Abstract
Petri nets are an established model of concurrency. A Petri net is terminating if for every initial marking there is a uniform bound on the length of all possible runs. Recent work on the termination of Petri nets suggests that, in general, practical models should terminate fast, i.e. in polynomial time. In this paper we focus on the termination of workflow nets, an established variant of Petri nets used for modelling business processes. We partially confirm the intuition on fast termination by showing a dichotomy: workflow nets are either non-terminating or they terminate in linear time.
The central problem for workflow nets is to verify a correctness notion called soundness. In this paper we are interested in generalised soundness which, unlike other variants of soundness, preserves desirable properties like composition. We prove that verifying generalised soundness is coNP-complete for terminating workflow nets.
In general the problem is PSPACE-complete, thus intractable. We utilize insights from the coNP upper bound to implement a procedure for generalised soundness using MILP solvers. Our novel approach is a semi-procedure in general, but is complete on the rich class of terminating workflow nets, which contains around 90% of benchmarks in a widely-used benchmark suite. The previous state-of-the-art approach for the problem is a different semi-procedure which is complete on the incomparable class of so-called free-choice workflow nets, thus our implementation improves on and complements the state-of-the-art.
Lastly, we analyse a variant of termination time that allows parallelism. This is a natural extension, as workflow nets are a concurrent model by design, but the prior termination time analysis assumes sequential behavior of the workflow net. The sequential and parallel termination times can be seen as upper and lower bounds on the time a process represented as a workflow net needs to be executed. In our experimental section we show that on some benchmarks the two bounds differ significantly, which agrees with the intuition that parallelism is inherent to workflow nets.
This work was partially supported by ERC grant INFSYS: 501-D110-60-0196287. P. Offtermatt is now at Informal Systems, Munich, Germany.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Petri nets are a popular formalism to model problem in software verification [22], business processes [1] and many more (see [42] for a survey). One of the fundamental problems for such models is the termination problem, i.e. whether the lengths of all runs are universally bounded. There are two natural variants of this problem. First, if the initial configuration is fixed then the problem is effectively equivalent to the boundedness problem, known to be EXPSPACE-complete for Petri nets [36, 41]. Second, if termination must hold for all initial configurations the problem known to be in polynomial time [30], and such nets are known as structurally terminating. In this paper we are interested in the latter variant.
Termination time is usually studied for vector addition system with states (VASS), an extension of Petri nets that allows the use of control states. In particular, the aforementioned EXPSPACE and polynomial time bounds work for VASS. In 2018, a deeper study of the termination problem for VASS was initiated [12]. This study concerns the asymptotics of the function f(n) bounding the length of runs, where n bounds the size of the initial configuration. The focus is particularly on classes where f(n) is a polynomial function, suggesting that such classes are more relevant for practical applications. This line of work was later continued for variants of VASS involving probabilities [11] and games [31].
For VASS the function f(n) can asymptotically be as big as \(F_i(n)\) in the Grzegorczyk hierarchy for any finite i (recall that \(F_3(n)\) is nonelementary and \(F_\omega (n)\) is Ackermann) [35, 43]. It was known that for terminating Petri nets many problems are considerably simpler [40]. However, to the best of our knowledge, the asymptotic behaviour of f(n) was not studied for Petri nets.
Our Contributions. In this paper we focus on workflow nets, a class of Petri nets widely used to model business processes [1]. Our first result is the following dichotomy: any workflow net is either non-terminating or f(n) is linear. This confirms the intuition about fast termination of practical models [12]. In our proof, we follow the intuition of applying linear algebra from [40] and rely on recent results on workflow nets [9]. We further show that the optimal constant \(a_{\mathcal {N}}\) such that \(f(n) = a_{\mathcal {N}}\cdot n\) can be computed in polynomial time. The core of this computation relies on a reduction to continuous Petri nets [19], a well known relaxation of Petri nets. Then we can apply standard tools from the theory of continuous Petri nets, where many problems are in polynomial time [7, 19].
For workflow nets, the central decision problems are related to soundness. There are many variants of this problem (see [2] for a survey). For example k-soundness intuitively verifies that k started processes eventually properly terminate. We are interested in generalised soundness, which verifies whether k-soundness holds for all k [25,26,27]. The exact complexity of most popular soundness problems was established only recently in 2022 [9]. Generalised soundness is surprisingly PSPACE-complete. Other variants, like k-soundness, are EXPSPACE-complete, thus computationally harder, despite having a seemingly less complex definition. Moreover, unlike k-soundness and other variants, generalised soundness preserves desirable properties like composition [26]. Building on our first result, i.e. the dichotomy between non-terminating and linearly terminating workflow nets, our second result is that generalised soundness is coNP-complete for terminating workflow nets.
Finally, we observe that the asymptotics of f(n) are defined with the implicit assumption that transitions are fired sequentially. Since workflow nets are models for parallel executions it is natural to expect that runs would also be performed in parallel. Our definition of parallel executions is inspired by similar concepts for time Petri nets, and can be seen as a particular case [5]. We propose a definition of the optimal running time of runs exploiting parallelism and denote this time g(n), where n bounds the size of the initial marking. We show that the asymptotic behaviour of g(n), similar to f(n), can be computed in polynomial time, for workflow nets with mild assumptions. Together, the two functions f(n) and g(n) can be seen as (pessimistic) upper bound and (optimistic) lower bound on the time needed for the workflow net to terminate.
Experiments. Based on our insights, we implement several procedures for problems related to termination in workflow nets. Namely, we implement our algorithms for checking termination, for deciding generalised soundness of workflow nets and for computing the asymptotic behaviour of f(n). We additionally implement procedures to compute f(k), g(k) and decide k-soundness for terminating workflow nets. To demonstrate the efficacy of our procedures, we test our implementation on a popular and well-studied benchmark suite of 1382 workflow nets, originally introduced in [18]. It turns out that the vast majority of instances (roughly 90%) is terminating, thus the class of terminating workflow nets seems highly relevant in practice. Further, we positively evaluate our algorithm for generalised soundness against a recently proposed state-of-art approach [10] which semi-decides the property in general, and is further exact on the class of free-choice workflow nets [3]. Interestingly, our novel approach for generalised soundness is also a semi-procedure in general, but precise on terminating workflow nets. The approach from [10] is implemented as an \(\exists \forall \)-formula from FO(\(\mathbb {Q},<,+\)), while our approach manages to avoid any quantifier alternations. It turns out that our approach is faster on over 95% of benchmark instances, and thus significantly improves upon the state-of-art. The mean analysis time for our approach is just 12.8 ms, while it is about 2 s for the previous state-of-the-art. In addition, the classes of free-choice and terminating workflow nets are incomparable, thus our approach complements the state-of-the-art.
Related Work. For general Petri nets and VASS the most well-known problem is reachability, recently shown to be Ackermann-complete [14, 33, 34]. Despite its high complexity, there are tools for the problem [16, 45], including some based on integer and continuous relaxations [6, 8, 21]. Reachability was also studied in the context of terminating models. In particular, it is PSPACE-complete for structurally terminating Petri nets [40] and EXPSPACE-complete for polynomially terminating VASS [32].
Most algorithms for soundness are based on reductions to reachability [1], this is the case for the first algorithms for generalised soundness [25, 27]. However, such reductions only imply Ackermannian upper bounds on the problem, while a direct study yielded elementary complexities [9].
A different class of approaches for soundness relies on reduction rules, which can be applied iteratively to reduce the size of a net while exactly preserving soundness [4, 39]. These approaches are not precise in general, but can be for subclasses, e.g. for live and bounded free-choice workflow nets [15]. We use a certain set of reduction rules [13] for generalised soundness in our experimental evaluation.
There exist many established tools and frameworks for the analysis of workflow nets, for example Woflan [44], WoPeD [20], and ProM [17]. However, when it comes to soundness problems, these tools typically focus on k-soundness, with a particular focus on \(k=1\) (except for the discussed tool in [10]).
Organisation. In Sect. 2 we define the models, problems and basic notation. In Sect. 3 we prove the dichotomy between non-terminating and linear workflow nets. Then, we show how to compute the linear constants for terminating workflow nets in Sect. 4. Building on the dichotomy we show that generalised soudness is coNP-complete in Sect. 5. In Sect. 6 we define and compute a variant of termination time that takes into account parallelism. We present our experimental results in Sect. 7. Most proofs can be found in the appendix.
2 Preliminaries
We write \(\mathbb {N}, \mathbb {N}_{> 0}, \mathbb {Z}, \mathbb {Q}\) and \(\mathbb {Q}_{\ge 0}\) for the naturals (including 0), the naturals without 0, the integers, the rationals, and the nonnegative rationals, respectively.
Let N be a set of numbers, e.g. \(N = \mathbb {N}\). For \(d, d_1, d_2 \in \mathbb {N}_{> 0}\) we write \(N^d\) for the set of vectors with elements from N in dimension d. Similarly, \(N^{d_1 \times d_2}\) is the set of matrices with \(d_1\) rows and \(d_2\) columns and elements from N. We use bold font for vectors and matrices. For \(a \in \mathbb {Q}\) and \(d \in \mathbb {N}_{> 0}\), we write \(\boldsymbol{a}^d {:}{=}(a,a,\dots ,a) \in \mathbb {Q}^d\) (or \(\boldsymbol{a}\) if d is clear from context). In particular \(\boldsymbol{0}^d = \boldsymbol{0}\) is the zero vector.
Sometimes it is more convenient to have vectors with coordinates in a finite set. Thus, for a finite set \({{S}}\), we write \(\mathbb {N}^{{S}}\), \(\mathbb {Z}^{{S}}\), and \(\mathbb {Q}^{{S}}\) for the set of vectors over naturals, integers and rationals. Given a vector \(\boldsymbol{v}\) and an element \(s \in {{S}}\), we write \(\boldsymbol{v}(s)\) for the value \(\boldsymbol{v}\) assigns to s.
Given \(\boldsymbol{v}, \boldsymbol{w}\in \mathbb {Q}^{{S}}\), we write \(\boldsymbol{v} \le \boldsymbol{w}\) if \(\boldsymbol{v}(s) \le \boldsymbol{w}(s)\) for all \(s \in {{S}}\), and \(\boldsymbol{v} <\boldsymbol{w}\) if \(\boldsymbol{v} \le \boldsymbol{w}\) and \(\boldsymbol{v}(s) <\boldsymbol{w}(s)\) for some \(s \in {{S}}\). The size of \({{S}}\), denoted \(| {{S}} |\), is the number of elements in \({{S}}\). We define the norm of a vector \(\Vert \boldsymbol{v} \Vert {:}{=}\max _{s \in {{S}}} | \boldsymbol{v}(s) |\), and the norm of a matrix \(\boldsymbol{A} \in \mathbb {Q}^{m \times n}\) as \(\Vert \boldsymbol{A} \Vert {:}{=}\max _{1 \le j \le m, 1 \le i \le n} | A(i,j) |\). For a set \({{S}}\in \mathbb {Q}^d\), we denote by \(\overline{{{S}}} \in \mathbb {R}^d\) the closure of \({{S}}\) in the euclidean space.
2.1 (Integer) Linear Programs
Let \(n,m \in \mathbb {N}_{> 0}\), \(\boldsymbol{A} \in \mathbb {Z}^{m \times n}\), and \(\boldsymbol{b} \in \mathbb {Z}^m\). We say that \(G {:}{=}\boldsymbol{A}\boldsymbol{x} \le \boldsymbol{b}\) is a system of linear inequalities with m inequalities and n variables. The norm of a system G is defined as \(\Vert G \Vert {:}{=}\Vert \boldsymbol{A} \Vert + \Vert \boldsymbol{b} \Vert + m + n\). An \((m \times n)\)-ILP, short for integer linear program, is a system of linear inequalities with m inequalities and n variables, where we are interested in the integer solutions. An \((m \times n)\)-LP is such a system where we are interested in the rational solutions. We use the term MILP, short for mixed integer linear program, for a system where some variables are allowed to take on rational values, while others are restricted to integer values.
We allow syntactic sugar in ILPs and LPs, such as allowing constraints \(x \ge y\), \(x = y\), \(x< y\) (in the case of ILPs). Sometimes we are interested in finding optimal solutions. This means we have a objective function, formally a linear function on the variables of the system, and look for a solution that either maximizes or minimizes the value of that function. For LPs, finding an optimal solution can be done in polynomial time, while this is NP-complete for ILPs and MILPs.
2.2 Petri Nets
A Petri net \(\mathcal {N}\) is a triple (P, T, F), where P is a finite set of places; T is a finite set of transitions such that \(T \cap P = \emptyset \); and \(F :((P \times T) \cup (T \times P)) \rightarrow \mathbb {N}\) is a function describing its arcs. A marking is a vector \(\boldsymbol{m}\in \mathbb {N}^P\). We say that \(\boldsymbol{m}(p)\) is the number of tokens in place \(p \in P\) and p is marked if \(\boldsymbol{m}(p)>0\). To write markings, we list only non-zero token amounts. For example, \(\boldsymbol{m}= \{p_1 :2, p_2 :1\}\) is the marking \(\boldsymbol{m}\) with \(\boldsymbol{m}(p_1) = 2, \boldsymbol{m}(p_2) = 1\) and \(\boldsymbol{m}(p) = 0\) for all \(p \in P \setminus \{p_1, p_2\}\).
Let \(t \in T\). We define the vector \({^\bullet t} \in \mathbb {N}^P\) by \({^\bullet t}(p) {:}{=}F(p,t)\) for \(p \in P\). Similarly, the vector \({t^\bullet } \in \mathbb {N}^P\) is defined by \({t^\bullet }(p) {:}{=}F(t,p)\) for \(p \in P\). We write the effect of t as \(\varDelta (t){:}{=}{t^\bullet } - {^\bullet t}\). A transition t is enabled in a marking \(\boldsymbol{m}\) if \(\boldsymbol{m}\ge {^\bullet t}\). If t is enabled in the marking \(\boldsymbol{m}\), we can fire it, which leads to the marking \(\boldsymbol{m}' {:}{=}\boldsymbol{m}+ \varDelta (t)\), which we denote \(\boldsymbol{m}\xrightarrow {}^{t} \boldsymbol{m}'\). We write \(\boldsymbol{m}\xrightarrow {}^{} \boldsymbol{m}'\) if there exists some \(t \in T\) such that \(\boldsymbol{m}\xrightarrow {}^{t} \boldsymbol{m}'\).
A sequence of transitions \(\pi = t_1 t_2 \dots t_n\) is called a run. We denote the length of \(\pi \) as \(| \pi | {:}{=}n\). A run \(\pi \) is enabled in a marking \(\boldsymbol{m}\) iff \(\boldsymbol{m}\xrightarrow {}^{t_1} \boldsymbol{m}_1 \xrightarrow {}^{t_2} \boldsymbol{m}_2 \xrightarrow {}^{t_3} \dots \boldsymbol{m}_{n-1} \xrightarrow {}^{t_n} \boldsymbol{m}'\) for some markings \(\boldsymbol{m}_1, \boldsymbol{m}_2, \dots , \boldsymbol{m}' \in \mathbb {N}^P\). The set of all runs is denoted \(\text {Runs}_{\mathcal {N}}^{\boldsymbol{m}}\), i.e. \(\pi \in \text {Runs}_{\mathcal {N}}^{\boldsymbol{m}}\) if \(\pi \) is enabled in \(\boldsymbol{m}\). The effect of \(\pi \) is \(\varDelta (\pi ) {:}{=}\sum _{i \in [1..n]} \varDelta (t_i)\). Firing \(\pi \) from \(\boldsymbol{m}\) leads to a marking \(\boldsymbol{m}'\), denoted \(\boldsymbol{m}\xrightarrow {}^{\pi } \boldsymbol{m}'\), iff \(\boldsymbol{m}\in \text {Runs}_{\mathcal {N}}^{\boldsymbol{m}}\) and \(\boldsymbol{m}' = \boldsymbol{m}+ \varDelta (\pi )\). We denote by \(\xrightarrow {}^{*}\) the reflexive, transitive closure of \(\xrightarrow {}^{}\). Given two runs \(\pi = t_1 t_2 \dots t_n\) and \(\pi ' = t'_1 t'_2 \dots t'_{n'}\) we denote \(\pi \pi ' {:}{=}t_1 t_2 \dots t_n t'_1 t'_2 \dots t'_{n'}\).
The size of a Petri net is defined as \(| \mathcal {N} | = | P | + | T | + | F |\). We define the norm of \(\mathcal {N}\) as \(\Vert \mathcal {N} \Vert {:}{=}\Vert F \Vert + 1\), where we view F as a vector in \(\mathbb {N}^{(P \times T) \cup (T \times P)}\).
We also consider several variants of the firing semantics of Petri nets which we will need throughout the paper. In the integer semantics, we consider markings over \(\mathbb {Z}^P\), and transitions can be fired without being enabled. To denote the firing and reachability relations, we use the notations \(\xrightarrow {}_{\mathbb {Z}}^{}\) and \(\xrightarrow {}_{\mathbb {Z}}^{*}\). In the continuous semantics [19], we consider markings over \(\mathbb {Q}_{\ge 0}^P\). Given \(t \in T\) and a scaling factor \(\beta \in \mathbb {Q}_{\ge 0}\)Footnote 1, the effect of firing \(\beta t\) is \(\varDelta (\beta t) {:}{=}\beta \cdot \varDelta (t)\). Further, \(\beta t\) is enabled in a marking \(\boldsymbol{m}\) iff \(\beta \cdot {^\bullet t} \le \boldsymbol{m}\). We use \(\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{}\) for the continuous semantics, that is, \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\beta t} \boldsymbol{m}'\) means \(\beta t\) is enabled in \(\boldsymbol{m}\) and \(\boldsymbol{m}' = \boldsymbol{m}+ \varDelta (\beta t)\). A continuous run \(\pi \) is a sequence of factors and transitions \(\beta _1 t_1 \beta _2 t_2 \dots \beta _n t_n\). Enabledness and firing are extended to continuous runs: \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi } \boldsymbol{m}'\) holds iff there exist \(\boldsymbol{m}_1, \dots , \boldsymbol{m}_{n-1}\) such that \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\beta _1 t_1} \boldsymbol{m}_1 \xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\beta _2 t_2} \cdots \boldsymbol{m}_{n-1} \xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\beta _n t_n} \boldsymbol{m}'\). The length of \(\pi \) is \(| \pi |_c {:}{=}\sum _{i = 1}^{n} \beta _i\). Given \(\alpha \in \mathbb {Q}_{\ge 0}\) and a run \(\pi = \beta _1 t_1 \beta _2 t_2 \dots \beta _n t_n\) we write \(\alpha \pi \) to denote the run \((\alpha \beta _1) t_1 (\alpha \beta _2) t_2 \dots (\alpha \beta _n) t_n\). We introduce a lemma stating that continuous runs can be rescaled.
Lemma 1
(Lemma 12(1) in [19]). Let \(\alpha \in \mathbb {Q}_{\ge 0}\). Then \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi } \boldsymbol{m}'\) if and only if \(\alpha \boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\alpha \pi } \alpha \boldsymbol{m}'\).
Each run under normal semantics or integer semantics is equivalent to a continuous run i.e. \(t_1t_2\ldots t_n \approx 1 t_11 t_2\ldots 1 t_2\). Given \(\pi \in \text {Runs}_{\mathcal {N}}^{\boldsymbol{m}}\) (i.e. a standard run) we define \(\alpha \pi = \alpha \pi _c\) where \(\pi _c\approx \pi \) is a continuous run. If \(\pi _c = \beta _1 t_1 \ldots \beta _n t_n\) with \(\beta _i \in \mathbb {N}\) for all \(i \in \{1,\ldots , n\}\) then we also call \(\pi \) a (standard) run, i.e. the run where every transition \(t_i\) is repeated \(\beta _i\) times.
We define the set of continuous runs enabled from \(\boldsymbol{m}\in \mathbb {N}^P\) in \(\mathcal {N}\) as \(\text {CRuns}_{\mathcal {N}}^{\boldsymbol{m}}\). The Parikh image of a continuous run \(\pi = \beta _1 t_1 \beta _2 t_2 \dots \beta _n t_n\) is the vector \(\boldsymbol{R}_{\pi } \in \mathbb {Q}^{T}\) such that \(\boldsymbol{R}_{\pi }(t)=\sum _{i \mid t_i = t} \beta _i\). For a (standard) run \(\pi \) we define its Parikh image \(\boldsymbol{R}_{\pi }{:}{=}\boldsymbol{R}_{\pi _c}\) where \(\pi _c\approx \pi \). Given a vector \(\boldsymbol{R}_{} \in \mathbb {Q}_{\ge 0}^T\), we define \(\varDelta (\boldsymbol{R}_{}) {:}{=}\sum _{t \in T} \boldsymbol{R}_{}(t) \cdot \varDelta (t)\), \({^\bullet \boldsymbol{R}_{}} {:}{=}\sum _{t\in T} {^\bullet t} \cdot \boldsymbol{R}_{}(t)\), \({\boldsymbol{R}_{}^\bullet } {:}{=}\sum _{t\in T} {t^\bullet } \cdot \boldsymbol{R}_{}(t)\). Note that \(\boldsymbol{R}_{}\) is essentially a run without imposing an order on the transitions. For ease of notation, we define \(\varDelta (T)\) as a matrix with columns indexed by T and rows indexed by P, where \(\varDelta (T)(t)(p) {:}{=}\varDelta (t)(p)\). Then \(\varDelta (\boldsymbol{R}_{}) = \varDelta (T)\boldsymbol{R}_{}\).
Example 1
Consider the Petri net drawn in Fig. 1. Marking \(\boldsymbol{m}{:}{=}\{p_1:2, p_4 :1\}\) enables no transitions. However, we have \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Z}}^{t_1 t_2} \{p_3:2\}\). We also have \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Z}}^{t_2 t_1} \{p_3 :2\}\), since the transition order does not matter under the integer semantics. Thus, when we take \(R = \{t_1:1, t_2 :1\}\), we have \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Z}}^{R} \{p_3 :2\}\).
Under the continuous semantics we can fire \(\nicefrac {1}{2}t_1\), which is impossible under the normal semantics. For example, we have \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\nicefrac {1}{2}t_1}\{p_1:1, p_2 :\nicefrac {1}{2}\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\nicefrac {1}{2}t_2} \{p_1:1, p_3 :1, p_4 :1\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\nicefrac {1}{3}t_1}\{p_1:\nicefrac {1}{3}, p_2 :\nicefrac {1}{3}, p_3 :1, p_4 :\nicefrac {2}{3}\}\).
2.3 Workflow Nets
A workflow net is a Petri net \(\mathcal {N}\) such that:
-
There exists an initial place \(\textsf{i}\) with \(F(t, \textsf{i}) = 0\) for all \(t \in T\) (i.e. no tokens can be added to \(\textsf{i}\));
-
there exists a final place \(\textsf{f}\) with \(F(\textsf{f}, t) = 0\) for all \(t \in T\) (i.e. no tokens can be removed from \(\textsf{f}\)); and
-
in the graph (V, E) with \(V = P \cup T\) and \((u,v) \in E\) iff \(F(u,v) \ne 0\), each \(v \in V\) lies on at least one path from \(\textsf{i}\) to \(\textsf{f}\).
We say that \(\mathcal {N}\) is k-sound iff for all \(\boldsymbol{m}\), \(\{\textsf{i}:k\} \xrightarrow {}^{*}\boldsymbol{m}\) implies \(\boldsymbol{m}\xrightarrow {}^{*}\{\textsf{f}:k\}\). Further, we say \(\mathcal {N}\) is generalised sound iff it is k-sound for all k.
A place \(p \in P\) is nonredundant if \(\{\textsf{i}:k\} \xrightarrow {}^{*}\boldsymbol{m}\) for some \(k \in \mathbb {N}\) and marking \(\boldsymbol{m}\) with \(\boldsymbol{m}(p) > 0\), and redundant otherwise. We accordingly say that \(\mathcal {N}\) is nonredundant if all \(p \in P\) are nonredundant, otherwise \(\mathcal {N}\) is redundant. A redundant workflow net can be made nonredundant by removing each redundant place \(p \in P\) and all transitions such that \({^\bullet t}(p) > 0\) or \({t^\bullet }(p) > 0\). Note that this does not impact behaviour of the workflow, as the discarded transitions could not be fired in the original net. A polynomial-time saturation procedure can identify redundant places, see [27, Thm. 8, Def. 10, Sect. 3.2] and [9, Prop. 5.2].
If \(\mathcal {N}\) is a workflow net, we write \(\text {Runs}_{\mathcal {N}}^k\) for the set of runs that are enabled from the marking \(\{\textsf{i}:k\}\), and \(\text {CRuns}_{\mathcal {N}}^k\) for the same for continuous runs. Lemma 1 implies that if \(\pi \in \text {Runs}_{\mathcal {N}}^k\) then \(\frac{1}{k}\pi \in \text {CRuns}_{\mathcal {N}}^1\). The converse does not need to hold as the rescaled continuous run need not have natural coefficients.
Example 2
The Petri net in Fig. 1 can be seen as a workflow net with initial place \(p_1\) and final place \(p_3\). The workflow is not k-sound for any k. Further, the net is redundant: \(\{\textsf{i}:k\}\) is a deadlock for every k, so places \(p_2, p_3\) and \(p_4\) are redundant.\(\lhd \)
2.4 Termination Complexity
Let \(\mathcal {N}\) be a workflow net. Let us define as \(MaxTime_\mathcal {N}(k)\) the supremum of lengths among runs enabled in \(\{\textsf{i}:k\}\), that is, \(MaxTime_\mathcal {N}(k) = \sup \{| \pi | \mid \pi \in \text {Runs}_{\mathcal {N}}^k\}\). We say that \(\mathcal {N}\) is terminating if \(MaxTime_\mathcal {N}(k) \ne \infty \) for all \(k \in \mathbb {N}_{> 0}\), otherwise it is non-terminating.
We say that \(\mathcal {N}\) has polynomial termination time if there exist \(d \in \mathbb {N}\), \(\ell \in \mathbb {R}\) such that for all k,
Further \(\mathcal {N}\) has linear termination time if Eq. (1) holds with \(d = 1\). Even more fine-grained, \(\mathcal {N}\) has \(a\)-linear termination time if Eq. (1) holds for \(\ell =a\) and \(d = 1\). Note that any net with \(a\)-linear termination time also has \((a+b)\)-linear termination time for all \(b \ge 0\). For ease of notation, we call workflow nets that have linear termination time linear workflow nets, and similarly for \(a\)-linear.
We define \(a_\mathcal {N}{:}{=}\inf \{a \in \mathbb {R}\mid \mathcal {N}\text { is } a \text { -linear}\}\). Note that in particular \(\mathcal {N}\) is \(a_\mathcal {N}\)-linear (because the inequality in Eq. (1) is not strict) and that \(a_\mathcal {N}\) is the smallest constant with this property.
Example 3
The net on the left-hand side of Fig. 2 is terminating. For example, from \(\{\textsf{i}:2\}\) all runs have length at most 3. It is easy to see that from \(\{\textsf{i}:k\}\) all runs have length at most \(\frac{3}{2}k\) (e.g. the run \((t_1t_2t_3)^{\lfloor \frac{k}{2} \rfloor }\)). The net has \(a_\mathcal {N}= \nicefrac {3}{2}\).
The net on the right-hand side is non-terminating. From \(\{\textsf{i}:2\}\), all runs of the form \(t_1t_2t_4^*\) are enabled. Note that while the net is non-terminating, all runs from \(\{\textsf{i}:1\}\) have length at most 1 (because \(t_3\) and \(t_4\) are never enabled). \(\lhd \)
Our definition of termination time is particular to workflow nets, as there it is natural to have only \(\textsf{i}\) marked initially. It differs from the original definition of termination complexity in [12]. In [12] VASS are considered instead of Petri nets, and the initial marking is arbitrary. The termination complexity is measured in the size of the encoding of \(\boldsymbol{m}\). The core difference is that in [12] it is possible to have a fixed number of tokens in some places, but arbitrarily many tokens in other places. In Sect. 3 we show an example that highlights the difference between the two notions. Our definition is a more natural fit for workflow nets, and will allow us to reason about soundness. Indeed, our particular definition of termination time allows us to obtain the coNP-completeness result of generalised soundness for linear workflow nets in Sect. 5.
3 A Dichotomy of Termination Time in Workflow Nets
Let us exhibit behaviour in Petri nets that cannot occur in workflow nets. Consider the net drawn in black in Fig. 3 and a family of initial markings \(\{\{p_1: 1, s_1: 1, b: n\} \mid n\in \mathbb {N}\}\). From the marking \(\{p_1: 1, s_1: 1, b: n\}\), all runs have finite length, yet a run has length exponential in n. From the marking \(\{p_1:k, s_1: 1, b: n\}\), the sequence \((t_1 t_2)^k t_4 (t_3)^{2k} t_5\) results in the marking \(\{p_1: 2k, s_1: 1, b:n-1\}\). Thus, following this pattern n times leads from \(\{p_1: 1, s_1: 1, b: n\}\) to \(\{p_1: 2^n, s_1: 1\}\). This behaviour crucially requires us to keep a single token in \(s_1\), while having n tokens in b.
We can transform the net into a workflow net, as demonstrated by the part of Fig. 3. However, observe that then
Note that the sequence \(t_1 t_2 t_3\) strictly increased the marking. It can thus be fired arbitrarily many times, and the workflow net is non-terminating.
It turns out that, contrary to standard Petri nets, there exist no workflow nets with exponential termination time.Footnote 2 Instead, there is a dichotomy between non-termination and linear termination time.
Theorem 1
Every workflow net \(\mathcal {N}\) is either non-terminating or linear. Moreover, \(MaxTime_\mathcal {N}(k) \le ak\) for some \(a \le \Vert \mathcal {N} \Vert ^{poly(| \mathcal {N} |)}\).
As explained in Sect. 2.3 we can assume that \(\mathcal {N}\) is nonredundant, i.e. for all \(p \in P\) there exists \(k \in \mathbb {N}\) such that \(\{\textsf{i}:k\} \xrightarrow {}^{*}\boldsymbol{m}\) with \(\boldsymbol{m}(p) > 0\). The first important ingredient is the following lemma.
Lemma 2
Let \(\mathcal {N}= (P,T,F)\) be a nonredundant workflow net. Then \(\mathcal {N}\) is non-terminating iff there exists a nonzero \(\boldsymbol{R}_{} \in \mathbb {N}^T\) such that \(\varDelta (\boldsymbol{R}_{}) \ge \boldsymbol{0}\).
Proof (sketch)
The first implication follows from the fact that if we start from a big initial marking, then it is possible to fill every place with arbitrarily many tokens. In such a configuration any short run is enabled, so if there is a run with non-negative effect then it is further possible to repeat it infinitely many times. For the other implication we reason as follows. If there is an infinite run then by Dickson’s lemma there are \(\boldsymbol{m},\boldsymbol{m}' \in \mathbb {N}^P\) such that for some k, it holds that \(\{\textsf{i}:k\}\xrightarrow {}^{\pi }\boldsymbol{m}\xrightarrow {}^{\rho }\boldsymbol{m}'\) and \(\boldsymbol{m}'\ge \boldsymbol{m}\). But then \(\varDelta (\boldsymbol{R}_{\rho })=\boldsymbol{m}'-\boldsymbol{m}\ge \boldsymbol{0}\). \(\square \)
We define ILP\(_\mathcal {N}\) with a \(| T |\) dimensional vector of variables \(\boldsymbol{x}\) as the following system of inequalities: \(\boldsymbol{x}\ge \boldsymbol{0}\) and \(\varDelta (T)\boldsymbol{x}\ge \boldsymbol{0} -\{\textsf{i}:\infty \}\).Footnote 3 The next lemma follows immediately from the definition of \(\xrightarrow {}_{\mathbb {Z}}^{}\).
Lemma 3
[Adapted from Claim 5.7 in [9]] For every \(k \in \mathbb {N}\), \(\boldsymbol{m}\in \mathbb {N}^P\), and a run \(\pi \), it holds that \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{\pi } \boldsymbol{m}\) iff \(\boldsymbol{R}_{\pi }\) is a solution to ILP\(_\mathcal {N}\) with the additional constraint \(\sum _{i = 1}^{| T |} \varDelta (t_i)(\textsf{i}) \cdot \boldsymbol{R}_{\pi }(t_i) \ge -k\).
Proof
(Sketch for Theorem 1). Because of Lemma 3 the Parikh image of every run (in \(\bigcup _{k\in \mathbb {N}}\text {Runs}_{\mathcal {N}}^k\)) is a solution \(\boldsymbol{R}_{}\in \mathbb {N}^{T}\) of \(\varDelta (T)\boldsymbol{\boldsymbol{R}_{}}\ge -\{\textsf{i}:\infty \}\). So, we consider a set of solutions of the system of inequalities \(\varDelta (T)\boldsymbol{\boldsymbol{R}_{}}\ge -\{\textsf{i}:\infty \}\). It is a linear set, so the sum of two solutions is again a solution and any solution can be written as a sum of small solutions with norm smaller than some \(c \in \mathbb {N}\). For such small solutions, the length of any corresponding run is at most \(| T | \cdot c\). Now observe that if the workflow is terminating then there is no \(\boldsymbol{R}_{}\in \mathbb {N}^T\) such that \(\varDelta (T)\boldsymbol{\boldsymbol{R}_{}}\ge \boldsymbol{0}\), because of Lemma 2. But it holds that \(\varDelta (\boldsymbol{R}_{})(\textsf{i})\le -1\) for any solution \(\boldsymbol{R}_{}\), so in particular for all small solutions. Let us take a run \(\pi \in \text {Runs}_{\mathcal {N}}^k\). We decompose \(\boldsymbol{R}_{\pi }\) as a finite sum \(\sum _i^\ell \boldsymbol{R}_{i}\) where \(\boldsymbol{R}_{i}\) are from the set of small solutions. We have \(-k\le \varDelta (\boldsymbol{R}_{i})(\textsf{i})=\sum _{i}^\ell \varDelta (\boldsymbol{R}_{i})(\textsf{i})\le \sum _{i}^\ell -1=-\ell \). Recall that the norm of small solutions is bounded by c. It follows that the length of the run \(\pi \) is bounded by \(\ell \cdot | T | \cdot c\le k\cdot | T |\cdot c\). So the workflow is \(| T | \cdot c\)-linear.
4 Refining Termination Time
Recall that \(a_{\mathcal {N}}\) is the smallest constant such that \(\mathcal {N}\) is \(a_{\mathcal {N}}\)-linear. In this section, we are interested in computing \(a_{\mathcal {N}}\). This number is interesting, as it can give insights into the shape and complexity of the net, i.e. a large \(a_{\mathcal {N}}\) implies complicated runs firing transitions several times, while a small \(a_{\mathcal {N}}\) implies some degree of choice, where not all transitions can be fired for each initial token.
The main goal of this section is to show an algorithm for computing \(a_{\mathcal {N}}\). Our algorithm handles the more general class of aggregates on workflow nets, and we can compute \(a_{\mathcal {N}}\) as such an aggregate. More formally, let \(\mathcal {N}=(P,T,F)\) be a workflow net. An aggregate is a linear map \(f : \mathbb {Q}^{T} \rightarrow \mathbb {Q}\). The aggregate of a (continuous) run is the aggregate of its Parikh image, that is \(f(\pi ) {:}{=}f(\boldsymbol{R}_{\pi })\).
Example 4
Consider the aggregate \(f_{all}(\pi ){:}{=}\sum _{t\in T}\boldsymbol{R}_{\pi }(t) = | \pi |\), which computes the number of occurrences of all transitions. Let us consider two other natural aggregates. The aggregate \(f_t(\pi ){:}{=}\boldsymbol{R}_{\pi }(t)\) computes the number of occurrences of transition t, and \(f_p(\pi ){:}{=}\sum _{t\in T}\varDelta (t)(p) \cdot \boldsymbol{R}_{\pi }(t)\) computes the number of tokens added to place p. Another use for aggregates is counting transition, but with different weights for each transition, thus simulating e.g. different costs.\(\lhd \)
Given a workflow net \(\mathcal {N}\) and an aggregate f we define
Let us justify the importance of this notion by relating it to \(a_{\mathcal {N}}\).
Proposition 1
Let \(\mathcal {N}\) be a linear workflow net. Then \(a_{\mathcal {N}}=\text {sup}_{f_{all},\mathcal {N}}\).
Proof
Recall that \(a_{\mathcal {N}}\) is the smallest number a such that \(| \pi | \le a \cdot k\) for all \(k \in \mathbb {N}_{> 0}\) and \(\pi \in \text {Runs}_{\mathcal {N}}^k\). Equivalently, \(\frac{| f_{all}(\pi ) |}{k} \le a\). Thus by definition \( \text {sup}_{f_{all},\mathcal {N}} \le a_{\mathcal {N}}\), and the inequality cannot be strict since \(a_{\mathcal {N}}\) is the smallest number with this property. \(\square \)
Theorem 2
Consider a workflow net \(\mathcal {N}\) and an aggregate f. The value \(\text {sup}_{f,\mathcal {N}}\) can be computed in polynomial time.
Corollary 1
Let \(\mathcal {N}= (P,T,F)\) be a linear workflow net. The constant \(a_{\mathcal {N}}\) can be computed in polynomial time.
In practice, we can use an LP solver to compute the constant \(a_{\mathcal {N}}\). The algorithm is based on the fact that continuous reachability for Petri nets is in polynomial time [7, 19]. We formulate a lemma that relates the values of aggregates under the continuous and standard semantics.
Lemma 4
Let \(\mathcal {N}\) be a Petri net and f be an aggregate.
-
1.
Let \(\pi \in \text {Runs}_{\mathcal {N}}^k\). Then \(\nicefrac {1}{k} \cdot \pi \in \text {CRuns}_{\mathcal {N}}^1\) and \(f(\nicefrac {1}{k}\cdot \pi )=\nicefrac {f(\pi )}{k}\).
-
2.
Let \(\pi _c \in \text {CRuns}_{\mathcal {N}}^1\). There are \(k \in \mathbb {N}\) and \(\pi \in \text {Runs}_{\mathcal {N}}^k\) with \(f(\pi _c)=\nicefrac {f(\pi )}{k}\).
Proof
Both items are simple consequences of Lemma 1 and the linearity of aggregates. Note that for (2), if \(\pi _c=\beta _1t_1 \ldots \beta _nt_n\) then it suffices to define k such that \(\beta _i \cdot k \in \mathbb {N}\) for all \(i \in \{1,\ldots ,n\}\). \(\square \)
From the above lemma we immediately conclude the following.
Corollary 2
It holds that \(\text {sup}_{f,\mathcal {N}}=sup\{f(\pi _c) \mid \pi _c \in \text {CRuns}_{\mathcal {N}}^1\}\).
Proof
(The proof of Theorem 2). We use Corollary 2 and conclude that we have to compute \(sup\{f(\pi _c) \mid \pi _c \in \text {CRuns}_{\mathcal {N}}^1\}\). Let \({{S}}=\{\boldsymbol{R}_{\pi _c} \mid \pi _c \in \text {CRuns}_{\mathcal {N}}^1\}\). As \(f(\pi )\) is defined as \(f(\boldsymbol{R}_{\pi })\) , we reformulate our problem to compute \(sup\{f(\boldsymbol{v}) \mid \boldsymbol{v} \in {{S}}\}\). Since f is a continuous function, it holds that \(sup\{f(\boldsymbol{v}) \mid \boldsymbol{v} \in {{S}}\}=sup\{f(\boldsymbol{v}) \mid \boldsymbol{v} \in \overline{{{S}}}\}\). Let us define \(\text {LP}_{\text {f}, \mathcal {N}}\) as an LP with variables \(\boldsymbol{x} {:}{=}x_1, \dots , x_{| T |}\) and constraints \(\varDelta (T)\boldsymbol{x}\ge - \{\textsf{i}:1\}\) and \(\boldsymbol{x} \ge \boldsymbol{0}\).
Claim 1
It holds that \(\boldsymbol{v}\in \overline{{{S}}}\) if and only if \(\boldsymbol{v}\) is a solution to \(\text {LP}_{\text {f}, \mathcal {N}}\).
We postpone the proof of Claim 1. Claim 1 allows us to rephrase the computation of \(sup\{f(\boldsymbol{v}) \mid \boldsymbol{v} \in \overline{{{S}}}\}\) as an \(\text {LP}_{\text {f}, \mathcal {N}}\) where we want to maximise \(f(\boldsymbol{v})\), which can be done in polynomial time. \(\square \)
What remains is the proof of Claim 1. It constitutes the remaining part of this Section. The claim is a special case of the forthcoming Lemma 8. Its formulation and proof require some preparation.
Definition 1
A workflow net is good for a set of markings \({{M}}\subseteq \mathbb {Q}_{\ge 0}^{P}\) if for every place p there are markings \(\boldsymbol{m}, \boldsymbol{m}'\) and continuous runs \(\pi \) and \(\pi '\) such that \(\boldsymbol{m}(p)>0\), \(\boldsymbol{m}'\in {{M}}\), and \(\{\textsf{i}:1\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi } \boldsymbol{m} \xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi '} \boldsymbol{m}'\).
The notion of being good for a set of markings is a refined concept of nonredundancy. The nonredundancy allow us to mark every place. But if, after marking the place, we want to continue the run and reach a marking in a specific set of markings \({{M}}\subseteq \mathbb {Q}_{\ge 0}^{P}\), then we don’t know if the given place can be marked. This motivates Definition 1.
Example 5
Let us consider a workflow net depicted on Fig. 4. It is nonredundant, as every place can be marked. But it is not good for \(\{\textsf{f}:1\}\) as there is no continuous run to the marking \(\{\textsf{f}:1\}\). In the initial marking the only enabled transition is \(t_1\) but firing \(\beta t_1\) for any \(\beta \in \mathbb {Q}_{\ge 0}\) reduce the total amount of tokens in the net. The lost tokens can not be recrated so it is not possible to reach \(\{\textsf{f}:1\}\).
The important fact is as follows:
Lemma 5
Let \({{M}}\subseteq \mathbb {Q}_{\ge 0}^{P}\) be a set of solutions of some LP. Then testing if a net is good for \({{M}}\) can be done in polynomial time.
Lemma 6
Suppose a workflow net \(\mathcal {N}\) is good for \({{M}}\subseteq \mathbb {Q}_{\ge 0}^{P}\) and \({{M}}\) is a convex set. Then there is a marking \(\boldsymbol{m_+}\) such that \(\boldsymbol{m_+}(p)>0\) for every \(p\in P\) and there are continuous runs \(\pi \), \(\pi '\), and a marking \(\boldsymbol{m_f}\in {{M}}\) such that \(\{\textsf{i}:1\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi }\boldsymbol{m_+}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi '} \boldsymbol{m_f}\).
Informally, we prove it by taking a convex combination of a \(| P |\) runs one for each \(p\in P\). The last bit needed for the proof of Lemma 8 is the following lemma, shown in [19].
Lemma 7
([19], Lemma 13). Let \(\mathcal {N}\) be a Petri net. Consider \(\boldsymbol{m_0}\), \(\boldsymbol{m} \in \mathbb {N}^P\) and \(\boldsymbol{v} \in \mathbb {Q}_{\ge 0}^{T}\) such that:
-
\(\boldsymbol{m}=\boldsymbol{m_0}+ \varDelta (\boldsymbol{v})\);
-
\(\forall p \in {^\bullet \boldsymbol{v}}:\ \boldsymbol{m_0}(p)>0\);
-
\(\forall p \in {\boldsymbol{v}^\bullet }:\ \boldsymbol{m}(p) >0\).
Then there exists a finite continuous run \(\pi \) such that \(\boldsymbol{m_0}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi }\boldsymbol{m}\) and \(\boldsymbol{R}_{\pi } = \boldsymbol{v}\).
Lemma 8
Suppose \({{M}}\) is a convex set of markings over \(\mathbb {Q}_{\ge 0}^P\) and that the workflow net is good for M. Let \({{S}}\) be the set of Parikh images of continuous runs that start in \(\{\textsf{i}:1\}\) and end in some marking \(\boldsymbol{m}' \in {{M}}\) i.e.
Then \(\boldsymbol{v}\in \overline{S}\) if and only if there is a marking \(\boldsymbol{m}\in M\) such that \(\varDelta (T)\boldsymbol{v}=\boldsymbol{m}-\{\textsf{i}:1\}\).
In one direction the proof of the lemma is trivial, in the opposite direction, intuitively, we construct a sequence of runs with Parikh images converging to \(\boldsymbol{v}\). The Lemma 6 is used to put \(\varepsilon \) in every place (for \(\varepsilon \xrightarrow {} 0\)) and Lemma 7 to show that there are runs with the Parihk image equal \(\varepsilon \boldsymbol{x} + (1-\varepsilon )\boldsymbol{v}\) for some \(\boldsymbol{x}\) witnessing Lemma 6. We are ready to prove Claim 1.
Claim 1
It holds that \(\boldsymbol{v}\in \overline{{{S}}}\) if and only if \(\boldsymbol{v}\) is a solution to \(\text {LP}_{\text {f}, \mathcal {N}}\).
Proof
Let \({{M}}\) be the set of all markings over \(\mathbb {Q}_{\ge 0}^P\), which clearly is convex. As \(\mathcal {N}\) is nonredundant we know that every place can be marked via a continuous run, and because \({{M}}\) is the set of all markings we conclude that \(\mathcal {N}\) is good for \({{M}}\) according to Definition 1. Thus \({{M}}\) satisfies the prerequisites of Lemma 8. It follows that \(\overline{{{S}}}\) is the set of solutions of a system of linear inequalities. Precisely, \(\boldsymbol{v}\in \overline{{{S}}}\) if and only if there is \(\boldsymbol{m}\in \mathbb {Q}_{\ge 0}^P\) such that \(\varDelta (T)\boldsymbol{v}\ge \boldsymbol{m}-\{\textsf{i}:1\}\) and \(\boldsymbol{v}\ge 0\), which is equivalent to \(\varDelta (T)\boldsymbol{v}\ge -\{\textsf{i}:1\}\) and \(\boldsymbol{v}\ge 0\), as required. \(\square \)
5 Soundness in Terminating Workflow Nets
The dichotomy between linear termination time and non-termination shown in Sect. 3 yields an interesting avenue for framing questions in workflow nets. We know that testing generalised soundness is PSPACE-complete, but the lower bound in [9] relies on a reset gadget which makes the net non-terminating. Indeed, it turns out that the problem is simpler for linear workflow nets.
Theorem 3
Generalised soundness is coNP-complete for linear workflow nets.
A marking \(\boldsymbol{m}\) is called a deadlock if \(\text {Runs}_{\mathcal {N}}^{\boldsymbol{m}} = \emptyset \). To help prove the coNP upper bound, let us introduce a lemma.
Lemma 9
Let \(\mathcal {N}\) be a terminating nonredundant workflow net. Then \(\mathcal {N}\) is not generalised sound iff there exist \(k \in \mathbb {N}\) and a marking \(\boldsymbol{m}\in \mathbb {N}^P\) such that \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{*}\boldsymbol{m}\), \(\boldsymbol{m}\) is a deadlock and \(\boldsymbol{m}\ne \{\textsf{f}:k\}\). Moreover, if \(\Vert \mathcal {N} \Vert \le 1\) then \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{*}\boldsymbol{m}\) can be replaced with \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Q}}^{*}\boldsymbol{m}\).
The last part of the lemma is not needed for the theoretical results, but it will speed up the implementation in Sect. 7. We can now show Theorem 3.
Proof
(of the coNP upper bound in Theorem 3). Let \(\mathcal {N}= (P,T,F)\) and denote \(T = \{t_1,\ldots , t_n\}\). By Lemma 9\(\mathcal {N}\) is not generalised sound iff there are \(k \in \mathbb {N}\) and \(\boldsymbol{m}\in \mathbb {N}^P\) such that \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{*}\boldsymbol{m}\), \(\boldsymbol{m}\) is a deadlock and \(\boldsymbol{m}\ne \{\textsf{f}:k\}\). We can reduce the property to an ILP. First, the procedure guesses \(| T |\) places \(p_1,\ldots , p_n \in P\) (one for each transition). For each transition \(t_i\), place \(p_i\) will prohibit firing \(t_i\) by not being marked with enough tokens. We create ILP\(_{\mathcal {N}, p_1, \dots , p_n}\), which is very similar to ILP\(_\mathcal {N}\) (see Sect. 3), but adds additional constraints. They state that \((\varDelta (T)\boldsymbol{x})(p_j)- {^\bullet t_j}(p_j)<0\) for every \(1\le j \le n\).
Let us show that there are \(p_1, \ldots , p_n\) such that ILP\(_{\mathcal {N}, p_1, \dots , p_n}\)has a solution iff there exist k and a deadlock \(\boldsymbol{m}\) such that \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{*}\boldsymbol{m}\). Indeed, let \(x_1,\ldots ,x_n\) be a solution of ILP\(_{\mathcal {N}, p_1, \dots , p_n}\). We denote \(k = -\sum _{i = 1}^n \varDelta (t_i)(\textsf{i}) \cdot x_i\) and \(\boldsymbol{m}= \{\textsf{i}:k\} + \sum _{i = 1}^n \varDelta (t_i) \cdot x_i\). It is clear that \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{*}\boldsymbol{m}\). The new constraints ensure that for each \(t_i \in T\) there exists \(p_i \in P\) such that \({^\bullet t_i}(p_i) >\boldsymbol{m}(p_i)\), thus \(\boldsymbol{m}\) is a deadlock.
To encode the requirement that \(\boldsymbol{m}\ne \{\textsf{f}:k\}\), note that there are three cases, either \(\boldsymbol{m}(k) \le k - 1\), \(\boldsymbol{m}(k) \ge k + 1\), or \(\boldsymbol{m}(k) = k\) but \(\boldsymbol{m}- \{\textsf{f}:k\} \ge 0\). We guess which case occurs, and add the constraint for that case to ILP\(_{\mathcal {N}, p_1, \dots , p_n}\). \(\square \)
The lower bound can be proven using a construction presented in [10, Theorem 2] to show a problem called continuous soundness on acyclic workflow nets is coNP-hard. We say that a workflow net is continuously sound iff for all \(\boldsymbol{m}\) such that \(\{\textsf{i}:1\} \xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{*}\boldsymbol{m}\), it holds that \(\boldsymbol{m}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{*}\{\textsf{f}:1\}\). The reduction can be used as is to show that generalised soundness of nets with linear termination time is coNP-hard, but the proof differs slightly. See the appendix for more details.
6 Termination Time and Concurrent Semantics
Note that in Petri nets, transitions may be fired concurrently. Thus, in a sense, our definition of termination time may overestimate the termination time.
In this section we investigate parallel executions for workflow nets. Whereas the termination time is focused on the worst case sequential execution, now we are interested in finding the best case parallel executions. Thus, we provide an optimistic lower bound on the execution time to contrast the pessimistic upper bound investigated in Sect. 3 and Sect. 4.
Definition 2
Given a Petri net \(\mathcal {N}\) let \(\pi =t_1t_2\ldots t_n \in \text {Runs}_{\mathcal {N}}^{k}\) for some \(k \in \mathbb {N}\). A block in \(\pi \) is a subsequence of \(\pi \), i.e. \(t_a,\ldots ,t_b\) for some \(1 \le a \le b \le n\). We define the parallel execution of \(\pi \) with respect to k as a decomposition of \(\pi \) into blocks \(\pi =\pi _1\pi _2\ldots \pi _{\ell }\) such that
-
1.
all transitions are pairwise different in a single block; and
-
2.
\({^\bullet \boldsymbol{R}_{\pi _i}}\le \{\textsf{i}:k\} + \sum _{j<i} \varDelta (\pi _j)\) for every \(1 \le i \le \ell \).
The execution time of a parallel execution is denoted as \(exec(\pi _1\pi _2\ldots \pi _\ell ) {:}{=}\ell \).
Example 6
We consider parallel executions of the run \(t_1t_2t_1t_2t_3t_3\) with respect to 4 initial tokens. The run can be decomposed into \((t_1t_2)(t_1t_2)(t_3)(t_3)\) but also into \((t_1)(t_2t_1)(t_2t_3)(t_3)\). Both executions have execution time 4. The parallel execution \((t_1t_2)(t_1t_2t_3)(t_3)\) has execution time 3.\(\lhd \)
We are interested in finding the parallel executions of a run that minimise the execution time. It turns out that the so-called greedy parallel execution is such a minimal parallel execution. Given \(\pi \) and k it is defined inductively on the prefix of \(\pi \). Suppose we already have some blocks \(\pi _1 \ldots \pi _{i-1}\). To construct block \(\pi _i\), we simply choose the maximal sequence of transitions immediately following the last block \(\pi _{i-1}\) that satisfies the two conditions of Definition 2. In particular the last partition in Example 6 is the greedy parallel execution.
Lemma 10
Consider a run \(\pi \) and \(k \in \mathbb {N}\). The greedy parallel execution of \(\pi \) has the smallest execution time among all parallel executions of \(\pi \) with respect to k.
Consider a workflow net \(\mathcal {N}\) with the initial marking \(\{\textsf{i}:k\}\). Let \({{S_k}} {:}{=}\{\pi \mid \{\textsf{i}:k\} \xrightarrow {}^{\pi } \{\textsf{f}:k\}\}\). We define \(MinTime_\mathcal {N}(k)\) as the minimal execution time among parallel executions of runs in \({{S_k}}\). If \({{S_k}} = \emptyset \) then \(MinTime_\mathcal {N}(k) = +\infty \).
Lemma 11
Let \(\mathcal {N}\) be a workflow net and let \(k, x \in \mathbb {N}\). Deciding whether \(MinTime_\mathcal {N}(k) \le x\) is PSPACE-hard even if we fix \(k = 1\).
As computing \(MinTime_\mathcal {N}(k)\) is computationally hard, we modify the question and ask about the asymptotic behaviour (similarly to Sect. 4). Thus, we are interested in computing \(\lim _{k\rightarrow \infty }\frac{MinTime_\mathcal {N}(k)}{k}\). The problem is well defined as the limit exists. This is interesting as \(\lim _{k\rightarrow \infty }\frac{MinTime_\mathcal {N}(k)}{k}\) corresponds to the average processing time of a single token when the workflow runs (informally speaking) on its maximal efficiency.
Theorem 4
For a given nonredundant, generalised sound workflow netFootnote 4 \(\mathcal {N}\) we can compute \(lim_{k\rightarrow \infty }\frac{MinTime_\mathcal {N}(k)}{k}\) in polynomial time.
Proof
(A sketch of the proof). The main idea relies on the continuous semantics, similarly to the proof of Theorem 2. We show that the limit is equal to the infimum over execution timesFootnote 5 of continuous runs \(\{\textsf{i}:1\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{}\{\textsf{f}:1\}\). Then we prove the following claim.
Claim 2
Let \(\boldsymbol{v}\in \mathbb {Q}_{\ge 0}^{T}\). Let \({{S_{\boldsymbol{v}}}} = \{\pi \mid \{\textsf{i}:1\}\xrightarrow {}_{\mathbb {Q}_{\ge 0}}^{\pi }\{\textsf{f}:1\} \text { and } \boldsymbol{R}_{\pi } = \boldsymbol{v}\}\). If \({{S}}\ne \emptyset \) then the infimum over optimal execution time of runs in \({{S_{\boldsymbol{v}}}}\) equals \(\Vert \boldsymbol{v} \Vert \).
Let \({{S}}\) be the set of Parikh images of continuous runs from \(\{\textsf{i}:1\}\) to \(\{\textsf{f}:1\}\). We define \(f:\overline{{{S}}}\rightarrow \mathbb {Q}_{\ge 0}\) such that \(f(\boldsymbol{v})=\Vert \boldsymbol{v} \Vert \). Thus we can reformulate the problem as computing \(inf\{f(\boldsymbol{v}) \mid \boldsymbol{v}\in {{S}}\}\). The function f is continuous, thus we can reformulate further as compute \(inf\{f(\boldsymbol{v}) \mid \boldsymbol{v}\in \overline{{{S}}}\}\). The function f is not linear on \(\overline{{{S}}}\), but it is piecewise linear. We define \(\overline{{{S_t}}}\subseteq \overline{{{S}}}\) for \(t\in T\) as follows \(\overline{{{S_t}}}=\{\boldsymbol{v} \mid \boldsymbol{v}\in \overline{{{S}}}\text { and } \boldsymbol{v}(t)\ge \boldsymbol{v}(t')\text { for all }t'\in T\}\). Observe that f is linear over \(\overline{{{S_t}}}\) for every \(t\in T\) and that \(\overline{{{S}}}=\bigcup _{t\in T}\overline{{{S_t}}}\). Thus we can rephrase our problem as computing the minimum over the set \(\{inf\{\boldsymbol{v}(t) \mid \boldsymbol{v}\in \overline{{{S_t}}}\} \mid t\in T\}\).
Thus it is sufficient to show that \(inf\{\boldsymbol{v}(t) \mid \boldsymbol{v}\in \overline{{{S_t}}}\}\) can be computed in polynomial time for any \(t\in T\). Lemma 8 allows us to characterize \(\overline{{{S}}}\) as follows: \(\boldsymbol{v}\in \overline{{{S}}}\) iff \(\varDelta (T)\boldsymbol{v}=\{\textsf{f}:1\}-\{\textsf{i}:1\}\text { and }\boldsymbol{v}\ge \boldsymbol{0}\). In consequence, \(\overline{{{S_t}}}\) can be characterized as the set of solutions of the following system of inequalities
This allows us to capture \(\{inf\{\boldsymbol{v}(t) \mid \boldsymbol{v}\in \overline{{{S_t}}}\} \mid t\in T\}\) as an LP problem which can be solved in polynomial time. \(\square \)
7 Experimental Evaluation
We have implemented prototypes of several procedures outlined in the paper, namely procedures to 1) decide termination; 2) decide soundness for terminating nets; 3) compute \(a_{\mathcal {N}}\) for terminating nets; and 4) compute \(MinTime_\mathcal {N}(1)\), \(MaxTime_\mathcal {N}(1)\), and decide 1-soundness for nets with known \(a_{\mathcal {N}}\). The idea behind all procedures is to use our results to encode the properties in LPs/ILPs. To solve these programs, we utilize the MILP solver Gurobi [24].
For 1), recall Lemma 2, which states that non-termination of a workflow net \(\mathcal {N}\) is equivalent to the existence of a Parikh image \(\boldsymbol{R}_{} \in \mathbb {N}^T\) with \(\varDelta (\boldsymbol{R}_{}) \ge \boldsymbol{0}\). We can instead search for \(\boldsymbol{R}_{} \in \mathbb {Q}^T\), as any solution could be scaled up to an integral one. Thus, we can encode this condition as an LP in a straightforward manner, and decide termination in polynomial time.Footnote 6
For 2), we essentially use ILP\(_{\mathcal {N}, p_1, \dots , p_n}\), as defined in the proof of Theorem 3. A solution to ILP\(_{\mathcal {N}, p_1, \dots , p_n}\) yields a run \(\pi \) such that there exists \(k \in \mathbb {N}\) with \(\{\textsf{i}:k\} \xrightarrow {}_{\mathbb {Z}}^{\pi } \boldsymbol{m}\), where \(\boldsymbol{m}\) is a deadlock.
We also consider continuous instead of integral variables. Then solutions relate to runs over \(\xrightarrow {}_{\mathbb {Q}}^{*}\) instead. As hinted at in the last sentence of Lemma 9, both variants yield equivalent results on nets without arc weights, i.e. \(\Vert \mathcal {N} \Vert \le 1\). However, continuous variables are generally easier to handle for MILP solvers. For brevity, by integer deadlocks we refer to the approach using integer variables, and by continuous deadlocks to the approach with continuous variables.
For 3), recall the LP given in Claim 1. We can use it to compute \(\text {sup}_{f,\mathcal {N}}\) for any aggregate \(\mathcal {N}\), so in particular we can use it to compute \(\text {sup}_{f_{all},\mathcal {N}}\), which is equal to \(a_{\mathcal {N}}\) by Equation (2). Here, it only remains to mention that Gurobi allows not only checking feasibility of systems of linear inequalities, but further allows optimizing an objective value, as required by the LP.
For 4), note that if we have the bound \(a_{\mathcal {N}}\) on the length of runs from \(\{\textsf{i}:1\}\), we can check properties by unrolling runs. The intuition is as follows. We have \(a_{\mathcal {N}} \cdot | T |\) integer variables. For step j of the run, we have variables \(x_{1, j}, x_{2, j}, \dots , x_{| T |, j}\). The variables for a step encode which transition(s) are fired in that step. We ensure that we encode a run by requiring \(\sum _{i=1}^{| T |} x_{i,j} \le 1\) for all \(j \in [1..a_{\mathcal {N}}]\). We use integer variables, so either one or no transition is fired in each step.
Alternatively, we encode a parallel execution by imposing the requirements of Definition 2 on steps. By further specifying that for all \(j \in [1..a_{\mathcal {N}}]\), it holds that \(\{\textsf{i}:1\} + \sum _{j' = 0}^{j} \sum _{i = 1}^{| T |} \varDelta (t_i) x_{i, j'} \ge \boldsymbol{0}, \) thus the marking reached so far after each step is nonnegative. To compute \(MinTime_\mathcal {N}(1)\)/\(MaxTime_\mathcal {N}(1)\), we minimise/maximise the number of blocks/steps with non-zero transition variables. For 1-soundness, we require reaching a deadlock different from \(\{\textsf{f}:1\}\).
Our prototype is implemented in C#. All experiments were run on an 8-Core Intel® Core™ i7-7700 CPU @ 3.60 GHz with Ubuntu 18.04. We limited memory to \(\sim \)8 GB. The time was limited to 60 s for checking termination and generalised soundness as well as for computing \(a_{\mathcal {N}}\). It was limited to 15 s for computing \(MinTime_\mathcal {N}(1), MaxTime_\mathcal {N}(1)\) and for checking 1-soundness.
7.1 Benchmark Suite
We use a popular benchmark suite of 1386 free-choice nets originating from models created in the IBM WebSphere Business Modeler. The instances were originally introduced in [18] and have frequently been studied since, see [13, 37, 38]. The nets use a slightly different formalisation of workflow nets that allow multiple final places, which can be transformed to standard workflow nets using a technique from [29]. This technique adds transitions, thus can increase \(a_{\mathcal {N}}\), \(MinTime_\mathcal {N}\) and \(MaxTime_\mathcal {N}\). Unfortunately, 4 instances cannot be transformed to workflow nets with this technique, so we remove them. We also apply a set of well-known reduction rules from [13] that reduce the size of instances while keeping all types of soundness intact, and remove instances that are trivially sound after reduction. These rules never increase \(a_{\mathcal {N}}\). While they in theory could increase \(MinTime_\mathcal {N}\), this does not happen on our benchmarks. Due to the nature of the reduction rules, it may not be appropriate to run them before analyzing \(MinTime_\mathcal {N}, MaxTime_\mathcal {N}(1)\) and \(a_{\mathcal {N}}\), since these numbers then give no information about the original workflow. Thus we only run experiments on the reduced instances when we check soundness and termination.
In total, we are left with 1382 unreduced and 740 non-trivial reduced instances. Statistics about the sizes of the workflow nets can be seen in the columns under Net Size in Fig. 5. The reduced nets are much smaller than the unreduced ones, even when the nets are not reduced to the trivial net.
7.2 Termination and Deadlocks
The time taken to decide termination is shown in the column labelled “Termination” in the top table of Fig. 5. The numbers of nets that are terminating and non-terminating are shown in the bottom table of Fig. 5. Among both the unreduced and reduced instances, the vast majority are terminating (about 90%). Note that the reduction rules can remove nontermination, even when they do not make the net nontrivial, thus the prevalence of terminating instances is even stronger among the reduced instances. In terms of analysis time, termination can be decided in under 25 ms for all instances, with a median of 3 ms.
The top of Fig. 5 shows the analysis times for generalised soundness. We use three algorithms. Columns “Continuous Deadlock” and “Integer Deadlock” show results for our two proposed approaches, and column “Continuous Soundness” shows the performance of a state-of-art approach [10] for deciding generalised soundness. Note that both approaches may claim an unsound workflow net to be sound, but they are precise on different classes of nets. The absence of integer deadlocks is equivalent to generalised soundness on terminating nets, see Lemma 9. Similarly, continuous soundness is equivalent to generalised soundness on free-choice nets [10].
In practice, it turns out that our approach for checking the absence of integer deadlocks is faster than the existing approach using continuous soundness on every single instance. Continuous soundness times out on 215 of the unreduced instances (not listed in the table), but neither of the approaches utilizing deadlocks times out on any instance. The performance of continuous soundness is not surprising: continuous soundness is checked by passing an \(\exists \forall \)-formula from FO(\(\mathbb {Q},<,+\)) to an SMT solver. Quantifier alternation increases the complexity of validating such formulas [23]. In comparison, our check for integer deadlocks is implemented using standard ILP techniques, and thus an existential formula.
The bottom shows how many nets are non-terminating, as well as how many are deadlocking (thus not generalised sound). Recall that integer deadlocks and continuous deadlocks are equivalent for nets without arc weights, which all of our nets are. Both types of deadlocks are fast to compute, taking less than 90ms on each instance. In practice, checking for continuous deadlocks may be useful even for nets with arc weights, since their absence also proves the absence of integer deadlocks. About \(50\%\) of the unreduced instances and roughly \(75\%\) of the reduced instances are deadlocking. Note that the reduction rules can only make sound instances trivial, which are by definition not able to reach a deadlock.
7.3 \(a_{\mathcal {N}}\), \(MinTime_\mathcal {N}(1)\) and \(MaxTime_\mathcal {N}(1)\)
The top of Fig. 6 the distribution of \(a_{\mathcal {N}}\). This number depends on the number of transitions, so is hard to put into context. We instead display \(\mathfrak {L}{:}{=}\nicefrac {a_{\mathcal {N}}}{| T |}\). Intuitively, that number is an upper bound on the average of how many times each transition can be fired per initial tokens. For example, a net with \(\mathfrak {L}= 1\) likely is linear, i.e. each transition can be fired only once per initial token, while nets with \(\mathfrak {L}>> 1\) may exhibit more complex behaviour, and nets with \(\mathfrak {L}<< 1\) may exhibit high degrees of choice, where runs only visit a part of the net. We group nets with similar \(\mathfrak {L}\) to give an idea of the distribution of the values of \(\mathfrak {L}\) across instances. Our computation of \(a_{\mathcal {N}}\) ran out of memory on 8 nets, so the figure displays only 1254 nets. Most nets have \(\mathfrak {L}\le 1\), with a significant number having in particular \(\mathfrak {L}= 1\). The maximal \(\mathfrak {L}\) is 5.83 among unreduced and 4.33 among reduced instances, while the minimal \(\mathfrak {L}\) is 0.17 and 0.11 respectively.
To display \(MinTime_\mathcal {N}(1)\) and \(MaxTime_\mathcal {N}(1)\), we also divide them by the number of transitions, as we did for \(a_{\mathcal {N}}\). We write \(\mathfrak {T}_{Min} {:}{=}\nicefrac {MinTime_\mathcal {N}(1)}{| T |}\) and \(\mathfrak {T}_{Max} {:}{=}\nicefrac {MaxTime_\mathcal {N}(1)}{| T |}\). We are mostly interested in their difference \(\mathfrak {D} {:}{=}\mathfrak {T}_{Max} - \mathfrak {T}_{Min}\). For nets with large \(\mathfrak {D}\), the difference between the pessimistic sequential and optimistic parallel execution time is large, thus they might allow a high degree of parallelism. On the contrary, if nets have very small \(\mathfrak {D}\), they have a sequential structure. We again group nets with similar \(\mathfrak {D}\), as we did for \(\mathfrak {L}\) above. The results of the analysis are shown in the middle table of Fig. 6.
As we divide by \(| T |\) in the definition of \(\mathfrak {D}\), it would be unusual for it to take on huge values, and indeed all nets have \(\mathfrak {D} < 1\). Note that even \(\mathfrak {D} = 0.5\) is significant, as it means that \(MinTime_\mathcal {N}(1)\) and \(MaxTime_\mathcal {N}(1)\) differ by half the number of transitions. The table totals only 700 nets. On 111 nets, computing \(MinTime_\mathcal {N}(1)\) times out, while on 32 nets computing \(MaxTime_\mathcal {N}(1)\) times out, and both time out on 51 nets. On the remaining 360 nets, there is no execution from \(\{\textsf{i}:1\}\) to \(\{\textsf{f}:1\}\), thus \(MinTime_\mathcal {N}(1) = \infty \).
The analysis times for computing \(a_{\mathcal {N}}\), \(MinTime_\mathcal {N}(1)\) and \(MaxTime_\mathcal {N}(1)\) are shown in the bottom table of Fig. 6. We group nets by their size \(| \mathcal {N} | = | P | + | T |\) to show how the analysis times depend on the instance size. We only list 1060 nets, as we omit those where the computation of \(MinTime_\mathcal {N}(1)\) or \(MaxTime_\mathcal {N}(1)\) timed out. One interesting observation is that for most instances, particularly small ones, \(MinTime_\mathcal {N}(1)\) is harder to compute than \(MaxTime_\mathcal {N}(1)\). However, both are very slow to compute compared to \(a_{\mathcal {N}}\), which indeed never times out on our instances. In fact, \(a_{\mathcal {N}}\) takes at most 714ms to compute for any instance. It is interesting that the time for computing \(a_{\mathcal {N}}\) does not seem to depend highly on the net size. We suspect this might be partly due to the fact that \(a_{\mathcal {N}}\) tends to be proportionally smaller for larger instances: Bucket [0, 20) has a mean \(\mathfrak {L}\) of 1.04, while the mean is 0.86 for bucket [150, 405).
7.4 1-Soundness
Lastly, we briefly comment on the time for deciding 1-soundness via unrolling for nets with known \(a_{\mathcal {N}}\). The procedure times out for 71 instances, among which \(a_{\mathcal {N}}\) has a mean of 133.88 and a maximum of 256. It takes a mean of 612.66ms and a maximum of 14431ms to decide 1-soundness in this way. Unlike in the case for generalised soundness, our procedure for 1-soundness does not seem to be able to compete with the state-of-the-art. In [18], 1-soundness is decided for many of our instances in a few milliseconds per instance, which our approach does so only for instances with small \(a_{\mathcal {N}}\) (up to about 25).
Notes
- 1.
Sometimes scaling factors are defined to be at most 1. The definitions are equivalent: Scaling larger than 1 can be done by firing the same transition multiple times.
- 2.
This is caused by the choice of the family of initial configurations. Fixing the number of initial tokens in some places can be simulated by control states in the VASS model.
- 3.
This \(\infty \) is syntactic sugar to omit the inequality for the place \(\textsf{i}\). Formally \(\varDelta (T)\) and \(\boldsymbol{x}\) should be projected to ignore \(\textsf{i}\).
- 4.
These assumptions can be relaxed to a net good for \(\{\textsf{f}:1\}\), see Definition 1.
- 5.
For a suitably defined parallel execution and execution time of continuous runs.
- 6.
This observation and the general approach comes from [30].
References
Aalst, W.M.P.: Verification of workflow nets. In: Azéma, P., Balbo, G. (eds.) ICATPN 1997. LNCS, vol. 1248, pp. 407–426. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-63139-9_48
van der Aalst, W.M.P., et al.: Soundness of workflow nets: classification, decidability, and analysis. Formal Aspects Comput. 23(3), 333–363 (2011). https://doi.org/10.1007/s00165-010-0161-4
van der Aalst, W.M.: A class of petri net for modeling and analyzing business processes. Comput. Sci. Rep. 95(26), 1–25 (1995)
van der Aalst, W.M.P., Hirnschall, A., Verbeek, H.M.W.: An alternative way to analyze workflow graphs. In: Pidduck, A.B., Ozsu, M.T., Mylopoulos, J., Woo, C.C. (eds.) CAiSE 2002. LNCS, vol. 2348, pp. 535–552. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-47961-9_37
Bérard, B., Cassez, F., Haddad, S., Lime, D., Roux, O.H.: Comparison of different semantics for time petri nets. In: Peled, D.A., Tsay, Y.-K. (eds.) ATVA 2005. LNCS, vol. 3707, pp. 293–307. Springer, Heidelberg (2005). https://doi.org/10.1007/11562948_23
Blondin, M., Finkel, A., Haase, C., Haddad, S.: Approaching the coverability problem continuously. In: Chechik, M., Raskin, J.-F. (eds.) TACAS 2016. LNCS, vol. 9636, pp. 480–496. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49674-9_28
Blondin, M., Finkel, A., Haase, C., Haddad, S.: The logical view on continuous Petri nets. ACM Trans. Comput. Logic (TOCL) 18(3), 24:1–24:28 (2017). https://doi.org/10.1145/3105908
Blondin, M., Haase, C., Offtermatt, P.: Directed reachability for infinite-state systems. In: TACAS 2021. LNCS, vol. 12652, pp. 3–23. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72013-1_1
Blondin, M., Mazowiecki, F., Offtermatt, P.: The complexity of soundness in workflow nets. In: Proceedings of the 37th Symposium on Logic in Computer Science (LICS) (2022). https://doi.org/10.1145/3531130.3533341
Blondin, M., Mazowiecki, F., Offtermatt, P.: Verifying generalised and structural soundness of workflow nets via relaxations. In: Shoham, S., Vizel, Y. (eds.) CAV. LNCS, vol. 13372, pp. 468–489. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-13188-2_23
Brázdil, T., Chatterjee, K., Kučera, A., Novotný, P., Velan, D.: Deciding fast termination for probabilistic VASS with nondeterminism. In: Chen, Y.-F., Cheng, C.-H., Esparza, J. (eds.) ATVA 2019. LNCS, vol. 11781, pp. 462–478. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-31784-3_27
Brázdil, T., Chatterjee, K., Kucera, A., Novotný, P., Velan, D., Zuleger, F.: Efficient algorithms for asymptotic bounds on termination time in VASS. In: Dawar, A., Grädel, E. (eds.) Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2018, Oxford, UK, 09–12 July 2018, pp. 185–194. ACM (2018). https://doi.org/10.1145/3209108.3209191
Bride, H., Kouchnarenko, O., Peureux, F.: Reduction of workflow nets for generalised soundness verification. In: Bouajjani, A., Monniaux, D. (eds.) VMCAI 2017. LNCS, vol. 10145, pp. 91–111. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52234-0_6
Czerwinski, W., Orlikowski, L.: Reachability in vector addition systems is Ackermann-complete. In: Proceedings 62nd Annual IEEE Symposium on Foundations of Computer Science (FOCS) (2021)
Desel, J., Esparza, J.: Free Choice Petri Nets. Cambridge University Press (1995). https://doi.org/10.1017/CBO9780511526558
Dixon, A., Lazić, R.: KReach: a tool for reachability in Petri nets. In: TACAS 2020. LNCS, vol. 12078, pp. 405–412. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45190-5_22
van Dongen, B.F., de Medeiros, A.K.A., Verbeek, H.M.W., Weijters, A.J.M.M., van der Aalst, W.M.P.: The ProM framework: a new era in process mining tool support. In: Ciardo, G., Darondeau, P. (eds.) ICATPN 2005. LNCS, vol. 3536, pp. 444–454. Springer, Heidelberg (2005). https://doi.org/10.1007/11494744_25
Fahland, D., et al.: Instantaneous soundness checking of industrial business process models. In: Dayal, U., Eder, J., Koehler, J., Reijers, H.A. (eds.) BPM 2009. LNCS, vol. 5701, pp. 278–293. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03848-8_19
Fraca, E., Haddad, S.: Complexity analysis of continuous Petri nets. Fundamenta Informaticae 137(1), 1–28 (2015). https://doi.org/10.3233/FI-2015-1168
Freytag, T., Allgaier, P., Burattin, A., Danek-Bulius, A.: WoPeD-a “proof-of-concept” platform for experimental BPM research projects. In: 15th International Conference on Business Process Management (BPM 2017) (2017)
Geffroy, T., Leroux, J., Sutre, G.: Occam’s razor applied to the Petri net coverability problem. Theor. Comput. Sci. 750, 38–52 (2018). https://doi.org/10.1016/j.tcs.2018.04.014
German, S.M., Sistla, A.P.: Reasoning about systems with many processes. J. ACM 39(3), 675–735 (1992). https://doi.org/10.1145/146637.146681
Grigoriev, D.: Complexity of deciding Tarski algebra. J. Symb. Comput. 5(1/2), 65–108 (1988). https://doi.org/10.1016/S0747-7171(88)80006-3
Gurobi Optimization, LLC: Gurobi optimizer reference manual (2023). https://www.gurobi.com
van Hee, K., Oanea, O., Sidorova, N., Voorhoeve, M.: Verifying generalized soundness of workflow nets. In: Virbitskaite, I., Voronkov, A. (eds.) PSI 2006. LNCS, vol. 4378, pp. 235–247. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70881-0_21
van Hee, K., Sidorova, N., Voorhoeve, M.: Soundness and separability of workflow nets in the stepwise refinement approach. In: van der Aalst, W.M.P., Best, E. (eds.) ICATPN 2003. LNCS, vol. 2679, pp. 337–356. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44919-1_22
van Hee, K., Sidorova, N., Voorhoeve, M.: Generalised soundness of workflow nets is decidable. In: Cortadella, J., Reisig, W. (eds.) ICATPN 2004. LNCS, vol. 3099, pp. 197–215. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27793-4_12
Hopcroft, J., Pansiot, J.J.: On the reachability problem for 5-dimensional vector addition systems. Theoret. Comput. Sci. 8(2), 135–159 (1979)
Kiepuszewski, B., ter Hofstede, A.H.M., van der Aalst, W.M.P.: Fundamentals of control flow in workflows. Acta Informatica 39(3), 143–209 (2003). https://doi.org/10.1007/s00236-002-0105-4
Kosaraju, S.R., Sullivan, G.F.: Detecting cycles in dynamic graphs in polynomial time (preliminary version). In: Simon, J. (ed.) Proceedings of the 20th annual ACM symposium on theory of computing, 2–4 May 1988, Chicago, Illinois, USA, pp. 398–406. ACM (1988). https://doi.org/10.1145/62212.62251
Kucera, A., Leroux, J., Velan, D.: Efficient analysis of VASS termination complexity. In: Hermanns, H., Zhang, L., Kobayashi, N., Miller, D. (eds.) LICS 2020: 35th Annual ACM/IEEE Symposium on Logic in Computer Science, Saarbrücken, Germany, 8–11 July 2020, pp. 676–688. ACM (2020). https://doi.org/10.1145/3373718.3394751
Leroux, J.: Polynomial vector addition systems with states. In: Chatzigiannakis, I., Kaklamanis, C., Marx, D., Sannella, D. (eds.) 45th International Colloquium on Automata, Languages, and Programming, ICALP 2018, 9-13 July 2018, Prague, Czech Republic. LIPIcs, vol. 107, pp. 134:1–134:13. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2018). https://doi.org/10.4230/LIPIcs.ICALP.2018.134
Leroux, J.: The reachability problem for Petri nets is not primitive recursive. In: Proceedings 62nd Annual IEEE Symposium on Foundations of Computer Science (FOCS) (2021)
Leroux, J., Schmitz, S.: Reachability in vector addition systems is primitive-recursive in fixed dimension. In: Proceedings 34th Symposium on Logic in Computer Science (LICS) (2019). https://doi.org/10.1109/LICS.2019.8785796
Leroux, J., Schnoebelen, P.: On functions weakly computable by petri nets and vector addition systems. In: Ouaknine, J., Potapov, I., Worrell, J. (eds.) RP 2014. LNCS, vol. 8762, pp. 190–202. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11439-2_15
Lipton, R.: The reachability problem requires exponential space. Department of Computer Science, Yale University, vol. 62 (1976)
Meyer, P.J., Esparza, J., Offtermatt, P.: Computing the expected execution time of probabilistic workflow nets. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019. LNCS, vol. 11428, pp. 154–171. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17465-1_9
Meyer, P.J., Esparza, J., Völzer, H.: Computing the concurrency threshold of sound free-choice workflow nets. In: Beyer, D., Huisman, M. (eds.) TACAS 2018. LNCS, vol. 10806, pp. 3–19. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89963-3_1
Murata, T.: Petri nets: properties, analysis and applications. Proc. IEEE 77(4), 541–580 (1989). https://doi.org/10.1109/5.24143
Praveen, M., Lodaya, K.: Analyzing reachability for some petri nets with fast growing markings. Electron. Notes Theor. Comput. Sci. 223, 215–237 (2008). https://doi.org/10.1016/j.entcs.2008.12.041
Rackoff, C.: The covering and boundedness problems for vector addition systems. Theor. Comput. Sci. 6, 223–231 (1978). https://doi.org/10.1016/0304-3975(78)90036-1
Schmitz, S.: The complexity of reachability in vector addition systems. ACM SIGLOG News 3(1), 4–21 (2016). https://doi.org/10.1145/2893582.2893585
Valk, R., Vidal-Naquet, G.: Petri nets and regular languages. J. Comput. Syst. Sci. 23(3), 299–325 (1981). https://doi.org/10.1016/0022-0000(81)90067-2
Verbeek, E., van der Aalst, W.M.P.: Woflan 2.0 a petri-net-based workflow diagnosis tool. In: Nielsen, M., Simpson, D. (eds.) ICATPN 2000. LNCS, vol. 1825, pp. 475–484. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44988-4_28
Wolf, K.: Petri net model checking with LoLA 2. In: Khomenko, V., Roux, O.H. (eds.) PETRI NETS 2018. LNCS, vol. 10877, pp. 351–362. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91268-4_18
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this paper
Cite this paper
Hofman, P., Mazowiecki, F., Offtermatt, P. (2023). Fast Termination and Workflow Nets. In: Enea, C., Lal, A. (eds) Computer Aided Verification. CAV 2023. Lecture Notes in Computer Science, vol 13964. Springer, Cham. https://doi.org/10.1007/978-3-031-37706-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-37706-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37705-1
Online ISBN: 978-3-031-37706-8
eBook Packages: Computer ScienceComputer Science (R0)