Enhancing workflow-nets with data for trace completion
Riccardo De Masellis, Chiara Di Francescomarino, Chiara Ghidini, Sergio Tessaris
EEnhancing workflow-nets with data for trace completion
Riccardo De Masellis , Chiara Di Francescomarino ,Chiara Ghidini , and Sergio Tessaris FBK-IRST, Italy {r.demasellis,dfmchiara,ghidini}@fbk.eu Free University of Bozen-Bolzano, Italy [email protected]
Abstract.
The growing adoption of IT-systems for modeling and executing (busi-ness) processes or services has thrust the scientific investigation towards tech-niques and tools which support more complex forms of process analysis. Manyof them, such as conformance checking, process alignment, mining and enhance-ment, rely on complete observation of past (tracked and logged) executions. Inmany real cases, however, the lack of human or IT-support on all the steps of pro-cess execution, as well as information hiding and abstraction of model and data,result in incomplete log information of both data and activities. This paper tacklesthe issue of automatically repairing traces with missing information by notablyconsidering not only activities but also data manipulated by them. Our techniquerecasts such a problem in a reachability problem and provides an encoding inan action language which allows to virtually use any state-of-the-art planning toreturn solutions.
The use of IT systems for supporting business activities has brought to a large diffusion of process mining techniques and tools that offer business analysts the possibility to observethe current process execution, identify deviations from the model, perform individual andaggregated analysis on current and past executions. event log modeldiscovery diagnosticsconformance checking new modelenhancement(a) event logmodel(b) event logmodel(c)
Fig. 1: The three types of process mining.According to the process mining mani-festo, all these techniques and tools can begrouped in three basic types: process dis-covery, conformance checking and pro-cess enhancement (see Figure 1), and re-quire in input an event log and, for con-formance checking and enhancement, a (process) model . A log, usually describedin the IEEE standard XES format , is aset of execution traces (or cases) each ofwhich is an ordered sequence of events carrying a payload as a set of attribute-valuepairs. Process models instead provide a description of the scenario at hand and can beconstructed using one of the available Business Process Modeling Languages, such asBPMN, YAWL and Declare. a r X i v : . [ c s . A I] J un vent logs are therefore a crucial ingredient to the accomplishment of processmining. Unfortunately, a number of difficulties may hamper the availability of event logs.Among these are partial event logs, where the execution traces may bring only partialinformation in terms of which process activities have been executed and what data orartefacts they produced. Thus repairing incomplete execution traces by reconstructingthe missing entries becomes an important task to enable process mining in full, asnoted in recent works such as [17,8]. While these works deserve a praise for havingmotivated the importance of trace repair and having provided some basic techniques forreconstructing missing entries using the knowledge captured in process models, theyall focus on event logs (and process models) of limited expressiveness. In fact, theyall provide techniques for the reconstruction of control flows, thus completely ignoringthe data flow component. This is a serious limitation, given the growing practical andtheoretical efforts to extend business process languages with the capability to modelcomplex data objects, along with the traditional control flow perspective [6].In this paper we show how to exploit state-of-the-art planning techniques to dealwith the repair of data-aware event logs in the presence of imperative process models.Specifically we will focus on the well established Workflow Nets [20], a particularclass of Petri nets that provides the formal foundations of several process models, ofthe YAWL language and have become one of the standard ways to model and analyzeworkflows. In particular we provide:1. a modeling language DAW-net, an extension of the workflow nets with data for-malism introduced in [18] so to be able to deal with even more expressive data(Section 3);2. a recast of data aware trace repair as a reachability problem in DAW-net (Section C);3. a sound and complete encoding of reachability in DAW-net in a planning problemso to be able to deal with trace repair using planning (Section 5).The solution of the problem are all and only the repairs of the partial trace compliantwith the DAW-net model. The advantage of using automated planning techniques is thatwe can exploit the underlying logic language to ensure that generated plans conformto the observed traces without resorting to ad hoc algorithms for the specific repairproblem. The theoretical investigation presented in this work provides an important stepforward towards the exploitation of mature planning techniques for the trace repair w.r.t.data-aware processes. Petri Nets (PN) is a modeling language for the description of distributed systems thathas widely been applied to the description and analysis of business processes [1].Theclassical PN is a directed bipartite graph with two node types, called places and transi-tions , connected via directed arcs. Connections between two nodes of the same type arenot allowed.
Definition 1 (Petri Net). A Petri Net is a triple (cid:104)
P, T, F (cid:105) where P is a set of places ; T is a set of transitions ; F ⊆ ( P × T ) ∪ ( T × P ) is the flow relation describing the arcsbetween places and transitions (and between transitions and places). he preset of a transition t is the set of its input places: • t = { p ∈ P | ( p, t ) ∈ F } . The postset of t is the set of its output places: t • = { p ∈ P | ( t, p ) ∈ F } . Definitions of pre-and postsets of places are analogous. p p p t Fig. 2: A Petri Net.Places in a PN may contain a discrete number ofmarks called tokens. Any distribution of tokens overthe places, formally represented by a total mapping M : P (cid:55)→ N , represents a configuration of the net called a marking . PNs come with a graphical notation whereplaces are represented by means of circles, transitionsby means of rectangles and tokens by means of fulldots within places. Figure 2 depicts a PN with a marking M ( p ) = 2 , M ( p ) = 0 , M ( p ) = 1 . The preset and postset of t are { p , p } and { p } , respectively. start T1:askapplicationdocuments p T2:sendstudentapplicationT3:sendworkerapplication p p T4:fillstudentrequestT5:fillworkerrequest p T6:local creditofficer approvalT7:senior creditofficer approvalT8:bank creditcommitteeapproval p T9 p p T10:sendapproval tocustomerT11:storeapprovalin branch p p T12:issueloan end loanType=sloanType=w request ≤ k request ≥ k else Fig. 3: A process as a Petri Net.Process tasks are modeled in PNs as transitions while arcs and places constraint theirordering. For instance, the process in Figure 3 exemplifies how PNs can be used tomodel parallel and mutually exclusive choices, typical of business processes: sequences T2;T4 - T3;T5 and transitions
T6-T7-T8 are indeed placed on mutually exclusive paths.Transitions
T10 and
T11 are instead placed on parallel paths. Finally, T9 is needed toprevent connections between nodes of the same type.The expressivity of PNs exceeds, in the general case, what is needed to modelbusiness processes, which typically have a well-defined starting point and a well-definedending point. This imposes syntactic restrictions on PNs, that result in the followingdefinition of a workflow net (WF-net) [1]. Definition 2 (WF-net).
A PN (cid:104)
P, T, F (cid:105) is a WF-net if it has a single source place start ,a single sink place end , and every place and every transition is on a path from startto end, i.e., for all n ∈ P ∪ T , ( start, n ) ∈ F ∗ and ( n, end ) ∈ F ∗ , where F ∗ is thereflexive transitive closure of F . A marking in a WF-net represents the workflow state of a single case. The semanticsof a PN/WF-net, and in particular the notion of valid firing , defines how transitions routetokens through the net so that they correspond to a process execution.
Definition 3 (Valid Firing).
A firing of a transition t ∈ T from M to M (cid:48) is valid , insymbols M t → M (cid:48) , iff For the sake of simplicity we only focus here on the, so-called, happy path, that is the successfulgranting of the loan. . t is enabled in M , i.e., { p ∈ P | M ( p ) > } ⊇ • t ; and2. the marking M (cid:48) is such that for every p ∈ P : M (cid:48) ( p ) = M ( p ) − if p ∈ • t \ t • M ( p ) + 1 if p ∈ t • \ • tM ( p ) otherwise Condition 1. states that a transition is enabled if all its input places contain at least onetoken; 2. states that when t fires it consumes one token from each of its input places andproduces one token in each of its output places.A case of a WF-Net is a sequence of valid firings M t → M , M t → M , . . . , M k − t k → M k where M is the marking indicating that there is a single token in start . Definition 4 ( k -safeness). A marking of a PN is k -safe if the number of tokens in allplaces is at most k . A PN is k -safe if the initial marking is k -safe and the marking of allcases is k -safe. From now on we concentrate on -safe nets, which generalize the class of structuredworkflows and are the basis for best practices in process modeling [11]. We also usesafeness as a synonym of 1-safeness. It is important to notice that our approach can beseamlessly generalized to other classes of PNs, as long as it is guaranteed that they are k -safe. This reflects the fact that the process control-flow is well-defined (see [10]). Reachability on Petri Nets . The behavior of a PN can be described as a transitionsystem where states are markings and directed edges represent firings. Intuitively, thereis an edge from M i to M i +1 labeled by t i if M i t → M i +1 is a valid firing. Given a“goal” marking M g , the reachability problem amounts to check if there is a path from theinitial marking M to M g . Reachability on PNs (WF-nets) is of enormous importancein process verification as it allows for checking natural behavioral properties, such assatisfiability and soundness in a natural manner [2]. One of the goals of process mining is to capture the as-is processes as accurately aspossible: this is done by examining event logs that can be then exploited to performthe tasks in Figure 1. In many cases, however, event logs are subject to data qualityproblems, resulting in incorrect or missing events in the log. In this paper we focuson the latter issue addressing the problem of repairing execution traces that containmissing entries (hereafter shortened in trace repair).The need for trace repair is motivated in depth in [17], where missing entities aredescribed as a frequent cause of low data quality in event logs, especially when thedefinition of the business processes integrates activities that are not supported by ITsystems due either to their nature (e.g. they consist of human interactions) or to the highlevel of abstraction of the description, detached from the implementation. A furthercause of missing events are special activities (such as transition T9 in Figure 3) thatare introduced in the model to guarantee properties concerning e.g., the structure of theworkflow or syntactic constraints, but are never executed in practice.he starting point of trace repair are execution traces and the knowledge captured in process models . Consider for instance the model in Figure 3 and the (partial) executiontrace {T3, T7}. By aligning the trace to the model using a replay-based approach or aplanning based approach, the techniques presented in [17] and [8] are able to exploit theevents stored in the trace and the control flow specified in the model to reconstruct twopossible repairs: { T , T , T , T , T , T , T , T }{ T , T , T , T , T , T , T , T } Consider now a different scenario in which the partial trace reduces to { T }. In thiscase, by using the control flow in Figure 3 we are not able to reconstruct whether theloan is a student loan or a worker loan. This increases the number of possible repairs andtherefore lowers the usefulness of trace repair. Assume nonetheless that the event logconforms to the XES standard and stores some observed data attached to T (enclosedin square brackets): { T request = , loan = ] } If the process model is able to specify how transitions can read and write variables,and furthermore some constraints on how they do it, the scenario changes completely.Indeed, assume that transition T4 is empowered with the ability to write the variable request with a value smaller or equal than (being this the maximum amount of astudent loan). Using this fact, and the fact that the request examined by T7 is greater than , we can understand that the execution trace has chosen the path of the worker loan.Moreover, if the model specifies that variable loanType is written during the execution of T1 , when the applicant chooses the type of loan she is interested to, we are able to inferthat T1 sets variable loanType to w . This example, besides illustrating the idea of tracerepair, also motivates why data are important to accomplish this task, and therefore whyextending repair techniques beyond the mere control flow is a significant contributionto address data quality problems in event logs. K The main elements of action languages are fluents and actions . The former represent thestate of the system which may change by means of actions. Causation statements describethe possible evolution of the states, and preconditions associated to actions describewhich action can be executed according to the current state. A planning problem in K [9]is specified using a Datalog-like language where fluents and actions are represented byliterals (not necessarily ground). The specification includes the list of fluents, actions,initial state and goal conditions; also a set of statements specifies the dynamics ofthe planning domain using causation rules and executability conditions. The semanticsof K borrows heavily from Answer Set Programming (ASP) paradigm. In fact, thesystem enables the reasoning with partial knowledge and provides both weak and strongnegation.A causation rule is a statement of the form caused f if b , . . . , b k , not b k +1 , . . . , not b (cid:96) after a , . . . , a m , not a m +1 , . . . , not a n . he rule states that f is true in the new state reached by executing (simultaneously)some actions, provided that a , . . . , a m are known to hold while a m +1 , . . . , a n are notknown to hold in the previous state (some of the a j might be actions executed on it),and b , . . . , b k are known to hold while b k +1 , . . . , b (cid:96) are not known to hold in the newstate. Rules without the after part are called static .An executability condition is a statement of the form executable a if b , . . . , b k , not b k +1 , . . . , not b (cid:96) . Informally, such a condition says that the action a is eligible for execution in a state, if b , . . . , b k are known to hold while b k +1 , . . . , b (cid:96) are not known to hold in that state.Terms in both kind of statements could include variables (starting with capital letter)and the statements must be safe in the usual Datalog meaning w.r.t. the first fluent oraction of the statements.A planning domain PD is a tuple (cid:104) D, R (cid:105) where D is a finite set of action andfluent declarations and R a finite set of rules, initial state constraints, and executabilityconditions.The semantics of the language is provided in terms of a transition system wherethe states are ASP models (sets of atoms) and actions transform the state accordingto the rules. A state transition is a tuple t = (cid:104) s, A, s (cid:48) (cid:105) where s, s (cid:48) are states and A is a set of action instances. The transition is said to be legal if the actions areexecutable in the first state and both states are the minimal ones that satisfy all causationrules. Semantics of plans including default negation is defined by means of a Gelfond-Lifschitz type reduction to a positive planning domain. A sequence of state transitions (cid:104) s , A , s (cid:105) , . . . , (cid:104) s n − , A n , s n (cid:105) , n ≥ , is a trajectory for PD, if s is a legal initialstate of PD and all (cid:104) s i − , A i , s i (cid:105) , are legal state transitions of PD.A planning problem is a pair of planning domain PD and a ground goal g , . . . , g m , not g m +1 , . . . , not g n that is required to be satisfied at the end of the exe-cution. In this section we suitably extend WF-nets to represent data and their evolution astransitions are performed. In order for such an extension to be meaningful, i.e., allowingreasoning on data, it has to provide: (i) a model for representing data; (ii) a way to makedecisions on actual data values; and (iii) a mechanism to express modifications to data.Therefore, we enhance WF-nets with the following elements: – a set of variables taking values from possibly different domains (addressing (i)); – queries on such variables used as transitions preconditions (addressing (ii)) – variables updates and deletion in the specification of net transitions (addressing(iii)).Our framework follows the approach of state-of-the-art WF-nets with data [18,12], fromwhich it borrows the above concepts, extending them by allowing reasoning on actualdata values as better explained in Section 6.Throughout the section we use the WF-net in Figure 3 extended with data as arunning example. .1 Data Model As our focus is on trace repair, we follow the data model of the IEEE XES standardfor describing logs, which represents data as a set of variables. Variables take valuesfrom specific sets on which a partial order can be defined. As customary, we distinguishbetween the data model, namely the intensional level, from a specific instance of data,i.e., the extensional level.
Definition 5 (Data model). A data model is a tuple D = ( V , ∆, dm , ord ) where: – V is a possibly infinite set of variables; – ∆ = { ∆ , ∆ , . . . } is a possibly infinite set of domains (not necessarily disjoint); – dm : V → ∆ is a total and surjective function which associates to each variable v its domain ∆ i ; – ord is a partial function that, given a domain ∆ i , if ord ( ∆ i ) is defined, then it returnsa partial order (reflexive, antisymmetric and transitive) ≤ ∆ i ⊆ ∆ i × ∆ i . A data model for the loan example is V = { loanT ype , request, loan } , dm ( loanT ype ) = { w , s } , dm ( request ) = N , dm ( loan ) = N , with dm ( loan ) and dm ( loanT ype ) beingtotal ordered by the natural ordering ≤ in N .An actual instance of a data model is simply a partial function associating values tovariables. Definition 6 (Assignment).
Let D = (cid:104)V , ∆, dm , ord (cid:105) be a data model. An assignment for variables in V is a partial function η : V → (cid:83) i ∆ i such that for each v ∈ V , if η ( v ) is defined, i.e., v ∈ img ( η ) where img is the image of η , then we have η ( v ) ∈ dm ( v ) . We now define our boolean query language, which notably allows for equality andcomparison. As will become clearer in Section B.2, queries are used as guards , i.e.,preconditions for the execution of transitions.
Definition 7 (Query language - syntax).
Given a data model, the language L ( D ) isthe set of formulas Φ inductively defined according to the following grammar: Φ := true | def ( v ) | t = t | t ≤ t | ¬ Φ | Φ ∧ Φ where v ∈ V and t , t ∈ V ∪ (cid:83) i ∆ i . Examples of queries of the loan scenarios are request ≤ or loanT ype = w .Given a formula Φ and an assignment η , we write Φ [ η ] for the formula Φ where eachoccurrence of variable v ∈ img ( η ) is replaced by η ( v ) . Definition 8 (Query language - semantics).
Given a data model D , an assignment η and a query Φ ∈ L ( D ) we say that D , η satisfies Φ , written D, η | = Φ inductively on thestructure of Φ as follows: – D , η | = true ; – D , η | = def ( v ) iff v ∈ img ( η ) ; – D , η | = t = t iff t [ η ] , t [ η ] (cid:54)∈ V and t [ η ] ≡ t [ η ] ; – D , η | = t ≤ t iff t [ η ] , t [ η ] ∈ ∆ i for some i and ord ( ∆ i ) is defined and t [ η ] ≤ ∆ i t [ η ] ; D , η | = ¬ Φ iff it is not the case that D , η | = Φ ; – D , η | = Φ ∧ Φ iff D , η | = Φ and D , η | = Φ . Intuitively, def can be used to check if a variable has an associated value or not(recall that assignment η is a partial function); equality has the intended meaning and t ≤ t evaluates to true iff t and t are values belonging to the same domain ∆ i ,such a domain is ordered by a partial order ≤ ∆ i and t is actually less or equal than t according to ≤ ∆ i . We now combine the data model with a WF-net and formally define how transitionsare guarded by queries and how they update/delete data. The result is a Data-AWare net(DAW-net) that incorporates aspects (i)–(iii) described at the beginning of Section 3.
Definition 9 (DAW-net). A DAW-net is a tuple (cid:104)D , N , wr , gd (cid:105) where: – N = (cid:104) P, T, F (cid:105) is a WF-net; – D = (cid:104)V , ∆, dm , ord (cid:105) is a data model; – wr : T (cid:55)→ ( V (cid:48) (cid:55)→ dm ( V ) ) , where V (cid:48) ⊆ V , dm ( V ) = (cid:83) v ∈ V dm ( v ) and wr ( t )( v ) ⊆ dm ( v ) for each v ∈ V (cid:48) , is a function that associates each transition to a ( partial )function mapping variables to a finite subset of their domain. – gd : T (cid:55)→ L ( D ) is a function that associates a guard to each transition. Function gd associates a guard, namely a query, to each transition. The intuitivesemantics is that a transition t can fire if its guard gd ( t ) evaluates to true (given thecurrent assignment of values to data). Examples are gd ( T
6) = request ≤ and gd ( T
8) = ¬ ( request ≤ ) . Function wr is instead used to express how a transition t modifies data: after the firing of t , each variable v ∈ V (cid:48) can take any value among aspecific finite subset of dm ( v ) . We have three different cases: – ∅ ⊂ wr ( t )( v ) ⊆ dm ( v ) : t nondeterministically assigns a value from wr ( t )( v ) to v ; – wr ( t )( v ) = ∅ : t deletes the value of v (hence making v undefined); – v (cid:54)∈ dom ( wr ( t )) : value of v is not modified by t .Notice that by allowing wr ( t )( v ) ⊆ dm ( v ) in the first bullet above we enable thespecification of restrictions for specific tasks. E.g., wr ( T
4) : { request } (cid:55)→ { . . . } says that T writes the request variable and intuitively that students can request amaximum loan of , while wr ( T
5) : { request } (cid:55)→ { . . . } says that workerscan request up to .The intuitive semantics of gd and wr is formalized next. We start from the definitionof DAW-net state, which includes both the state of the WF-net, namely its marking, andthe state of data, namely the assignment. We then extend the notions of state transitionand valid firing. Definition 10 (DAW-net state). A state of a DAW-net (cid:104)D , N , wr , gd (cid:105) is a pair ( M, η ) where M is a marking for (cid:104) P, T, F (cid:105) and η is an assignment for D . Definition 11 (DAW-net Valid Firing).
Given a DAW-net (cid:104)D , N , wr , gd (cid:105) , a firing of atransition t ∈ T is a valid firing from ( M, η ) to ( M (cid:48) , η (cid:48) ) , written as ( M, η ) t → ( M (cid:48) , η (cid:48) ) ,iff conditions 1. and 2. of Def. 3 holds for M and M (cid:48) , i.e., it is a WF-Net valid firing,and. D , η | = gd ( t ) ,2. assignment η (cid:48) is such that, if wr = { v | wr ( t )( v ) (cid:54) = ∅} , del = { v | wr ( t )( v ) = ∅} : – its domain dom ( η (cid:48) ) = dom ( η ) ∪ wr \ del; – for each v ∈ dom ( η (cid:48) ) : η (cid:48) ( v ) = (cid:40) d ∈ wr ( t )( v ) if v ∈ wr η ( v ) otherwise. Condition 1. and 2. extend the notion of valid firing of WF-nets imposing additionalpre- and postconditions on data, i.e., preconditions on η and postconditions on η (cid:48) .Specifically, 1. says that for a transition t to be fired its guard gd ( t ) must be satisfied bythe current assignment η . Condition 2. constrains the new state of data: the domain of η (cid:48) is defined as the union of the domain of η with variables that are written (wr), minus theset of variables that must be deleted (del). Variables in dom ( η (cid:48) ) can indeed be groupedin three sets depending on the effects of t : (i) old = dom ( η ) \ wr: variables whosevalue is unchanged after t ; (ii) new = wr \ dom ( η ) : variables that were undefined buthave a value after t ; and (iii) overwr = wr ∩ dom ( η ) : variables that did have a valueand are updated with a new one after t . The final part of condition 2. says that eachvariable in new ∪ overwr takes a value in wr ( t )( v ) , while variables in old maintainthe old value η ( v ) .A case of a DAW-net is defined as a case of a WF-net, with the only difference thatthe assignment η of the initial state ( M , η ) is empty, i.e., dom ( η ) = ∅ . In this section we provide the intuition behind our technique for solving the trace repairproblem via reachability. Full details and proofs are contained in Appendices A–D.A trace is a sequence of observed events , each with a payload including the transitionit refers to and its effects on the data, i.e., the variables updated by its execution.Intuitively, a DAW-net case is compliant w.r.t. a trace if it contains all the occurrencesof the transitions observed in the trace (with the corresponding variable updates) in theright order.As a first step, we assume without loss of generality that DAW-net models start with aspecial transition start t and terminate with a special transition end t . Every process canbe reduced to such a structure as informally illustrated in the left hand side of Figure 4by arrows labeled with (1). Note that this change would not modify the behavior of thenet: any sequence of firing valid for the original net can be extended by the firing of theadditional transitions and vice versa.Next, we illustrate the main idea behind our approach by means of the right handside of Figure 4: we consider the observed events as transitions (in red) and we suitably“inject” them in the original DAW-net. By doing so, we obtain a new model where,intuitively, tokens are forced to activate the red transitions of DAW-net, when events areobserved in the trace. When, instead, there is no red counterpart, i.e., there is missinginformation in the trace, the tokens move in the black part of the model. The objectiveis then to perform reachability for the final marking (i.e., to have one token in the end i_1i_n o_1o_k i_1i_n o_1o_k tt_e e’ e” end start e_1 e_l endold_endold_start (1)(1) (2) start t end t start start t start end end t Fig. 4: Outline of the trace “injection”place and all other places empty) over such a new model in order to obtain all and onlythe possible repairs for the partial trace.More precisely, for each event e with a payload including transition t and some effecton variables we introduce a new transition t e in the model such that: – t e is placed in parallel with the original transition t ; – t e includes an additional input place connected to the preceding event and anadditional output place which connects it to the next event; – gd ( t e ) = gd ( t ) and – wr ( t e ) specifies exactly the variables and the corresponding values updated by theevent, i.e. if the event set the value of v to d , then wr ( t e )( v ) = { d } ; if the eventdeletes the variable v , then wr ( t e )( v ) = ∅ .Given a trace τ and a DAW-net W , it is easy to see that the resulting trace workflow (indicated as W τ ) is a strict extension of W (only new nodes are introduced) and, sinceall newly introduced nodes are in a path connecting the start and sink places, it is aDAW-net, whenever the original one is a DAW-net net.We now prove the soundness and completeness of the approach by showing that:(1) all cases of W τ are compliant with τ ; (2) each case of W τ is also a case of W and(3) if there is a case of W compliant with τ , then that is also a case for W τ .Property (1) is ensured by construction. For (2) and (3) we need to relate cases from W τ to the original DAW-net W . We indeed introduce a projection function Π τ that mapselements from cases of the enriched DAW-net to cases of elements from the originalDAW-net. Essentially, Π τ maps newly introduced transitions t e to the correspondingtransitions in event e , i.e., t , and also projects away the new places in the markings.Given that the structure of W τ is essentially the same as that of W with additionalcopies of transitions that are already in W , it is not surprising that any case for W τ canbe replayed on W by mapping the new transitions t e into the original ones t , as shownby the following: Lemma 1. If C is a case of W τ then Π τ ( C ) is a case of W . This lemma proves that whenever we find a case on W τ , then it is an example of acase on W that is compliant with τ , i.e., (2). However, to reduce the original problem toreachability on DAW-net, we need to prove that all the W cases compliant with τ canbe replayed on W τ , that is, (3). In order to do that, we can build a case for W τ startingfrom the compliant case for W , by substituting the occurrences of firings correspondingto events in τ with the newly introduced transitions. The above results pave the way tothe following: heorem 1. Let W be a DAW-net and τ = ( e , . . . , e n ) a trace; then W τ characterisesall and only the cases of W compatible with τ . That is ⇒ if C is a case of W τ containing t e n then Π τ ( C ) is compatible with τ ; and ⇐ if C is a case of W compatible with τ , then there is a case C (cid:48) of W τ s.t. Π τ ( C (cid:48) ) = C . Theorem 1 provides the main result of this section and is the basis for the reduction ofthe trace repair for W and τ to the reachability problem for W τ . In fact, by enumeratingall the cases of W τ reaching the final marking (i.e. a token in end ) we can provide allpossible repairs for the partial observed trace. Moreover, the transformation generating W τ is preserving the safeness properties of the original workflow: Lemma 2.
Let W be a DAW-net and τ a trace of W . If W is k -safe then W τ is k -safeas well. This is essential to guarantee the decidability of the reasoning techniques described inthe next section.
In this section we exploit the similarity between workflows and planning domains inorder to describe the evolution of a DAW-net by means of a planning language. Oncethe original workflow behaviour has been encoded into an equivalent planning domain,we can use the automatic derivation of plans with specific properties to solve thereachability problem. In our approach we introduce a new action for each transition(to ease the description we will use the same names) and represent the status of theworkflow – marking and variable assignments – by means of fluents. Although theirrepresentation as dynamic rules is conceptually similar we will separate the descriptionof the encoding by considering first the behavioural part (the WF-net) and then theencoding of data (variable assignments and guards).
Since we focus on 1-safe WF-nets the representation of markings is simplified by thefact that each place can either contain 1 token or no tokens at all. This information can berepresented introducing a propositional fluent for each place, true iff the correspondingplace holds a token. Let us consider (cid:104)
P, T, F (cid:105) the safe WF-net component of a DAW-netsystem. The declaration part of the planning domain will include: – a fluent declaration p for each place p ∈ P ; – an action declaration t for each task t ∈ T .Since each transition can be fired only if each input place contains a token, then thecorresponding action can be executed when place fluents are true: for each task t ∈ T ,given { i t , . . . , i tn } = • t , we include the executability condition: executable t if i t , . . . , i tn . Guards will be introduced in the next section. s valid firings are sequential, namely only one transition can be fired at each step, wedisable concurrency in the planning domain introducing the following rule for each pairof tasks t , t ∈ T caused false after t , t . Transitions transfer tokens from input to output places. Thus the corresponding actionsmust clear the input places and set the output places to true. This is enforced by including caused − i t after t . . . . caused − i tn after t . caused o t after t . . . . caused o tk after t . for each task t ∈ T and { i t , . . . , i tn } = • t \ t • , { o t , . . . , o tk } = t • . Finally, place fluentsshould be inertial since they preserve their value unless modified by an action. This isenforced by adding for each p ∈ P caused p if not − p after p . Planning problem . Besides the domain described above, a planning problem includesan initial state, and a goal. In the initial state the only place with a token is the source: initially : start . The formulation of the goal depends on the actual instance of the reachability problemwe need to solve. The goal corresponding to the state in which the only place with atoken is end is written as: goal : end , not p , . . . , not p k ? where { p , . . . , p k } = P \ { end } . For each variable v ∈ V we introduce a fluent unary predicate var v holding the value ofthat variable. Clearly, var v predicates must be functional and have no positive instantia-tion for undefined variables.We also introduce auxiliary fluents to facilitate the writing of the rules. Fluent def v indicates whether the v variable is not undefined – it is used both in tests and to enforcemodels where the variable is assigned/unassigned. The fluent chng v is used to inhibitinertia for the variable v when its value is updated because of the execution of an action.DAW-net includes the specification of the set of values that each transition canwrite on a variable. This information is static, therefore it is included in the backgroundknowledge by means of a set of unary predicates dom v,t as a set of facts: dom v,t (e). for each v ∈ V , t ∈ T , and e ∈ wr ( t )( v ) . Constraints on variables . For each variable v ∈ V : – we impose functionality caused false if var v (X), var v (Y), X != Y. – we force its value to propagate to the next state unless it is modified by an action(chng v ) For efficiency reasons we can relax this constraint by disabling concurrency only for transitionssharing places or updating the same variables. This would provide shorter plans. aused var v (X) if not − var v (X), not chng v after var v (X). – the defined fluent is the projection of the argument caused def v if var v (X). Variable updates . The value of a variable is updated by means of causation rules thatdepend on the transition t that operates on the variable, and depends on the value of wr ( t ) . For each v in the domain of wr ( t ) : – wr ( t )( v ) = ∅ : delete (undefine) a variable v caused false if def v after t. caused chng v after t. – wr ( t )( v ) ⊆ dm ( v ) : set v with a value nondeterministically chosen among a set ofelements from its domain caused var v (V) if dom v,t (V), not − var v (V) after t. caused − var v (V) if dom v,t (V), not var v (V) after t. caused false if not def v after t. caused chng v after t. If wr ( t )( v ) contains a single element d , then the assignment is deterministic and thefirst three rules above can be substituted with caused var v (d) after t. Guards . To each subformula ϕ of transition guards is associated a fluent grd ϕ thatis true when the corresponding formula is satisfied. To simplify the notation, for anytransition t , we will use grd t to indicate the fluent grd gd ( t ) . Executability of transitionsis conditioned to the satisfiability of their guards; instead of modifying the executabilityrule including the grd t among the preconditions, we use a constraint rule preventingexecutions of the action whenever its guard is not satisfied: caused false after t, not grd t . Translation of atoms ( ξ ) is defined in terms of var v predicates. For instance ξ ( v = w ) corresponds to var v (V) , var w (W) , V == W . That is ξ ( v, T ) = var t (T) for t ∈ V , and ξ ( d, T ) = var t T == d for d ∈ (cid:83) i ∆ i . For each subformula ϕ of transition guards a staticrule is included to “define” the fluent grd ϕ : true : caused grd ϕ if true .def ( v ) : caused grd ϕ if def v . t = t : caused grd ϕ if ξ ( t ,T1), ξ ( t ,T2), T1 == T2 . t ≤ t : caused grd ϕ if ξ ( t ,T1), ξ ( t ,T2), ord(T1,T2) . ¬ ϕ : caused grd ϕ if not grd ϕ . ϕ ∧ . . . ∧ ϕ n : caused grd ϕ if grd ϕ , . . . , grd ϕ n . We provide a sketch of the correctness and completeness of the encoding. Proofs can befound in [4]. The deterministic version is a specific case of the non-deterministic ones and equivalent in thecase that there is a single dom v,t ( d ) fact. lanning states include all the information to reconstruct the original DAW-net states.In fact, we can define a function Φ ( · ) mapping consistent planning states into DAW-netstates as following: Φ ( s ) = ( M, η ) with ∀ p ∈ P, M ( p ) = (cid:40) if p ∈ s otherwise η = { ( v, d ) | var v ( d ) ∈ s } Φ ( s ) is well defined because s it cannot be the case that { var v ( d ) , var v ( d (cid:48) ) } ⊆ s with d (cid:54) = d (cid:48) , otherwise the static rule caused false if var v (X), var v (Y), X != Y. would not be satisfied. Moreover, 1-safeness implies that we can restrict to markingswith range in { , } . By looking at the static rules we can observe that those definingthe predicates def v and grd t are stratified. Therefore their truth assignment dependsonly on the extension of var v ( · ) predicates. This implies that grd t fluents are satisfiediff the variables assignment satisfies the corresponding guard gd ( t ) . Based on theseobservations, the correctness of the encoding is relatively straightforward since we needto show that a legal transition in the planning domain can be mapped to a valid firing.This is proved by inspecting the dynamic rules. Lemma 3 (Correctness).
Let W be a DAW-net and Ω ( W ) the corresponding plan-ning problem. If (cid:104) s, { t } , s (cid:48) (cid:105) is a legal transition in Ω ( W ) , then Φ ( s ) t → Φ ( s (cid:48) ) is avalid firing of W . The proof of completeness is more complex because – given a valid firing – weneed to build a new planning state and show that it is minimal w.r.t. the transition. Sincethe starting state s of (cid:104) s, { t } , s (cid:48) (cid:105) does not require minimality we just need to show itsexistence, while s (cid:48) must be carefully defined on the basis of the rules in the planningdomain. Lemma 4 (Completeness).
Let W be a DAW-net, Ω ( W ) the corresponding planningproblem and ( M, η ) t → ( M (cid:48) , η (cid:48) ) be a valid firing of W . Then for each consistent state s s.t. Φ ( s ) = M there is a consistent state s (cid:48) s.t. Φ ( s (cid:48) ) = M (cid:48) and (cid:104) s, { t } , s (cid:48) (cid:105) is a legaltransition in Ω ( W ) . Lemmata 13 and 12 provide the basis for the inductive proof of the followingtheorem:
Theorem 2.
Let W be a safe WF-net and Ω ( P N ) the corresponding planning problem.Let ( M , η ) be the initial state of W – i.e. with a single token in the source and noassignments – and s the planning state satisfying the initial condition. ( ⇒ ) For any case in Wζ : ( M , η ) t → ( M , η ) . . . ( M n − , η n − ) t n → ( M n , η n ) there is a trajectory in Ω ( W ) η : (cid:104) s , { t } , s (cid:105) , . . . , (cid:104) s n − , { t n } , s n (cid:105) such that ( M i , η i ) = Φ ( s i ) for each i ∈ { . . . n } and viceversa. ⇐ ) For each trajectory η : (cid:104) s , { t } , s (cid:105) , . . . , (cid:104) s n − , { t n } , s n (cid:105) in Ω ( W ) , the following sequence of firings is a case of Wζ : Φ ( s ) t → Φ ( s ) . . . Φ ( s n − ) t n → Φ ( s n ) . Theorem 5 above enables the exploitation of planning techniques to solve the reach-ability problem in DAW-net. Indeed, to verify whether the final marking is reachableit is sufficient to encode it as a condition for the final state and verify the existenceof a trajectory terminating in a state where the condition is satisfied. Decidability ofthe planning problem is guaranteed by the fact that domains are effectively finite, as inDefinition 9 the wr functions range over a finite subset of the domain. The key role of data in the context of business processes has been recently recognized.A number of variants of PNs have been enriched so as to make tokens able to carrydata and transitions aware of the data, as in the case of Workflow nets enriched withdata [18,12], the model adopted by the business process community. In detail, WorkflowNet transitions are enriched with information about data (e.g., a variable request ) andabout how it is used by the activity (for reading or writing purposes). Nevertheless,these nets do not consider data values (e.g., in the example of Section 2.2 we wouldnot be aware of the values of the variable request that T4 is enabled to write). Theyonly allow for the identification of whether the value of the data element is defined or undefined , thus limiting the reasoning capabilities that can be provided on top ofthem. For instance, in the example of Section 2.2, we would not be able to discriminatebetween the worker and the student loan for the trace in (2.2), as we would only be awarethat request is defined after T4 .The problem of incomplete traces has been investigated in a number of works oftrace alignment in the field of process mining, where it still represents one of the chal-lenges. Several works have addressed the problem of aligning event logs and proceduralmodels, without [3] and with [13,12] data. All these works, however, explore the searchspace of possible moves in order to find the best one aligning the log and the model.Differently from them, in this work (i) we assume that the model is correct and we focuson the repair of incomplete execution traces; (ii) we want to exploit state-of-the-art plan-ning techniques to reason on control and data flow rather than solving an optimisationproblem.We can overall divide the approaches facing the problem of reconstructing flowsof model activities given a partial set of information in two groups: quantitative andqualitative. The former rely on the availability of a probabilistic model of executionand knowledge. For example, in [17], the authors exploit stochastic PNs and BayesianNetworks to recover missing information (activities and their durations). The latterstand on the idea of describing “possible outcomes” regardless of likelihood; hence,knowledge about the world will consist of equally likely “alternative worlds” given theavailable observations in time, as in this work. For example, in [5] the same issue ofreconstructing missing information has been tackled by reformulating it in terms of aSatisfiability(SAT) problem rather than as a planning problem.lanning techniques have already been used in the context of business processes,e.g., for verifying process constraints [16] or for the construction and adaptation ofautonomous process models [19,15]. In [7] automated planning techniques have beenapplied for aligning execution traces and declarative models. As in this work, in [8],planning techniques have been used for addressing the problem of incomplete executiontraces with respect to procedural models. However, differently from the two approachesabove, this work uses for the first time planning techniques to target the problem ofcompleting incomplete execution traces with respect to a procedural model that alsotakes into account data and the value they can assume.Despite this work mainly focuses on the problem of trace completion, the proposedautomated planning approach can easily exploit reachability for model satisfiabilityand trace compliance and furthermore can be easily extended also for aligning data-aware procedural models and execution traces. Moreover, the presented encoding inthe planning language K , can be directly adapted to other action languages with anexpressiveness comparable to C [14]. In the future, we would like to explore theseextensions and implement the proposed approach and its variants in a prototype. A Preliminaries
A.1 Workflow NetsDefinition 12 (Petri Net [12]).
A Petri Net is a triple (cid:104)
P, T, F (cid:105) where – P is a set of places; – T is a set of transitions; – F ⊆ ( P × T ) ∪ ( T × P ) is the flow relation describing the “arcs” between placesand transitions (and between transitions and places).The preset of a transition t is the set of its input places: • t = { p ∈ P | ( p, t ) ∈ F } .The postset of t is the set of its output places: t • = { p ∈ P | ( t, p ) ∈ F } . Definitions ofpre- and postsets of places are analogous.The marking of a Petri net is a total mapping M : P (cid:55)→ N . Definition 13 (WF-net [18]).
A Petri net (cid:104)
P, T, F (cid:105) is a workflow net (WF-net) if it has asingle source place start, a single sink place end, and every place and every transition ison a path from start to end; i.e. for all n ∈ P ∪ T , ( start, n ) ∈ F ∗ and ( n, end ) ∈ F ∗ ,where F ∗ is the reflexive transitive closure of F . The semantics of a PN is defined in terms of its markings and valid firing oftransitions which change the marking. A firing of a transition t ∈ T from M to M (cid:48) isvalid – denoted by M t → M – iff: – t is enabled in M , i.e., { p ∈ P | M ( p ) > } ⊇ • t ; and – the marking M (cid:48) satisfies the property that for every p ∈ P : M (cid:48) ( p ) = M ( p ) − if p ∈ • t \ t • M ( p ) + 1 if p ∈ t • \ • tM ( p ) otherwise case of PN is a sequence of valid firings M t → M , M t → M , . . . , M k − t k → M k where M is the marking where there is a single token in the start place. Definition 14 (safeness).
A marking of a Petri Net is k -safe if the number of tokensin all places is at most k . A Petri Net is k -safe if the initial marking is k -safe and themarking of all cases is k -safe. In this document we focus on 1-safeness, which is equivalent to the original safenessproperty as defined in [1]. Note that for safe nets the range of markings is restricted to { , } . A.2 Action Language K The formal definition of K can be found in Appendix A of [9]; here, as reference, weinclude the main concepts.We assume disjoint sets of action, fluent and type names, i.e., predicate symbols ofarity ≥ , and disjoint sets of constant and variable symbols. Literals can be positive ornegative atoms; denoted by − . Given a set of literals L , L + (respectively, L − ) is the setof positive (respectively, negative) literals in L . A set of literals is consistent no atomsappear both positive and negated.The set of all action (respectively, fluent, type) literals is denoted as L act (respec-tively, L fl , L typ ).Furthermore, L fl,typ = L fl ∪ L typ , L dyn = L fl ∪ L + act , and L = L fl,typ ∪ L + act . Definition 15 (Causation rule).
A (causation) rule is an expression of the form caused f if b , . . . , b k , not b k +1 , . . . , not b (cid:96) after a , . . . , a m , not a m +1 , . . . , not a n . were f ∈ L fl ∪ { f alse } , b i ∈ L fl,typ , a i ∈ L , (cid:96) ≥ k ≥ and n ≥ m ≥ .If n = 0 the rule is called static .We define h ( r ) = f , pre + ( r ) = { a , . . . , a m } , pre − ( r ) = { a m +1 , . . . , a n } , post + ( r ) = { b , . . . , b k } , post − ( r ) = { b k +1 , . . . , b (cid:96) } Definition 16 (Initial state constraints).
An initial state constraint is a static rulepreceded by the keyword initially . Definition 17 (Executability condition).
An executability condition e is an expressionof the form executable a if b , . . . , b k , not b k +1 , . . . , not b (cid:96) . were a ∈ L + act , b i ∈ L fl,typ , and (cid:96) ≥ k ≥ .We define h ( e ) = a , pre + ( e ) = { b , . . . , b k } , and pre − ( e ) = { b k +1 , . . . , b (cid:96) } Since in this document we’re dealing with ground plans, for the definition of typedinstantiation the reader is referred to the original paper. In the following we will use safeness as a synonym of 1-safeness. efinition 18 (Planning domain, [9] Def. A.5).
An action description (cid:104)
D, R (cid:105) consistsof a finite set D of action and fluent declarations and a finite set R of safe causation rules,safe initial state constraints, and safe executability conditions. A K planning domainis a pair P D = (cid:104) Π, AD (cid:105) , where Π is a stratified Datalog program (the backgroundknowledge) which is safe, and AD is an action description. We call P D positive, if nodefault negation occurs in AD.
The set lit ( P D ) contains all the literals appearing in PD. Definition 19 (State, State transition).
A state w.r.t. a planning domain PD is anyconsistent set s ⊆ L fl ∩ ( lit ( P D ) ∪ lit ( P D ) − ) of legal fluent instances and theirnegations. A state transition is any tuple t = (cid:104) s, A, s (cid:48) (cid:105) where s, s (cid:48) are states and A ⊆ L act ∩ lit ( P D ) is a set of legal action instances in PD. Semantics of plans including default negation is defined by means of a Gel-fondâĂŞLifschitz type reduction to a positive planning domain.
Definition 20.
Let PD be a ground and well-typed planning domain, and let t = (cid:104) s, A, s (cid:48) (cid:105) be a state transition. Then, the reduction P D t of PD by t is the planningdomain where the set of rules R of PD is substituted by R t obtained by deleting1. each r ∈ R ,where either post − ( r ) ∩ s (cid:48) (cid:54) = ∅ or pre − ( r ) ∩ s (cid:54) = ∅ ,and2. all default literals not (cid:96) ( (cid:96) ∈ L ) from the remaining r ∈ R . Definition 21 (Legal initial state, executable action set, legal state transition).
Forany planning domain
P D = (cid:104) D, R (cid:105) – a state s is a legal initial state, if s is the least set s.t. for all static and initial rules r post ( r ) ⊆ s implies h ( r ) ⊆ s ; – a set A ⊆ L + act is an executable action set w.r.t. a state s , if for each a ∈ A thereis an executability condition e ∈ R (cid:104) s,A, ∅(cid:105) s.t. h ( e ) = { a } , pre ( e ) ∩ L fl ⊆ s , and pre ( e ) ∩ L + act ⊆ A ; – a state transition t = (cid:104) s, A, s (cid:48) (cid:105) is legal if A is an executable action set w.r.t. s , and s (cid:48) is the minimal consistent set that satisfies all causation rules in R (cid:104) s,A,s (cid:48) (cid:105) w.r.t. s ∪ A . A causation rule r ∈ R (cid:104) s,A,s (cid:48) (cid:105) , is satisfied if the three conditions1. post ( r ) ⊆ s (cid:48) pre ( r ) ∩ L fl ⊆ s pre ( r ) ∩ L act ⊆ A all hold, then h ( r ) (cid:54) = { f alse } and h ( r ) ⊆ s (cid:48) . Definition 22 (Trajectory).
A sequence of state transitions (cid:104) s , A , s (cid:105) , (cid:104) s , A , s (cid:105) , . . . , (cid:104) s n − , A n , s n (cid:105) , n ≥ , is a trajectory for PD, if s is a legal initial state of PD and all (cid:104) s i − , A i , s i (cid:105) , ≤ i ≤ n , are legal state transitions of PD.If n = 0 , then the trajectory is empty. Definition 23 (Planning problem).
A planning problem is a pair of planning domainPD and a ground goal q , . . . , g m , not g m +1 , . . . , not g n . where g i ∈ L ft and n ≥ m ≥ .A state s satisfies the goal if { g , . . . , g m } ⊆ s and { g m +1 , . . . , g n } ∩ s = ∅ . Definition 24 (Optimistic plan).
A sequence of action sets A , . . . , A k is an optimisticplan for a planning problem (cid:104) P D, q (cid:105) if there is a trajectory (cid:104) s , A , s (cid:105) , . . . , (cid:104) s k − , A k , s k (cid:105) establishing the goal q , i.e. s k satisfies q . Definition 25 (Secure plan).
An optimistic plan A , . . . , A n is secure if for every legalinitial state s and trajectory (cid:104) s , A , s (cid:105) , (cid:104) s , A , s (cid:105) , . . . , (cid:104) s k − , A k , s k (cid:105) ≤ k ≤ n ,it holds that1. if k = n then s k satisfies the goal;2. if k < n , then there is a legal transition (cid:104) s k , A k +1 , s k +1 (cid:105) . B Framework
B.1 Data ModelDefinition 26 (Data model).
A data model for is a couple D = ( V , ∆, dm , ord ) where: – V is a possibly infinite set of variables; – ∆ = { ∆ , . . . , ∆ n } is a set of domains (not necessarily disjoints); – dm : V → ∆ is a total and surjective function which associate to each variable v its finite domain ∆ i ; – ord is a partial function that, given a domain ∆ i , if ord ( ∆ i ) is defined, then it returnsa partial order (reflexive, antisymmetric and transitive) ≤ ∆ i ⊆ ∆ i × ∆ i . Definition 27 (Assignment).
Let D = (cid:104)V , ∆, dm , ord (cid:105) be a data model. An assignmentfor variables in V is a partial function η : V → ∆ v such that for each v ∈ V , if η ( v ) is defined, then we have η ( v ) ∈ dm ( v ) . We write Φ [ η ] for the formula Φ where eachoccurrence of a variable v ∈ img ( η ) is replaced by η ( v ) . Definition 28 (Guard language, syntax).
Given a data model, the language L ( D ) ofguards is the set of formulas Φ inductively defined according to the following grammar: Φ := true | def ( v ) | t = t | t ≤ t | ¬ Φ | Φ ∧ Φ where v ∈ V and t , t ∈ V ∪ (cid:83) i ∆ i . Definition 29 (Guard language, semantics).
Given a data model D , an assignment η and a guard Φ ∈ L ( D ) we say that D , η satisfies Φ , written D, η | = Φ inductively onthe structure of Φ as follows: – D , η | = true ; – D , η | = def ( v ) iff v ∈ img ( η ) ; – D , η | = t = t iff t [ η ] , t [ η ] (cid:54)∈ V and t [ η ] ≡ t [ η ] ; – D , η | = t ≤ t iff t [ η ] , t [ η ] ∈ ∆ i for some i and ord ( ∆ i ) is defined and t [ η ] ≤ ∆ i t [ η ] ; – D , η | = ¬ Φ iff it is not the case that D , η | = Φ ; – D , η | = Φ ∧ Φ iff D , η | = Φ and D , η | = Φ . .2 Petri Nets with DataDefinition 30 (DAW-net). A Petri Net with data is a tuple (cid:104)D , N , wr , gd (cid:105) where: – N = (cid:104) P, T, F (cid:105) is a Petri Net; – D = (cid:104)V , ∆, dm , ord (cid:105) is a data model; – wr : T (cid:55)→ ( V (cid:48) (cid:55)→ dm ( V ) ) , where V (cid:48) ⊆ V and wr ( t )( v ) ⊆ dm ( v ) for each v ∈ V (cid:48) , isa function that associate each transition to a ( partial ) function mapping variablesto a subset of their domain. – gd : T (cid:55)→ L ( D ) a function that associates a guard expression to each transition. The definition of wr provides a fine grained description of the way that transitionsmodify the state of the DAW-net, enabling the description of different cases: – ∅ ⊂ wr ( t )( v ) ⊆ dm ( v ) : transition t nondeterministically assigns a value from wr ( t )( v ) to v ; – wr ( t )( v ) = ∅ : transition t deletes the value of v (undefined); – v (cid:54)∈ dom ( wr ( t )) : value of v is not modified by transition t . Definition 31.
A state of a DAW-net (cid:104)D , N , wr , gd (cid:105) is a pair ( M, η ) where M is amarking for (cid:104) P, T, F (cid:105) and η is an assignment. State transitions and firing are adaptedto the additional information about data. Definition 32 (Valid Firing).
Given a DAW-net (cid:104)D , N , wr , gd (cid:105) , a firing of a transition t ∈ T is valid firing in ( M, η ) resulting in a state ( M (cid:48) , η (cid:48) ) (written as ( M, η ) t → ( M (cid:48) , η (cid:48) ) ) iff: – t is enabled in M , i.e., { p ∈ P | M ( p ) > } ⊇ • t ; and – D , η | = gd ( t ) ; – the marking M (cid:48) satisfies the property that for every p ∈ P : M (cid:48) ( p ) = M ( p ) − if p ∈ • t \ t • M ( p ) + 1 if p ∈ t • \ • tM ( p ) otherwise – the assignment η (cid:48) satisfies the properties that its domain is dom ( η (cid:48) ) = dom ( η ) ∪ { v | wr ( t )( v ) (cid:54) = ∅} \ { v | wr ( t )( v ) = ∅} and for each v ∈ dom ( η (cid:48) ) : η (cid:48) ( v ) = (cid:40) d ∈ wr ( t )( v ) if v ∈ dom ( wr ( t )) η ( v ) otherwise. Cases of DAW-net are defined as those of WF-nets, with the only difference that inthe initial state the assignment is empty. Allowing a subset of dm ( v ) enables the specification of restrictions for specific tasks, e.g.,while a task selects among yes, no, maybe another one can only choose between yes and no . Trace completion as Reachability
Within this document we consider the possibility that some of the activities can beobservable or not. In the sense that they might or can never appear in logs. This enablesa fine grained information on the different type of activities that compose a process. Forexample, is common practice in modelling the introduction of transitions for routingpurposes (e.g. and-joins) that do not correspond to real activities and as such they wouldnever be observed. On the other end, some activities must be logged by their nature– e.g. a database update – so if they are not observed we can be sure that they neveroccurred. We use the term always observable for transitions that must appear in the logsand never observable for those that would never appear in logs; all other transitions mayor may not be present in the logs but they may occur in actual cases.Since the focus of the paper is on the use of planning techniques to provide reasoningservices for workflows with data, we decided to omit this aspect for reasons of space. Definition 33 (Trace).
Let Let P = (cid:104)D , N , wr , gd (cid:105) be a DAW-net. An event of P isa tuple (cid:104) t, w, w d (cid:105) where t ∈ T is a transition, w ∈ dm ( V ) V (cid:48) – with V (cid:48) ⊆ V and w ( v ) ∈ wr ( t )( v ) for all v ∈ V (cid:48) – is a partial function that represents the variableswritten by the execution of t , and w d ⊆ V the set of variables deleted (undefined) by theexecution of t . Obviously, w d ∩ V (cid:48) = ∅ .A trace of P is a finite sequence of events τ = ( e , . . . , e n ) . In the following weindicate the i -th event of τ as τ i . Given a set of tasks T , the set of traces is inductivelydefined as follows: – (cid:15) is a trace; – if τ is a trace and e an event, then τ · e is a trace. Definition 34 (Trace Compliance).
A (valid) firing ( M, η ) t → ( M (cid:48) , η (cid:48) ) is compliant with an event (cid:104) t (cid:48) , w, w d (cid:105) iff t = t (cid:48) , w d = { v | wr ( t (cid:48) )( v ) = ∅} , dom ( η (cid:48) ) = dom ( w ) ∪ dom ( η ) \ w d , and for all v ∈ dom ( w ) w ( v ) = η (cid:48) ( v ) .A case ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) is compliant with the trace τ = ( e , . . . , e (cid:96) ) iff there is an injective mapping γ between [1 . . . (cid:96) ] and [1 . . . k ] such that: ∀ i, j s.t. ≤ i < j ≤ (cid:96) γ ( i ) < γ ( j ) (1) ∀ i s.t. ≤ i ≤ (cid:96) ( M γ ( i − , η γ ( i − ) t γ ( i ) → ( M γ ( i ) , η γ ( i ) ) is compliant with e i (2) ∀ i s.t. ≤ i ≤ k t i always observable implies ∃ j s.t. γ ( j ) = i (3)We assume that the workflow starts and terminates with special transitions – indicatedby start t and end t – while start and end denote start place and sink respectively. Definition 35 (Trace workflow).
Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a DAW-netand τ = ( e , . . . , e n ) – where e i = (cid:104) t i , w i , w di (cid:105) – a trace of W . The trace workflow If the trace is empty then (cid:96) = 0 and γ is empty. τ = (cid:104)D , N τ = (cid:104) P τ , T τ , F τ (cid:105) , wr τ , gd τ (cid:105) is defined as following: P τ = P ∪ { p e } ∪ { p e | e ∈ τ } p e , p e new places T τ = T ∪ { t e | e ∈ τ } t e new transitions F τ = F ∪{ ( t e i , p ) | i = 1 . . . n, ( t i , p ) ∈ F } ∪ { ( p, t e i ) | i = 1 . . . n, ( p, t i ) ∈ F } ∪{ ( t e i , p e i ) | i = 1 . . . n } ∪ { ( p e i − , t e i ) | i = 1 . . . n } ∪ { ( start t , p e ) , ( p e n , end t ) } wr τ ( t ) = (cid:40) { ( v, { j } ) | ( v, j ) ∈ w i } ∪ { ( v, ∅ ) | v ∈ w di } for t = t e i wr ( t ) for t ∈ T gd τ ( t ) = gd ( t i ) for t = t e i false for t ∈ T fully observable gd ( t ) for t ∈ T not fully observable It’s not difficult to see that whenever the original DAW-net W is a workflow net,then W τ is a workflow net as well because the newly introduced nodes are in a the path start, start t , p e , t e , p e , . . . , t e n , p e n , end t , end .To relate cases from W τ to the original workflow W we introduce a “projection”function Π τ that maps elements from cases of the enriched workflow to cases usingonly elements from the original workflow. To simplify the notation we will use the samename to indicate mappings from states, firings and cases. Definition 36.
Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a DAW-net, τ = ( e , . . . , e n ) – where e i = (cid:104) t i , w i , w di (cid:105) a trace of W , and W τ = (cid:104)D , N τ = (cid:104) P τ , T τ , F τ (cid:105) , wr τ , gd τ (cid:105) the corresponding trace workflow. The mapping Π τ is defined as following:1. let ( M (cid:48) , η (cid:48) ) be a marking of W τ , then Π τ ( M (cid:48) ) = ( M (cid:48) ∩ P × N ) is a state of W ;2. let ( M (cid:48) , η (cid:48) ) be a state of W τ , then Π τ (( M (cid:48) , η (cid:48) )) = ( Π τ ( M (cid:48) ) , η (cid:48) ) is a state of W ;3. let t be a transition in T τ , then Π τ ( t ) = (cid:40) t i for t = t e i t for t ∈ T
4. let ( M, η ) t → ( M (cid:48) , η (cid:48) ) be a firing in W τ , then Π τ (( M, η ) t → ( M (cid:48) , η (cid:48) )) = Π τ (( M, η )) Π τ ( t ) → Π τ (( M (cid:48) , η (cid:48) ))
5. let C = f , . . . , f k be a case of W τ , then Π τ ( C ) = Π τ ( f ) , . . . , Π τ ( f k ) n the following we consider a DAW-net W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) and atrace τ = ( e , . . . , e n ) of W – where e i = (cid:104) t i , w i , w di (cid:105) . Let W τ = (cid:104)D , N τ = (cid:104) P τ , T τ , F τ (cid:105) , wr τ , gd τ (cid:105) be the corresponding trace workflow. To simplify the notation, in the following we willuse t e as a synonymous for start t and t e n +1 as end t ; as if they were part of the trace. Lemma 5.
Let C be a case of W τ , then Π τ ( C ) is a case of W .Proof. Let C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) , to show that Π τ ( C ) is a case of W we need to prove that (i) Π τ (( M , η )) is an initial state of W and that (ii) the firing Π τ (( M i − , η i − ) t i → ( M i , η i )) is valid w.r.t. W for all ≤ i ≤ n .i) By definition Π τ (( M , η )) = ( Π τ ( M ) , η (cid:48) ) and Π τ ( M ) ⊆ M . Since the startplace is in P , then start is the only place with a token in Π τ ( M ) .ii) Let consider an arbitrary firing f i = ( M i − , η i − ) t i → ( M i , η i ) in C (valid bydefinition), then Π τ ( f i ) = ( Π τ ( M i − ) , η i − ) Π τ ( t i ) → ( Π τ ( M i ) , η i ) .Note that – by construction – gd ( t i ) = gd ( Π τ ( t i )) , Π τ ( t i ) • = t • i ∩ P , • Π τ ( t i ) = • t i ∩ P , dom ( wr ( t i )) = dom ( wr ( Π τ ( t i ))) and wr ( t i )( v ) ⊆ wr ( Π τ ( t i ))( v ) ; there-fore – { p ∈ P τ | M i − > } ∩ P = { p ∈ P | Π τ ( M i − ) > } ⊇ • Π τ ( t i ) because { p ∈ P τ | M i − > } ⊇ • t i ; – D , η | = gd ( Π τ ( t i )) because D , η | = gd ( t i ) – for all p ∈ P Π τ ( M j )( p ) = M j ( p ) , therefore: M i ( p ) = Π τ ( M i )( p ) = M i − ( p ) − Π τ ( M i − )( p ) − if p ∈ • Π τ ( t i ) \ Π τ ( t i ) • M i − ( p ) + 1 = Π τ ( M i − )( p ) + 1 if p ∈ Π τ ( t i ) • \ • Π τ ( t i ) M i − ( p ) = Π τ ( M i − )( p ) otherwisebecause f i is valid w.r.t. W τ ; – the assignment η i satisfies the properties that its domain is dom ( η i ) = dom ( η i − ) ∪ { v | wr ( Π τ ( t i ))( v ) (cid:54) = ∅} \ { v | wr ( Π τ ( t i ))( v ) = ∅} and for each v ∈ dom ( η i ) : η i ( v ) = (cid:40) d ∈ wr ( t i )( v ) ⊆ wr ( Π τ ( t i ))( v ) if v ∈ dom ( wr ( t i )) = dom ( wr ( Π τ ( t i ))) η i − ( v ) otherwise.because f i is valid.Before going into details, we will consider some properties of the “trace” workflow. Lemma 6.
Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a DAW-net and τ = ( e , . . . , e n ) –where e i = (cid:104) t i , w i , w di (cid:105) – a trace of W . If C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) is a case of W τ then for all ≤ i ≤ k : Σ p ∈ P τ \ P M i ( p ) ≤ M ( start ) Proof.
By induction on the length of C . For k = 1 then the only executable transition is start t , therefore t = start t which– by assumption – has two output places and – by construction – start • t \ P = { p e } .Since the firing is valid, then M ( p e ) = M ( p e ) + 1 = 1 ≤ M ( start ) . – Let’s assume that the property is true a case C of length n and consider C (cid:48) = C ( M n , η n ) t n +1 → ( M n +1 , η n +1 ) . By construction, each p ∈ P τ \ P has a singleincoming edge and { t ∈ T τ | e i ∈ t • } = { t e i } and { t ∈ T τ | e i ∈ • t } = { t e i +1 } .Therefore the only occurrence in which a p e i ∈ P τ \ P can increase its value iswhen t n +1 = t e i . Since the transition is valid, then M n +1 ( p e i ) = M n ( p e i ) + 1 and M n +1 ( p e i − ) = M n ( p e i − ) − ; therefore Σ p ∈ P τ \ P M i ( p ) = Σ p ∈ P τ \ P M i − ( p ) ≤ M ( start ) – by the inductive hypothesis. Lemma 7.
Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a DAW-net and τ = ( e , . . . , e n ) –where e i = (cid:104) t i , w i , w di (cid:105) – a trace of W , C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) a case of W τ , and t e i is a transition of a firing f m in C with ≤ i ≤ n , then(i) t e i − is in a transition of a firing in C that precedes f m , (ii) and if M ( start ) = 1 then there is a single occurrence of t e i in C .Proof. The proof for the first part follows from the structure of the workflow net; because– by construction – each p ∈ P τ \ P has a single incoming edge and { t ∈ T τ | e i ∈ t • } = { t e i } and { t ∈ T τ | e i ∈ • t } = { t e i +1 } . Since each firing must be valid – if f m = ( M m − , η m − ) t ei → ( M m , η m ) is in C , then M m − ( p e i − ) ≥ and this can onlybe true if there is a firing f r = ( M r − , η r − ) t ei − → ( M r , η r ) in C s.t. r < m .To prove the second part is enough to show that for each ≤ i ≤ n , if t e i appearsmore than once in C then there must be multiple occurrences of t e i − as well. In fact,if this is the fact, then we can use the previous part to show that there must be multipleoccurrences of t e = start , and this is only possible if M ( start ) > .By contradiction let’s assume that there are two firings f m and f (cid:48) m , with m < m (cid:48) ,with the same transition t e i , but there is only a single occurrence of t e i − in a firing f r . Using the previous part of this lemma we conclude that r < m < m (cid:48) , therefore M m − ( p e i − ) = 1 because a token could be transferred into p e i − only by t e i − , so M m ( p e i − ) = 0 . In the firings between m and m (cid:48) there are no occurrences of t e i − , so M m (cid:48) − ( p e i − ) = M m ( p e i − ) = 0 which is in contradiction with the assumption that f (cid:48) m is a valid firing.Now we’re ready to show that the “trace” workflow characterises all and only thecases compliant wrt the given trace. We divide the proof into correctness and complete-ness. Lemma 8 (Correctness).
Let C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) be a case of W τ s.t. M ( start ) = 1 , and (cid:96) = max ( { i | t i is in a firing of C } ∪ { } ) ,then the case Π τ ( C ) of W is compliant with τ (cid:48) = ( e , . . . , e (cid:96) ) or the empty trace if (cid:96) is .Proof. By induction on the length of C . – If C = ( M , η ) t → ( M , η ) then t = start t because the firing is valid and theonly place with a token in M is start ; therefore (cid:96) = 0 and τ (cid:48) is the empty trace. C trivially satisfy the empty trace because no observable transitions are in Π τ ( C ) . Let C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) s.t. Π τ ( C ) iscompliant with τ (cid:48) . Let’s consider C (cid:48) = C · ( M k , η k ) t k +1 → ( M k +1 , η k +1 ) : either t k +1 ∈ T τ \ T or t k +1 ∈ T . In the first case t k +1 = t e (cid:96) for some ≤ (cid:96) ≤ n , and –by using Lemma 7 – in C there are occurrences of all the t e i for ≤ i < (cid:96) and it’s theonly occurrence of t e (cid:96) . This means that (cid:96) = max ( { i | t i is in a firing of C } ∪ { } ) and we can extend γ to γ (cid:48) by adding the mapping from (cid:96) to k + 1 . The map-ping is well defined because of the single occurrence of t e (cid:96) . By definition of t e (cid:96) , ( M k , η k ) t k +1 → ( M k +1 , η k +1 ) is compliant with e (cid:96) and the mapping Π τ preservethe assignments, therefore Π τ ( M k , η k ) t k +1 → ( M k +1 , η k +1 ) is compliant with e (cid:96) aswell. By using the inductive hypnotises we can show that C (cid:48) is compliant as well.In the second case the mapping is not modified, therefore the inductive hypothesiscan be used to provide evidence of the first two conditions for trace compliance ofDefinition 34. For the third (transitions always observable) it’s sufficient to considerthat t k +1 cannot be always observable because its guard is never satisfiable in W τ . Lemma 9 (Completeness).
Let C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) be a case of W compatible with τ = ( e , . . . , e n ) , then there is a case C (cid:48) of W τ s.t. Π τ ( C (cid:48) ) = C .Proof. Since C is compliant with τ , then there is a mapping γ satisfying the conditionsof Definition 34. Let C (cid:48) = ( M (cid:48) , η ) t (cid:48) → ( M (cid:48) , η ) . . . ( M (cid:48) k − , η k − ) t (cid:48) k → ( M (cid:48) k , η k ) asequence of firing of W τ defined as following: – M (cid:48) = M ∪ { ( p e i , | ≤ i ≤ n } – t (cid:48) = t and M (cid:48) = M ∪ { ( p e j , | ≤ j ≤ n } ∪ { ( p e , } – for each ( M (cid:48) i − , η i − ) t (cid:48) i → ( M (cid:48) i , η i ) , ≤ i ≤ n : • if there is (cid:96) s.t. γ ( (cid:96) ) = i then t (cid:48) i = t e (cid:96) and M (cid:48) i = M i ∪ { ( p e j , | ≤ j ≤ n, j (cid:54) = (cid:96) } ∪ { ( p e (cid:96) , }• otherwise t (cid:48) i = t i and M (cid:48) i = M i ∪ ( M (cid:48) i − ∩ ( P τ \ P ) × N ) It’s not difficult to realise that by construction Π τ ( C (cid:48) ) = C .To conclude the proof we need to show that C (cid:48) is a case of W τ . Clearly ( M (cid:48) , η ) is astarting state, so we need to show that all the firings are valid. The conditions involvingvariables – guards and update of the assignment – follows from the fact that the originalfirings are valid and the newly introduced transitions are restricted according to the tracedata.Conditions on input and output places that are both in W and W τ are satisfiedbecause of the validity of the original firing. The newly introduced places satisfy theconditions because of the compliance wrt the trace, which guarantees that for each firingwith transition t e (cid:96) there is the preceding firing with transition t e (cid:96) − that put a token inthe p e (cid:96) − place. heorem 3. Let W be a DAW-net and τ = ( e , . . . , e n ) a trace; then W τ characterisesall and only the cases of W compatible with τ . That is ⇒ if C is a case of W τ containing t e n then Π τ ( C ) is compatible with τ ; and ⇐ if C is a case of W compatible with τ , then there is a case C (cid:48) of W τ s.t. Π τ ( C (cid:48) ) = C .Proof. ⇒ If C is a case of W τ containing t e n , then (cid:96) of Lemma 8 is n therefore τ (cid:48) = τ and Π τ ( C ) is compatible with τ . ⇐ If C is compatible with τ then by Lemma 9 there is a case C (cid:48) of W τ s.t. Π τ ( C (cid:48) ) = C . Theorem 4.
Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a DAW-net and τ = ( e , . . . , e n ) – where e i = (cid:104) t i , w i , w di (cid:105) – a trace of W . If W is k -safe then W τ is k -safe as well.Proof. We prove the theorem by induction on the length of a case C = ( M , η ) t → ( M , η ) . . . ( M k − , η k − ) t k → ( M k , η k ) . Note that by construction, for any marking M (cid:48) of W τ and p ∈ P , M (cid:48) ( p ) = Π τ ( M (cid:48) )( p ) . – For a case of length 1 the property trivially holds because by definition M ( start ) ≤ k and for each p ∈ P τ (different from start ) M ( start ) = 0 , and since ( M , η ) t → ( M , η ) is valid the only case in which the number of tokens in a place is increasedis for p ∈ t • \ • t . For any p different from start this becomes ≤ k ; whilesince the start place – by assumption – doesn’t have any incoming arc therefore M ( start ) = M ( start ) − ≤ k . – For the inductive step we assume that each marking M , . . . M m − is k -safe. Bycontradiction we assume that M m is not k -safe; therefore there is a place p ∈ P τ s.t. M m > k . There are two cases, either p ∈ P τ \ P or p ∈ P . In the first casethere is a contradiction because, by Lemma 6, Σ p ∈ P τ \ P M i ( p ) ≤ M ( start ) = k .In the second case, since Π τ ( C ) is a case of W and Π τ ( M m )( p ) = M m ( p ) , thereis a contradiction with the hypothesis that W is k -safe. D Encoding Reachability as Planning Problem
D.1 Encoding WF-nets behaviour
Let
P N = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a safe DAW-net be a safe WF-net , we definethe planning problem Ω ( W ) = (cid:104) Π, D, R, q (cid:105) by introducing a fluent for each place andan action for each task. Execution and causation rules constraint the plan to mimic thebehaviour of the petri net.
Declarations – D contains a fluent declaration p for each place p ∈ P ; – D contains an action declaration t for each task t ∈ T ; xecutability rules – actions are executable if each input place has a token; i.e. for each task t ∈ T , given { i t , . . . , i tn } = • t , there’s an executability rule: executable t if i t , . . . , i tn . Causation rules – parallelism is disabled; for each pair of tasks t , t ∈ T there’s the rule: caused false after t , t . – after the execution of a task, input conditions must be “cleared” and tokens moved tothe output ones; for each task t ∈ T and { i t , . . . , i tn } = • t \ t • , { o t , . . . , o tk } = t • : caused − i t after t . . . . caused − i tn after t . caused o t after t . . . . caused o tk after t . – the positive state of the places is inertial (i.e. must be explicitly modified); for each p ∈ P : caused p if not − p after p . Initial state – The only place with a token is the source: initially : i.
Goal
The formulation of the goal depends on the actual instance of the reachabilityproblem we need to solve. E.g. it can be a specific marking: – The only place with a token is the sink: goal : o, not p , . . . , not p k ? where { p , . . . , p k } = P \ { o } . D.2 Encoding of Data
To each variable v ∈ V corresponds to a inertial fluent predicate var v with a single argu-ment “holding” the value of the variable, and a “domain” predicate dom v representingthe domain of the variable. Unset variables have no positive instantiation of the var v predicate. The predicate var v must be functional.We introduce also auxiliary fluents that indicate whether a variable is not undefineddef v – used both in tests and to enforce models where the variable is assigned/unassigned– and chng v to “inhibit” inertia when variables might change because of the result of anaction. There’s a K macro to disable concurrency. In practice concurrency could be enabled for actionsthat do not share input or output places. onstraints on variables For each variable v ∈ V : – functionality caused false if var v (X), var v (Y), X != Y. – variable defined predicate caused def v if var v (X). – variable fluents are inertial unless they can be modified by actions caused var v (X) if not − var v (X), not chng v after var v (X). – the background knowledge ( Π ) includes the set of facts: dom v,t (d). for each v ∈ V , t ∈ T , and d ∈ wr ( t )( v ) . Guards
To each task t is associated a fluent grd t that is true when the correspondingguard is satisfied. Instead of modifying the executability rule including the grd t amongthe preconditions, we use a constraint rule ruling out executions of the action wheneverits guard is not satisfied: caused false after t, not grd t . This equivalent formulation simplify the proofs because of its incremental nature (thereare just additional rules).Translation of atoms ( ξ ) is defined in terms of var v predicates, e.g., ξ ( v = w ) corresponds to var v (V), var w (W), V == W . The def v predicate can be used to test whethera variable is defined, or undefined, i.e. not def v .The guard gd ( t ) = ( a , ∧ . . . ∧ a ,n ) ∨ . . . ∨ ( a k, ∧ . . . ∧ a k,n k ) where each a i,j is an atom, corresponds to the set of rules for grd t : caused grd t if ξ ( a , ) , . . . , ξ ( a ,n ) .... caused grd t if ξ ( a k, ) , . . . , ξ ( a ,n k ) . Variables update
The value of a variable is updated by means of causation rules thatdepend on the task t that operates on the variable: – wr ( t )( v ) = ∅ : delete (undefine) a variable v caused false if def v after t. caused chng v after t. – wr ( t )( v ) ⊆ dm ( v ) : set v with a value nondeterministically chosen among a set ofelements from its domain caused var v (V) if dom v,t (V), not − var v (V) after t. caused − var v (V) if dom v,t (V), not var v (V) after t. caused chng v after t. caused false if not def v after t. If wr ( t )( v ) contains a single element e , then there the assignment is deterministicand the above rules can be substituted with Arbitrary expressions can be easily translated by introducing new fluents for the subexpressions. The deterministic version is a specific case of the non-deterministic ones and equivalent in thecase that there is a single dom v,t ( d ) fact. In the following, the proofs will consider the generalnon-deterministic formulation only. aused var v (d) after t. caused chng v after t. Guards
To each subformula ϕ of transition guards is associated a fluent grd ϕ that is truewhen the corresponding formula is satisfied. To simplify the notation, for any transition t , we will use grd t to indicate the fluent grd gd ( t ) .Executability of transitions is conditioned to the satisfiability of their guards: caused false after t, not grd t . Translation of atoms ( ξ ) is defined in terms of var v predicates. We assume a binaryord predicate representing the partial order among the elements of the domains. We alsoassume that elements of (cid:83) i ∆ i can be directly represented by constants of K language.For t ∈ V ∪ (cid:83) i ∆ i and T a K variable we define ξ ( t, T ) = (cid:40) var t (T) for t ∈ V T == t for t ∈ (cid:83) i ∆ i For each subformula ϕ of transition guards a static rule is included to “define” thefluent grd ϕ : true : caused grd ϕ if true .def ( v ) : caused grd ϕ if def v . t = t : caused grd ϕ if ξ ( t ,T1), ξ ( t ,T2), T1 == T2 . t ≤ t : caused grd ϕ if ξ ( t ,T1), ξ ( t ,T2), ord(T1,T2) . ¬ ϕ : caused grd ϕ if not grd ϕ . ϕ ∧ . . . ∧ ϕ n : caused grd ϕ if grd ϕ , . . . , grd ϕ n . D.3 Correctness and completenessDefinition 37 ( Φ ( · ) function). Let W = (cid:104)D , N = (cid:104) P, T, F (cid:105) , wr , gd (cid:105) be a safe DAW-net, M the set of its markings, H the set of all assignments, Ω ( W ) the correspondingplanning problem and S the set of its states, namely, the set of all consistent set ofground fluent literals. We define the function Φ ( · ) : S → M × H mapping planningand DAW-net states. For any consistent s ∈ S , Φ ( s ) = ( M, η ) is defined as follows: ∀ p ∈ P M ( p ) = (cid:40) if p ∈ s otherwise η = { ( v, d ) | var v ( d ) ∈ s } The function Φ ( · ) is well defined because s is assumed to be consistent therefore itcannot be the case that { var v ( d ) , var v ( d (cid:48) ) } ⊆ s with d (cid:54) = d (cid:48) otherwise the static rule caused false if var v (X), var v (Y), X != Y. would not be satisfied.Moreover, since we assume that W is safe, we can restrict M to markings with rangerestricted to { , } and there is not loss of information between markings and planingstates.The function Φ ( · ) is not injective because of the strongly negated atoms . Howeverit can be shown that if two states differ on the positive atoms then the correspondingDAW-net states are different as well: emma 10. Let s and s (cid:48) consistent states in S , then s ∩ L + (cid:54) = s (cid:48) ∩ L + implies Φ ( s ) (cid:54) = Φ ( s (cid:48) ) . Observing the static rules (those without the after part) it can be noted those definingthe predicates def v and grd t are stratified, therefore their truth assignment depends onlyon the extension of var v ( · ) predicates. This fact can be used to show that Lemma 11 (Guards translation).
Let s ∈ S satisfying the static rules of Ω ( W ) , and ϕ a subformula of transition guards in W . Given Φ ( s ) = ( M, η ) , grd ϕ ∈ s iff D , η | = ϕ .Proof. We prove the lemma by structural induction on ϕ . First we consider the basecases. true : trivially satisfied because true is in consistent state. def ( v ) : the only rule where def v is in the head is caused def v if var v (X). therefore def v ∈ s iff there is a constant d s.t. var v ( d ) ∈ s , and that is the case iff v ∈ dom ( η ) . t = t : for the sake of simplicity we consider only the case in which t ≡ v is avariable and t ≡ d is a constant; the other 3 combinations can be demonstrated inthe same way. With this assumption, the only rule with grd ϕ in the head is caused grd ϕ if var v (T1), T2 == d , T1 == T2 . therefore grd ϕ ∈ s iff var v ( d ) ∈ s , and this is the case iff η ( v ) = d . t ≤ t : this case is analogous to the previous one, where we consider the predicate ord(T1,T2) instead of equality. Since ord facts correspond to the orders defined in D , then we can conclude.For the inductive step we assume that the property holds for subformulae ϕ , ϕ . ¬ ϕ : the only rule with grd ϕ in the head is caused grd ϕ if not grd ϕ . therefore grd ϕ ∈ s iff grd ϕ (cid:54)∈ s . We can use the inductive hypothesis to concludethat this is the case iff D , η (cid:54)| = ϕ , that is D , η | = ϕ . ϕ ∧ . . . ∧ ϕ n : the only rule with grd ϕ in the head is caused grd ϕ if grd ϕ , . . . , grd ϕ n . therefore grd ϕ ∈ s iff { grd ϕ , . . . , grd ϕ n } ⊆ s . We can use the inductive hypothesisto show that this is the case iff D , η | = ϕ ∧ . . . ϕ n because they are all groundterms.Looking at the guard translation rules and the proof of Lemma 11 it is not difficultto realise that according to the structure of the guards some of the rules are redundantand can be simplified. E.g. def v can be used in place of grd def v , not grd ϕ in place ofgrd def ¬ ϕ , and t = t can be expanded in place of grd t = t unless they are in the scopeof a negation. Lemma 12 (Completeness).
Let W be a safe DAW-net and Ω ( W ) the correspondingplanning problem.Let ( M, η ) t → ( M (cid:48) , η (cid:48) ) be a valid firing of W , then for each consistent state s s.t. Φ ( s ) = M there is a consistent state s (cid:48) s.t. Φ ( s (cid:48) ) = M (cid:48) and (cid:104) s, { t } , s (cid:48) (cid:105) is a legaltransition in Ω ( W ) .roof. Let s be a consistent state s.t. Φ ( s ) = M . Note that such s exists because Φ ( · ) involves only the positive literals; therefore any consistent set s (cid:48) s.t. { p ∈ P | M ( p ) > } ∪ { var v ( d ) | ( v, d ) ∈ η } ⊆ s (cid:48) and s (cid:48) ∩ ( { p ∈ P | M ( p ) < } ∪ V × dm ( V ) \ η satisfies the property that Φ ( s (cid:48) ) = M .We define a new state s (cid:48) such that (cid:104) s, { t } , s (cid:48) (cid:105) is a legal state transition and such that Φ ( s (cid:48) ) = M (cid:48) ; this new state is the union of the following parts: s (cid:48) P + = { p ∈ P | M (cid:48) ( p ) > } s (cid:48) P − = {− p | p ∈ • t \ t • } s (cid:48)V + = { var v ( d ) | ( v, d ) ∈ η (cid:48) } s (cid:48)V − = {− var v ( d ) | d ∈ wr ( t )( v ) , ( v, d ) (cid:54)∈ η (cid:48) } s (cid:48)V ↓ = { def v | var v ( d ) ∈ s (cid:48)V + } s (cid:48)V c = { chng v | v ∈ dom ( wr ( t )) } s (cid:48) wr = { dom v,t ( d ) | ∀ v, t, d.d ∈ wr ( t )( v ) } s (cid:48) gd = { grd t | ∀ t.M, η | = gd ( t ) } By construction Φ ( s (cid:48) ) = M and it is consistent: s (cid:48) P + ∩ s (cid:48) P − = ∅ because the fact that ( M, η ) t → ( M (cid:48) , η (cid:48) ) is a valid firing implies p ∈ • t \ t • M (cid:48) ( p ) = 0 , and s (cid:48)V + ∩ s (cid:48)V − = ∅ because their conditions are mutually exclusive.Since ( M, η ) t → ( M (cid:48) , η (cid:48) ) is valid, then • t ⊆ s because Φ ( s ) = M , therefore thecorresponding executable condition with t in the head executable t if i t , . . . , i tn . is satisfied.We need to show that all the causation rules in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) are satisfied and that s (cid:48) is minimal. – For each pair of tasks t , t , the positive rule: caused false after t , t . is satisfied because there is only a task t in the action set. – Consider the rules caused − i a after a . . . . caused − i an after a . caused o a after a . . . . caused o ak after a . where { i a , . . . , i an } = • a \ a • , { o a , . . . , o ak } = a • \ • a . For all a (cid:54) = t they are satisfiedbecause the after condition is false. For a = t the validity of ( M, η ) t → ( M (cid:48) , η (cid:48) ) ensures that • t \ t • ⊆ s (cid:48) P − and t • ⊆ s (cid:48) P + , therefore the rules are satisfied. – For each p ∈ P : caused p if not − p after p . we consider the three cases where p ∈ • t \ t • , p ∈ t • , or p (cid:54)∈ ( • t ∪ t • ) . p ∈ • t \ t • then − p ∈ s (cid:48) P − by construction, therefore the rule is not in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) p ∈ t • then M (cid:48) ( p ) = 1 and by construction p ∈ s (cid:48) P + and − p (cid:54)∈ s (cid:48) P + because s (cid:48) is consistent, so the rule caused p after p . is in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) . This rule issatisfied if p ∈ s and also if p (cid:54)∈ s . p (cid:54)∈ ( • t ∪ t • ) then M (cid:48) ( p ) = M ( p ) . If p ∈ s (cid:48) P + the rule caused p after p . is in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) it’s satisfied regardless of the value of M ( p ) ; on the other end,if p (cid:54)∈ s (cid:48) then M ( p ) = 0 therefore even if caused p after p . would be in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) then it’d be satisfied because its after part is false. Functionality rules caused false if var v (X), var v (Y), X != Y. is satisfied by construction of s (cid:48)V + – Variable defined predicate rules caused def v if var v (X). are satisfied by construction of s (cid:48)V ↓ . – variable fluents are inertial – The background knowledge facts dom v,t (d). are satisfied by construction of s (cid:48) wr – The guard predicates rules are satisfied by Lemma 11 and the construction of s (cid:48) gd .For rules involving the var v predicates (including intertiality rules) we consider thethree cases: v (cid:54)∈ dom ( wr ( t )) , wr ( t )( v ) = ∅ , and wr ( t )( v ) (cid:54) = ∅ . Note that, since thetransition includes only t , all the rules in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) with a different action in the after part are satisfied; therefore we focus on the remaining ones. v (cid:54)∈ dom ( wr ( t )) : in this case the only rule in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) to verify is the inertial one caused var v (X) if not − var v (X), not chng v after var v (X). and by construction − var v ( d ) (cid:54)∈ s (cid:48)V − for any d and chng v (cid:54)∈ s (cid:48)V c . This would benot satisfied only in the case that for some d var v ( d ) ∈ s and var v ( d ) (cid:54)∈ s – whichmeans that ( v, d ) ∈ η and ( v, d ) (cid:54)∈ η – but his would be in contradiction with thefact that ( M, η ) t → ( M (cid:48) , η (cid:48) ) is a valid firing. wr ( t )( v ) = ∅ : in this case the corresponding rules are caused false if def v after t. caused chng v after t. caused var v (X) if not − var v (X), not chng v after var v (X). Since there is no d s.t. ( v, d ) ∈ η (cid:48) then var v ( d (cid:48) ) (cid:54)∈ s (cid:48)V + for any d (cid:48) , thereforedef v (cid:54)∈ s (cid:48)V ↓ and the first rule is satisfied. The second rule is satisfied by constructionof s (cid:48)V c , and the third is not be in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) because chng v ∈ s (cid:48)V c . wr ( t )( v ) (cid:54) = ∅ : the rules are caused var v (V) if dom v,t (V), not − var v (V) after t. caused − var v (V) if dom v,t (V), not var v (V) after t. caused chng v after t. caused false if not def v after t. caused var v (X) if not − var v (X), not chng v after var v (X). The first two rules are satisfied by construction of s (cid:48)V + and s (cid:48)V − , while the third by s (cid:48)V c . The fourth because of the fact that the firing is valid, therefore there is a value d ∈ wr ( t )( v ) s.t. ( v, d ) ∈ η (cid:48) , so var v ( d ) ∈ s (cid:48)V + and def v ∈ s (cid:48)V ↓ . Last rule is not in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) because chng v ∈ s (cid:48)V c .To demonstrate the minimality of s (cid:48) we need to show that removing one literalfrom any of the components s (cid:48) P + , s (cid:48) P − , s (cid:48)V + , s (cid:48)V − , s (cid:48)V ↓ , s (cid:48)V c , s (cid:48) wr , s (cid:48) gd results in some ofthe rules not being satisfied. (cid:48) P + any p ∈ s (cid:48) P + is either in t • or not. In the first case removing it would not satisfythe rule caused p after t . while in the second it would not satisfy the inertial rule caused p if not − p after p . because − p (cid:54)∈ s (cid:48) P − and p ∈ s since the firing is valid. s (cid:48) P − removing − p from s (cid:48) P − would not satisfy the rule caused − p after t . s (cid:48) wr removing dom v,t ( d ) from s (cid:48) wr would not satisfy the rule dom v,t (d). s (cid:48)V + let be var v ( d ) ∈ s (cid:48)V + : either v ∈ dom ( wr ( t )) or not. In the first case the rule caused var v (d) if dom v,t (d), not − var v (d) after t. would not be satisfied because − var v ( d ) (cid:54)∈ s (cid:48)V − since by assumption ( v, d ) ∈ η (cid:48) . Inthe second case the inertial rule caused var v (d) if not − var v (d), not chng v after var v (d). would not be satisfied because − var v ( d ) (cid:54)∈ s (cid:48)V − , chng v (cid:54)∈ s (cid:48)V c , and var v ( d ) ∈ s since the firing is valid. s (cid:48)V − removing − var v ( d ) from s (cid:48)V − would not satisfy rule caused − var v (d) if dom v,t (d), not var v (d) after t. because var v ( d ) (cid:54)∈ s (cid:48)V + since ( v, d ) (cid:54)∈ η (cid:48) . s (cid:48)V ↓ removing any of the def v (cid:48) ∈ { def v | var v ( d ) ∈ s (cid:48)V + } would contradict one of therules caused def v (cid:48) if var v (cid:48) (d). since there is a an element d (cid:48) s.t. var v (cid:48) ( d (cid:48) ) ∈ s (cid:48)V + s (cid:48)V c removing any chng v (cid:48) ∈ { chng v | v ∈ dom ( wr ( t )) } since v (cid:48) ∈ dom ( wr ( t )) , sotherefore there is the rule caused chng v (cid:48) after t. that would not be satisfied. s (cid:48) gd removing grd t from s (cid:48) gd would contradict one of the guard rules according toLemma 11. Lemma 13 (Correctness).
Let W be a safe DAW-net and Ω ( W ) the correspondingplanning problem.If (cid:104) s, { t } , s (cid:48) (cid:105) is a legal transition in Ω ( W ) , then Φ ( s ) t → Φ ( s (cid:48) ) is a valid firing of W .Proof. Let ( M, η ) = Φ ( s ) and ( M (cid:48) , η (cid:48) ) = Φ ( s (cid:48) ) ; to show that Φ ( s ) t → Φ ( s (cid:48) ) is a validfiring of W (see Definition 32) we need to show that:1. t is enabled in M , i.e., { p ∈ P | M ( p ) > } ⊇ • t ; and2. D , η | = gd ( t ) ;3. the marking M (cid:48) satisfies the property that for every p ∈ P : M (cid:48) ( p ) = M ( p ) − if p ∈ • t \ t • M ( p ) + 1 if p ∈ t • \ • tM ( p ) otherwise. the assignment η (cid:48) satisfies the properties that its domain is dom ( η (cid:48) ) = dom ( η ) ∪ { v | wr ( t )( v ) (cid:54) = ∅} \ { v | wr ( t )( v ) = ∅} and for each v ∈ dom ( η (cid:48) ) : η (cid:48) ( v ) = (cid:40) d ∈ wr ( t )( v ) if v ∈ dom ( wr ( t )) η ( v ) otherwise.Since (cid:104) s, { t } , s (cid:48) (cid:105) is a legal transition, then the action t must be executable, thereforethe rule: executable t if i t , . . . , i tn . with { i t , . . . , i tn } = • t must be satisfied in s , that is • t ⊆ s and M ( i tj ) = 1 for ≤ j ≤ n .Since (cid:104) s, { t } , s (cid:48) (cid:105) is a legal transition, then the rule: caused false after t, not grd t . must be satisfied, therefore its body should be false. This means that grd t ∈ s and byusing Lemma 11 we can conclude that D , η | = gd ( t ) .To verify the condition on M (cid:48) , for each p ∈ P we consider the three cases: p ∈ • t \ t • then in Ω ( W ) there is the rule caused − p after t . therefore p (cid:54)∈ s (cid:48) and Φ ( s (cid:48) )( p ) = 0 p ∈ t • \ • t then in Ω ( W ) there is the rule caused p after t . therefore p ∈ s (cid:48) and Φ ( s (cid:48) )( p ) = 1 p (cid:54)∈ ( • t \ t • ) ∪ ( t • \ • t ) in this case none of the bodies of rules with p (or − p ) in thehead and an action in the body are satisfied because the only executed action is t .Therefore the only “active” rule having p (or − p ) in the head can be the “inertial”one for the positive atom: caused p if not − p after p . Since rules with − p in the head have their bodies falsified − p (cid:54)∈ s (cid:48) . This means thatthe rule caused p after p . is in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) .If Φ ( s (cid:48) )( p ) = 0 then p (cid:54)∈ s (cid:48) therefore p (cid:54)∈ s otherwise the inertial rule would not besatisfied; so Φ ( s )( p ) = 0 .If Φ ( s (cid:48) )( p ) = 1 and Φ ( s )( p ) = 0 , then s (cid:48) would not be minimal because s (cid:48) \ { p } satisfies the only “active” rule with p in the head, therefore Φ ( s )( p ) = 1 .Now we verify the conditions on η (cid:48) and for each v ∈ V we consider three distinctcases: v (cid:54)∈ dom ( wr ( t )) , wr ( t )( v ) = ∅ , and wr ( t )( v ) (cid:54) = ∅ . First we should note thatchng v ∈ s (cid:48) iff v ∈ dom ( wr ( t )) , therefore only in the two latter cases where the inertialrule caused var v (X) if not − var v (X), not chng v after var v (X). would not be in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) . v (cid:54)∈ dom ( wr ( t )) : In this case, the only active rule where var v ( · ) appears in the head isthe inertial aused var v (X) if not − var v (X), not chng v after var v (X). while there are no rules with − var v ( · ) in the head, because for all actions t (cid:48) (cid:54) = t are “false” in s . Therefore − var v ( d ) (cid:54)∈ s and chng v (cid:54)∈ s (cid:48) so var v ( d ) ∈ s (cid:48) iffvar v ( d ) ∈ s . This means that v ∈ dom ( η (cid:48) ) iff v ∈ dom ( η ) , and v ∈ dom ( η ) implies that η (cid:48) ( v ) = η ( v ) . wr ( t )( v ) = ∅ : in this case if var v ( d ) ∈ s (cid:48) for some d , then def v ∈ s (cid:48) as well; thereforethe rule caused false if def v after t. caused chng v after t. would not be satisfied contradicting the hypothesis that (cid:104) s, { t } , s (cid:48) (cid:105) is a legal transi-tion. wr ( t )( v ) (cid:54) = ∅ : in this case Ω ( W ) contains the rules caused var v (V) if dom v,t (V), not − var v (V) after t. caused − var v (V) if dom v,t (V), not var v (V) after t. caused false if not def v after t. caused chng v after t. Since def v ∈ s (cid:48) otherwise the third rule would not be satisfied, there there must be a d s.t. var v ( d ) ∈ s (cid:48) , and this means that v ∈ dom ( η (cid:48) ) . Let assume that d (cid:54)∈ wr ( t )( v ) ,then it means that dom v,t ( d ) (cid:54)∈ s (cid:48) therefore none of the rules with var v ( d ) in thehead would be satisfied in Ω ( W ) (cid:104) s, { t } ,s (cid:48) (cid:105) that contradicts the minimality of s (cid:48) .The analysis of the three cases confirms that the fourth condition is satisfied as well. Theorem 5.
Let W be a safe WF-net and Ω ( W ) the corresponding planning problem.Let ( M , η ) be the initial state of W – i.e. with a single token in the source and noassignments – and s the planning state satisfying the initial condition. ( ⇒ ) For any case ζ : ( M , η ) t → ( M , η ) . . . ( M n − , η n − ) t n → ( M n , η n ) in W there is a trajectory in Ω ( W ) η : (cid:104) s , { t } , s (cid:105) , . . . , (cid:104) s n − , { t n } , s n (cid:105) such that ( M i , η i ) = Φ ( s i ) for each i ∈ { . . . n } and vice versa. ( ⇐ ) For each trajectory η : (cid:104) s , { t } , s (cid:105) , . . . , (cid:104) s n − , { t n } , s n (cid:105) in Ω ( W ) the sequence of firings ζ : Φ ( s ) t → Φ ( s ) . . . Φ ( s n − ) t n → Φ ( s n ) is a case of W .Proof. We first prove the left-to-right direction by induction on the length of the case.
Base case: by construction, Φ ( s ) = ( M , η ) because of the structure of the initialstate. – Inductive case: we consider a case of size n + 1 . By inductive hypothesis, for thecase ( M , η ) t → ( M , η ) . . . ( M n − , η n − ) t n → ( M n , η n ) there is a trajectory (cid:104) s , { t } , s (cid:105) , . . . , (cid:104) s n − , { t n } , s n (cid:105) s.t. Φ ( s i ) = M i for each i ∈ { . . . n } .Since s n is consistent and Φ ( s n ) = ( M n , η n ) , by Lemma 12, there is a state s n +1 s.t. (cid:104) s n , { t n } , s n +1 (cid:105) is a legal transition and Φ ( s n +1 ) = ( M n , η n ) thus proving theclaim.The right-to-left direction can be proved – in the same way as the other case – byinduction on the length trajectories by using the Lemma 13. References
1. van der Aalst, W.: The application of petri nets to workflow management. J. of Circuits, Sys.and Comp. 08, 21–66 (Feb 1998)2. van der Aalst, W.M.P.: Verification of workflow nets. In: Proc. of ICATPN. pp. 407–426(1997)3. Adriansyah, A., van Dongen, B.F., van der Aalst, W.: Conformance checking using cost-basedfitness analysis. In: Proc. of EDOC. pp. 55–64 (2011)4. Anonymous: File “additional-main.pdf” submitted as additional material to this conference(2017), upon acceptance, the material will be published as arXiv report and referenced here.5. Bertoli, P., Di Francescomarino, C., Dragoni, M., Ghidini, C.: Reasoning-based techniquesfor dealing with incomplete business process execution traces. In: AI*IA, LNCS, vol. 8249,pp. 469–480. Springer (2013)6. Calvanese, D., De Giacomo, G., Montali, M.: Foundations of data-aware process analysis: Adatabase theory perspective. pp. 1–12 (2013)7. De Giacomo, G., Maggi, F.M., Marrella, A., Sardiña, S.: Computing trace alignment againstdeclarative process models through planning. In: ICAPS. pp. 367–375 (2016)8. Di Francescomarino, C., Ghidini, C., Tessaris, S., Sandoval, I.V.: Completing workflow tracesusing action languages. In: CAiSE. LNCS, vol. 9097, pp. 314–330. Springer (2015)9. Eiter, T., Faber, W., Leone, N., Pfeifer, G., Polleres, A.: A logic programming approach toknowledge-state planning, II: The DLVK system. Art. Intell. 144(1–2), 157–211 (2003)10. van Hee, K., Sidorova, N., Voorhoeve, M.: Soundness and Separability of Workflow Nets inthe Stepwise Refinement Approach. In: ICATPN. No. 2679 in Lecture Notes in ComputerScience, Springer (2003)11. Kiepuszewski, B., ter Hofstede, A.H.M., Bussler, C.J.: On structured workflow modelling.In: Seminal Contributions to Information Systems Engineering (2013)12. de Leoni, M., van der Aalst, W.: Data-aware Process Mining: Discovering Decisions inProcesses Using Alignments. In: Proc of ACM SAC. pp. 1454–1461 (2013)13. de Leoni, M., van der Aalst, W., van Dongen, B.F.: Data- and resource-aware conformancechecking of business processes. In: LNBIP, vol. 117, pp. 48–59 (2012)14. Lifschitz, V.: Action languages, answer sets and planning. In: The Logic ProgrammingParadigm: a 25-Year Perspective, pp. 357–373. Springer (1999)15. Marrella, A., Russo, A., Mecella, M.: Planlets: Automatically recovering dynamic processesin yawl. In: OTM Conferences (1). pp. 268–286 (2012)16. Regis, G., Ricci, N., Aguirre, N., Maibaum, T.S.E.: Specifying and verifying declarativefluent temporal logic properties of workflows. In: Proc. of SBMF. pp. 147–162 (2012)7. Rogge-Solti, A., Ronny, S., van der Aalst, W., Weske, M.: Improving documentation byrepairing event logs. In: The Practice of Enterprise Modeling, LNBIP, vol. 165, pp. 129–144.Springer (2013)18. Sidorova, N., Stahl, C., Trčka, N.: Soundness verification for conceptual workflow nets withdata. Inf. Sys. 36(7), 1026–1043 (Nov 2011)19. da Silva, C.E., de Lemos, R.: A framework for automatic generation of processes for self-adaptive software systems. Informatica (Slov.) 35(1), 3–13 (2011)20. van der Aalst, W., Hee, K.v., Hofstede, A.t., Sidorova, N., Verbeek, H., Voorhoeve, M., Wynn,M.: Soundness of workflow nets. Formal Aspects of Comp. 23(3), 333–363 (2010)21. Vázquez Sandoval, I.: Automated Reasoning Support for Process Models using Ac-tion Language. mastersthesis, Computer Science Faculty, Free University of Bozen–Bolzano (2014),1. van der Aalst, W.: The application of petri nets to workflow management. J. of Circuits, Sys.and Comp. 08, 21–66 (Feb 1998)2. van der Aalst, W.M.P.: Verification of workflow nets. In: Proc. of ICATPN. pp. 407–426(1997)3. Adriansyah, A., van Dongen, B.F., van der Aalst, W.: Conformance checking using cost-basedfitness analysis. In: Proc. of EDOC. pp. 55–64 (2011)4. Anonymous: File “additional-main.pdf” submitted as additional material to this conference(2017), upon acceptance, the material will be published as arXiv report and referenced here.5. Bertoli, P., Di Francescomarino, C., Dragoni, M., Ghidini, C.: Reasoning-based techniquesfor dealing with incomplete business process execution traces. In: AI*IA, LNCS, vol. 8249,pp. 469–480. Springer (2013)6. Calvanese, D., De Giacomo, G., Montali, M.: Foundations of data-aware process analysis: Adatabase theory perspective. pp. 1–12 (2013)7. De Giacomo, G., Maggi, F.M., Marrella, A., Sardiña, S.: Computing trace alignment againstdeclarative process models through planning. In: ICAPS. pp. 367–375 (2016)8. Di Francescomarino, C., Ghidini, C., Tessaris, S., Sandoval, I.V.: Completing workflow tracesusing action languages. In: CAiSE. LNCS, vol. 9097, pp. 314–330. Springer (2015)9. Eiter, T., Faber, W., Leone, N., Pfeifer, G., Polleres, A.: A logic programming approach toknowledge-state planning, II: The DLVK system. Art. Intell. 144(1–2), 157–211 (2003)10. van Hee, K., Sidorova, N., Voorhoeve, M.: Soundness and Separability of Workflow Nets inthe Stepwise Refinement Approach. In: ICATPN. No. 2679 in Lecture Notes in ComputerScience, Springer (2003)11. Kiepuszewski, B., ter Hofstede, A.H.M., Bussler, C.J.: On structured workflow modelling.In: Seminal Contributions to Information Systems Engineering (2013)12. de Leoni, M., van der Aalst, W.: Data-aware Process Mining: Discovering Decisions inProcesses Using Alignments. In: Proc of ACM SAC. pp. 1454–1461 (2013)13. de Leoni, M., van der Aalst, W., van Dongen, B.F.: Data- and resource-aware conformancechecking of business processes. In: LNBIP, vol. 117, pp. 48–59 (2012)14. Lifschitz, V.: Action languages, answer sets and planning. In: The Logic ProgrammingParadigm: a 25-Year Perspective, pp. 357–373. Springer (1999)15. Marrella, A., Russo, A., Mecella, M.: Planlets: Automatically recovering dynamic processesin yawl. In: OTM Conferences (1). pp. 268–286 (2012)16. Regis, G., Ricci, N., Aguirre, N., Maibaum, T.S.E.: Specifying and verifying declarativefluent temporal logic properties of workflows. In: Proc. of SBMF. pp. 147–162 (2012)7. Rogge-Solti, A., Ronny, S., van der Aalst, W., Weske, M.: Improving documentation byrepairing event logs. In: The Practice of Enterprise Modeling, LNBIP, vol. 165, pp. 129–144.Springer (2013)18. Sidorova, N., Stahl, C., Trčka, N.: Soundness verification for conceptual workflow nets withdata. Inf. Sys. 36(7), 1026–1043 (Nov 2011)19. da Silva, C.E., de Lemos, R.: A framework for automatic generation of processes for self-adaptive software systems. Informatica (Slov.) 35(1), 3–13 (2011)20. van der Aalst, W., Hee, K.v., Hofstede, A.t., Sidorova, N., Verbeek, H., Voorhoeve, M., Wynn,M.: Soundness of workflow nets. Formal Aspects of Comp. 23(3), 333–363 (2010)21. Vázquez Sandoval, I.: Automated Reasoning Support for Process Models using Ac-tion Language. mastersthesis, Computer Science Faculty, Free University of Bozen–Bolzano (2014),