Communication based workﬂow loop formalization

using Temporal Logic of Actions (TLA)

Jos

e L. Caro

, Antonio Guevara

, Andr

es Aguayo

, and Jos

eL.Leiva

Computer Science Department, Malaga University, 29071 M

alaga, Spain

Abstract. The workﬂow map development for an organization is a highly com-

plex process. Therefore, the workﬂow map should be tested and validated be-

fore it is implemented (into a WfMS). Most current workﬂow systems deal with

this validation issue by using simulation modules that “execute” the model and

examine the possible problems before it is truly “executed” and implemented.

Although these simulation modules are very useful for the management team to

detect problems in the business processes represented by the workﬂow, it would

be advisable to ﬁnd other more reliable methods. In this paper we propose a for-

mal method based on Temporal Logic of Actions to formalize workﬂow maps

(based on a communication modelling methodology).

1 Introduction

Actually there are two main research areas related to workﬂow technology [6]: (i) work-

ﬂow management systems (WfMS) (the implementation of workﬂow technology), and

(ii) workﬂow modelling techniques (the capability to express the process, work, infor-

mation, methods, etc. for a organization into a speciﬁcation called worklow map).

A workﬂow map could describe business a process at the conceptual level needed

for the evaluation, understanding and design of such business processes, as well as

capturing information process tasks at level that describes such process requirements

for information systems and human skills [2]. This model should allow and facilitate

the automated demonstration of properties. For example: will any workﬂow never be

executed? Will this workﬂow ever be executed? Is the operation carried out with a

speciﬁed time cost? Formal proving mechanisms will provide a practical solution to

these kinds of problems [3].

In this paper, our objective is to develop a language/action paradigm formalization

[5], based on a extension of temporal logic, known as Temporal Logic of Actions (TLA)

[4]. This paper is organized as follows: we begin with a brief description of workﬂow

(sec. 2). In section 3, the TLA elements needed for the formalization are described. In

section 4, we develop the TLA formalization of the language/action paradigm. The last

section summarizes the paper conclusions.

2 Workﬂow

Workﬂow has a wide range of possibilities related to group support and the automation

of organizational processes. In general terms we can deﬁne workﬂow as [9]: “workﬂow

L. Caro J., Guevara A., Aguayo A. and L. Leiva J. (2004).

Communication based workﬂow loop formalization using Temporal Logic of Actions (TLA).

In Proceedings of the 1st International Workshop on Computer Supported Activity Coordination, pages 233-238

DOI: 10.5220/0002670002330238

 SciTePress

is comprised by a set of activities dealing with the coordinated execution of multiple

tasks developed by different processing entities in order to reach a common objective”.

A good approach to workﬂow modelling techniques, that includes a formal method for

achieve demonstrations, can be found in [1, 7, 10, 6,2].

Fig.1. Workﬂow loop & state diagram

Communication-based methodologies stem from the “Conversation for Action” model

developed by Medina-Mora, Winograd, and Flores [5]. The communication between

client (Cli) and server (Svr) can be deﬁned in four steps (ﬁgure 1): request/preparation,

negotiation, development and acceptance. The language/action perspective modelling

is based on the “speech-act” theory developed by John Searle [8] that has been adapted

for workﬂow management (statechart).

The diagram starts at state 1, opening the conversation (by Cli), that triggers the

transition to state 2, where the server Svr has three options: promise, perform the work

(state 3); refuse, closes the conversation (state 8); counteroffer, negotiation of satis-

faction terms (state 6). The simplest path is going through the following transitions:

promise, the task is accepted (from state 2 to 3); report, the accepted task is done (from

state 3 to 4); declare, the service is accepted (from 4 to 5). Other option is if Svr

initiates a counteroffer (from state 2 to 6), Cli has three options: accept, state 3; coun-

teroffer, back to state 2; decline, the service is refused (state 8). From state 3 there are

this additional options renege, not performing (from 3 to 7) and withdraw the request

(state 3 to 9). After Svr reporting that the work is concluded the possible actions are:

declare, the work has not been concluded satisfactorily and Svr has to do it again (from

state 4 to 3) and withdraw the petition (from state 4 to 9).

3 Temporal Logic of Actions

Temporal Logic of Actions (TLA) combines two logics the action logic and temporal

logic [4]. All TLA formulas are TRUE or FALSE in a behavior σ deﬁned as a inﬁnite

sequence of states <s

,...>.

3.1 Elements of State Logic in TLA

– Variables. The semantic of [[x]](s) is the function of the value of x in the state s.

234

– State and predicate functions. The semantics of [[f]] is a mapping of states into

values.

– Actions. We obtain [[A]](s, t), by ﬁrst replacing each variable x with [[x]](s) and

each variable x



with [[x]](t) to later evaluate the expression. It is said that the state

pair (s, t) is a “A-step” iff [[A]](s,t) is TRUE.

– Active action in a state. An action A is said to be active in a state s if there is a state

t such that (s, t) is a A-step: [[Enabled A]](s)

= ∃t ∈ σ :[[A]](s, t).

3.2 Elements of Temporal Logic in TLA

In TLA, the system behavior is modelled as an inﬁnite sequence of states. The basic

elements are actions and temporal logic:

– Predicates. A behavior satisﬁes the predicate P iff (if and only if) is satisﬁed in

the ﬁrst state: [[P]](<s

,...>) ⇒ [[P ]](s

). Similarly, a behavior satisﬁes

the action A iff the ﬁrst pair of states of the given behavior is an A-step: [[A]](<

,...>) ⇒ [[A]](s

– “Always” (2) operator. Given a formula F , 2F asserts that F is always TRUE:

[[2F ]](<s

,...>)

= ∀n ≥ 0:[[F ]](<s

n+1

n+2

,...>).

– “Eventually” (3F ) operator. The formula 3F asserts that F is eventually TRUE:

[[3F ]](<s

,...>)

= ∃n ≥ 0:[[F ]](<s

n+1

n+2

,...>).

– Validity. A formulae F is valid iff it is satisﬁed for all behaviors ( F

= ∀σ ∈

∞

:[[F ]](σ)), where S

∞

denotes the set of all possible behaviors:  F

= ∀σ ∈

∞

:[[F ]](σ).

– Speciﬁcation in TLA. A formal speciﬁcation has the following general formula:

= Init ∧ 2(A

∨ A

∨ ...∨ A

– Fairness Operators. The fairness operators are in charge of ensuring that “nothing

abnormal will happen”:

• Weak fairness (WF). Asserts that an action has to be inﬁnitely executed fre-

quently if it is continuously enabled for an inﬁnitely long time: WF

(A)

23A

∨ 23¬EnabledA

• Strong fairness (SF). Asserts that an action has to be inﬁnitely executed fre-

quently if it is often inﬁnitely enabled: SF

(A)

= 23A

∨32¬EnabledA

– Formal system speciﬁcation. A formal speciﬁcation of a system, within fairness

conditions, can be represented as: Π

= Init ∧ 2[N]

∧ L.

3.3 Formal approach to state diagram modelling

∆ formula represents the statechart (equation 1).

Init

∆

= ∃n ∈ I : P

= ∃e ∈ E(n):ε

∧ P



d(e)

∆

= Init

∆

∧∀n ∈ N : 2[P

⇒A

]

(1)

Where, N : set of nodes; I: set of initial nodes; E(n): set of edges originating at

node n; d(e): destination node of edge e; P

: predicate labelling node n; ε

: action

labelling edge n.

235

4 Formalizing the language/action paradigm

In order to formalize in TLA the state diagram its edges are labelled e

as shown in

ﬁgure 1. Work W

is a quadruple expressed in the equation W

= {I,H,P,SC,V }

where: W

.I: information; W

.H: tools and methods; W

.P : human, role or agent

to develop the task; W

.SC: terms of work satisfaction; W

.V : set of state variables

belonging to the workﬂow. The set of nodes in our diagram will be denoted by N

where i is the number of the current state (initial state N

). In this way, and bearing in

mind the equation to be satisﬁed in the initial state, we have Init

∆

= ∃n ∈ I : P

Therefore, to complete the deﬁnition of the initial state we have to give meaning to P

(equation 2).

indicates that the workﬂow will start when an event coming from agent A is

triggered (DetectT rigger). The agent A corresponds to the client Cli, and the event

is a request for service identiﬁed as IDWF and corresponding to the workﬂow. The

next state variables belonging to the set V are deﬁned as follows (we will omit the V ):

S: work state, W

S: current state, W

P : current phase, W

: current work, XW

external work proposed by A, W

Cli: client and W

Svr: server. Once the workﬂow

has started the system transits to N

through edge e

(equation 3).

= DetectTrigger(Type, Origin, Workflow)

∧Workflow = IDWF ∧ Type ∈ T

WFID

∧ Origin = A (2)

= W



= XW

∧ W



=“prep.” ∧ W



=“active” ∧ W



=“study”

∧W

Cli



= A ∧ W

Svr



= SelAgent(OrgDB, B) (3)

The workﬂow IDWF is instantiated and the requested external work is assigned to

the execution model that includes work XW

, that will be assigned by the function

SelAgent(OrgDB,B) (usign the organizational knowledge database OrgDB) and the ini-

tial terms of satisfaction XW

.SC. In the state N

, the work has to be evaluated. The

petition and the result of such evaluation is resented by EvalWk(W

,Agent), where W

is the work to be evaluated W

. The response is obtained from CounterOffer is possi-

ble to return: “commitment”, “counteroffer” (and the consecuent new W

), “decline”

or “cancel” (eq. 4). From state N

we can advance through edges e

, e

and e

Edge e

leads to state N

, which is a ﬁnal state of uncompleted termination (eq. 5).

Consequently, a predicate that will abort the execution of the workﬂow will be used

in N

. This will trigger an exception so that the system can take appropriate actions,

therefore, P

= Exception(IDWF, “abort”,W

). The function Exception triggers

the exception of aborting the task, and goes back to TRUE when completed. The edge

corresponds to a counteroffer from B after the evaluation done in P

(eq. 6).

= S = EvalWk(W

,B) ∧ (S =“commit.” ∨ S =“c.oﬀ.” ∨ S =“dec.”)(4)

= S =“decl.” ∧ W



=“prep.” ∧ W



= “abort” ∧ W



=“Svr

ab.

”(5)

= S =“c.oﬀer” ∧ W



=“neg.” ∧ W



= “act.” ∧ W



=“neg.”

∧ W



= CounterOﬀer(W

.Svr) (6)

236

In N

another evaluation is carried out by A (equation 7). We have three options:

reconsidering the offer i.e., transit to N

(eq. 8), refuse the offer and raise an exception

(transit to N

, eq. 9).

= S = EvalWk(W

.Cli) ∧ (S =“ac.” ∨ S =“c.oﬀ.” ∨ S =“decl.”)(7)

= S =“c.oﬀ.” ∧ W



=“neg.” ∧ W



= “act.”

∧ W



=“neg.” ∧ W



= ConunterOﬀer(W

.Cli) (8)

= S = “dec.” ∧ W



= “neg.” ∧ W



= “abort” ∧ W



=“Cli

refuses

”(9)

The third option is to accept the work W

and transit to N

(eq. 10). Similarly, if

the evaluation leads to B accepting the work, we could directly transit from N

to N

(eq. 11).

= S = “acc.” ∧ W



= “devel.” ∧ W



= “exec.” ∧ W



= “acc.”(10)

= S = “acc.” ∧ W



= “devel.” ∧ W



= “exec.” ∧ W



= “acc.”(11)

To deﬁne the semantic of P

we need the following functions: Trigger(t

trigger t

to enable the sub-workﬂow W

; Completed(W

): TRUE if W

has been sat-

isfactorily completed; Aborted(W

): TRUE if W

has terminated as abort; Abort(X):

TRUE if X aborts the workﬂow. In P

all workﬂow subtasks must to be executed. The

following case has to take place: a) all subtasks a

have to be completed; b) the incorrect

termination of some subtasks has to be detected; or c) the client aborts the workﬂow.

Let W

each of the subtasks comprising the task of W

, then P

is deﬁned as the

equations 12 and 13:

= ∀(a

∈ W

= Trg(a

))Trigger(t

) ∧ (ExecP) (12)

ExecP

= 2∀a

∈ W

/Completed(W

)

∨2∃a

∈ W

/Aborted(W

) ∨ Abort(W

.Cli) (13)

At this point two options are possible: aborting the execution and transit to state N

or N

depending on who aborted or transit to evaluation state N

(eq. 14, 15, 16 and

17).

= ∃a

∈ W

/(W

S = “aborted” ∧ W

S =“Svrref. Wk”)

∧(W



=“exec.” ∧ W



= “aborted” ∧ W



=“Svr

refuses

”) (14)

= ∃a

∈ W

/(W

S = “aborted” ∧ W

S =“Cli

refuses

”)

∧(W



=“exec.” ∧ W



= “aborted” ∧ W



=“Cli

refuses

) (15)

= ∀a

∈ W

/(W

S = “accepted” ∧ W

S = “completed”)

∧(W



=“eval.” ∧ W



= “active” ∧ W



=“Cli



eval.

”) (16)

= EvalReport(W

,B)=“correct” ∨ EvalReport(W

,B)=“incorrect”

∨ Exception(IDWF, “abort”,W

) (17)

237

If the work satisﬁes the terms, there is a transition to successful state N

.Onthe

other hand, if it does not, we go back to the subtask execution state (this path is optional)

and if it is aborted, it leads to N

(eq. 18, 19, and 20).

= W



= “evaluation” ∧ W



= “aborted” ∧ W



=“Cli

rejects

” (18)

= W



= “complete” ∧ W



=“completed”∧ W



=“Wk

”(19)

= W



= “execution” ∧ W



= “active” ∧ W



= “reexecute” (20)

State N

only has to send a completed signal: P

= Signal(IDWF, “WF completed”,W

Once these deﬁnitions are completed and the model equations are applied to formalize

a state diagram (eq. 1) we obtain the formal representation.

5 Conclusions

The use of formal methods based on logic in workﬂow modelling can establish an au-

tomated, formal, and robust reasoning mechanism that will successfully provide insight

into these issues (conﬂict, deadlock, reacheability, reliability and satisfability). The ap-

plication of TLA to workﬂow management systems provides three fundamental bases

[3]: (i) theory: providing a theory with a valid and robust basis to carry out analysis; (ii)

formalization: expressing workﬂow maps as TLA expressions; and (iii) analysis: pro-

viding a mechanism for the automated demonstration of workﬂow model properties.

References

1. W. Aalst. Workﬂow Veriﬁcation: Finding Control-Flow Errors Using Petri-Net-Based Tech-

niques. Lecture Notes in Computer Science, 1806:161–183, 2000.

2. J. L. Caro, A. Guevara, and A. Aguayo. Workﬂow: a solution for the cooperative devel-

opment of an information system. Business Process Management Journal, 9(2):208–220,

2003.

3. J. L. Caro, A. Guevara, A. Aguayo, S. G

alvez, and A. Carrillo. A temporal reasoning ap-

proach of communication based workﬂow modelling. In O. Camp, J. Filipe, S. Hammoudi,

and M. Piattini, editors, ICEIS’2003. Internaciontal Conference on Enterprise Information

Systems, pages 245–250, Angers, France, 2003. Ecola Superior de Setubal, ACM, IEEE.

4. L. Lamport. Specifying Systems. Addison–Wesley, 2002.

5. R. Medina-Mora, T. Winograd, R. Flores, and F. Flores. The Action Workﬂow Approach

to Workﬂow Management Technology. In Proceedings of ACM CSCW’92 Conference

on Computer-Supported Cooperative Work, Emerging Technologies for Cooperative Work,

pages 281–288, 1992.

6. H. Reijers. Design and Control of Workﬂow Processes, volume LNCS-2617 of Lecture Notes

in Computer Science. Springer, 2003.

7. W. Sadiq and M. E. Orlowska. Analyzing process models using graph reduction techniques.

Information Systems, 21(2):117–134, April 2000.

8. J. R. Searle. A taxonomy of illocutionary acts. In K. Gunderson, editor, Language, Mind,

and Knowledge. Minnesota Studies in the Philosophy of Science, Vol. 7, pages 344–369.

University of Minnesota Press, Minneapolis, Minnesota, 1975.

9. A. Sheth and M. Rusinkiewicz. On transactional workﬂows. IEEE Data Engineering Bul-

letin, 16(2):37, June 1993.

10. H. Zhuge, T. yat Cheung, an d H. keng Pung. A timed workﬂow process model. Journal of

Systems and Software, 55(3):231–243, January 2001.

238