workflowfm / workflowfm-reasoner Goto Github PK

A logic-based library for correct-by-construction process modelling and composition.

Home Page: http://docs.workflowfm.com/workflowfm-reasoner

License: Apache License 2.0

OCaml 88.08% Standard ML 11.92%

theorem-proving business-process-management type-theory workflows workflow-models workflow-management resource-modeling proofs-as-processes correct-by-construction

workflowfm-reasoner's Introduction

WorkflowFM Reasoner

A logic-based library for correct-by-construction process modelling and composition.

Artificial Intelligence Modelling Lab

Artificial Intelligence and its Applications Institute

School of Informatics, University of Edinburgh

This is part of the WorkflowFM framework for correct-by-construction process and resource workflows.

More info and documentation can be found in the main webpage.

About

This is a logic-based library for the interactive theorem prover HOL Light that allows for rigorous, formally verified process specification and composition. The resulting workflows are correct-by-construction with the following verified properties:

Systematic resource accounting: No resources appear out of nowhere or disappear into thin air.
Deadlock and livelock freedom: The constructed workflows can be executed without fear for deadlocks or livelocks.
Type checked composition: The correctness of the types of all connected resources is ensured via the logical proof.
Fully asynchronous and concurrent execution: During workflow execution, each component process can be executed fully asynchronously (see the PEW engine for more details) and concurrently, without introducing any conflicts, race conditions, or deadlocks.

The constructed workflows can be exported either for visualization using the PiVizTool or as Scala code for execution using the PEW engine.

The references provide more in depth details of the theory behind the WorkflowFM Reasoner.

Key Features

Process specification using Classical Linear Logic (CLL).
Process composition using formally verified forward inference.
Interactive theorem proving in CLL.
Intuitive high-level actions for sequential, conditional, and parallel composition.
Proof translation to π-calculus.
Modular encoding allows different CLL translations (e.g. to session types), automatically reconstructing the entire process reasoning framework.
Tracking of provenance metadata during proof to guide visualization.
Export π-calculus to PiVizTool format.
Export Scala code to execute workflows using the PEW engine.
Modular API allows extensions with new composition actions, export options and commands.

Modes

The reasoner can run in 2 modes:

Console: This mode is intended for standard use within HOL Light, i.e. at the OCaml toplevel. It provides a minimal console interface for process modelling and composition.
JSON: This mode is intended for use within a server environment, to allow interaction with web applications (including UIs). It expects input and produces output encoded in JSON format.

Quick Install

Clone the following HOL Light fork: https://github.com/workflowfm/hol-light

git clone https://github.com/workflowfm/hol-light.git

Then make sure all the submodules are initialised and updated:

git submodule update --init --recursive

Install HOL Light following its standard installation instructions.

Once you have HOL Light up and running, you can load the reasoner in console mode using the following command:

loads (!hol_dir ^ "/workflowfm/make.console.ml");;

If you need to use the JSON mode, you can use this command instead:

loads (!hol_dir ^ "/workflowfm/make.ml");;

More detailed installation instructions are available at this link.

Authors

Maintainer

Petros Papapanagiotou - [email protected] - @PetrosPapapa

Contributors

A big thank you to the following contributors in order of appearance:

Jacques Fleuriot

References

Please cite the following publication in reference to this project:

P. Papapanagiotou, J. Fleuriot. WorkflowFM: A Logic-Based Framework for Formal Process Specification and Composition. CADE, 2017.

Sample of other relevant references:

P. Papapanagiotou, J. Fleuriot. Formal Verification of Web Services Composition Using Linear Logic and the pi-calculus. ECOWS, 2011.
P. Papapanagiotou. A formal verification approach to process modelling and composition. PhD Thesis, 2014.
P. Papapanagiotou, J. Fleuriot. A Pragmatic, Scalable Approach to Correct-by-construction Process Composition Using Classical Linear Logic Inference. LOPSTR, 2019.

License

Distributed under the Apache 2.0 license. See ./LICENSE for more information.

workflowfm-reasoner's People

Contributors

Stargazers

Watchers

workflowfm-reasoner's Issues

More control over generated channel names

Using a universal counter means that individual proofs are connected to each other, and changes in one proof affect the other.

We want channel names to be more deterministic and local to a particular proof.

One solution is to add a custom prefix to variable names, one that is unique to the particular proof. This can be:

*processPath*_*stepName*_numberedVariable

For example, when building a composition C1 and composing step _Step1 with counter 5, variable z will be renamed to:

C1__Step1_z5

Note that the step name can be grabbed from the action arguments.

The process path must be provided by the user.

This relies on the following update in the embed library:
PetrosPapapa/hol-light-embed#2

We then need to:

Add the process path prefix as an action argument or to the action state.
Update tactics.ml to use the prefix.
Test test test

Console composer should enable deployment commands

The console composer should be extended to enable deployment commands, similarly to how the JSON composer is extended here.

The console does not have a list of commands though. We could either:

Maintain a list of deployment commands (similar to the list of actions) or
Implement a functor over Composer_console_type.

The deployment output could either be shown in stdout or saved to files locally. A parameter could allow the user to choose between the two.

A flexible console mode to use the reasoner at the toplevel

Some preliminary work here: console.ml

Needs to emulate workspaces, store state, handle processes and compositions, and provide a simple list of commands. Some more pretty printers would also be nice.

Input provenance tracking seems to report same channel multiple times

Steps to reproduce

loads "workflowfm/src/make.console.ml";;
create "P" [`X`] `A ** A ** A ** A` ;;
create "Q" [`A`;`A`] `Y` ;;
tensor "Q" "Q";;
join "P" "lr" "_Step0" "NEG A";;

Result

The last command reports the following input provenance:

iprov =
     [(`A ** A ** A ** A`,
       Provnode ("times", Provleaf "cQ_A_1:1",
        Provnode ("times", Provleaf "cQ_A_1:4",
         Provnode ("times", Provleaf "cQ_A_1:8", Provleaf "cQ_A_1:7"))))]

There are only 2x cQ_A_1 channels available, so this input provenance is not possible.

Desired

It should be something along these lines:

iprov =
     [(`A ** A ** A ** A`,
       Provnode ("times", Provleaf "cQ_A_1:1",
        Provnode ("times", Provleaf "cQ_A_2:4",
         Provnode ("times", Provleaf "cQ_A_1:8", Provleaf "cQ_A_2:7"))))]

i.e. 2 of the 4 channels reported should be cQ_A_2 instead of cQ_A_1.

Diagnosis

Something going wrong when tracking unused channels in JOIN_TAC. Need to investigate further.

Encode/decode process terms properly

Currently just outputting a string. It would be nice to have a proper structured json output.

Do we want one generic structure with PiParProc etc. or a different output depending on the process calculus used?

Scala code generation must be updated to PEW 1.3.0

Change FutureExecutor to ProcessExecutor[_]
Change executor.context to executor.executionContext
Change .filterMap(_.map(...)) to .map(...)
Change default executor (probably to MultiStateExecutor)

Console composer allows you to store a composition with the same name as a component of one of its components

Trying to store a composition with the same name as on of its components fails. However, storing it with the same name as one of the component of one of its components succeeds.

Reproduce:

create "P" [`A`] `B`;;
create "Q" [`B`] `C`;;
join "P" "" "Q" "";;
store "_Step1" "R";;
create "S" [`C`] `D`;;
join "R" "" "S" "C";;
store "_Step2" "P";;

Atomic process P gets replaced by a composite process that has R as a component, which in turn has the atomic P as a component. This breaks R as its component P is no longer available. It also creates an undesirable recursive specification.

One could argue this should not be allowed at the level of the logic, but the proof state does not know about components of components, so it allows it.

Move provenance info to the process structure

This will minimize the use of the Actionstate so we won't need to send it back and forth now that the counter does not need to be shared.

Composition commands will only need to provide a context string. The actionstate can be fully constructed with ctr = 0 and the provenance info from the processes.

Tactics will still manipulate provenance in the state because that's the only place they can access it. At the end of the composition, provenance will be extracted back into the composed process.

Allow multiple instances of the same correspondence.

See ede9a5f

This still does not allow multiple copies of the same
correspondence (though it is not clear why one would ever want this).

When using inference rules, process names (such as "TimesProc") must
be constant. Otherwise they get refreshed with the latest counter like
every other variable (e.g. "TimesProc8").

I feel there is a better way to do this than adding a prefix for each
correspondence, but this will require some rethinking of the embedding
and quite a bit of refactoring.

workflowfm / workflowfm-reasoner Goto Github PK

workflowfm-reasoner's Introduction

WorkflowFM Reasoner

About

Key Features

Modes

Quick Install

Authors

Maintainer

Contributors

References

License

workflowfm-reasoner's People

Contributors

Stargazers

Watchers

workflowfm-reasoner's Issues

Steps to reproduce

Result

Desired

Diagnosis

Recommend Projects

Recommend Topics

Recommend Org