Collaboration vs. choreography conformance in BPMN

The BPMN 2.0 standard is a widely used semi-formal notation to model distributed information systems from different perspectives. The standard makes available a set of diagrams to represent such perspectives. Choreography diagrams represent global constraints concerning the interactions among system components without exposing their internal structure. Collaboration diagrams instead permit to depict the internal behaviour of a component, also referred as process, when integrated with others so to represent a possible implementation of the distributed system. This paper proposes a design methodology and a formal framework for checking conformance of choreographies against collaborations. In particular, the paper presents a direct formal operational semantics for both BPMN choreography and collaboration diagrams. Conformance aspects are proposed through two relations defined on top of the defined semantics. The approach benefits from the availability of a tool we have developed, named C4, that permits to experiment the theoretical framework in practical contexts. The objective here is to make the exploited formal methods transparent to system designers, thus fostering a wider adoption by practitioners

Une approche symbolique pour la vérification et le test des chorégraphies de services

L'ingénierie orientée services est un nouveau paradigme pour développer des logiciels distribués et collaboratifs. Un tel logiciel se compose de plusieurs entités, appelés services, chacun d'entre eux étant par exemple une application Web, un service Web, ou même un humain. Les services peuvent être développés indépendamment et sont composés pour atteindre quelques exigences. Les chorégraphies de service définissent ces exigences avec une perspective globale, basée sur les interactions entre des participants qui sont implémentés en tant que services. Cette thèse vise à formaliser des problèmes et tente d'élaborer un environnement intégré avec lequel les chorégraphies de services peuvent être développés correctement pour les deux types d'approches de développement: l'approche descendante et l'approche ascendante. Elle consiste à analyser la relation entre une spécification de chorégraphie et une implémentation de la chorégraphie au niveau du modèle et aussi au niveau de l'implémentation réelle. Particulièrement, il s'agit de la composition/décomposition des services, la vérification, et le test de l'implémentation de chorégraphie. Le premier point-clé de notre environnement intégré est de représenter le passage de valeurs entre les services en utilisant la technique symbolique et un solveur SMT. Cette technique nous permet de réduire les faux négatifs et de contourner le problème d'explosion combinatoire de l'espace d'états, ces problèmes sont durs à l'abstraction et à l'énumération des valeurs pour les approches existantes basées données. Le second point-clé est le test passif boîte noire de l'implémentation de chorégraphie. Il ne nécessite pas d'accéder au code source, ni de rendre indisponible l'implémentation pendant le processus de test. Notre environnement intégré est mis en œuvre dans nos outils qui sont disponibles en téléchargement ou à utiliser en ligne à l adresse http://schora.lri.fr.Service-oriented engineering is an emerging software development paradigm for distributed collaborative applications. Such an application is made up of several entities abstracted as services, each of them being for example a Web application, a Web service, or even a human. The services can be developed independently and are composed to achieve common requirements through interactions among them. Service choreographies define such requirements from a global perspective, based on interactions among a set of participants. This thesis aims to formalize the problems and attempts to develop a framework by which service choreographies can be developed correctly for both top-down and bottom-up approaches. It consists in analyzing the relation between a choreography specification and a choreography implementation at both model level and real implementation level. Particularly, it concerns the composition/decomposition service design, the verification, and the testing of choreography implementation. The first key point of our framework is to support value-passing among services by using symbolic technique and SMT solver. It overcomes false negatives or state space explosion issues due by abstracting or limiting the data domain of value-passing in existing approaches. The second key point is the black-box passive testing of choreography implementation. It does not require neither to access to source codes nor to make the implementation unavailable during the testing process. Our framework is fully implemented in our toolchains, which can be downloaded or used online at address: http://schora.lri.fr.PARIS11-SCD-Bib. électronique (914719901) / SudocSudocFranceF

Regulating Data Exchange in Service Oriented Applications

We define a type system for COWS, a formalism for specifying and combining services, while modelling their dynamic behaviour. Our types permit to express policies constraining data exchanges in terms of sets of service partner names attachable to each single datum. Service programmers explicitly write only the annotations necessary to specify the wanted policies for communicable data, while a type inference system (statically) derives the minimal additional annotations that ensure consistency of services initial configuration. Then, the language dynamic semantics only performs very simple checks to authorize or block communication. We prove that the type system and the operational semantics are sound. As a consequence, we have the following data protection property: services always comply with the policies regulating the exchange of data among interacting services. We illustrate our approach through a simplified but realistic scenario for a service-based electronic marketplace

Symbolic Specification and Verification of Data-aware BPMN Processes using Rewriting Modulo SMT

International audienceThe Business Process Model and Notation (BPMN) is the standard notation for modeling business processes. It relies on a workflow-based language that allows for the modeling of the control-flow graph of an entire process. In this paper, the main focus is on an extension of BPMN with data, which is convenient for describing real-world processes involving complex behavior and data descriptions. By considering this level of expressiveness due to the new features, challenging questions arise regarding the choice of the semantic framework for specifying such an extension of BPMN, as well as how to carry out the symbolic simulation, validation, and assess the correctness of the process models. These issues are addressed first by providing a symbolic executable rewriting logic semantics of BPMN using the rewriting modulo SMT framework, where the execution is driven by rewriting modulo axioms and by querying SMT decision procedures for data conditions. Second, reachability properties, such as deadlock freedom and detection of unreachable states with data exhibiting certain values, can be specified and automatically checked with the help of Maude, thanks to its support for rewriting modulo SMT. The approach presented in this paper has been validated on realistic processes and it is illustrated with a running example

Strategic Executions of Choreographed Timed Normative Multi-Agent Systems

This paper proposes a combined mechanism for coordinating agents in timed normative multi-agent systems. Timing constraints in a multi-agent system make it possible to force action execution to happen before certain time invariants are violated. In such multiagent systems we achieve coordination at two orthogonal levels with respect to states and actions. On the one hand, the behaviour of individual agents is regulated by means of social and organisational inspired concepts like norms and sanctions. On the other hand, the behaviour of sets of agents is restricted according to action-based coordination mechanisms called choreographies. In both cases, the resulting behaviour is constrained by time

Stability of Asynchronously Communicating Systems

Recent software is mostly constructed by reusing and composing existing components. Software components are usually stateful and therefore described using behavioral models such as finite state machines. Asynchronous communication is a classic interaction mechanism used for such software systems. However, analysing communicating systems interacting asynchronously via reliable FIFO buffers is an undecidable problem. A typical approach is to check whether the system is bounded, and if not, the corresponding state space can be made finite by limiting the presence of communication cycles in behavioral models or by fixing buffer sizes. In this paper, we focus on infinite systems and we do not restrict the system by imposing any arbitrary bounds. We introduce a notion of stability and prove that once the system is stable for a specific buffer bound, it remains stable whatever larger bounds are chosen for buffers. This enables us to check certain properties on the system for that bound and to ensure that the system will preserve them whatever larger bounds are used for buffers. We also prove that computing this bound is undecidable but show how we succeed in computing these bounds for many typical examples using heuristics and equivalence checking

Automated Analysis of Industrial Workflow-based Models

International audienceModelling and governance of business processes are important concerns in companies all over the world. By better understanding business processes, different optimizations are made possible, concretely resulting into potential efficiency gains, cost reductions and improvements in agility. The use of formal specification languages for the modelling of business processes paves the way for different kinds of automated analysis. Such analysis can be used to infer properties from the modelled processes that can be used to improve their design. In this paper, we particularly explore two important classes of verification, namely verification of behavioural properties using model checking techniques and data-based analysis using SAT solving. Those verifications are fully automated by using different tools such as the CADP verification toolbox and the Z3 solver. We illustrate our approach on a real-world case study