Skip to main content

Semantics of BPMN

Recently I have been involved with the standardization of BPMN. I find BPMN fascinating because it lies on the precise boundary between the IT world and the business world. Boundaries tend to be uncomfortable places to be around and BPMN is no exception.

My focus has been primarily on the semantics of BPMN. There have been many issues concerning the semantics of BPMN features. From a strictly programming language point of view BPMN seems to throw away most of the hard learned lessons of programming in the last 40 years: it is unstructured, full of gotos and no objects in sight.

But that is to forget the true purpose of BPMN, it is not a programming language. It is not even a scripting language, it is a language to help humans to manage their own activities. Even when BPMN is supported by automation, it is still primarily humans doing the work.

Anyway, the traditional approach to the semantics of languages like BPMN is Petri Nets. The merit of Petri nets is that they are quite simple to understand and quite simple to implement too.

However, BPMN has a bunch of features that are quite difficult to capture in petri nets without getting quite twisted. These are mostly due to the rich variety of merge behaviors supported by BPMN.

A classic one is the pass-through merge: where two streams are merged into one and all the tokens are forwarded. Simple, but combined with parallelism can get you very quickly into trouble:


This diagram, which shows an and-split forking off into three parallel branches, two of which are merged by a pass-through merge and the resulting pair merged back by an and-merge.

Interpreted as a petri net, three tokens originate from the split, two are merged onto the same 'wire' and the and-merge merges tokens on its two wires. This will result in a deadlock after the first successful firing of the and-merge because there is still a token left hanging about that is not collected by the and-merge.

The instinctive reaction of an IT person would be to say "don't do that"; but we are expecting business analysts to use BPMN, not programmers. And, this kind of situation can show up as easily in a large 400+ node diagram as a 3-node diagram.

One 'fix' is to allow annotations on the wires that go into an and-merge: specifically how many tokens that wire is supposed to accept. In my view, that is even worse because there may be no way of setting that count reliably, and further, it is low-level hacking of the worst kind: programming by numbers.

Here is another approach: instead of using petri nets, use graph rewriting semantics. In a graph rewriting approach, there are three kinds of nodes and wires: dormant, active and expired. The BPMN diagram becomes the initial graph which is rewritten until the entire graph is expired (or until only all the end-event nodes are active). This is how the pass-through is evaluated using graph rewriting:


The six stages show the evolution of the graph from a single active and-split ending up at the single active and-merge. The green is active, and the gray/purple signifies expired. (Normally you would remove expired entities but I have kept them for illustration.

Essentially, the pass-through node becomes a kind of 'cloner', and the dead-lock problem disappears! Neat!

I think that this may well end up to be the way that BPMN's semantics is defined. Given the experience of the G-machine (used in combinator approaches to functional programming languages) it's also not a bad way to implement BPMN automation.

Unless, of course, some problem shows up to make it unsuitable after all.

Popular posts from this blog

Comments Should be Meaningless

This is something of a counterintuitive idea: Comments should be meaningless What, I hear you ask, are you talking about? Comments should communicate to the reader! At least that is the received conventional wisdom handed does over the last few centuries (decades at least). Well, certainly, if you are programming in Assembler, or C, then yes, comments should convey meaning because the programming language cannot So, conversely, as a comment on the programming language itself, anytime the programmer feels the imperative to write a meaningful comment it is because the language is not able to convey the intent of the programmer. I have already noticed that I write far fewer comments in my Java programs than in my C programs.  That is because Java is able to capture more of my meaning and comments would be superfluous. So, if a language were able to capture all of my intentions, I would never need to write a comment. Hence the title of this blog.

Sub-turing complete programming languages

Here is an interesting intuition: the key to liberating software development is to use programming languages that are not, by themselves, turing-complete. That means no loops, no recursion 'in-language'. Why? Two reasons: any program that is subject to the halting problem is inherently unknowable: in general, the only way to know what a turing-complete program means is to run it. This puts very strong limitations on the combinatorics of turing-complete programs and also on the kinds of support tooling that can be provided: effectively, a debugger is about the best that you can do with any reasonable effort. On the other hand, a sub-turing language is also 'decidable'. That means it is possible to predict what it means; and paradoxically, a lot easier to provide a rich environment for it etc. etc. An interesting example of two languages on easier side of the turing fence are TeX and CSS. Both are designed for specifying the layout of text, TeX is turing complete and CSS

Existential Types are the flip side of generics

Generic types, as can now be seen in all the major programming languages have a flip side that has yet to be widely appreciated: existential types. Variables whose types are generic may not be modified within a generic function (or class): they can be kept in variables, they can be passed to other functions (provided they too have been supplied to the generic function), but other than that they are opaque. Again, when a generic function (or class) is used, then the actual type binding for the generic must be provided – although that type may also be generic, in which case the enclosing entity must also be generic. Existential types are often motivated by modules. A module can be seen to be equivalent to a record with its included functions: except that modules also typically encapsulate types too. Abstract data types are a closely related topic that also naturally connect to existential types (there is an old but still very relevant and readable article on the topic Abstract types have