Replication, refinement & reachability: complexity in dynamic condition-response graphs

Abstract

We explore the complexity of reachability and run-time refinement under safety and liveness constraints in event-based process models. Our study is framed in the DCR\(^\star \) process language, which supports modular specification through a compositional operational semantics. DCR\(^\star \) encompasses the “Dynamic Condition Response (DCR) graphs” declarative process model for analysis, execution and safe run-time refinement of process-aware information systems; including replication of sub-processes. We prove that event-reachability and refinement are np-hard for DCR\(^\star \) processes without replication, and that these finite state processes recognise exactly the languages that are the union of a regular and an \(\omega \)-regular language. Moreover, we prove that event-reachability and refinement are undecidable in general for DCR\(^\star \) processes with replication and local events, and we provide a tractable approximation for refinement. A prototype implementation of the DCR\(^\star \) language is available at http://dcr.tools/acta16.

Appendix: Proof of Proposition 6

We recap the original graph-based formalisation of DCR graph [10, 15, 17, 31, 41].

Definition 44

(DCR graph) A DCR graph is a tuple \((\mathsf {E}, \mathsf {R}, \mathsf {M})\) where

• \(\mathsf {E}\) is a finite set of (labelled) events, the nodes of the graph.

• \(\mathsf {R}\) is the edges of the graph. Edges are partitioned into four kinds, named and drawn as follows: the conditions \((\mathrel {\rightarrow \bullet })\), responses \((\mathrel {\bullet \rightarrow })\), inclusions \((\mathrel {\rightarrow +})\), and exclusions \((\mathrel {\rightarrow \%})\).

• \(\mathsf {M}\) is the marking of the graph. This is a triple \((\mathsf {Ex},\mathsf {Re},\mathsf {In})\) of sets of events, respectively the previously executed \((\mathsf {Ex})\), the currently pending \((\mathsf {Re})\), and the currently included \((\mathsf {In})\) events.

When G is a DCR graph, we write, e.g., \(\mathsf {E}(G)\) for the set of events of G, \(\mathsf {Ex}(G)\) for the executed events in the marking of G, etc. We write \(\mathord {(\mathrel {\rightarrow \bullet }e)}\) for the set \(\{e^{\prime }\in \mathsf {E}\mid e^{\prime }\mathrel {\rightarrow \bullet }e\}\), write \(\mathord {(e\mathrel {\bullet \rightarrow })}\) for the set \(\{e^{\prime }\in \mathsf {E}\mid e \mathrel {\bullet \rightarrow }e^{\prime }\}\) and similarly for \(\mathord {(e\mathrel {\rightarrow +})}\) and \(\mathord {(e\mathrel {\rightarrow \%})}\).

Definition 45

(Enabled events) Let \(G=(\mathsf {E}, \mathsf {R}, \mathsf {M})\) be a DCR graph, with marking \(\mathsf {M}= (\mathsf {Ex},\mathsf {Re},\mathsf {In})\). An event \(e \in \mathsf {E}\) is enabled, written \(e\in {\mathsf {enabled}(G)}\), iff (a) \(e \in \mathsf {In}{}\) and (b) \(\mathsf {In}{}\cap \mathord {(\mathrel {\rightarrow \bullet }e)} \subseteq \mathsf {Ex}\).

Definition 46

(Execution) Let \(G=(\mathsf {E}, \mathsf {R}, \mathsf {M})\) be a DCR graph with marking \(\mathsf {M}=(\mathsf {Ex},\mathsf {Re},\mathsf {In})\). Suppose \(e\in {\mathsf {enabled}(G)}\). We may execute e obtaining the resulting DCR graph \((\mathsf {E}, \mathsf {R}, \mathsf {M}^{\prime })\) with \(\mathsf {M}^{\prime } =(\mathsf {Ex}^{\prime },\mathsf {Re}^{\prime },\mathsf {In}^{\prime })\) defined as follows.

1. 1.

   \(\mathsf {Ex}^{\prime } = \mathsf {Ex}\cup \{e\}\)

2. 2.

   \(\mathsf {Re}^{\prime } = (\mathsf {Re}\backslash \{e\}) \cup \mathord {(e\mathrel {\bullet \rightarrow })}\)

3. 3.

   \(\mathsf {In}^{\prime } = (\mathsf {In}\backslash \mathord {(e\mathrel {\rightarrow \%})}) \cup \mathord {(e\mathrel {\rightarrow +})}\)

Definition 47

(Transitions) Let G be a DCR graph. If \(e\in {\mathsf {enabled}(G)}\) and executing e in G yields H, we say that G has transition on e to H and write \({G}\xrightarrow {e}{H}\). A run of G is a (finite or infinite) sequence of DCR graphs \(G_i\) and events \(e_i\) such that: \(G = {G_0}\xrightarrow {e_0}{{G_1}\xrightarrow {e_1}{\ldots }}\). A trace of G is a sequence of labels of events \(e_i\) associated with a run of G. We write \(\mathop {\mathsf {runs}}(G)\) and \(\mathop {\mathsf {traces}}(G)\) for the set of runs and traces of G, respectively

Definition 48

(Acceptance) A run \({G_0}\xrightarrow {e_0}{{G_1}\xrightarrow {e_1}{\ldots }} \) is accepting iff for all n with \(e \in \mathsf {In}(G_n)\cap \mathsf {Re}(G_n)\) there exists \(m\ge n\) s.t. either \(e_m = e\), or \(e\not \in \mathsf {In}(G_{m})\). A trace is accepting iff it has an underlying run which is.

Definition 49

(Language) The language of a DCR graph G is the set of its accepting traces. We write \(\mathop {\mathsf {lang}}({G})\) for the language of G.

This concludes our recap of DCR graphs (as opposed to DCR processes). Now, the proof.

Definition 50

Let T, U be terms. Define \(T\cong U\) by taking for \(\mathcal R\) ranging over the four relations

$$\begin{aligned} { e\, \mathcal{R} \,f }\, \parallel e \,\mathcal{R} \,f \cong e \,\mathcal{R}\, f \end{aligned}$$

(8)

and closing under monoid laws for \(- \parallel -\) and \(0\).

Lemma 51

If \(T\cong U\) then \({T}\xrightarrow {e}{T^{\prime }}\) and \({U}\xrightarrow {e}{U^{\prime }}\) implies \(T^{\prime }\cong U^{\prime }\).

Proof

It is straightforward to verify that the monoid laws and the idempotency rule (8) defining \(\cong \) preserves transition in the above sense; the desiderata follows.

Definition 52

Observe that by the monoid laws, every term T can be read as a multi-set of relations; by the idempotency rule (8), it can be read as a set of relations. Write \(\bar{T}\) for this set. For a process \(P=[{M}]\;{T}\), take \(\bar{P} = [{M}]\;{\bar{T}}\).

Definition 53

Let \(P=[{M}]\;{T}\) be a process and \(G=(\mathsf {E}, \mathsf {R}, \mathsf {M})\) a graph. Define \(P\approx G\) iff

1. 1.

   \(\mathsf {E}= \mathsf {dom}(M)\)

2. 2.

   for all \(e\in \mathsf {E}\) we have \(M(e)=(h,i,r) \) iff \(h=(e\in \mathsf {Ex})\) and \(i=(e\in \mathsf {In})\) and \(r=(e\in \mathsf {Re})\).

3. 3.

   \(\bar{T} = \mathsf {R}\).

Lemma 54

Let P be a process and G a graph s.t. \(P \approx G\). For all e, if \({P}\xrightarrow {e}{P^{\prime }}\) then for some \(G^{\prime }\) we have \({G}\xrightarrow {e}{G^{\prime }}\) with \(P^{\prime }\approx G^{\prime }\); and vice versa.

Proof

By Lemma 51 it is sufficient to prove this result for \(\bar{P}\). Assume \(\bar{P} =[{M}]\;{\bar{T}}\) and \(G=(\mathsf {E}, \mathsf {R}, \mathsf {M})\). We proceed by induction on the number of relations k in \(\bar{T}=\mathsf {R}\).

For \(k=0\), clearly \(P^{\prime }=[{{e}\cdot {M}}]\;{T}\) and \(G^{\prime }= (\mathsf {Ex}\cup \{e\},\mathsf {In},\mathsf {Re})\); the result follows.

For \(k=1\), straightforward verification by cases on the single relation.

For \(k>1\), we must have \(T=\bar{T}_1 \parallel \bar{T}_2\) and \(\mathsf {R}=\bar{T_1}\cup \bar{T_2}\) such that the number of relations in \(\bar{T}_j\) are both smaller than k. Define \(G_j= (\mathsf {E}, \bar{T_j},\mathsf {M})\). Note that if \({P}\xrightarrow {e}{P'}\) then we must have

$$\begin{aligned} \frac{ {[{M}]\;{\bar{T}_1}}\xrightarrow {e:\delta _1}{\bar{T}_1} \qquad {[{M}]\;{\bar{T}_2}}\xrightarrow {e:\delta _2}{\bar{T}_2} }{ {[{M}]\;{\bar{T}_1 \parallel \bar{T}_2}}\xrightarrow {e : \delta _1 \oplus \delta _2}{\bar{T}_1 \parallel \bar{T}_2} } \end{aligned}$$

(9)

In this case we have by induction that \(G_j={(\mathsf {E}, \bar{T_j},\mathsf {M})}\xrightarrow {e}{(}{\mathsf {E}, \bar{T_j},\mathsf {M}^{\prime }_j}) = G_j^{\prime }\) for \(j\in \{1,2\}\).

We show first that e is enabled in P iff it is in Q. Suppose e is enabled in P. By (9), e is then enabled in \([{M}]\;{T_1}\) and \([{M}]\;{T_2}\). By induction, it is then enabled in \(G_1,G_2\), and by calculation on Definition 45 it is also enabled in G. Now suppose instead e is enabled in G. By Definition 45, e is also enabled in \(G_1,G_2\). By induction, e is enabled in \([{M}]\;{\bar{T}_1}\) and \([{M}]\;{\bar{T}_2}\). It follows by the [par]-rule that e is enabled in P.

Now suppose we have transitions \({P}\xrightarrow {e}{P^{\prime }}\) and \({G}\xrightarrow {e}{G'}\). As noted we must have (9); by [effect] we have transitions

$$\begin{aligned} {[{M}]\;{\bar{T}_1}}\xrightarrow {e}{[{{e:\delta }\cdot {M}}]\;{\bar{T}_1}} \quad \text {and} \quad {[{M}]\;{\bar{T}_2}}\xrightarrow {e}{[{{e:\delta }\cdot {M}}]\;{\bar{T}_2}} \end{aligned}$$

(10)

By induction we must have transitions

$$\begin{aligned} {G_1}\xrightarrow {e}{G_1^{\prime }} \quad \text {and}\quad {G_2}\xrightarrow {e}{G_2^{\prime }} \end{aligned}$$

(11)

We prove that \(P^{\prime }\approx G^{\prime }\). Items (1) and (3) of Definition 53 are immediate, so it is sufficient to show Item (2). Let \(M_h(x) = h\) when \(M(x) = (h,i,r)\); similarly for i, r. It is straightforward to verify using (10) and (11) that each of the following leads to a contradiction:

1. 1.

   \(M_h(f)\not =(f\in \mathsf {Ex}^{\prime })\), or

2. 2.

   \(M_i(f)\not =(f\in \mathsf {In}^{\prime })\), or

3. 3.

   \(M_r(f)\not =(f\in \mathsf {Re}^{\prime })\).

Theorem 55

The relation \(\approx \) is a bisimulation.

Proof

Immediate from Lemma 54.

Corollary 56

Let P be a process and G a graph. Then \(P\approx G\) implies \(\mathop {\mathsf {lang}}({P}) = \mathop {\mathsf {lang}}({G})\).

Proof

Using Lemma 54, it is clear that a run of P gives rise to a run of G and vice versa. It is sufficient to show that such a runs is accepting for P iff it is for G; this is immediate by inspection of Definitions 2 and 48.

Proof of Proposition 6

Immediate from Theorem 55 and Corollary 56.