Model Checking of Boolean Process Models

In the field of Business Process Management formal models for the control flow of business processes have been designed since more than 15 years. Which methods are best suited to verify the bulk of these models? The first step is to select a formal language which fixes the semantics of the models. We adopt the language of Boolean systems as reference language for Boolean process models. Boolean systems form a simple subclass of coloured Petri nets. Their characteristics are low tokens to model explicitly states with a subsequent skipping of activations and arbitrary logical rules of type AND, XOR, OR etc. to model the split and join of the control flow. We apply model checking as a verification method for the safeness and liveness of Boolean systems. Model checking of Boolean systems uses the elementary theory of propositional logic, no modal operators are needed. Our verification builds on a finite complete prefix of a certain T-system attached to the Boolean system. It splits the processes of the Boolean system into a finite set of base processes of bounded length. Their behaviour translates to formulas from propositional logic. Our verification task consists in checking the satisfiability of these formulas. In addition we have implemented our model checking algorithm as a java program. The time needed to verify a given Boolean system depends critically on the number of initial tokens. Because the algorithm has to solve certain SAT-problems, polynomial complexity cannot be expected. The paper closes with the model checking of some Boolean process models which have been designed as Event-driven Process Chains.

💡 Research Summary

The paper addresses the problem of formally verifying business process models, focusing on the control‑flow aspect of widely used notations such as EPC, BPMN, YAWL, and UML activity diagrams. Because many of these notations have well‑defined syntactic constructs but ambiguous or incomplete semantics, the authors propose to use a single, mathematically precise reference language: Boolean systems. A Boolean system is a restricted subclass of coloured Petri nets in which each place can hold at most one token (0 or 1) and transitions are guarded by Boolean expressions (AND, OR, XOR, etc.). This restriction makes the model both expressive enough to capture typical workflow patterns and simple enough to allow verification using only propositional logic.

The verification goals are twofold: (1) safeness – ensuring that no place ever contains more than one token, and (2) liveness – guaranteeing that every transition can be fired again from any reachable marking. Safeness follows directly from the safeness of the underlying “skeleton” of the Boolean system, which is a T‑system (a Petri net where each place has exactly one pre‑ and one post‑transition). Since T‑systems are well‑studied, existing results can be applied without further transformation.

Liveness is more challenging. The authors’ method proceeds in several steps. First, they construct a finite complete prefix of the unfolding of the T‑system skeleton. This prefix captures all possible execution histories while avoiding the state‑explosion inherent in full reachability graphs. Next, they “colour” the prefix by re‑introducing the Boolean guards, thereby obtaining a finite prefix of the original Boolean system. From this coloured prefix they extract a finite set of “base markings”. For each base marking they define a “base process”, which is a bounded‑length execution fragment that starts from that marking and respects the Boolean guards.

Each base process is then translated into a propositional formula that encodes the necessary firing conditions along the fragment. The liveness property reduces to checking whether, for every base process, there exists a reachable marking that enables the continuation of the process—i.e., whether the corresponding propositional formula is satisfiable. Consequently, the whole liveness verification becomes a collection of SAT problems. No temporal or modal operators (such as those used in CTL or LTL) are required; the elementary theory of propositional logic suffices.

The authors implemented the entire verification pipeline in Java. Their prototype includes a simple resolution‑based SAT solver. Experiments on models with roughly 25 Boolean transitions and 30 places show verification times on the order of a few seconds. However, the runtime is highly sensitive to the number of initial tokens because each token can give rise to additional base markings and larger SAT instances. The authors acknowledge that the SAT step is NP‑complete, and they suggest that integrating a state‑of‑the‑art SAT solver from the research community would dramatically improve performance.

A concrete case study is presented: an EPC describing a “Loan request” process, originally taken from the literature (MA2008). The EPC contains a mixture of XOR, OR, and AND gateways, a loop that repeats risk assessment, and three possible final events (rejection, contract completion, and further product offer). The authors translate this EPC into a Boolean system, generate the finite prefix, and formulate the corresponding SAT instances. The model checker correctly identifies that the EPC is safe and live, and it detects the intended mutual exclusivity of final events (e.g., rejection cannot occur together with contract completion). This demonstrates that the approach can handle realistic workflow patterns, including complex branching and looping.

In the related‑work discussion, the paper contrasts its method with three prominent approaches: (i) the van der Aalst pipeline that reduces EPCs to workflow nets and applies CTL model checking via the ProM framework; (ii) a structural reduction plus state‑space exploration technique; and (iii) a SESE (single‑entry single‑exit) decomposition combined with heuristics. While those methods rely on Petri‑net transformations, temporal logics, or heavy state‑space exploration, the Boolean‑system approach stays within propositional logic, offering a conceptually simpler verification pipeline. The trade‑off is the reliance on SAT solving, which can become a bottleneck for large numbers of tokens or highly branched models.

The paper concludes by summarizing its contributions: (a) establishing Boolean systems as a clean, formally defined reference language for business process control flow; (b) presenting a novel model‑checking algorithm that leverages finite complete prefixes and SAT solving; (c) providing a prototype implementation and empirical evidence on a realistic EPC example; and (d) outlining future work, including integration of high‑performance SAT solvers, scalability studies on larger industrial models, and extending the approach to incorporate data‑flow aspects. Overall, the work offers a promising alternative to traditional Petri‑net based verification, especially for scenarios where a purely propositional representation of control logic is natural.