S r , and W r : S r × T ∪ T × S r → N verifies W r (x, y) = 0 iff (x, y) 6∈ F r . The underlying WF net of Σr is Σ = (S, T, F, W ) and the resource places are those in S r . In order to avoid any confusion when talking about an RCWF net Σr , either Σ or S r will explicitly be specified together with Σr (one can easily see that Σ can be obtained from Σr and S r , and S r can be obtained from Σr and Σ). Example 3.1: In Figure 1 an RCWF net Σr with just one resource place r is graphically represented. Its underlying WF net Σ is obtained from Σr by removing the place r and the corresponding arcs. s1

t1

t2 o

i s2 t4

t3

3

2 r

Fig. 1.

An RCWF net

This RCWF net models a production system where (industrial) products are processed in two steps. The first step is modeled by t1 and the second one by t2 . After the first step, on a random basis, a verification process can be initiated by t3 . This transition needs two resources (measuring and control instruments) from r. After this step is completed, a transition t4 which needs one more resource, completes the verification process. Finally, t4 releases the three resources needed in the verification process and also the product for being further processed by t2 . A marking of an RCWF net Σr will be written as a pair (M, R), where M is a marking over S and R is a marking over S r (i.e., M is a function from S into N, whereas R is a function from S r into N). R will also be called a resource marking.

B. Soundness of Resource-constrained Workflow Nets Any RCWF net should satisfy some behavioral correctness criteria. For instance, a behavioral correctness criterion for the RCWF net in Example 3.1 could be the following one. If k products are to be processed by this RCWF net (that is, the place i is initially marked by k) then all these k products should eventually be processed (that is, the place o should eventually be marked by k). Moreover, if m resources are initially available in place r, then the number of resources should not increase more than m during the production process and, finally, when all products are processed, the number of resources in r should be m. This correctness criterion is not satisfied by the RCWF net in Example 3.1 if m = 2k. This is because the transition t1 can be applied k times in a row, then t3 can be applied k times in a row and, in such a way, the net behavior is blocked. Consequently, no token will reach the place o. However, if m = 2k + 1, the RCWF net in Example 3.1 satisfies this correctness criterion. Our discussion above shows that the behavioral correctness criteria an RCWF net should satisfy may depend on the number of cases to be processed and/or on the number of available resources. This led researchers to define caseand/or resource-dependent correctness criteria (usually called soundness criteria or soundness properties). Following [14], [16], [28], [19], consider the next variants of soundness for RCWF nets. Definition 3.3: Let Σr be an RCWF net, k ≥ 1 an integer, and R a marking on S r . 1) Σr is called (k, R)-sound if, for any (M, R′ ) ∈ [Mki , RiΣr , the following properties hold: a) R′ ≤ R; b) (Mko , R) ∈ [M, R′ iΣr . r 2) Σ is called (≥k, R)-sound if Σr is (m, R)-sound, for all m ≥ k. 3) Σr is called (k, ≥R)-sound if Σr is (k, R′ )-sound, for all R′ ≥ R. 4) Σr is called (≥k, ≥R)-sound if Σr is (m, R′ )-sound, for all m ≥ k and R′ ≥ R. 5) Σr is called k-sound if there exists R such that Σr is (k, ≥R)-sound. 6) Σr is called (≥k)-sound if there exists R such that Σr is (≥k, ≥R)-sound. 7) Σr is called (≤k)-sound if there exists R such that Σr is (m, ≥R)-sound, for any 1 ≤ m ≤ k. 8) Σr is called sound if there exists R such that Σr is (≥1, ≥R)-sound. A few words about the soundness concepts in Definition 3.3 are in order. A sound RCWF net model of a workflow guarantees that the model is capable to process correctly arbitrarily many cases with unbounded resources. However, it turns out to be quite difficult (if not impossible) to always model workflows by sound RCWF nets. Moreover, in practice it may suffice to have models capable to process only a limited number of cases under unbounded, or even bounded,

5

resources. Definition 3.3(1-7) lists a number of intermediate versions of soundness, weaker than soundness, that may suffice in practice. The soundness concepts from Definition 3.3(1-4) might be called soundness criteria under specified resources because, for each of them, the resource marking R is given and the soundness should be checked with respect to R or all R′ ≥ R. On the other side, the soundness concepts from Definition 3.3(5-8) might be called soundness criteria under unspecified resources because, for each of them, the resource marking R which makes the RCWF net sound should be found. (k, R)-soundness, k-soundness, and soundness are precisely the correctness criteria considered in [16]. They were considered in [19] too, but there they have one more constraint namely, there is no dead transitions. The other soundness criteria in Definition 3.3 were considered just for technical reasons in order to pass from one to another in an incremental way. Example 3.2: The RCWF net Σr in Example 3.1 is (k, ≥ (2k + 1))-sound for any k ≥ 1 ((2k + 1) is the marking on the resource r). However, Σr is not (≥ k, ≥ (2k + 1))sound. Indeed, the transition sequence tk+1 tk+1 applied to 1 3 ′ ′ ′ (M(k+1)i , (2k + 2)) yields (M , R ) with M (s1 ) = R′ (r) = 0 and M ′ (s2 ) = k + 1. As no transition is enabled at this marking, we deduce that (M(k+1)o , (2k + 2)) is not reachable from (M ′ , R′ ). Therefore, Σr is not ((k + 1), (2k + 2))-sound. The following remarks are meant to clarify the relationship between soundness of RCWF nets and soundness of their underlying WF nets. r

Remark 3.1: 1) If an RCWF net Σ is (k, ≥ R)sound for some R, then its underlying WF net Σ is k-sound. Indeed, for any transition sequence u which leads Σ from Mki to some marking M , there exists a resource marking R′ ≥ R such that (Mki , R′ )[uiΣr (M, R′′ ), for some R′′ . The (k, R′ )soundness of Σr assures the existence of a transition sequence v such that (M, R′′ )[viΣr (Mko , R′ ) and, therefore, M [viΣ Mko which shows that Σ is k-sound. 2) From the above remark we obtain that if an RCWF net Σr is k-sound or sound, then Σ is k-sound or sound, respectively. 3) It is worth to mention that only (k, R)-soundness of an RCWF net Σr might not lead to the k-soundness of its underlying WF net Σ. Let us consider, for instance, the RCWF net in Figure 2. It is (1, (1))-sound but its underlying WF net is not 1-sound ((1) is the marking on the resource r). Moreover, its underlying WF net is not even bounded. As we can see from Remark 3.1(2), soundness of RCWF nets under a fixed number k of cases and unbounded resources (namely, k-soundness) implies soundness of their underlying WF nets under the same number k of cases. Moreover, the requirement to have “unbounded resources” is crucial for this (Remark 3.1(3)).

t4

t2

s2

t3

s1

s3

t1

t5 r o

i

Fig. 2. A (1, (1))-sound RCWF net whose underlying WF net is not 1-sound

It is easy (but interesting) to see that (≥k, R)-soundness is equivalent to (≥1, R)-soundness. Proposition 3.1: Let k ≥ 1. An RCWF net Σr is (≥k, R)sound if and only if Σr is (≥1, R)-sound. Proof: Clearly, if Σr is (≥ 1, R)-sound, then Σr is (≥ k, R)-sound, for any k ≥ 1. Conversely, assume that Σr is (≥k, R)-sound for some k > 1 and let 1 ≤ m < k. If Σr is not (≥m, R)-sound, then there exists a transition sequence u and a computation (Mmi , R)[uiΣr (M, R′ ) such that R′ 6≤ R or (Mmo , R) 6∈ [M, R′ iΣr . As Σr is (k, R)-sound, there exists a transition sequence w such that (Mki , R)[wiΣr (Mko , R). But then, (M(k+m)i , R)[wiΣr (Mko + Mmi , R)[uiΣr (Mko + M, R′ ) which shows that R′ 6≤ R or (M(k+m)o , R) 6∈ [Mko + M, R′ iΣr , contradicting the (k + m, R)-soundness of Σr . Therefore, Σr is (m, R)-sound for any 1 ≤ m < k, showing that Σr is (≥1, R)-sound. Directly from Proposition 3.1 we obtain: Corollary 3.1: Let Σr be an RCWF net and k ≥ 1 an integer. Then, the following properties hold: 1) Σr is (≥k, ≥R)-sound if and only if Σr is (≥1, ≥R)sound. 2) Σr is (≥k)-sound if and only if Σr is sound. As it was remarked in [14], in many practical applications of WF nets it is important to consider the number of cases as parameters, and to monitor the number of cases which can be processed simultaneously such that the soundness property is satisfied. This led the authors of [14] to introduce the concept of structural soundness of WF nets and systems of WFR nets. We recall here this concept with slight variations and adapted to RCWF nets. Definition 3.4: Let Σr be an RCWF net. 1) Σr is called structurally R-sound, where R is a marking on S r , if there exists k ≥ 1 such that Σr is (k, R)-sound.

6

t2

2) Σr is called structurally sound if there exist k ≥ 1 and a marking R on S r such that Σr is (k, R)-sound.

p1

p3

t1

Clearly, if an RCWF net is sound then it is structurally sound.

t3 p2

Σr

C. Closure Nets and Instantiation Nets Some of the characterization results of the soundness property for WF nets are based on closure nets [3], [14] and instantiation nets [25]. Recall here these concepts and extend them to RCWF nets. Given a WF net Σ and an integer k ≥ 1, define the kclosure of Σ [3], [14] as being the Petri net Σ∗ obtained by adding to Σ a new transition t∗ and two new arcs (o, t∗ ) and (t∗ , i) with weight k. This construction can be generalized to RCWF nets as follows. Given an RCWF net Σr , an integer k ≥ 1, and R a marking on S r , define the (k, R)-closure of Σ as being the Petri net (Σr )∗ obtained by adding to Σr a new transition t∗ , two new arcs (o, t∗ ) and (t∗ , i) with weight k, and, for each r ∈ R, two new arcs (r, t∗ ) and (t∗ , r) with weight R(r).

r

s1

t1

t2 o

i s2 t4

t3 r

3 k

2k + 1

tr,1

tr,3

pr,1

pr,3

for each r

tr,2 A case-resource instantiation net associated to Σr

If we remove, in the construction in Figure 4, all transitions and places from (1) above, then the Petri net such obtained will be called the resource instantiation net associated to Σr , and if we remove all transitions and places associated to resource places (those from (2) above) then the Petri net such obtained will be called the case instantiation net associated to Σr . The later one is exactly the instantiation net associated to a WF net [25]. Example 3.4: A resource instantiation net associated to the RCWF net in Example 3.1 is pictorially represented in Figure 5.

2 2k + 1

Sr

pr,2

Fig. 4.

Example 3.3: A (k, (2k + 1))-closure net associated to the RCWF net in Example 3.1 is pictorially represented in Figure 3 ((2k + 1) is the marking on the resource r).

o

i

k

s1

t1

t2 o

i t∗ Fig. 3. A (k, (2k + 1))-closure net associated to the RCWF net in Example 3.1

s2 t4

3

r

Given an RCWF net Σ , define the case-resource instantiation net associated to Σr as being the Petri net Σ′ graphically represented in Figure 4. Σ′ is obtained by adding to Σr the following transitions and places: (1) transitions t1 , t2 , and t3 , and places p1 , p2 , and p3 . t1 pumps arbitrarily many tokens in i and in p2 (p2 counts the number of tokens pumped by t1 into i). The transition t2 disables t1 at some time, and enables t3 to compare the number of tokens in o against those in p2 ; (2) transitions tr,1 , tr,2 , and tr,3 , and places pr,1 , pr,2 , and pr,3 , for any resource place r ∈ S r . The meaning of these transitions and places is similar to those above.

t3 r

2

pr,2 tr,1

tr,3

pr,1

pr,3 tr,2

Fig. 5. A resource instantiation net associated to the RCWF net in Example 3.1

If Σ′ is a case-resource instantiation net associated to Σr ,

7

k ≥ 1 is an integer, and R is a marking on S r , denote by Mki,R and Mko,R the markings of Σ′ given by: r • Mki,R marks the place i by k tokens, S by R, and the places p1 and pr,1 by one token each, for all r ∈ S r (all the other places are unmarked); r • Mko,R marks the place o by k tokens, S by R, and the places p3 and pr,3 by one token each, for all r ∈ S r (all the other places are unmarked). In a similar way are defined Mki,R and Mko,R for a case or resource instantiation net. These notations are simplified to Mi,R and Mo,R when k = 1. The following lemma establishes the relationships between RCWF nets and their instantiation nets. Lemma 3.1: Let Σr be an RCWF net, k ≥ 1 an integer, and R a marking on S r . Then: 1) Mko,R is a home marking of the case instantiation net of Σr w.r.t. Mki,R if and only if, for any m ≥ k, if (M, R′ ) ∈ [Mmi , RiΣr , then (Mmo , R) ∈ [M, R′ iΣr . 2) Mko,R is a home marking of the resource instantiation net of Σr w.r.t. Mki,R if and only if, for any R′ ≥ R, if (M, R′′ ) ∈ [Mki , R′ iΣr , then (Mko , R′ ) ∈ [M, R′′ iΣr . 3) Mko,R is a home marking of the case-resource instantiation net of Σr w.r.t. Mki,R if and only if, for any m ≥ k and R′ ≥ R, if (M, R′′ ) ∈ [Mmi , R′ iΣr , then (Mmo , R′ ) ∈ [M, R′′ iΣr . Proof: It follows exactly the same line as the proof of Theorem 2 in [25] and, therefore, it is omitted. IV. D ECIDING S OUNDNESS OF R ESOURCE - CONSTRAINED W ORKFLOW N ETS Each of the soundness concepts in Definition 3.3 and Definition 3.4 leads to a corresponding decision problem. For instance, the (k, ≥R)-soundness decision problem is the problem to decide, given an RCWF net Σr , an integer k ≥ 1, and a resource marking R, whether Σr is (k, ≥R)-sound. We will prove that all these decision problems, but (≥k)soundness (and, therefore, soundness) and structural soundness, are decidable. The main idea is to combine the instantiation net technique in [25] with some special properties a k-sound RCWF net should satisfy. A. Deciding Soundness of RCWF Nets Under Specified Resources In this section we will focus on the decidability status of the soundness criteria for RCWF nets under specified resources. A characterization result for k-soundness of WF nets, based on their k-closure, was proposed in [14]. Later [19], this result was extended to WFR nets. As RCWF nets are not exactly WFR nets, and as the soundness concepts we use are not exactly those from [19], the characterization result in [19] does not work for RCWF nets. However, we can adapt it as follows. Proposition 4.1: Let Σ be a WF net, Σr an RCWF net associated to Σ, k ≥ 1 an integer, and R a marking on S r . Then, the following properties hold:

1) Σ is k-sound if and only if its k-closure Σ∗ is bounded w.r.t. Mki and t∗ is live w.r.t. Mki . 2) Σr is (k, R)-sound if and only if Σr is R-bounded on S r w.r.t. (Mki , R), its (k, R)-closure (Σr )∗ is bounded w.r.t. (Mki , R), and t∗ is live w.r.t. (Mki , R). 3) Σr is (k, R)-sound if and only if Σr is R-bounded on S r w.r.t. (Mki , R), and (Mko , R) is a home marking of Σr w.r.t. (Mki , R). Proof: (1) If Σ is k-sound then its k-closure Σ∗ is bounded and live [14] w.r.t. Mki and, therefore, Σ∗ is bounded w.r.t. Mki and t∗ is live w.r.t. Mki . Conversely, assume that the k-closure Σ∗ of Σ is bounded w.r.t. Mki and t∗ is live w.r.t. Mki , and let M ∈ [Mki iΣ . Then, there exists M ′ reachable from M such that M ′ [t∗ iΣ (by the liveness of t∗ ). Therefore, M ′ (o) ≥ k. One can easily see that Σ∗ would be unbounded if we assume M ′ > Mko . Therefore, Σ is k-sound. (2) Assume first that Σr is (k, R)-sound. If we assume that (Σr )∗ is not bounded w.r.t. (Mki , R), then there are two reachable markings (M1 , R1 ) and (M2 , R2 ) from (Mki , R) such that (M1 , R1 ) < (M2 , R2 ). The marking (Mko , R) should be reachable from (M1 , R1 ) by some transition sequence w. It is clear that w is enabled at (M2 , R2 ) and the marking yielded by applying w at (M2 , R2 ) is strictly greater than (Mko , R), contradicting the (k, R)-soundness of Σr . The R-boundedness on S r w.r.t. (Mki , R) and liveness of ∗ t w.r.t. (Mki , R) are direct consequences of (k, R)-soundness of Σr . Conversely, let (M1 , R1 ) be a reachable marking from (Mki , R). By R-boundedness on S r w.r.t. (Mki , R) we have R1 ≤ R, and by liveness of t∗ w.r.t. (Mki , R) we have that there exists (M2 , R2 ) reachable from (M1 , R1 ) such that M2 ≥ Mko and R2 ≥ R. Using again the R-boundedness property on S r we obtain R2 = R. If we assume that M2 > Mko , then (Σr )∗ would be unbounded w.r.t. (Mki , R). Therefore, (M2 , R2 ) = (Mko , R), which shows that Σr is (k, R)-sound. (3) Definition 3.3(1a) is equivalent to the R-boundedness on S r w.r.t. (Mki , R), and Definition 3.3(1b) is equivalent to the property “(Mko , R) is a home marking of Σr w.r.t. (Mki , R)”. The items (1) and (2) of Proposition 4.1 show how the ksoundness characterization based on k-closures extends from a WF net Σ to an RCWF net whose underlying WF net is Σ. Corollary 4.1: The (k, R)-soundness problem for RCWF nets is decidable. Proof: From Proposition 4.1(2) and from the fact that R-boundedness, boundedness, and transition liveness are all decidable for Petri nets. Proposition 4.2: Let Σr be an RCWF net, k ≥ 1 an integer, and R a marking on S r . Then, Σr is (≥k, R)-sound if and only if the following two properties hold: 1) Mko,R is a home marking of the case instantiation net of Σr w.r.t. Mki,R ; 2) Σr is R-bounded on S r w.r.t. (Mmi , R), for all m ≥ k.

8

t2

Proof: From definitions and Lemma 3.1(1).

p1

Corollary 4.2: The (≥k, R)-soundness problem for RCWF nets is decidable. Proof: The property in Proposition 4.2(2) is equivalent to the R-boundedness of the case instantiation net of Σr w.r.t. Mki,R . Therefore, the corollary follows from Proposition 4.2 and from the fact that the home marking and the Rboundedness problems are both decidable. Proposition 4.3: Let Σr be an RCWF net, k ≥ 1 an integer, and R a marking on S r . Then, Σr is (k, ≥R)-sound if and only if the following two properties hold: 1) Mko,R is a home marking of the resource instantiation net of Σr w.r.t. Mki,R ; 2) Σr is R′ -bounded on S r w.r.t. (Mki , R′ ), for all R′ ≥ R. Proof: From definitions and Lemma 3.1(2).

t1

Corollary 4.3: The (k, ≥ R)- and (≥ k, ≥ R)-soundness problems for RCWF nets are decidable. Proof: We will only focus on (≥ k, ≥ R)-soundness problem (the other case being similar to this). According to Proposition 4.4, we only need to show that the property (2) in this proposition is decidable. For this, we use the construction in Figure 6. Assume that Σr , starting with m ≥ k tokens into i and a resource marking R′ ≥ R on S r , reaches a marking (M1 , R1 ) with R1 6≤ R′ by some transition sequence u. Moreover, assume that u is minimal with this property in the sense that if we remove the last transition of u then the marking on S r is less than or equal to R′ . In the Petri net Σ′ in Figure 6 there exists a computation which proceeds as follows: ′ • first, m − k tokens are pumped by t1 into i and R (r) − R(r) tokens are pumped by tr,1 into r, for any r ∈ S r . We remark that R′ (r)−R(r) tokens are also inserted into r′ ; • then, u is applied. The marking obtained is M1 , on S, and R1 on S r ; ′ • if we assume that R1 (r) > R (r), then by applying ′ tr for R (r) − R(r) times, a marking M2 is reached with the property M2 (r′ ) = 0 and M2 (r) = R1 (r) − R′ (r) + R(r) > R(r). Moreover, M2 (r) − R(r) ≤ max{∆t(r)|t ∈ T }. As a conclusion, if a marking (M1 , R1 ) with R1 6≤ R′ is reachable in Σr from (Mmi , R′ ), for some m ≥ k and R′ ≥ R, then a marking M2 is reachable in Σ′ which has

t3 p2

Σr

o

i

r

tr tr,1 r

Sr

pr,2 tr,3



In a similar way to Proposition 4.3 we obtain the following result. Proposition 4.4: Let Σr be an RCWF net, k ≥ 1 an integer, and R a marking on S r . Then, Σr is (≥k, ≥R)-sound if and only if the following two properties hold: 1) Mko,R is a home marking of the case-resource instantiation net of Σr w.r.t. Mki,R ; 2) Σr is R′ -bounded on S r w.r.t. (Mmi , R′ ), for all m ≥ k and R′ ≥ R.

p3

pr,1

pr,3

for each r

tr,2 Fig. 6.

Testing property (2) in Proposition 4.4

the property M2 (r′ ) = 0 and R(r) < M2 (r) ≤ R(r) + max{∆t(r)|t ∈ T }, for some r ∈ S r . It is easy to see that the converse of this holds true as well. Therefore, the negation of the property (2) in Proposition 4.4 can be reduced to a few number of instances of the submarking reachability problem for Petri nets. As this problem is decidable [30], we deduce that the property (2) in Proposition 4.4 is decidable. Example 4.1: The proof of Corollary 4.3 highlights an algorithm to decide the (k, ≥R)- or (≥k, ≥R)-soundness of RCWF nets. The two main steps of this algorithm, applied to the RCWF net Σr in Example 3.1 in order to prove that it is (k, ≥(2k + 1))-sound (see also Example 3.2), are: – show that Mko,(2k+1) is a home marking of the resource instantiation net associated to Σr from Mki,(2k+1) (see Figure 5); – show that no marking M with M (r′ ) = 0 and M (r) = 2k + 2, or M (r′ ) = 0 and M (r) = 2k + 3, is reachable in the Petri net in Figure 7 (the numbers inside places i and r represents the initial marking of the net). B. Deciding Soundness of RCWF Nets Under Unspecified Resources Deciding soundness of RCWF nets under unspecified resources is much harder than deciding soundness under specified resources. The main difficulty occurs due to the fact that in this case a lower bound for the resource markings for which soundness is fulfilled should be estimated first, and then soundness should be checked with respect to this lower bound. We will show that such a lower bound can be computed in the case of k-soundness. The technique used to compute it does not scale to the case of soundness.

9

s1

t1 i

t2 o

k

s2 t4

t3

for any m ≥ 1. As there exists m ≥ 1 such that R1′ + m∆x|S r 6≤ R′ , Σr cannot be (k, R′ )-sound; a contradiction. Case 2: ∆x(r0 ) < 0 for some r0 ∈ S r . By the (k, R′ )soundness of Σr , there exists a transition sequence v such that (Mki , R′ )[uiΣr (M, R1′ )[xiΣr (M, R2′ )[viΣr (Mko , R′ ).

3

tr tr,1 r

r 2k + 1

From this it follows that ∆u|S r + ∆v|S r + ∆x|S r = 0. Consider now the least marking R′′ on S r such that R′′ ≥ ′ R and

2

pr,2 tr,3



pr,1

pr,3 tr,2

Fig. 7. Testing property (2) in Proposition 4.3 for Σr in Example 3.1 w.r.t. (Mki , (2k + 1))

Definition 4.1: Let Σ be a WF net and k ≥ 1 an integer. A loop sequence of Σ from Mki is any non-empty transition sequence w of Σ such that M [wiΣ M for some M ∈ [Mki iΣ . Denote by Ll (Σ, k) the set of all loop sequences of Σ from Mki . It is clear that if Ll (Σ, k) 6= ∅, then Ll (Σ, k) is infinite. Example 4.2: For any k ≥ 1, the transition sequence t3 t4 is a loop sequence from Mki of the underlying WF net of the RCWF net in Figure 1. Moreover, (t3 t4 )n is a loop sequence too, for any n ≥ 1. Loop sequences of the underlying WF net of a k-sound RCWF net do not change the resource markings. This is because, otherwise, arbitrarily large changes on resource places can be generated by iterating loop sequences, contradicting k-soundness. Formally, we have the following result. Lemma 4.1: Let Σr be an RCWF net and k ≥ 1 an integer. If Σr is k-sound then ∆x|S r = 0, for any x ∈ Ll (Σ, k). Proof: Let Σr be a k-sound RCWF net. Then, there exists a resource marking R such that Σr is (k, R′ )-sound for any R′ ≥ R. Given x ∈ Ll (Σ, k) there exist a transition sequence u and a marking M such that Mki [uiΣ M [xiΣ M . Moreover, one can easily see that there exists a resource marking R′ ≥ R such that (Mki , R′ )[uiΣr (M, R1′ )[xiΣr (M, R2′ ) for some resource markings R1′ and R2′ . By the (k, R′ )soundness of Σr we deduce that R1′ ≤ R′ and R2′ ≤ R′ . Now, assume by contradiction that ∆x|S r 6= 0. Then, two cases are to be considered: Case 1. ∆x(r) ≥ 0 for all r ∈ S r and ∆x(r0 ) > 0 for some r0 ∈ S r . Then, R2′ > R1′ and, therefore, x can fire at (M, R2′ ). As a matter of fact we have (M, R1′ )[xm iΣr (M, R1′ + m∆x|S r ),

(Mki , R′′ )[uiΣr (M, R1′′ )[xiΣr (M, R2′′ )[xiΣr (M, R3′′ ) [viΣr (Mko , R4′′ ) for some R1′′ , R2′′ , R3′′ , and R4′′ . From this it follows R4′′ = R′′ + ∆u|S r + ∆v|S r + 2∆x|S r = R′′ + ∆x|S r which shows that R4′′ 6= R′′ , contradicting the (k, R′′ )soundness of Σr . The next lemma specifies a very simple but important property of firebility in Petri nets. Lemma 4.2: Let Σ be a Petri net, x, y, z ∈ T ∗ , and M and M1 markings of Σ such that M [xiΣ M1 [yiΣ M1 . Then, M [xyziΣ if and only if M [xziΣ . Proof: If we assume M [xyziΣ , then there exists a marking M2 such that M [xiΣ M1 [yiΣ M1 [ziΣ M2 . But then, M [xiΣ M1 [ziΣ M2 which shows that M [xziΣ . Conversely, if M [xziΣ , then there exists a marking M2 such that M [xiΣ M1 [ziΣ M2 . As M1 [yiΣ M1 , it follows M [xiΣ M1 [yiΣ M1 [ziΣ M2 , which shows that M [xyziΣ . Definition 4.2: Let Σ be a WF net and k ≥ 1 an integer. A simple transition sequence of Σ from Mki is any nonempty transition sequence w = t1 · · · tm of Σ such that, if we denote Mki [t1 iΣ M1 · · · [tm iΣ Mm , then one of the following two properties holds: 1) Mm = Mko and Mi 6= Mj for any 1 ≤ i, j ≤ m with i 6= j; 2) Mm = Mp for some p < m and Mi 6= Mj for any 1 ≤ i, j < m with i 6= j. A simple transition sequence of Σ from Mki starts from Mki and either reaches Mko without repeating any marking or, if it reaches a marking already encountered, then it stops there. We denote by Ls (Σ, k) the set of all simple transition sequences of Σ from Mki .

10

Remark 4.1: Let Σ be a WF net. If Σ is k-sound, then Ls (Σ, k) is finite and can effectively be computed. This is a direct consequence of the fact that Σ is bounded with respect to Mki (Proposition 4.1(1)).

see that R1 should satisfy R1 ≤ R (otherwise, for any R′ ≥ R there exists R1′ such that (Mki , R′ )[uiΣr (M, R1′ ) and R1′ 6≤ R′ , which shows that Σr is not k-sound). By the k-soundness of Σ it follows that there exists v ∈ T ∗ such that Mki [uiΣ M [viΣ Mko . Then, Lemma 4.3 corroborated with the definition of RΣr ,k shows that

Given an RCWF net Σr and an integer k ≥ 1 such that Σ is k-sound, one can effectively compute Ls (Σ, k) and the least marking RΣr ,k with the property RΣr ,k ≥ w− |S r , for any w ∈ Ls (Σ, k). RΣr ,k gives the minimal amount of resources needed to all simple transition sequences of Σ from Mki in order to fire in Σr from (Mki , RΣr ,k ).

for some R′ . By a similar argument as the one above, one can easily show that R′ should be R. Hence, Σr is (k, ≥RΣr ,k )sound.

Example 4.3: If Σ is the underlying WF net of the RCWF net Σr in Figure 1, then Ls (Σ, 1) = {t1 t2 , t1 t3 t4 }. Moreover, by a simple computation we obtain RΣr ,k = (2k + 1) for any k ≥ 1. If Σ is the underlying WF net of the RCWF net Σr in m Figure 2, then Ls (Σ, 1) is infinite. It contains t1 tm 2 t4 t3 t5 , for all m ≥ 1. In this case, RΣr ,1 does not exist.

Corollary 4.4: k-soundness problem for RCWF nets is decidable. Proof: Let Σr be an RCWF net and k ≥ 1. If Σ is not ksound, then Σr is not k-sound (recall that k-soundness of WF nets is decidable). If Σ is k-sound, then RΣr ,k can effectively be computed. Then, the corollary follows from Theorem 4.1 and Corollary 4.3.

We will prove now an important result which shows that RΣr ,k is a sufficient resource marking to all transition sequences in Σ from Mki in order to fire in Σr , in case that Σr is k-sound.

The proof of Corollary 4.4 highlights the following algorithm for the decidability of the k-soundness problem for RCWF nets.

Lemma 4.3: Let Σr be an RCWF net and k ≥ 1 an integer. If Σr is k-sound, then RΣr ,k exists and (Mki , R)[wiΣr , for any R ≥ RΣr ,k and any w ∈ T + with Mki [wiΣ Mko . Proof: Assume that Σr is k-sound. Then, Σ is k-sound and, therefore, RΣr ,k can effectively be computed. Let R ≥ RΣr ,k and w ∈ T + such that Mki [wiΣ Mko . If w ∈ Ls (Σ, k) then, directly from the definition of RΣr ,k we have (Mki , R)[wiΣr . If w is not a simple transition sequence of Σ from Mki then, by inspecting from left to right the markings generated by w, we can decompose w into w = xyz such that xy is a simple transition sequence of Σ from Mki and y ∈ Ll (Σ, k). Then, from the definition of RΣr ,k we have (Mki , R)[xiΣr (M, R1 )[yiΣr (M, R1′ ), for some R1 and R1′ . Moreover, by Lemma 4.1, R1 = R1′ . But now, from Lemma 4.2 we have that (Mki , R)[xyziΣr if and only if (Mki , R)[xziΣr . Therefore, we may apply the procedure above to xz and, after finitely many steps we eventually obtain a simple transition sequence u ∈ Ls (Σ, k) such that (Mki , R)[wiΣr if and only if (Mki , R)[uiΣr . Now, lemma follows from the definition of RΣr ,k . We are now ready to prove our main result. Theorem 4.1: Let Σr be an RCWF net and k ≥ 1 an integer. Then, Σr is k-sound if and only if RΣr ,k exists and Σr is (k, ≥RΣr ,k )-sound. Proof: Clearly, if RΣr ,k exists and Σr is (k, ≥RΣr ,k )sound then Σr is k-sound. Conversely, assume that Σr is k-sound. By Lemma 4.3, RΣr ,k exists. Let R ≥ RΣr ,k and u ∈ T + such that (Mki , R)[uiΣr (M, R1 ) for some R1 . It is straightforward to

(Mki , R)[uiΣr (M, R1 )[viΣr (Mko , R′ ),

Algorithm 1: k-soundness of RCWF nets input : RCWF net Σr and integer k ≥ 1; output: “Σr is k-sound” if Σr is k-sound, and “Σr is not k-sound”, otherwise; begin if Σ is not k-sound then “Σr is not k-sound” else compute RΣr ,k ; if Σr is not (k, ≥RΣr ,k )-sound then “Σr is not k-sound” else “Σr is k-sound” end Corollary 4.5: Let Σr be an RCWF net and k ≥ 1 an integer. Then, Σr is (≤k)-sound if and only if RΣr ,k exists and Σr is (≤k, ≥RΣr ,k )-sound. Proof: If RΣr ,k exists and Σr is (≤k, ≥RΣr ,k )-sound, then Σr is (≤k)-sound. Conversely, if Σr is (≤k)-sound then Σ is m-sound for any 1 ≤ m ≤ k. Moreover, RΣr ,m can effectively be computed for all 1 ≤ m ≤ k and, RΣr ,m ≤ RΣr ,k , for any 1 ≤ m ≤ k. Then, the corollary follows from Theorem 4.1. Corollary 4.6: (≤k)-soundness problem for RCWF nets is decidable. Proof: Let Σr be an RCWF net and k ≥ 1. If Σ is not m-sound for all 1 ≤ m ≤ k, then Σr is not (≤k)-sound. If Σ is m-sound for all 1 ≤ m ≤ k, then RΣr ,k can effectively be computed and (m, ≥RΣr ,k )-soundness of Σr can be decided for any 1 ≤ m ≤ k.

11

Given an RCWF net Σr and an integer k ≥ 1, denote by RΣr ,≥k the minimal marking on S r , if it exists, with the property RΣr ,≥k ≥ w− |S r , for any w ∈ Ls (Σ, m) and m ≥ k. Corollary 4.7: Let Σr be an RCWF net and k ≥ 1 an integer. If RΣr ,≥k exists, then Σr is (≥ k, ≥ RΣr ,≥k )-sound if and only if Σr is (≥k)-sound. Proof: Similar to the proof of Corollary 4.5 but with the difference that RΣr ,m ≤ RΣr ,≥k , for all m ≥ k. As with respect to the characterization in Corollary 4.7, two important questions arise: •



Does there exist any (≥k)-sound RCWF net Σr for which RΣr ,≥k does not exist? Given an RCWF net Σr and k ≥ 1, is it decidable whether RΣr ,≥k exists?

The first question has a positive answer. Example 4.4: Consider the RCWF net Σr in Figure 8. As we can see, it is a simple variation of the RCWF in Figure 1: it includes a transitions t5 which undoes the effect of t3 . Thus, when Σr starts with (M(k+1)i , (2k+2)) and reaches a marking (M ′ , R′ ) by tk+1 tk+1 , where R′ (r) = 0, the transition t5 1 3 undoes the last t3 and then t4 can fire k times in a row. Then, , the marking (M(k+1)o , (2k +2)) is reached. by applying tk+1 2 Corroborating this with Example 3.2 we can easily obtain that Σr is (≥k, ≥(2k + 1))-sound, for any k ≥ 1. t1

s1

t2 o

i s2 t4

t3

C. Deciding Structural Soundness of RCWF Nets We will show in this section that structural R-soundness is decidable by using a technique similar to the one in [24]. Given Σr and a marking R on S r , denote by kΣr ,R the least k ≥ 1, if it exists, with the property (Mko , R) ∈ [Mki , RiΣr . Such a k ≥ 1 exists if and only if M0o,R is reachable from M0i,R in the case instantiation net of Σr . Therefore, it is decidable whether kΣr ,R exists and, when exists, it can be effectively computed. Proposition 4.5: An RCWF net Σr is structurally R-sound, where R is a marking on S r , if and only if kΣr ,R exists and Σr is (kΣr ,R , R)-sound. Proof: Clearly, if kΣr ,R exists and Σr is (kΣr ,R , R)sound, then Σr is structurally R-sound. Conversely, assume that Σr is structurally R-sound. Then, there exists k ≥ 1 such that Σr is (k, R)-sound. Therefore, kΣr ,R exists and can effectively be computed. Moreover, kΣr ,R ≤ k. We show that Σr is (kΣr ,R , R)-sound. Assume, by contradiction, that Σr is not (kΣr ,R , R)-sound. Then, there exists a computation (MkΣr ,R i , R)[uiΣr (M, R′ ), where u ∈ T ∗ , such that R′ 6≤ R or (MkΣr ,R o , R) 6∈ [M, R′ iΣr . We will discuss these two cases separately. Case 1: R′ 6≤ R. As kΣr ,R ≤ k, (Mki , R)[uiΣr (M ′ , R′ ), for some M ′ , which shows that Σr is not (k, R)-sound; a contradiction. Case 2: (MkΣr ,R o , R) 6∈ [M, R′ iΣr . Let w ∈ T ∗ such that (MkΣr ,R i , R)[wiΣr (MkΣr ,R o , R), and let m ≥ 1 and 0 ≤ n < kΣr ,R such that k = mkΣr ,R + n. Two new cases are to be considered: Case 2.1: n = 0. Then, (Mki , R)[wm−1 iΣr (M(m−1)kΣr ,R o + MkΣr ,R i , R) [uiΣr (M(m−1)kΣr ,R o + M, R′ )

t5 3

2

2

r Fig. 8. exist

A (≥k, ≥(2k + 1))-sound RCWF net for which RΣr ,≥k does not

However, RΣr ,≥k does not exist because, for any k ≥ 1, tk1 tk3 is a simple transition sequence of Σ and it needs at least (2k + 1) tokens into r in order to fire at (Mki , (2k + 1)). For the second question we do not have yet any answer, but we conjecture the following. Conjecture 4.1: It is decidable, given an RCWF net Σr and an integer k ≥ 1, whether RΣr ,≥k exists.

which shows that Σr is not (k, R)-sound because (MkΣr ,R o , R) is not reachable from (M, R′ ); a contradiction. Case 2.2: 0 < n < kΣr ,R . Then, (Mki , R)[wm iΣr (MmkΣr ,R o + Mni , R) which shows that Σr is not (k, R)-sound because (Mno , R) is not reachable from (Mni , R) (otherwise, n would contradict the choice of kΣr ,R ); a contradiction. As both possible cases led to a contradiction, our assumption is false and, therefore, Σr is (kΣr ,R , R)-sound. Corollary 4.8: The structural R-soundness problem for RCWF nets is decidable. Proof: As we have argued above, it is decidable whether kΣr ,R exists and, when exists, it can be effectively computed. Then, the corollary follows from Proposition 4.5 and Corollary 4.1.

12

By using Proposition 3.1 and Corollary 3.1, we obtain that the problem “exists k ≥ 1 such that Σr is (≥ k, R)sound ((≥k, ≥R)-sound)” is decidable because this problem is equivalent to the problem “Σr is (≥1, R)-sound ((≥1, ≥R)sound)”. As with respect to the structural soundness problem for RCWF nets, we do not have any solution. It seems that this problem is as hard as the soundness problem. V. R ELATED W ORK AND C ONCLUSIONS In this section we briefly discuss related work to the main topic of this paper, namely, soundness properties for Petri net based models of resource constraint workflows. There exists an impressive amount of work on using Petri nets to model and analyse resource management in flexible manufacturing systems ([32], [33] provide an excellent review on this topic). Most of this work deals with strategies to handle deadlock problems in flexible manufacturing systems. In contrast to this, researches on soundness properties of resource constraint workflow nets aim to construct robust Petri net based models that are free of deadlocks no matter of the available resource amount beyond a “minimal” one. A first approach along this direction was the one in [22] which proposed a behavioral correctness property for workflow nets, called soundness. In [14], the formalism of workflow nets was extended in order to cope with resource constraints. Thus, [14] has proposed workflow nets with resources (WFR nets) which are defined as RCWF nets are (Definition 3.2) but with the difference that they have one more constraint: for each resource place r there exists a positive place invariant whose support contains just one resource place, namely r. By associating a place invariant to each resource place, resource preservation along any process execution is ensured. The behavioral correctness property studied in [14] is that of structural soundness. For circuit-free WFR nets, structural soundness is equivalent to boundedness, quasi-liveness, and the controlled-siphon property with respect to some initial marking. Therefore, for this subclass of WFR nets, structural soundness is decidable. Later, in [19], three subclasses of WFR nets were identified, ordered WFR nets, root WFR nets, and closure consistent WFR nets, for which soundness can be structurally characterized and decided effectively. The approach in [16] to resource constrained workflows proposes resource constrained workflow nets (RCWF nets) as defined in Section III-A. As we have explained above, WFR nets are RCWF nets where a place invariant is associated to each resource place. Conversely, it can be shown that each resource place in a sound RCWF net has a place invariant [16]. In [28] it is shown that soundness of RCWF nets with just one resource type (place) is decidable. First, soundness is shown decidable for RCWF nets with just one resource type and whose production nets are state machines (i.e., each transition has exactly one pre-condition and exactly one post-condition). Then, soundness of RCWF nets with just one resource is reduced to the soundness of this particular subclass of RCWF nets. Our paper makes a step further in studying the decidability status of the soundness property for RCWF nets and shows

that the k-soundness of general RCWF nets (with arbitrarily many resource types) is decidable. This result was obtained by showing that an RCWF net can be k-sound if and only if it is (k, ≥R)-sound, where R is a minimal resource marking which enables all simple transition sequences of the underlying workflow net. Moreover, it is decidable when R exists and it can be effectively computed in such a case. This result does not hold for the soundness problem as there may exist sound RCWF nets for which such minimal markings do not exist. Another contribution of the paper is that it gradually refines soundness of RCWF nets, establishes necessary and sufficient conditions that can be decided effectively in an uniform way for each intermediate soundness criterion. The paper also tackles the structural soundness problem for RCWF nets [14]. When the resource marking R is a priori specified, this problem is shown to be decidable. Otherwise, the problem “seems” as hard as the soundness problem. Although soundness and structural soundness remain two important open problems, the (≤k)-soundness property (which was shown decidable in this paper) might be sufficient in practice because, in such a case, we can always estimate the maximum number k of cases that the workflow should be able to process. Acknowledgments. We would like to thank the anonymous referees for providing us with constructive comments and suggestions which have led to the improvement of the paper. R EFERENCES [1] D. Georgakopoulos, M. Hornick, and A. Sheth, “A overview of workflow management: From process modeling to workflow automation infrastructure,” Distributed and Parallel Databases, vol. 3, pp. 119–153, 1995. [2] C. Frye, “Move to workflow provokes business process scrutiny,” Software Magazine, 1994. [3] W. M. P. van der Aalst, “Three good reasons for using a Petri net based workflow management system,” in Proceedings of the International Working Conference on Information and Process Integration in Enterprises (IPIC’96), Cambridge, Massachusetts, 1996, pp. 179–201. [4] W. Sadiq and M. Orlowska, “On correctness issues in conceptual modeling of workflows,” in Proceedings of the 5th International Conference on Information Systems (ECIS’97). Cork, Ireland: IEEE Computer Society Press, 1997, pp. 19–21. [5] N. R. Adam, V. Atluri, and W. K. Huang, “Modeling and analysis of workflows using Petri nets,” Journal of Intelligent Information Systems, vol. 10, no. 2, pp. 131–158, March 1998. [6] S. Ling and H. Schmidt, “Time Petri nets for workflow modeling and analysis,” IEEE International Conference on Systems, Man, and Cybernetics (SMC’2000), vol. 4, pp. 3039–3044, 2000. [7] Q. Li, Y. S. Fan, and M. C. Zhou, “Approximate performance analysis of workflow model,” in Proceedings of IEEE International Conference on Systems, Man and Cybernetics, vol. 2. IEEE Computer Society Press, 2003, pp. 1175 – 1180. [8] ——, “Timing constraint workflow nets for workflow analysis,” IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, vol. 32, no. 2, pp. 179–193, 2003. [9] ——, “Performance modeling and analysis of workflow,” IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, vol. 34, no. 2, pp. 229–241, March 2004. [10] F. L. Tiplea and G. I. Macovei, “Timed workflow nets,” in Proceedings of the 7th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. Timis¸oara, Romania: IEEE Computer Society Press, September 2005, pp. 361–366. [11] ——, “E-timed workflow nets,” in Proceedings of the 8th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. Timis¸oara, Romania: IEEE Computer Society Press, September 2006, pp. 423–429.

13

[12] H. Wang and Q. Zeng, “Modeling and analysis for workflow constrained by resources and nondeterministic time: An approach based Petri nets,” IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, vol. 38, no. 4, pp. 802–817, July 2008. [13] F. L. Tiplea and G. I. Macovei, “Soundness for S- and A-timed workflow nets is undecidable,” IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans, vol. 39, no. 4, pp. 924–932, 2009. [14] K. Barkaoui and L. Petrucci, “Structural analysis of workflow nets with shared resources,” in Proceedings of the Workshop “Workflow Management: Net-based Concepts, Models, Techniques and Tools” WFM’98, W. v.d. Aalst, Ed., Lisbon, Portugal, June 1998, pp. 82–95. [15] S. Sadiq, M. Orlowska, W. Sadiq, and C. Foulger, “Data flow and validation in workflow modelling,” in Proceedings of the 15th Australasian Database Conference (ADC 2004), K.-D. Schewe and H. Williams, Eds., vol. 27. Dunedin, New Zealand: Australian Computer Society, January 2004, pp. 207–214. [16] K. van Hee, N. Sidorova, and M. Voorhoeve, “Resource-constrained workflow nets,” in Proceedings of Concurrency Specification and Programming, ser. Informatik-Bericht, G. Lindemann, Ed., no. 170. Caputh, Germany: Humboldt-Universitt zu Berlin, September 2004, pp. 166–177, (also in Fundamenta Informaticae, 71(2-3), 2006, 243-257). [17] H. Li, Y. Yang, and T. Y. Chen, “Resource constraints analysis of workflow specifications,” The Journal of Systems and Software, vol. 73, pp. 271–285, October 2004. [18] M. Netjes, W. M. P. van der Aalst, and H. A. Reijers, “Analysis of resource-constrained processes with colored Petri nets,” in Proceedings of the tth Workshop on Practical Use of Colored Petri Nets and CPN Tools (CPN 2005), K. Jensen, Ed. Aarhus, Denmark: DAIMI, October 2005, pp. 251–266. [19] K. Barkaoui, R. B. Ayed, and Z. Sbai, “Workflow soundness verification based on structure theory of Petri nets,” International Journal of Computing and Information Sciences, vol. 5, no. 1, pp. 51–61, April 2007. [20] C. Oliveira, R. Lima, T. Andre, and H. A. Reijers, “Modeling and analyzing resource-constrained business processes,” in Proceedings of IEEE International Conference on Systems, Man and Cybernetics. San Antonio, Texas: IEEE Computer Society Press, October 2009, pp. 2824– 2830. [21] O. Prisecaru, “The analysis of resource constrained workflows using Petri nets,” in Proceedings of the 8th International Workshop on Modeling, Simulation, Verification and Validation of Enterprise Information Systems (MSVVEIS 2010). Funchal, Madeira, Portugal: INSTICC Press, 2010, pp. 20–29. [22] W. M. P. van der Aalst, “Structural characterization of sound workflow nets,” Eindhoven University of Technology, Tech. Rep. 23, 1996. [23] K. van Hee, N. Sidorova, and M. Voorhoeve, “Generalised soundness of workflow nets is decidable,” in Proc. of the 25th International Conference on Application and Theory of Petri Nets, ser. Lecture Notes in Computer Science, vol. 3099, Bologna, Italy, 2004, pp. 197–216. [24] F. L. Tiplea and D. C. Marinescu, “Structural soundness of workflow nets is decidable,” Information Processing Letters, vol. 96, pp. 54–58, 2005. [25] F. L. Tiplea and A. Tiplea, “Instantiating nets and their applications to workflow nets,” in Proceedings of the 7th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. Timis¸oara, Romania: IEEE Computer Society Press, September 2005. [26] K. Barkaoui and R. B. Ayed, “Uniform verification of workflow soundness,” Transactions of the Institute of Measurements and Control, pp. 1–16, February 2010. [27] K. Barkaoui, H. Boucheneb, and A. Hicheur, “Modeling and analyzing time-constrained flexible workflows with time recursive petri nets,” in Proceedings of the 5th Workshop on Web Services and Formal Methods, W. v.d. Aalst, Ed., Milan, Italy, September 2008. [28] K. van Hee, A. Serebrenik, N. Sidorova, and M. Voorhoeve, “Soundness of resource-constrained workflow nets,” in Proceedings of the 26th International Conference on Application and Theory of Petri Nets, ser. Lecture Notes in Computer Science, G. Ciardo and P. Darondeau, Eds., vol. 3536, 2005, pp. 250–267. [29] C. Girault and R. Valk, Petri Nets for Systems Engineering. A Guide to Modeling, Verification, and Applications. Springer-Verlag, 2003. [30] J. Esparza and M. Nielsen, “Decidability issues for Petri nets,” BRICS, Tech. Rep. RS-94-8, 1994. [31] J. Esparza, “Decidability and complexity of Petri net problems - an introduction,” in Lectures on Petri Nets I: Basic Models, ser. Lecture Notes in Computer Science, G. Rozenberg and W. Reisig, Eds., 1998, vol. 1491, pp. 374–428.

[32] M. C. Zhou and N. Q. Wu, System Modeling and Control with ResourceOriented Petri Nets. CRC Press, 2009. [33] Z. W. Li, N. Q. Wu, and M. C. Zhou, “Deadlock control of automated manufacturing systems based on Petri nets – a literature review,” School of Electro-mechanical Engineering, Xidian University, Tech. Rep., 2010.