Flexible Modeling of Emergency Scenarios using Reconfigurable Systems Electronic Communications of the EASST Volume 12 (2008) Formal Modeling of Adaptive and Mobile Processes Flexible Modeling of Emergency Scenarios using Reconfigurable Systems K. Hoffmann, H. Ehrig, J. Padberg 20 pages Guest Editors: Julia Padberg, Kathrin Hoffmann Managing Editors: Tiziana Margaria, Julia Padberg, Gabriele Taentzer ECEASST Home Page: http://www.easst.org/eceasst/ ISSN 1863-2122 http://www.easst.org/eceasst/ ECEASST Flexible Modeling of Emergency Scenarios using Reconfigurable Systems K. Hoffmann1, H. Ehrig, J. Padberg Institute for Software Technology and Theoretical Computer Science Technical University of Berlin, Germany Abstract: In emergency scenarios we can obtain a more effective coordination among team members constituting a mobile ad hoc network (MANET) through the use of reconfigurable systems. This means that cooperative work can be adequately modeled by low level and high level Petri nets with initial markings and the net structure can be adapted to new requirements of the environment during run time by a set of rules. In this paper we give main requirements for flexible processes in MANETs and show how to realize them using the formal notions of reconfigurable systems. The main part presents a case study in the area of emergency management and demonstrates the advantages of our approach which allows the dynamic adap- tion of processes in mobile environments. In this context we also discuss the main results achieved for reconfigurable systems and outline some interesting aspects of future work. Keywords: mobile ad hoc network, reconfigurable system, Petri net, rule based transformation, algebraic higher order net 1 Introduction As the adaptation of systems to changing environments gets more and more important processes that can be modified at run time have become a significant topic in the recent years especially in the area of mobile ad hoc networks (MANETs). MANETs are networks of mobile devices that communicate with one another via wireless links without relying on an underlying infrastructure e.g. as in emergency/disaster scenarios where an effective coordination is crucial among teams and team members to stabilize the situation and reduce the probability of secondary damage as well as to provide emergency assistance for victims. As noticed in the context of the research project WORKPAD2 the situation in such scenarios is complicated by the fact that the common goal is reached by different teams belonging to different organizations. Moreover each team member should carry on specific activities while the different teams collaborate through the interleaving of all the different processes. Normally processes in mobile environments are not fixed once and for all at build time but constantly adapted at run time e.g. to predict situations of disconnection or to restructure specific parts and activities. 1 This work has been partly funded by the research project forMAlNET (see tfs.cs.tu-berlin.de/formalnet/) of the German Research Council. 2 www.workpad-project.eu 1 / 20 Volume 12 (2008) tfs.cs.tu-berlin.de/formalnet/ www.workpad-project.eu Flexible Modeling of Emergency Scenarios using Reconfigurable Systems For the effective coordination among teams and team members a suitable process definition language is desirable that supports an adequate modeling of processes and their modifications. But as recognized e.g. in the context of the graduate school METRIK3 the workflow oriented view on processes in emergency/disaster scenarios is a novel line of research and up to now there exists only a few approaches especially designed for such an application area. In [HEM05, PHE+07, EHPP07, EKPE07, BHP07] the rule based approach of reconfigurable place/transition (P/T) systems is introduced, so that the modification of processes is realized at run time by a set of rules. The formalism of algebraic higher order systems follows the paradigm ”nets and rules as tokens” and represents a meta model for reconfigurable P/T systems where process execution and process modification is distinguished by the use of specific transitions. This paper is organized as follows: in Section 2 we give a characterization of main require- ments for flexible processes in emergency/disaster scenarios in order to review the formal notions and results of reconfigurable systems in Section 3 and compare them with the listed requirements. To demonstrate the advantages of our approach we illustrate in Section 4 reconfigurable systems by a case study in the area of pipeline emergencies. Finally in Section 5 we conclude with a discussion of some interesting aspects of future work. 2 Flexible Processes in MANETs This section presents a characterization of main requirements for flexible processes in emer- gency/disaster scenarios. Based on the fundamental requirements for process definition lan- guages called perspective in [AWW03] these perspectives are improved to fit in our intended application area. Summarizing a process definition language should cover the process perspec- tive, informational perspective, organizational perspective, functional perspective, and opera- tional perspective [AWW03]. The process perspective concentrates on the control flow, i.e. the start conditions and the order of activities that have to be executed. The Workflow Management Coalition4 identifies some basic types of relationship between activities: sequential, parallel, conditional, and iterative routing. Following the approach in [KFP06] in a completely decentralized system as in MANETs each activity could be in addition in one of the following states : • Received: a start conditions has arrived from the previous team member and is waiting until all conditions are true and the current team member is available to start running it. • Initiated: a new process instance has just started, this is where the team member starts it because all start conditions are true. • Running: the team member is running the activity. • Aborted: the team member failed to complete the activity either because the team member is disconnected or for any other reason. • Completed: the team member completed the activity. • On-Hold: the activity is completed but the next team member is not available yet to receive his/her start conditions. 3 metrik.informatik.hu-berlin.de/grk-wiki 4 www.wfmc.org Adaptive and Mobile Processes 2 / 20 metrik.informatik.hu-berlin.de/grk-wiki www.wfmc.org ECEASST • Rejected: the team member rejects to complete the given activity. Moreover in a mobile environment movement activities concerning the network connectivity can be separated from activities concerning the intended process. The informational perspective concentrates on the data flow, so that data dependencies be- tween activities are characterized by input and output parameters. On the one hand control data is used for process management purposes and on the other hand production data subsumes in- formation objects like documents, questionnaires and forms. In MANETs information about the geographic area is especially important e.g. to localize positions of team members or to predict situations of disconnection. The organizational perspective is typically defined by roles, groups and other artifacts clar- ifying organizational issues. Because in emergency/disaster scenarios different teams belong to different organizations, the inter-organizational aspect should be respected. In addition, in MANETs the network topology typically represented as topology graphs [AZ03] both influences and is influenced by the process. The functional perspective prescribes the decomposition of a process into smaller units often represented by a hierarchical structure. Finally, the operational perspective depends on the technical environment, so that elementary operations are performed by resources and applications. Based on the observation in [KFP06] in a mobile environment the team member can be on line, i.e. he/she can receive new work, or off line, where the team member is not available to receive new work. In this case new activities may be on hold until the team member returns on line or even allocated to alternative team members. Team members before permanently leave may notify this otherwise the team leader may decide to treat any other team member failing to respond as permanent. For activities where the team member is temporarily off line, the execution of the process will continue, if possible. In this case when the team member returns some synchronization may be required or alternatively the execution will have to wait until the team member returns. From a practical point of view processes in MANETs often have to be restructured e.g. be- cause of unforeseen events or to maintain the network connectivity resulting in a highly dy- namical modification of processes. In [AWW03] three issues to dynamic change of processes are addressed. By constrained flexibility certain properties should be preserved during process adaption while instance change refers to the modification of process instances at run time. Fi- nally instance migration are based on simultaneous changes of both process schemes and process instances. In addition dynamic changes are grouped into ad hoc changes, i.e. changes are responses to unforeseen exceptions, and pre-planned and evolutionary changes, i.e. changes are known at build time (see e.g [AWW03, RRD04]). Besides others in [SMO00, Ros07] a minimal set of change operations are characterized: • inserting a new activity where also bridging actions may be used to keep network connec- tivity, • removing an existing activity, • modifying the order of activities, and 3 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems • modifying activity properties like data requirements, underlying applications, temporal constraints, resource allocation, or reassignment of activities from one team or member to another. Processes have to be analysed (see e.g. [AWW03]) for verification purposes, so that some form of correctness criteria, i.e. different properties on a syntactical and/or semantical level, has to be satisfied and can be checked. In contrast validation verifies processes with respect to the intended and typically informally formalised process and performance analysis is realized by simulating processes to detect e.g. potential deadlocks or livelocks. . 3 Reconfigurable Systems In this section we compare reconfigurable systems with the requirements listed in the last section and present the results achieved for reconfigurable place/transition (P/T) systems in [HEM05, PHE+07, EHPP07, EKPE07, BHP07]. A P/T system is a P/T net with an initial marking. P/T nets, P/T systems and their variants are an established process definition language (see e.g. [Ell79, vdA03]) providing constructs of the process perspective. While P/T nets represent process schemes, P/T systems describe the behavior of process instances due to their initial markings. Activities are modeled by transitions while the control flow is reflected by arcs between places and transitions. Places can be seen as pre and post conditions for activities and source places with an empty pre domain can be used as start condition for the process. The Workflow Patterns Initiative5 [AHKB00] presents a number of patterns for the relationship between activities following not only the basic types identified by the Workflow Management Coalition but also more advanced constructs. The concept of reconfigurable P/T systems was introduced for modeling changes of the net structure by rule based transformations while the system is kept running. For rule based trans- formations of P/T systems we use the framework of net transformations [EEPT06, EHPP07] following the double pushout (DPO) approach of graph transformation systems [Roz97]. The basic idea behind net transformation is the stepwise development of P/T systems by given rules. Think of these rules as replacement systems where the left hand side is replaced by the right hand side while preserving a context. In reconfigurable P/T systems not only the follower marking can be computed but also the net structure can be changed by rule applications and we obtain new P/T systems that are more appropriate with respect to some requirements of the environment. In detail a reconfigurable P/T system ((PN1, M1), RU LES) consists of a P/T system (PN1, M1), where PN1 is a P/T net with initial marking M1, and a set of rules RU LES. Rules and transformations in the DPO approach are based on morphisms preserving on the one hand firing steps and requiring on the other hand that the initial marking at corresponding places is increasing or even stronger. An application of a rule is called a transformation step and describes how an object is actually changed by the rule. In general a rule prod = ((L, ML) l← 5 www.workflowpatterns.com Adaptive and Mobile Processes 4 / 20 www.workflowpatterns.com ECEASST (K, MK ) r→ (R, MR)) is given by three P/T systems called left hand side, interface and right hand side, respectively, and a span of two P/T morphisms l and r. We additionally need a match morphism (L, ML) m→ (PN1, M1) that identifies the relevant parts of the left hand side (L, ML) in the P/T system (PN1, M1). Now a direct transformation (PN1, M1) (prod,m) =⇒ (PN2, M2) via prod ∈RU LES and m can be constructed in two steps. We delete in a first step those elements from (PN1, M1) which are identified by the match m but not preserved by the interface (K, MK ) leading to the intermediate P/T system (PN0, M0). In a second step we glue together the P/T systems (PN0, M0) and (R, MR) along the interface resulting in the new P/T system (PN2, M2). The DPO approach does not allow the treatment of unmatched transitions at places which should be deleted. In this case the so called gluing condition forbids the application of rules. Furthermore items which are identified by a non injective match must be preserved by rule ap- plications. Note that a positive check of the gluing condition makes sure that the intermediate P/T system is well defined. The rule based approach of reconfigurable P/T systems supports dynamic changes in the sense that the concept of instance change is formalised by the application of appropriate rules realising the insertion of new activities, removing of existing activities or changing the order of activi- ties. Because rules are fixed at build time the concept of reconfigurable P/T system supports pre-planned and evolutionary changes. To support constraint flexibility the set of rules can be re- stricted to property preserving rules [PU03], so that safety and liveness properties are preserved by rule applications. The main result in [EHPP07] concerns the formal foundation for transformations of P/T sys- tems based on the framework of adhesive high level replacement (HLR) systems [EEPT06, EHPP06]. Adhesive HLR systems have been recently introduced as a new categorical frame- work for graph transformation in the DPO approach. They combine the well known framework of HLR systems with the framework of adhesive categories introduced in [LS05]. The main concept behind adhesive categories are the so called van Kampen squares. These ensure that pushouts along monomorphisms are stable under pullbacks and, vice versa, that pullbacks are stable under combined pushouts and pullbacks. Note that a pushout can be seen as a gluing construction of two objects over a specific interface, while a pullback is dual to a pushout in the sense that a pullback construction extracts the common part of two objects. In the case of adhesive HLR categories the class of all monomorphisms is replaced by a subclass of monomor- phisms closed under composition and decomposition. Within the framework of adhesive HLR systems there are many interesting results concerning the applicability of rules, the embedding and extension of transformations, parallel and sequen- tial dependence and independence, and concurrency of rule applications. The concept of parallel independence states that two transformation steps are not in conflict while two consecutive trans- formation steps are sequentially independent if they are not causally dependent. Provided that the relevant conditions are satisfied two alternative transformation steps may be swapped and each of them can still be applied after the other has been performed. Since we have shown in [EHPP07] that P/T systems form a weak adhesive HLR category, we can apply these results to reconfigurable P/T systems. Based on the observation of parallel and sequential independence of rule applications the main results in [EKPE07] deals with conflict situations between transformation and token firing. The 5 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems p2 : Rules n transformation m : Mor cod m = n applicable(r, m) = tt ntoken game enabled(n,t) =tt t : Transitions (AHO SYSTEM-SIG,A) r fire(n,t) transform(r, m) p1 : System Figure 1: Algebraic higher order system traditional concurrency situation in P/T systems without capacities is that two transitions with overlapping pre domain are both enabled and together require more tokens than available in the current marking. As P/T systems can evolve in two different ways the notions of conflict and concurrency become more complex. Assume that a given P/T system represents a certain system state. The next evolution step can be obtained not only by token firing but also by the application of one of the rules available. Hence the question arises whether each of these evolution steps can be postponed after the realization of the other, yielding the same result, and if they can be performed in a different order without changing the result. In [EKPE07] we have presented conditions for (co-)parallel and sequential independence and we have shown that in specific cases firing and transformation steps can be performed in any or- der, yielding the same result. We have correlated these conditions, i.e. that parallel independence implies sequential independence and, vice versa, sequential (coparallel) independence implies parallel and coparallel (parallel and sequential) independence. The advantage of the presented conditions is that they could be checked at a syntactical and local level instead of semantical and global one. Thus they are also applicable in the case of complex reconfigurable P/T systems. In [HEM05] we have introduced the paradigm ”nets and rules as tokens” by a high level model with suitable data type part. The model called algebraic higher order (AHO) system exploits some form of control not only on rule application but also on token firing. In general an AHO system is defined by an algebraic high level net [PER95] with system places and rule places as for example shown in Fig. 1 where a marking can be given by suitable P/T systems and rules, respectively, on these places. For a detailed description of the data type part, i.e. the AHO SYSTEM-signature and corresponding algebra A, we refer to [HEM05]. In the following we review the behavior of AHO systems according to [HEM05]. With the symbol Var(t) we indicate the set of variables of a transition t, i.e. the set of all variables occurring in pre- and post domain and in the firing condition of t. The marking M determines the distribution of P/T systems and rules in an AHO system which are elements of a given higher order algebra A. Intuitively P/T systems and rules can be moved along AHO system arcs and can be modified during the firing of transitions. The follower marking is computed by the evaluation of net inscriptions in a variable assignment v : Var(t) → A. The transition t is enabled in a marking M, if and only if (t, v) is consistent, that is if the evaluation of the firing condition is fulfilled. Then the follower marking after firing of transition t is defined by removing tokens corresponding to the net inscription in the pre domain of t and adding tokens corresponding to the net inscription in the post domain of t. The transitions in the AHO system in Fig. 1 realize on the one hand firing steps and on the other hand transformation steps as indicated by the net inscriptions f ire(n,t) and trans f orm(r, m), Adaptive and Mobile Processes 6 / 20 ECEASST respectively. To compute the follower marking of P/T systems we use the transition token game of the AHO system while the transition transformation is provided for changing the structure of P/T systems. In this way process execution and process modification is distinguished by these two transitions. The pair (or sequence) of firing and transformation steps discussed in [EKPE07] is reflected by firing of the transitions one after the other in our AHO system. Thus these results are most important for the analysis of AHO systems. Using P/T systems as tokens AHO systems focus on the process perspective. To integrate the informational perspective we can use high level nets as tokens themselves, i.e. the data type part is extended by algebraic high level nets and corresponding rules. Analogously the organizational and operational perspectives can be added following e.g. the approach in [AW01]. So activity properties like data requirements and the reassignment of activities from one team member to another can be modified by the applications of suitable rules. For the functional perspective the formalism of AHO systems can be adapted using the hierarchy concept of Coloured Petri Nets (see [Jen96]). To consider ad hoc changes of processes the modification of rule tokens requires an extension not only of the data type part but also of the net structure as introduced in [HPM05], so that the definition of new rules by reusing existing rules is supported at run time by different operations like inheritance [PP01]. While the AHO system in Fig. 1 deals with one layer for reconfigurable P/T systems, in [PHE+07] we follow the observation that processes in MANETs consists of different aspects. Thus we separate movement activities from general activities and allow a local view of team members. This leads to an AHO system with different layers each of them equipped with its own P/T system and set of rules. Moreover the notion of layer consistent environment states that the views in each layer fit together realizing one form of instance migration. In [BHP07] we extend this approach to allow the introduction of new team members by more advanced changes at each layer. Because reconfigurable P/T systems and AHO systems are formalized on a rigorous math- ematical foundation and have a clear formal semantics, several results as described above are provided to analyse systems in the sense of formal verification. These results present a line of re- search and there is a large amount of most interesting and relevant open questions directly related to the work presented here. We plan to develop a tool to support simulation and analysis aspects for our approach. For the application of net transformation rules this tool will provide an export to AGG6, a graph transformation engine as well as a tool for the analysis of graph transformation properties like termination and rule independence. Furthermore the token net properties could be analyzed using the Petri Net Kernel [KW01], a tool infrastructure supporting different Petri net classes. 4 Emergency/Disaster Scenario In this section we illustrate the main idea of reconfigurable systems by a case study of a pipeline emergency scenario where an unknown source of a natural gas leak is detected in a residential 6 tfs.cs.tu-berlin.de/agg 7 / 20 Volume 12 (2008) tfs.cs.tu-berlin.de/agg Flexible Modeling of Emergency Scenarios using Reconfigurable Systems area7: A postal worker delivering mail in a residential street smells a strong odor of gas. She immediately notifies the fire department. A single engine company is dispatched by the fire department with four firefighters leaded by one company officer. At the scene the postal worker meets the company officer and describes the problem. He calls the gas company and requests an additional law enforcement officers to control traffic into the area. While three firefighters evacuate the homes in the immediate area and afterwards deny entry to this area, another one reads the gas indicator and detects that the gas is highest in front of a home located on 114 Maple Street. After electricity and gas lines are shut off to each home the fire department stand by with fully charged hose lines and wait for the arrival of the gas company. The cooperative process enacted by the firefighter company is depicted as P/T system (PN1, M1) in Fig. 2. To start the activities of the firefighter team the follower marking of the P/T sys- tem (PN1, M1) is computed by firing the and-split-transition and we obtain the new P/T system (PN1, M′1) in Fig. 3. Next we focus on dynamic changes while the process is running. The three firefighters re- sponsible for the evacuation process need more detailed information how to proceed. So the company officer gives the instruction that first of all the residents are notified of the evacuation. Afterwards the firefighters should assist handicapped persons and guide all of them to the ex- tend possible. To introduce the refinement of the Evacuate homes-transition into the P/T system (PN1, M′1) we provide the rule prodevacuate in Fig. 4. The marking ML1 of the P/T system in the left hand side of prodevacuate demands that the evacuation process is not yet started because there is one token in the pre domain of the Evacuate homes-transition. The application of the rule is given as follows: the match morphism m1 is given by the obvious inclusion and identifies the relevant parts of the left hand side (L1, ML1 ) of rule prodevacuate in (PN1, M ′ 1); next, the Evacuate homes-transition is deleted and we obtain an intermediate P/T system (PN0, M0); then, the tran- sitions Notify residents, Assist handicapped persons and Guide persons together with their (new) environment are added leading to the P/T system (PN2, M2) in Fig. 5. Thus we obtain the trans- formation step (PN1, M′1) (prodevacuate,m1)=⇒ (PN2, M2). Afterwards the firefighter company proceed with their activities and we obtain the P/T system (PN2, M′2) in Fig. 6 by firing the corresponding transitions. After the problem identification the odor of gas grows stronger and the firefighter takes an additional reading of the gas indicator and informs the company officer about the result, so that the company officer is able to determine if the atmosphere in the area is safe, unsafe, or dangerous. To extend our process by these additional activities we use the rule prodanalyse in Fig. 7 where the marking ML2 in the left hand side indicates that the problem location is identified. By the application of the rule we obtain the transformation step (PN2, M′2) (prodanalyse,m2) =⇒ (PN3, M3) where the new P/T system (PN3, M3) is depicted in Fig. 8. Based on the additional results of the gas indicator the company officer analyses that the atmo- sphere in this area is over the lower explosive limit and thereby more dangerous than expected. He determines that the best course of action is to call for additional resources to maintain the iso- lation perimeter and expand the area of evacuation as a precaution. So, in a next step the follower marking of the P/T system (PN3, M3) is computed by firing the Additional reading- and Analyse- 7 www.pipelineemergencies.com Adaptive and Mobile Processes 8 / 20 www.pipelineemergencies.com ECEASST Reading the gas indicator Deny entry Identify the location gas is highest Shut off electricity and gas lines Stand by with fully charged hose lines Waiting for the arrival of the gas company Call the gas company Request to control traffic into the area Evacuate homes in the immediate area (PN1, M1) Figure 2: Process (PN1, M1) 9 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems transitions leading to the P/T system (PN3, M′3) in Fig. 9. Afterwards the rule prodex pand depicted in Fig. 10 is applied to the P/T system (PN3, M′3) resulting in the new P/T system (PN4, M4) in Fig. 11. Summarizing, at the beginning our reconfigurable P/T system consists of the P/T system (PN1, M1) in Fig. 2 and the set of rules depicted in Figs. 4, 7 and 10. Let the reconfigurable P/T system be the initial marking of the AHO system in Fig. 1, i.e. the P/T system (PN1, M1) is on the place p1 while the marking of the place p2 is given by the set of rules. To compute the fol- lower marking of the P/T system we use the transition token game of the AHO system. First the variable n is assigned to the P/T system (PN1, M1) and the variable t to the and-split-transition that is enabled, so that the firing condition is fulfilled. Due to the evaluation of the term f ire(n,t) we obtain the new P/T system (PN1, M′1) in Fig. 2. For changing the structure of P/T systems the transition transformation is provided in Fig. 1. Again we have to give an assignment v for the variables of this transition, i.e. variables n, m and r, where v(n) = (PN1, M′1), v(m) = m1 is a suitable match morphism and v(r) = prodevacuate (see Fig. 4). The firing condition cod m = n ensures that the codomain of the match morphism is equal to (PN1, M′1) while the second condition applicable(r, m) checks the gluing condition, i.e. if the rule prodevacuate is applicable with match m1. Afterwards the transformation step is computed by the evaluation of the net inscription trans f orm(r, m) and the effect of firing the transition transformation is the removal of the P/T system (PN1, M′1) from place p1 and adding the P/T system (PN2, M2) in Fig. 5 to it. Analogously we proceed with the computation of the follower markings and dynamic adaption of our process as described above. After several firing steps of the transitions token game and transformation we obtain the reconfigurable P/T system consisting of the P/T system (PN4, M4) (see Fig. 11) and the original set of rules. To analyse the reconfigurable P/T systems we apply the results presented in [EKPE07] and described in the previous section. For example the transformation step (PN1, M′1) (prodevacuate,m1)=⇒ (PN2, M2) is parallel independent of the firing step given by the Reading gas indicator-transition because the transition is not deleted by the transformation step and the marking of the P/T system (PN1, M′1) is unchanged by the application of the rule prodevacuate. Moreover the pair of transfor- mation and firing steps is sequentially independent because the Reading gas indicator-transition is not created by the transformation step. Thus the pair of steps may be swapped and each of them can be applied after the other has been performed leading to the same result. In the context of our AHO system in Fig. 1 this observation is reflected by an independent fir- ing of the transitions token game and transformation, i.e. the sequential firing of these transitions leading to the same result independent of the order these transitions are fired. The pair of consecutive steps given by firing the and-split-transition in (PN1, M1) and the transformation (PN1, M′1) (prodevacuate,m1)=⇒ (PN2, M2) is sequentially dependent because the marking of the left hand side of prodevacuate demands a token in the pre domain of the Evacuate homes- transition. Further situations of independent and dependent firing and transformation steps are illus- trated in Fig. 12 where, however, the traditional concurrency situation of transitions and trans- formations, respectively, is not shown. Note that e.g. the two consecutive transformations (PN1, M21 ) (prodevacuate,m1)=⇒ (PN2, M22 ) and (PN2, M 2 2 ) (prodanalyse,m2) =⇒ (PN3, M23 ) are sequentially inde- Adaptive and Mobile Processes 10 / 20 ECEASST Reading the gas indicator Call the gas companyEvacuate homes in the immediate area (PN1, M′1) Figure 3: Relevant part of process (PN1, M′1) persons Notify residents of the evacuation Guide persons to the extend possible the immediate area Evacuate homes in Assist handicapped (K1, MK1 )(L1, ML1 ) (R1, MR1 ) Figure 4: Rule prodevacuate pendent because the overlapping of the right hand side of prodevacuate and the left hand side of prodanalyse in (PN2, M22 ) is included in the intersection of the interfaces. 5 Conclusion In this paper we have given main requirements for flexible processes in emergency/disaster sce- narios in order to show that most of them are realized by reconfigurable systems, a rule based formalism based on the one hand on low level and high level Petri nets with a suitable marking and on the other hand on the categorical framework of weak adhesive high level replacement systems. As future work, it would be important to investigate and verify additional requirements necessary for flexible processes in emergency/disaster scenarios and mobile environments. The main part of this paper presents the case study in the area of pipeline emergencies where 11 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems persons Reading the gas indicator Call the gas company Identify the location gas is highest Deny entry Shut off electricity and gas lines Stand by with fully charged hose lines Waiting for the arrival of the gas company Request to control traffic into the area Notify residents of the evacuation Guide persons to the extend possible Assist handicapped (PN2, M2) Figure 5: Process (PN2, M2) Adaptive and Mobile Processes 12 / 20 ECEASST gas is highest Deny entry Request to control traffic into the area Shut off electricity and gas lines Identify the location (PN2, M′2) Figure 6: Relevant part of process (PN2, M′2) the gas indicator Additional reading Shut off electricity and gas lines Analyse resultsShut off electricity and gas lines (K2 , MK2 ) (R2 , MR2 )(L2 , ML2 ) Figure 7: Rule prodanalyse 13 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems persons Reading the gas indicator Call the gas company Deny entry Identify the location gas is highest the gas indicator Additional reading Shut off electricity and gas lines Request to control traffic into the area Analyse results Stand by with fully charged hose lines Waiting for the arrival of the gas company Notify residents of the evacuation Guide persons to the extend possible Assist handicapped (PN3, M3) Figure 8: Process (PN3, M3) Adaptive and Mobile Processes 14 / 20 ECEASST Deny entry Identify the location gas is highest the gas indicator Additional reading Shut off electricity and gas lines Request to control traffic into the area Analyse results (PN3, M′3) Figure 9: Relevant part of process (PN3, M′3) Call for additional ressources Expand the area of evacuation (L3 , ML3 ) (R3 , MR3 )(K3 , MK3 ) Figure 10: Rule prodex pand 15 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems persons Reading the gas indicator Call the gas companyNotify residents of the evacuation Guide persons to the extend possible Deny entry Expand the area of evacuation Stand by with fully charged hose lines Waiting for the arrival of the gas company Identify the location gas is highest the gas indicator Additional reading Shut off electricity and gas lines Request to control traffic into the area Analyse results Call for additional ressources Assist handicapped (PN4, M4) Figure 11: Process (PN4, M4)Adaptive and Mobile Processes 16 / 20 ECEASST (PN1, M1) and-split �� dependent (PN1, M′1) (prodevacuate,m1)+3 Reading gas indicator �� (PN2, M2) Reading gas indicator �� (PN2, M11 ) (prodevacuate,m1)+3 Identify the location �� (PN2, M12 ) dependent Identify the location �� (PN1, M21 ) (prodevacuate,m1)+3 Call the gas company �� (PN2, M22 ) Call the gas company �� (prodanalyse,m2) +3 (PN3, M23 ) Call the gas company �� (PN1, M31 ) (prodevacuate,m1)+3 Request to control traffic �� (PN2, M32 ) Request to control traffic �� (prodanalyse,m2) +3 (PN3, M33 ) Request to control traffic �� (PN1, M41 ) dependent (prodevacuate,m1)+3 (PN2, M42 ) Notify residents �� (prodanalyse,m2) +3 (PN3, M43 ) Notify residents �� (PN2, M52 ) Assist handicapped persons �� (prodanalyse,m2) +3 (PN3, M53 ) Assist handicapped persons �� (PN2, M62 ) Guide persons �� (prodanalyse,m2) +3 (PN3, M63 ) Guide persons �� (PN2, M72 ) Deny entry �� (prodanalyse,m2) +3 (PN3, M73 ) Deny entry �� (PN2, M′2) dependent (prodanalyse,m2) +3 (PN3, M3) Additional reading �� (PN3, M13 ) Analyse results �� dependent (PN3, M′3) (prodex pand ,m3) +3 (PN4, M4) Figure 12: Independence and dependence of Firing and transformation steps 17 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems dynamic changes of the process are realised at run time by rule applications to express the re- finement and insertion of activities. Note that our processes focus on the intended activities and exclude movement activities because the network connectivity is assured due to the lim- ited perimeter of the affected area and the use of cell phones and radio devices. Nevertheless, the scenario could be extended in such a way that the problem is located beyond the range of these equipment and several team members have to follow other ones to avoid a situation of disconnection. One aspect of future work is integration of the informational and organizational perspectives into our formalism because within our case study these aspects become most relevant. In fact process modifications in our case study depend on the exchange of messages and data concerning a detailed instruction of the evacuation process, the results of reading the gas indicator and the final analysis of these results by the company officer. In addition the processes enacted by the gas company and the law enforcement officer have to be taken into account, so that the different teams collaborate through the interleaving of all the different processes to achieve the common goal. Bibliography [vdA03] W. van der Aalst. The Application of Petri nets to Workflow Management. Journal of Circuits, Systems and Computers 8(1):21–66, 2003. [AHKB00] W. Van der Aalst, A. ter Hofstede, B. Kiepuszewski, A. Barros. Workflow Pat- terns. In Proc. Cooperative Information Systems (CoopIS). LNCS 1901, pp. 18–29. Springer, 2000. [AW01] W. M. P. van der Aalst, M. Weske. The P2P Approach to Interorganizational Work- flows. In Proc. Advanced Information Systems Engineering (CAiSE). LNCS 2068, pp. 140–156. Springer, 2001. [AWW03] W. van der Aalst, M. Weske, G. Wirtz. Advanced Topics in Workflow Management: Issues, Requirements, and Solutions. Journal of Integrated Design and Process Sci- ence 7(3), 2003. [AZ03] D. Agrawal, Q. Zeng. Introduction to Wireless and Mobile Systems. Thomson Brooks/Cole, 2003. [BHP07] E. Biermann, K. Hoffmann, J. Padberg. Layered Architecture Consistency for MANETs: Introducing New Team Members. In Proc. Integrated Design and Pro- cess Technology (IDPT). 2007. [EEPT06] H. Ehrig, K. Ehrig, U. Prange, G. Taentzer. Fundamentals of Algebraic Graph Transformation. EATCS Monographs in Theoretical Computer Science. Springer, 2006. [EHPP06] H. Ehrig, A. Habel, J. Padberg, U. Prange. Adhesive High-Level Replacement Sys- tems: A New Categorical Framework for Graph Transformation. Fundamenta In- formaticae 74(1):1–29, 2006. Adaptive and Mobile Processes 18 / 20 ECEASST [EHPP07] H. Ehrig, K. Hoffmann, U. Prange, J. Padberg. Formal Foundation for the Recon- figuration of Nets. Technical report 2007-01, Technical University Berlin, Fak. IV, 2007. [EKPE07] H. Ehrig, J. P. K. Hoffmann, U. Prange, C. Ermel. Independence of Net Trans- formations and Token Firing in Reconfigurable Place/Transition Systems. In Proc. Application and Theory of Petri Nets (ATPN). LNCS 4546, pp. 104–123. Springer, 2007. [Ell79] C. Ellis. Information Control Nets: A Mathematical Model of Office Informa- tion Flow. In Proc. Simulation, Measurement and Modelling of Computer Systems. Pp. 225–240. ACM Press, 1979. [HEM05] K. Hoffmann, H. Ehrig, T. Mossakowski. High-Level Nets with Nets and Rules as Tokens. In Proc. Application and Theory of Petri Nets (ATPN). LNCS 3536, pp. 268–288. Springer, 2005. [HPM05] K. Hoffmann, F. Parisi-Presicce, T. Mossakowski. Higher-Order Nets for Mobile Policies. In Workshop on Petri Nets and Graph Transformation (PNGT). Electronic Notes in Theoretical Computer Science 127, pp. 87–105. Elsvier, 2005. [Jen96] K. Jensen. Coloured Petri Nets. Basic Concepts, Analysis Methods and Practical Use. EATCS Monographs in Theoretical Computer Science. Springer, 1996. [KFP06] E. Kyriacou, G. Fakas, V. Pavlaki. A Completely Decentralized Workflow Manage- ment System for the Support of Emergency Telemedicine and Patient Monitoring. In Proc. IEEE EMBS Annual International Conference. 2006. [KW01] E. Kindler, M. Weber. The Petri Net Kernel - An Infrastructure for Building Petri Net Tools. Software Tools for Technology Transfer 3(4):486–497, 2001. [LS05] S. Lack, P. Sobocinski. Adhesive and Quasiadhesive Categories. Theoretical Infor- matics and Applications 39(5):511–546, 2005. [PP01] F. Parisi-Presicce. On modifying high level replacement systems. Electronic Notes in Theoretical Computer Science 44(2), 2001. [PER95] J. Padberg, H. Ehrig, L. Ribeiro. Algebraic High-Level Net Transformation Systems. Mathematical Structures in Computer Science 5:217–256, 1995. [PHE+07] J. Padberg, K. Hoffmann, H. Ehrig, T. Modica, E. Biermann, C. Ermel. Maintaining Consistency in Layered Architectures of Mobile Ad-hoc Networks. In Proc. Fun- damental Approaches to Software Engineering (FASE). LNCS 4422, pp. 383–397. Springer, 2007. [PU03] J. Padberg, M. Urbasek. Rule-Based Refinement of Petri Nets: A Survey. In Ad- vances in Petri nets: Petri Net Technologies for Modeling Communication Based Systems. Lecture Notes in Computer Science 2472, pp. 161–196. Springer, 2003. 19 / 20 Volume 12 (2008) Flexible Modeling of Emergency Scenarios using Reconfigurable Systems [Ros07] F. D. Rosa. Adaptive process management in mobile and dynamic scenarios. PhD thesis, SAPIENZA - Universita di Roma, Department of Computer Science, 2007. [Roz97] G. Rozenberg. Handbook of Graph Grammars and Computing by Graph Transfor- mations, Volume 1: Foundations. World Scientific, 1997. [RRD04] S. Rinderle, M. Reichert, P. Dadam. Correctness criteria for dynamic changes in workflow systems - a survey. Data Knowl. Eng. 50(1):9–34, 2004. [SMO00] S. Sadiq, O. Marjanovic, M. Orlowska. Managing change and time in dynamic workflow processes. Journal of Cooperative Information Systems 9(12), 2000. Adaptive and Mobile Processes 20 / 20 Introduction Flexible Processes in manets Reconfigurable Systems Emergency/Disaster Scenario Conclusion