Marco Montali | Free University of Bozen-Bolzano (original) (raw)
Papers by Marco Montali
Information Systems, Mar 1, 2018
Information Systems, 2018
Monitoring the compliance of the execution of multi-party business processes is a complex and cha... more Monitoring the compliance of the execution of multi-party business processes is a complex and challenging task: each actor only has the visibility of the portion of the process under its direct control, and the physical objects that belong to a party are often manipulated by other parties. Because of that, there is no guarantee that the process will be executed-and the objects be manipulated-as previously agreed by the parties. The problem is usually addressed through a centralized monitoring entity that collects information, sent by the involved parties, on when activities are executed and the artifacts are altered. This paper aims to tackle the problem in a different and innovative way: it proposes a decentralized solution based on the switch from control-to artifact-based monitoring, where the physical objects can monitor their own conditions and the activities in which they participate. To do so, the Internet of Things (IoT) paradigm is exploited by equipping physical objects with sensing hardware and software, turning them into smart objects. To instruct these smart objects, an approach to translate classical Business Process Model and Notation (BPMN) process models into a set of artifactcentric process models, rendered in Extended-GSM (E-GSM) (our extension of the Guard-Stage-Milestone (GSM) notation), is proposed. The paper presents the approach, based on model-based transformation, demonstrates its soundness and correctness, and introduces a prototype monitoring platform to assess and experiment the proposed solution. A simple case study in the domain of advanced logistics is used throughout the paper to exemplify the different parts of the proposal.
Lecture Notes in Computer Science, 2013
We describe a first experiment on automated activity and relation identification, and more in gen... more We describe a first experiment on automated activity and relation identification, and more in general, on the automated identification and extraction of computer-interpretable guideline fragments from clinical documents. We rely on clinical entity and relation (activities, actors, artifacts and their relations) recognition techniques and use MetaMap and the UMLS Metathesaurus to provide lexical information. In particular, we study the impact of clinical document syntax and semantics on the precision of activity and temporal relation recognition.
We consider the problem of extracting formal process representations of the therapies defined by ... more We consider the problem of extracting formal process representations of the therapies defined by clinical guidelines, viz., computer interpretable guidelines (CIGs), based on UMLS and semantic and syntactic annotation. CIGs enable the application of formal methods (such as model checking, verification, conformance assessment) to the clinical domain. We argue that, while minimally structured, correspondences among clinical guideline syntax and discourse relations and clinical process constructs should however be exploited to successfully extract CIGs. We review work on current clinical syntactic and semantic annotation, pinpointing their limitations, and discuss a CIG extraction methodology based on recent efforts on business process modelling notation (BPMN) model extraction from natural language text.
Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, Jul 1, 2022
We introduce annotated sequent calculi, which are extensions of standard sequent calculi, where s... more We introduce annotated sequent calculi, which are extensions of standard sequent calculi, where sequents are combined with annotations that represent their derivation statuses. Unlike in ordinary calculi, sequents that are derived in annotated calculi may still be retracted in the presence of conflicting sequents, thus inferences are made under stricter conditions. Conflicts in the resulting systems are handled like in adaptive logics and argumentation theory. The outcome is a robust family of proof systems for non-monotonic reasoning with inconsistent information, where revision considerations are fully integrated into the object level of the proofs. These systems are shown to be strongly connected to logical argumentation.
Principles of Knowledge Representation and Reasoning, Apr 25, 2016
In this paper we study verification of situation calculus action theories against first-order µ-c... more In this paper we study verification of situation calculus action theories against first-order µ-calculus with quantification across situations. Specifically, we consider µLa and µLp, the two variants of µ-calculus introduced in the literature for verification of data-aware processes. The former requires that quantification ranges over objects in the current active domain, while the latter additionally requires that objects assigned to variables persist across situations. Each of these two logics has a distinct corresponding notion of bisimulation. In spite of the differences we show that the two notions of bisimulation collapse for dynamic systems that are generic, which include all those systems specified through a situation calculus action theory. Then, by exploiting this result, we show that for bounded situation calculus action theories, µLa and µLp have exactly the same expressive power. Finally, we prove decidability of verification of µLa properties over bounded action theories, using finite faithful abstractions. Differently from the µLp case, these abstractions must depend on the number of quantified variables in the µLa formula. 1 Introduction In this paper we study verification of first-order µ-calculus with quantification across situations as a verification language for situation calculus action theories (McCarthy and Hayes 1969; Reiter 2001). Such theories can be seen as one of the most prominent examples in AI of data-aware processes, i.e., dynamic systems in which a rich (first-order) description of the current state is married with a description of how such state evolves through actions (Bhattacharya et al. 2007; Deutsch et al. 2009; Bagheri Hariri et al. 2013a). After the seminal work by De Giacomo, Ternovskaia, and Reiter (1997) and especially by Claßen and Lakemeyer (2008), there has been an increasing interest in verification in the situation calculus, and recently many important results have been devised regarding sound, complete, and terminating verification, including (
arXiv (Cornell University), May 31, 2019
We propose DAB-a data-aware extension of BPMN where the process operates over case and persistent... more We propose DAB-a data-aware extension of BPMN where the process operates over case and persistent data (partitioned into a read-only database called catalog and a read-write database called repository). The model trades off between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. Specifically, taking inspiration from the literature on verification of artifact systems, we study verification problems where safety properties are checked irrespectively of the content of the read-only catalog, and accepting the potential presence of unboundedly many tuples in the catalog and repository. We tackle such problems using an array-based backward reachability procedure fully implemented in MCMT-a state-of-the-art arraybased SMT model checker. Notably, we prove that the procedure is sound and complete for checking safety of DABs, and single out additional conditions that guarantee its termination and, in turn, show decidability of checking safety.
arXiv (Cornell University), May 30, 2019
We propose DAB-a data-aware extension of the BPMN defacto standard with the ability of operating ... more We propose DAB-a data-aware extension of the BPMN defacto standard with the ability of operating over case and persistent data (partitioned into a read-only catalog and a read-write repository), and that balances between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. In particular, we take inspiration from the literature on verification of artifact systems, and consider verification problems where safety properties are checked irrespectively of the content of the read-only catalog, possibly considering an unbounded number of active cases and tuples in the catalog and repository. Such problems are tackled using fully implemented arraybased backward reachability techniques belonging to the well-established tradition of SMT model checking. We also identify relevant classes of DABs for which the backward reachability procedure implemented in the MCMT array-based model checker is sound and complete, and then further strengthen such classes to ensure termination.
ACM Transactions on Software Engineering and Methodology, Jul 28, 2022
Runtime monitoring is one of the central tasks in the area of operational decision support for bu... more Runtime monitoring is one of the central tasks in the area of operational decision support for business process management. In particular, it helps process executors to check on-the-fly whether a running process instance satisfies business constraints of interest, providing an immediate feedback when deviations occur. We study runtime monitoring of properties expressed in ltl on finite traces (ltl f), and in its extension ldl f. ldl f is a powerful logic that captures all monadic second order logic on finite traces, and that is obtained by combining regular expressions with ltl f , adopting the syntax of propositional dynamic logic (pdl). Interestingly, in spite of its greater expressivity, ldl f has exactly the same computational complexity of ltl f. We show that ldl f is able to declaratively express, in the logic itself, not only the constraints to be monitored, but also the de-facto standard RV-LTL monitors. On the one hand, this enables us to directly employ the standard characterization of ldl f based on finite-state automata to monitor constraints in a fine-grained way. On the other hand, it provides the basis for declaratively expressing sophisticated metaconstraints that predicate on the monitoring state of other constraints, and to check them by relying on standard logical services instead of ad-hoc algorithms. In addition, we devise a direct translation of ldl f formulae into nondeterministic finitestate automata, avoiding to detour to Büchi automata or alternating automata. We then report on how this approach has been effectively implemented using Java to manipulate ldl f formulae and their corresponding monitors, and the well-known ProM process mining suite as underlying operational decision support infrastructure.
Mathematical Structures in Computer Science, Mar 1, 2020
In recent times, Satisfiability-Modulo-Theories (SMT) techniques gained increasing attention and ... more In recent times, Satisfiability-Modulo-Theories (SMT) techniques gained increasing attention and obtained remarkable success in model-checking infinite state systems. Still, we believe that whenever more expressivity is needed in order to specify the systems to be verified, more and more support is needed from mathematical logic and model-theory. This is the case of the applications considered in this paper: we study verification over a general model of relational, data-aware processes, to assess (parameterized) safety properties irrespectively of the initial database instance. Towards this goal, we take inspiration from array-based systems, and tackle safety algorithmically via backward reachability. To enable the adoption of this technique in our rich setting, we make use of the model-theoretic machinery of model completion, which surprisingly turns out to be an effective tool for verification of relational systems, and represents the main original contribution of this paper. In this way, we pursue a twofold purpose. On the one hand, we isolate three notable classes for which backward reachability terminates, in turn witnessing decidability. Two of such classes relate our approach to conditions singled out in the literature, whereas the third one is genuinely novel. On the other hand, we are able to exploit SMT technology in implementations, building on the well-known MCMT model checker for array-based systems, and extending it to make all our foundational results fully operational. All in all, the present contribution is deeply rooted in the long-standing tradition of the application of model theory in computer science. In particular, this paper applies these ideas in an original mathematical context and shows how these techniques can be used for the first time to empower algorithmic techniques for the verification of infinite-state systems based on arrays, so as to make such techniques applicable to the timely, challenging settings of data-aware processes.
arXiv (Cornell University), Dec 3, 2020
Virtual Knowledge Graphs (VKG) constitute one of the most promising paradigms for integrating and... more Virtual Knowledge Graphs (VKG) constitute one of the most promising paradigms for integrating and accessing legacy data sources. A critical bottleneck in the integration process involves the definition, validation, and maintenance of mapping assertions that link data sources to a domain ontology. To support the management of mappings throughout their entire lifecycle, we identify a comprehensive catalog of sophisticated mapping patterns that emerge when linking databases to ontologies. To do so, we build on well-established methodologies and patterns studied in data management, data analysis, and conceptual modeling. These are extended and refined through the analysis of concrete VKG benchmarks and real-world use cases, and considering the inherent impedance mismatch between data sources and ontologies. We validate our catalog on the considered VKG scenarios, showing that it covers the vast majority of mappings present therein.
arXiv (Cornell University), Jun 29, 2018
We study verification over a general model of artifact-centric systems, to assess (parameterized)... more We study verification over a general model of artifact-centric systems, to assess (parameterized) safety properties irrespectively of the initial database instance. We view such artifact systems as array-based systems, which allows us to check safety by adapting backward reachability, establishing for the first time a correspondence with model checking based on Satisfiability-Modulo-Theories (SMT). To do so, we make use of the modeltheoretic machinery of model completion, which surprisingly turns out to be an effective tool for verification of relational systems, and represents the main original contribution of this paper. In this way, we pursue a twofold purpose. On the one hand, we reconstruct (restricted to safety) the essence of some important decidability results obtained in the literature for artifact-centric systems, and we devise a genuinely novel class of decidable cases. On the other, we are able to exploit SMT technology in implementations, building on the well-known MCMT model checker for array-based systems, and extending it to make all our foundational results fully operational.
arXiv (Cornell University), Aug 27, 2021
In the context of verification of data-aware processes (DAPs), a formal approach based on satisfi... more In the context of verification of data-aware processes (DAPs), a formal approach based on satisfiability modulo theories (SMT) has been considered to verify parameterised safety properties of so-called artifact-centric systems. This approach requires a combination of modeltheoretic notions and algorithmic techniques based on backward reachability. We introduce here a variant of one of the most investigated models in this spectrum, namely simple artifact systems (SASs), where, instead of managing a database, we operate over a description logic (DL) ontology expressed in (a slight extension of) RDFS. This DL, enjoying suitable model-theoretic properties, allows us to define DL-based SASs to which backward reachability can still be applied, leading to decidability in PSpace of the corresponding safety problems.
We want to extract process representations from clinical guidelines 1 basic tool in hospitals and... more We want to extract process representations from clinical guidelines 1 basic tool in hospitals and clinics [Got12] 2 describe state-of-the art therapies 3 implemented in workflow and decision support systems 4 processed manually 5 require loads of costly expert knowledge Camilo Thorne et.al.
International Conference on Artificial Intelligence, Jul 25, 2015
In this paper, we overview the recently introduced general framework of Description Logic Based D... more In this paper, we overview the recently introduced general framework of Description Logic Based Dynamic Systems, which leverages Levesque's functional approach to model systems that evolve the extensional part of a description logic knowledge base by means of actions. This framework is parametric w.r.t. the adopted description logic and the progression mechanism. In this setting, we discuss verification and adversarial synthesis for specifications expressed in a variant of first-order µ-calculus, with a controlled form of quantification across successive states and present key decidability results under the natural assumption of state-boundedness. * This paper was invited for submission to the Best Papers From Sister Conferences Track, based on a paper that appeared in the 7th International Conference on Web Reasoning and Rule Systems (RR-2013). † This research has been partially supported by the Provincia Autonoma di Bolzano-Alto Adige, under the project VeriSynCoPateD (Verification and Synthesis from Components of Processes that Manipulate Data), and by the EU, under the large-scale integrating project (IP) Optique (Scalable End-user Access to Big Data), grant agreement n. FP7-318338.
arXiv (Cornell University), Feb 29, 2012
Data-centric dynamic systems are systems where both the process controlling the dynamics and the ... more Data-centric dynamic systems are systems where both the process controlling the dynamics and the manipulation of data are equally central. Recently such kinds of systems are increasingly attracting the interest of the scientific community, especially in their variant called artifact-centric business processes. In this paper we study verification of (first-order) µ-calculus variants over relational data-centric dynamic systems, where data are represented by a fullfledged relational database, and the process is described in terms of atomic actions that evolve the database. The execution of such actions may involve calls to external services, providing fresh data inserted into the system. As a result such systems are typically infinite-state. We show that verification is undecidable in general, and we isolate notable cases, where decidability is achieved. Specifically we start by considering service calls that return values deterministically (depending only on passed parameters). We show that in a µ-calculus variant that preserves knowledge of objects appeared along a run we get decidability under the assumption that the fresh data introduced along a run are bounded, though they might not be bounded in the overall system. In fact we tie such a result to a notion related to weak acyclicity studied in data exchange. Then, we move to nondeterministic services where the assumption of data bounded run would result in a bound on the service calls that can be invoked during the execution and hence would be too restrictive. So we investigate decidability under the assumption that knowledge of objects is preserved only if they are continuously present. We show that if infinitely many values occur in a run but do not accumulate in the same state, then we get again decidability. We give syntactic conditions to avoid this accumulation through the novel notion of "generate-recall acyclicity", which takes into consideration that every service call activation generates new values that cannot be accumulated indefinitely.
We base our work on a model called data-centric dynamic system (DCDS), which can be seen as a fra... more We base our work on a model called data-centric dynamic system (DCDS), which can be seen as a framework for modeling and verification of systems where both the process controlling the dynamics and the manipulation of data are equally central. More specifically, a DCDS consists of a data layer and a process layer, interacting as follows: the data layer stores all the data of interest in a relational database, and the process layer modifies and evolves such data by executing actions under the control of a process, and possibly injecting into the system external data retrieved through service calls. In this work, we propose an implementation of DCDSs in which all aspects concerning not only the data layer but also the process layer, are realized by means of functionalities provided by a relational DBMS. We present the architecture of our prototype system, describe its functionality, and discuss the next steps we intend to take towards realizing a full-fledged DCDS-based system that supports verification of rich temporal properties.
Temporal logics over finite traces, such as LTL f and its extension LDL f , have been adopted in ... more Temporal logics over finite traces, such as LTL f and its extension LDL f , have been adopted in several areas, including Business Process Management (BPM), to check properties of processes whose executions have an unbounded, but finite, length. These logics express properties of single traces in isolation, however, especially in BPM it is also of interest to express properties over the entire log, i.e., properties that relate multiple traces of the log at once. In the case of infinite-traces, HyperLTL has been proposed to express these "hyper" properties. In this paper, motivated by BPM, we introduce HyperLDL f , a logic that extends LDL f with the hyper features of HyperLTL. We provide a sound, complete and computationally optimal technique, based on DFAs manipulation, for the model checking problem in the relevant case where the set of traces (i.e., the log) is a regular language. We illustrate how this form of model checking can be used to specify and verify sophisticated properties within BPM and process mining.
Data & Knowledge Engineering
Knowledge Graphs (KGs) have been gaining momentum recently in both academia and industry, due to ... more Knowledge Graphs (KGs) have been gaining momentum recently in both academia and industry, due to the flexibility of their data model, allowing one to access and integrate collections of data of different forms. Virtual Knowledge Graphs (VKGs), a variant of KGs originating from the field of Ontology-based Data Access (OBDA), are a promising paradigm for integrating and accessing legacy data sources. The main idea of VKGs is that the KG remains virtual: the end-user interacts with a KG, but queries are reformulated on-the-fly as queries over the data source(s). To enable the paradigm, one needs to define declarative mappings specifying the link between the data sources and the elements in the VKG. In this work, we try to investigate common patterns that arise when specifying such mappings, building on well-established methodologies from the area of conceptual modeling and database design.
Information Systems, Mar 1, 2018
Information Systems, 2018
Monitoring the compliance of the execution of multi-party business processes is a complex and cha... more Monitoring the compliance of the execution of multi-party business processes is a complex and challenging task: each actor only has the visibility of the portion of the process under its direct control, and the physical objects that belong to a party are often manipulated by other parties. Because of that, there is no guarantee that the process will be executed-and the objects be manipulated-as previously agreed by the parties. The problem is usually addressed through a centralized monitoring entity that collects information, sent by the involved parties, on when activities are executed and the artifacts are altered. This paper aims to tackle the problem in a different and innovative way: it proposes a decentralized solution based on the switch from control-to artifact-based monitoring, where the physical objects can monitor their own conditions and the activities in which they participate. To do so, the Internet of Things (IoT) paradigm is exploited by equipping physical objects with sensing hardware and software, turning them into smart objects. To instruct these smart objects, an approach to translate classical Business Process Model and Notation (BPMN) process models into a set of artifactcentric process models, rendered in Extended-GSM (E-GSM) (our extension of the Guard-Stage-Milestone (GSM) notation), is proposed. The paper presents the approach, based on model-based transformation, demonstrates its soundness and correctness, and introduces a prototype monitoring platform to assess and experiment the proposed solution. A simple case study in the domain of advanced logistics is used throughout the paper to exemplify the different parts of the proposal.
Lecture Notes in Computer Science, 2013
We describe a first experiment on automated activity and relation identification, and more in gen... more We describe a first experiment on automated activity and relation identification, and more in general, on the automated identification and extraction of computer-interpretable guideline fragments from clinical documents. We rely on clinical entity and relation (activities, actors, artifacts and their relations) recognition techniques and use MetaMap and the UMLS Metathesaurus to provide lexical information. In particular, we study the impact of clinical document syntax and semantics on the precision of activity and temporal relation recognition.
We consider the problem of extracting formal process representations of the therapies defined by ... more We consider the problem of extracting formal process representations of the therapies defined by clinical guidelines, viz., computer interpretable guidelines (CIGs), based on UMLS and semantic and syntactic annotation. CIGs enable the application of formal methods (such as model checking, verification, conformance assessment) to the clinical domain. We argue that, while minimally structured, correspondences among clinical guideline syntax and discourse relations and clinical process constructs should however be exploited to successfully extract CIGs. We review work on current clinical syntactic and semantic annotation, pinpointing their limitations, and discuss a CIG extraction methodology based on recent efforts on business process modelling notation (BPMN) model extraction from natural language text.
Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, Jul 1, 2022
We introduce annotated sequent calculi, which are extensions of standard sequent calculi, where s... more We introduce annotated sequent calculi, which are extensions of standard sequent calculi, where sequents are combined with annotations that represent their derivation statuses. Unlike in ordinary calculi, sequents that are derived in annotated calculi may still be retracted in the presence of conflicting sequents, thus inferences are made under stricter conditions. Conflicts in the resulting systems are handled like in adaptive logics and argumentation theory. The outcome is a robust family of proof systems for non-monotonic reasoning with inconsistent information, where revision considerations are fully integrated into the object level of the proofs. These systems are shown to be strongly connected to logical argumentation.
Principles of Knowledge Representation and Reasoning, Apr 25, 2016
In this paper we study verification of situation calculus action theories against first-order µ-c... more In this paper we study verification of situation calculus action theories against first-order µ-calculus with quantification across situations. Specifically, we consider µLa and µLp, the two variants of µ-calculus introduced in the literature for verification of data-aware processes. The former requires that quantification ranges over objects in the current active domain, while the latter additionally requires that objects assigned to variables persist across situations. Each of these two logics has a distinct corresponding notion of bisimulation. In spite of the differences we show that the two notions of bisimulation collapse for dynamic systems that are generic, which include all those systems specified through a situation calculus action theory. Then, by exploiting this result, we show that for bounded situation calculus action theories, µLa and µLp have exactly the same expressive power. Finally, we prove decidability of verification of µLa properties over bounded action theories, using finite faithful abstractions. Differently from the µLp case, these abstractions must depend on the number of quantified variables in the µLa formula. 1 Introduction In this paper we study verification of first-order µ-calculus with quantification across situations as a verification language for situation calculus action theories (McCarthy and Hayes 1969; Reiter 2001). Such theories can be seen as one of the most prominent examples in AI of data-aware processes, i.e., dynamic systems in which a rich (first-order) description of the current state is married with a description of how such state evolves through actions (Bhattacharya et al. 2007; Deutsch et al. 2009; Bagheri Hariri et al. 2013a). After the seminal work by De Giacomo, Ternovskaia, and Reiter (1997) and especially by Claßen and Lakemeyer (2008), there has been an increasing interest in verification in the situation calculus, and recently many important results have been devised regarding sound, complete, and terminating verification, including (
arXiv (Cornell University), May 31, 2019
We propose DAB-a data-aware extension of BPMN where the process operates over case and persistent... more We propose DAB-a data-aware extension of BPMN where the process operates over case and persistent data (partitioned into a read-only database called catalog and a read-write database called repository). The model trades off between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. Specifically, taking inspiration from the literature on verification of artifact systems, we study verification problems where safety properties are checked irrespectively of the content of the read-only catalog, and accepting the potential presence of unboundedly many tuples in the catalog and repository. We tackle such problems using an array-based backward reachability procedure fully implemented in MCMT-a state-of-the-art arraybased SMT model checker. Notably, we prove that the procedure is sound and complete for checking safety of DABs, and single out additional conditions that guarantee its termination and, in turn, show decidability of checking safety.
arXiv (Cornell University), May 30, 2019
We propose DAB-a data-aware extension of the BPMN defacto standard with the ability of operating ... more We propose DAB-a data-aware extension of the BPMN defacto standard with the ability of operating over case and persistent data (partitioned into a read-only catalog and a read-write repository), and that balances between expressiveness and the possibility of supporting parameterized verification of safety properties on top of it. In particular, we take inspiration from the literature on verification of artifact systems, and consider verification problems where safety properties are checked irrespectively of the content of the read-only catalog, possibly considering an unbounded number of active cases and tuples in the catalog and repository. Such problems are tackled using fully implemented arraybased backward reachability techniques belonging to the well-established tradition of SMT model checking. We also identify relevant classes of DABs for which the backward reachability procedure implemented in the MCMT array-based model checker is sound and complete, and then further strengthen such classes to ensure termination.
ACM Transactions on Software Engineering and Methodology, Jul 28, 2022
Runtime monitoring is one of the central tasks in the area of operational decision support for bu... more Runtime monitoring is one of the central tasks in the area of operational decision support for business process management. In particular, it helps process executors to check on-the-fly whether a running process instance satisfies business constraints of interest, providing an immediate feedback when deviations occur. We study runtime monitoring of properties expressed in ltl on finite traces (ltl f), and in its extension ldl f. ldl f is a powerful logic that captures all monadic second order logic on finite traces, and that is obtained by combining regular expressions with ltl f , adopting the syntax of propositional dynamic logic (pdl). Interestingly, in spite of its greater expressivity, ldl f has exactly the same computational complexity of ltl f. We show that ldl f is able to declaratively express, in the logic itself, not only the constraints to be monitored, but also the de-facto standard RV-LTL monitors. On the one hand, this enables us to directly employ the standard characterization of ldl f based on finite-state automata to monitor constraints in a fine-grained way. On the other hand, it provides the basis for declaratively expressing sophisticated metaconstraints that predicate on the monitoring state of other constraints, and to check them by relying on standard logical services instead of ad-hoc algorithms. In addition, we devise a direct translation of ldl f formulae into nondeterministic finitestate automata, avoiding to detour to Büchi automata or alternating automata. We then report on how this approach has been effectively implemented using Java to manipulate ldl f formulae and their corresponding monitors, and the well-known ProM process mining suite as underlying operational decision support infrastructure.
Mathematical Structures in Computer Science, Mar 1, 2020
In recent times, Satisfiability-Modulo-Theories (SMT) techniques gained increasing attention and ... more In recent times, Satisfiability-Modulo-Theories (SMT) techniques gained increasing attention and obtained remarkable success in model-checking infinite state systems. Still, we believe that whenever more expressivity is needed in order to specify the systems to be verified, more and more support is needed from mathematical logic and model-theory. This is the case of the applications considered in this paper: we study verification over a general model of relational, data-aware processes, to assess (parameterized) safety properties irrespectively of the initial database instance. Towards this goal, we take inspiration from array-based systems, and tackle safety algorithmically via backward reachability. To enable the adoption of this technique in our rich setting, we make use of the model-theoretic machinery of model completion, which surprisingly turns out to be an effective tool for verification of relational systems, and represents the main original contribution of this paper. In this way, we pursue a twofold purpose. On the one hand, we isolate three notable classes for which backward reachability terminates, in turn witnessing decidability. Two of such classes relate our approach to conditions singled out in the literature, whereas the third one is genuinely novel. On the other hand, we are able to exploit SMT technology in implementations, building on the well-known MCMT model checker for array-based systems, and extending it to make all our foundational results fully operational. All in all, the present contribution is deeply rooted in the long-standing tradition of the application of model theory in computer science. In particular, this paper applies these ideas in an original mathematical context and shows how these techniques can be used for the first time to empower algorithmic techniques for the verification of infinite-state systems based on arrays, so as to make such techniques applicable to the timely, challenging settings of data-aware processes.
arXiv (Cornell University), Dec 3, 2020
Virtual Knowledge Graphs (VKG) constitute one of the most promising paradigms for integrating and... more Virtual Knowledge Graphs (VKG) constitute one of the most promising paradigms for integrating and accessing legacy data sources. A critical bottleneck in the integration process involves the definition, validation, and maintenance of mapping assertions that link data sources to a domain ontology. To support the management of mappings throughout their entire lifecycle, we identify a comprehensive catalog of sophisticated mapping patterns that emerge when linking databases to ontologies. To do so, we build on well-established methodologies and patterns studied in data management, data analysis, and conceptual modeling. These are extended and refined through the analysis of concrete VKG benchmarks and real-world use cases, and considering the inherent impedance mismatch between data sources and ontologies. We validate our catalog on the considered VKG scenarios, showing that it covers the vast majority of mappings present therein.
arXiv (Cornell University), Jun 29, 2018
We study verification over a general model of artifact-centric systems, to assess (parameterized)... more We study verification over a general model of artifact-centric systems, to assess (parameterized) safety properties irrespectively of the initial database instance. We view such artifact systems as array-based systems, which allows us to check safety by adapting backward reachability, establishing for the first time a correspondence with model checking based on Satisfiability-Modulo-Theories (SMT). To do so, we make use of the modeltheoretic machinery of model completion, which surprisingly turns out to be an effective tool for verification of relational systems, and represents the main original contribution of this paper. In this way, we pursue a twofold purpose. On the one hand, we reconstruct (restricted to safety) the essence of some important decidability results obtained in the literature for artifact-centric systems, and we devise a genuinely novel class of decidable cases. On the other, we are able to exploit SMT technology in implementations, building on the well-known MCMT model checker for array-based systems, and extending it to make all our foundational results fully operational.
arXiv (Cornell University), Aug 27, 2021
In the context of verification of data-aware processes (DAPs), a formal approach based on satisfi... more In the context of verification of data-aware processes (DAPs), a formal approach based on satisfiability modulo theories (SMT) has been considered to verify parameterised safety properties of so-called artifact-centric systems. This approach requires a combination of modeltheoretic notions and algorithmic techniques based on backward reachability. We introduce here a variant of one of the most investigated models in this spectrum, namely simple artifact systems (SASs), where, instead of managing a database, we operate over a description logic (DL) ontology expressed in (a slight extension of) RDFS. This DL, enjoying suitable model-theoretic properties, allows us to define DL-based SASs to which backward reachability can still be applied, leading to decidability in PSpace of the corresponding safety problems.
We want to extract process representations from clinical guidelines 1 basic tool in hospitals and... more We want to extract process representations from clinical guidelines 1 basic tool in hospitals and clinics [Got12] 2 describe state-of-the art therapies 3 implemented in workflow and decision support systems 4 processed manually 5 require loads of costly expert knowledge Camilo Thorne et.al.
International Conference on Artificial Intelligence, Jul 25, 2015
In this paper, we overview the recently introduced general framework of Description Logic Based D... more In this paper, we overview the recently introduced general framework of Description Logic Based Dynamic Systems, which leverages Levesque's functional approach to model systems that evolve the extensional part of a description logic knowledge base by means of actions. This framework is parametric w.r.t. the adopted description logic and the progression mechanism. In this setting, we discuss verification and adversarial synthesis for specifications expressed in a variant of first-order µ-calculus, with a controlled form of quantification across successive states and present key decidability results under the natural assumption of state-boundedness. * This paper was invited for submission to the Best Papers From Sister Conferences Track, based on a paper that appeared in the 7th International Conference on Web Reasoning and Rule Systems (RR-2013). † This research has been partially supported by the Provincia Autonoma di Bolzano-Alto Adige, under the project VeriSynCoPateD (Verification and Synthesis from Components of Processes that Manipulate Data), and by the EU, under the large-scale integrating project (IP) Optique (Scalable End-user Access to Big Data), grant agreement n. FP7-318338.
arXiv (Cornell University), Feb 29, 2012
Data-centric dynamic systems are systems where both the process controlling the dynamics and the ... more Data-centric dynamic systems are systems where both the process controlling the dynamics and the manipulation of data are equally central. Recently such kinds of systems are increasingly attracting the interest of the scientific community, especially in their variant called artifact-centric business processes. In this paper we study verification of (first-order) µ-calculus variants over relational data-centric dynamic systems, where data are represented by a fullfledged relational database, and the process is described in terms of atomic actions that evolve the database. The execution of such actions may involve calls to external services, providing fresh data inserted into the system. As a result such systems are typically infinite-state. We show that verification is undecidable in general, and we isolate notable cases, where decidability is achieved. Specifically we start by considering service calls that return values deterministically (depending only on passed parameters). We show that in a µ-calculus variant that preserves knowledge of objects appeared along a run we get decidability under the assumption that the fresh data introduced along a run are bounded, though they might not be bounded in the overall system. In fact we tie such a result to a notion related to weak acyclicity studied in data exchange. Then, we move to nondeterministic services where the assumption of data bounded run would result in a bound on the service calls that can be invoked during the execution and hence would be too restrictive. So we investigate decidability under the assumption that knowledge of objects is preserved only if they are continuously present. We show that if infinitely many values occur in a run but do not accumulate in the same state, then we get again decidability. We give syntactic conditions to avoid this accumulation through the novel notion of "generate-recall acyclicity", which takes into consideration that every service call activation generates new values that cannot be accumulated indefinitely.
We base our work on a model called data-centric dynamic system (DCDS), which can be seen as a fra... more We base our work on a model called data-centric dynamic system (DCDS), which can be seen as a framework for modeling and verification of systems where both the process controlling the dynamics and the manipulation of data are equally central. More specifically, a DCDS consists of a data layer and a process layer, interacting as follows: the data layer stores all the data of interest in a relational database, and the process layer modifies and evolves such data by executing actions under the control of a process, and possibly injecting into the system external data retrieved through service calls. In this work, we propose an implementation of DCDSs in which all aspects concerning not only the data layer but also the process layer, are realized by means of functionalities provided by a relational DBMS. We present the architecture of our prototype system, describe its functionality, and discuss the next steps we intend to take towards realizing a full-fledged DCDS-based system that supports verification of rich temporal properties.
Temporal logics over finite traces, such as LTL f and its extension LDL f , have been adopted in ... more Temporal logics over finite traces, such as LTL f and its extension LDL f , have been adopted in several areas, including Business Process Management (BPM), to check properties of processes whose executions have an unbounded, but finite, length. These logics express properties of single traces in isolation, however, especially in BPM it is also of interest to express properties over the entire log, i.e., properties that relate multiple traces of the log at once. In the case of infinite-traces, HyperLTL has been proposed to express these "hyper" properties. In this paper, motivated by BPM, we introduce HyperLDL f , a logic that extends LDL f with the hyper features of HyperLTL. We provide a sound, complete and computationally optimal technique, based on DFAs manipulation, for the model checking problem in the relevant case where the set of traces (i.e., the log) is a regular language. We illustrate how this form of model checking can be used to specify and verify sophisticated properties within BPM and process mining.
Data & Knowledge Engineering
Knowledge Graphs (KGs) have been gaining momentum recently in both academia and industry, due to ... more Knowledge Graphs (KGs) have been gaining momentum recently in both academia and industry, due to the flexibility of their data model, allowing one to access and integrate collections of data of different forms. Virtual Knowledge Graphs (VKGs), a variant of KGs originating from the field of Ontology-based Data Access (OBDA), are a promising paradigm for integrating and accessing legacy data sources. The main idea of VKGs is that the KG remains virtual: the end-user interacts with a KG, but queries are reformulated on-the-fly as queries over the data source(s). To enable the paradigm, one needs to define declarative mappings specifying the link between the data sources and the elements in the VKG. In this work, we try to investigate common patterns that arise when specifying such mappings, building on well-established methodologies from the area of conceptual modeling and database design.