Computing the Expected Execution Time of Probabilistic Workflow Nets

Free-Choice Workflow Petri nets, also known as Workflow Graphs, are a popular model in Business Process Modeling. In this paper we introduce Timed Probabilistic Workflow Nets (TPWNs), and give them a Markov Decision Process (MDP) semantics. Since the time needed to execute two parallel tasks is the maximum of the times, and not their sum, the expected time cannot be directly computed using the theory of MDPs with rewards. In our first contribution, we overcome this obstacle with the help of"earliest-first"schedulers, and give a single exponential-time algorithm for computing the expected time. In our second contribution, we show that computing the expected time is #P-hard, and so polynomial algorithms are very unlikely to exist. Further, #P-hardness holds even for workflows with a very simple structure in which all transitions times are 1 or 0, and all probabilities are 1 or 0.5. Our third and final contribution is an experimental investigation of the runtime of our algorithm on a set of industrial benchmarks. Despite the negative theoretical results, the results are very encouraging. In particular, the expected time of every workflow in a popular benchmark suite with 642 workflow nets can be computed in milliseconds.


Introduction
Workflow Petri Nets are a popular model for the representation and analysis of business processes [1,3,7]. They are used as back-end for different notations like BPMN (Business Process Modeling Notation), EPC (Event-driven Process Chain), or UML Activity Diagrams.
There is recent interest in extending these notations with quantitative information, like probabilities, costs, or time. The final goal is the development of tool support for computing performance metrics, like the average cost or the average runtime of a business process.
In a former paper we introduced Probabilistic Workflow Nets (PWN), a foundation for the extension of Petri nets with probabilities and rewards [11]. We presented a polynomial time algorithm for the computation of the expected cost of free-choice workflow nets, a subclass of PWN of particular interest for the workflow process community (see e.g. [1,14,15,10]). For example, 1386 of the 1958 nets in the most popular benchmark suite in the literature are free-choice Workflow Nets [13].
In this paper we introduce Timed PWNs (TPWNs), an extension of PWNs with time. Following [11], we define a semantics in terms of Markov Decision Processes (MDPs), where, loosely speaking, the nondeterminism of the MDP models absence of information about the order in which concurrent transitions are executed. For every scheduler, the semantics assigns to the TPWN an expected time to termination. Using results of [11], we prove that this expected time is actually independent of the scheduler, and so that the notion "expected time of a TPWN" is well defined.
We then proceed to study the problem of computing the expected time of a sound TPWN (loosely speaking, of a TPWN that terminates successfully with probability 1). The expected cost and the expected time have a different interplay with concurrency. The cost of executing two tasks in parallel is the sum of the costs (cost models e.g. salaries of power consumption), while the execution time of two parallel tasks is the maximum of their individual execution times. For this reason, standard reward-based algorithms for MDPs, which assume additivity of the reward along a path, cannot be applied.
Our solution to this problem uses the fact that the expected time of a TPWN is independent of the scheduler. We define an "earliest-first" scheduler which, loosely speaking, resolves the nondeterminism of the MDP by picking transitions with earliest possible firing time. Since at first sight the scheduler needs infinite memory, its corresponding Markov chain is infinite-state, and so of no help. However, we show how to construct another finite-state Markov chain with additive rewards, whose expected reward is equal to the expected time of the infinite-state chain. This finite-state Markov chain can be exponentially larger than the TPWN, and so our algorithm has exponential complexity. We prove that computing the expected time is #P-hard, even for free-choice TPWNs in which all transitions times are either 1 or 0, and all probabilities are 1 or 1 /2. So, in particular, the existence of a polynomial algorithm implies P = NP.
In the rest of the paper we show that, despite these negative results, our algorithm behaves well in practice. For all 642 sound free-choice nets of the benchmark suite of [13], computing the expected time never takes longer than a few milliseconds. Looking for a more complicated set of examples, we study a TPWN computed from a set of logs by process mining. We observe that the computation of the expected time is sensitive to the distribution of the execution time of a task. Still, our experiments show that even for complicated distributions leading to TPWNs with hundreds of transitions and times spanning two orders of magnitude the expected time can be computed in minutes.
All missing proofs can be found in the Appendix.

Preliminaries
We introduce some preliminary definitions. Appendix A.1 gives more details.
Workflow Nets. A workflow net is a tuple N = (P, T, F, i, o) where P and T are disjoint finite sets of places and transitions; F ⊆ (P × T ) ∪ (T × P ) is a set of arcs; i, o ∈ P are distinguished initial and final places such that i has no incoming arcs, o has no outgoing arcs, and the graph (P ∪ T, F ∪ {(o, i)}) is strongly connected. For x ∈ P ∪ T , we write • x for the set {y | (y, x) ∈ F } and x • for {y | (x, y) ∈ F }. We call • x (resp. x • ) the preset (resp. postset ) of x. We extend this notion to sets X ⊆ P ∪ T by • X def = ∪ x∈X • x resp. X • def = ∪ x∈X x • . The notions of marking, enabled transitions, transition firing, firing sequence, and reachable marking are defined as usual. The initial marking (resp. final marking) of a workflow net, denoted by i (resp. o), puts one token on place i (resp. o), and no tokens elsewhere. A firing sequence σ is a run if i σ − → o, i.e., if it leads to the final marking. Run N denotes the set of all runs of N.
Soundness and 1-safeness. Well designed workflows should be free of deadlocks and livelocks. This idea is captured by the notion of soundness [1,2]: A workflow net is sound if the final marking is reachable from any reachable marking. 1 Further, in this paper we restrict ourselves to 1-safe workflows: A marking M of a workflow net W is 1-safe if M (p) ≤ 1 for every place p, and W itself is 1-safe if every reachable marking is 1-safe. We identify 1-safe markings M with the set {p ∈ P | M (p) = 1}.
Independence, concurrency, conflict [23]. Two transitions t 1 , t 2 of a workflow net are independent if • t 1 ∩ • t 2 = ∅, and dependent otherwise. Given a 1-safe marking M , two transitions are concurrent at M if M enables both of them, and they are independent, and in conflict at M if M enables both of them, and they are dependent. Finally, we recall the definition of Mazurkiewicz equivalence. Let N = (P, T, F, i, o) be a 1-safe workflow net. The relation ≡ 1 ⊆ T * × T * is defined as follows: σ ≡ 1 τ if there are independent transitions t 1 , t 2 and sequences σ ′ , σ ′′ ∈ T * such that σ = σ ′ t 1 t 2 σ ′′ and τ = σ ′ t 2 t 1 σ ′′ . Two sequences σ, τ ∈ T * are Mazurkiewicz equivalent if σ ≡ τ , where ≡ is the reflexive and transitive closure of ≡ 1 . Observe that σ ∈ T * is a firing sequence iff every sequence τ ≡ σ is a firing sequence.
Confusion-freeness, free-choice workflows. Let t be a transition of a workflow net, and let M be a 1-safe marking that enables t. The conflict set of t at M , denoted C(t, M ), is the set of transitions in conflict with t at M . A set U of transitions is a conflict set of M if there is a transition t such that U = C(t, M ). The conflict sets of M are given by C(M ) def = ∪ t∈T C(t, M ). A 1-safe workflow net is confusion-free if for every reachable marking M and every transition t enabled at M , every transition u concurrent with t at M satisfies Any free-choice net is confusion-free, and the conflict set of a transition t enabled at a marking M is given by C(t, M ) = ( • t) • (see e.g. [12]).

Timed Probabilistic Workflow Nets
In [12] we introduced a probabilistic semantics for confusion-free workflow nets. Intuitively, at every reachable marking a choice between two concurrent transitions is resolved nondeterministically by a scheduler, while a choice between two transitions in conflict is resolved probabilistically; the probability of choosing each transition is proportional to its weight. For example, in the net in Fig. 1a, at the marking {p 1 , p 3 }, the scheduler can choose between the conflict sets {t 2 , t 3 } and {t 4 }, and if {t 2 , t 3 } is chosen, then t 2 is chosen with probability 1 /5 and t 3 with probability 4 /5. We extend Probabilistic Workflow Nets by assigning to each transition t a natural number τ (t) modeling the time it takes for the transition to fire, once it has been selected. 2

Definition 1 (Timed Probabilistic Workflow Nets). A Timed Probabilis
is a 1-safe confusion-free workflow net, w : T → Q >0 is a weight function, and τ : T → N is a time function that assigns to every transition a duration.
Timed sequences. We assign to each transition sequence σ of W and each place p a timestamp µ(σ) p through a timestamp function µ : Intuitively, if a place p is marked after σ, then µ(σ) p records the "arrival time" of the token in p, and if p is unmarked, then µ(σ) p = ⊥. When a transition occurs, it removes all tokens in its preset, and τ (t) time units later, puts tokens into its postset. Formally, we define µ(ǫ) i where the update function upd : N P ⊥ × T → N P ⊥ is given by: We then define tm(σ) def = max p∈P µ(σ) p as the time needed to fire σ. Further x def = {p ∈ P | x p = ⊥} is the marking represented by a timestamp x ∈ N P ⊥ . Example 1. The net in Fig. 1a is a TPWN. Weights are shown in red next to transitions, and times are written in blue into the transitions. For the sequence σ 1 = t 1 t 3 t 4 t 5 , we have tm(σ 1 ) = 9, and for σ 2 = t 1 t 2 t 3 t 4 t 5 , we have tm(σ 2 ) = 10. Observe that the time taken by the sequences is not equal to the sum of the durations of the transitions.

MDP semantics. A Markov Decision Process
where Q is a finite set of states, q 0 ∈ Q is the initial state, and Steps : Q → 2 dist(Q) is the probability transition function. Paths of an MDP, schedulers, and the probability measure of paths compatible with a scheduler are defined as usual (see Appendix A.2).
The semantics of a TPWN W is a Markov Decision Process MDP W . The states of MDP W are either markings M or pairs (M, t), where t is a transition enabled at M . The intended meanings of M and (M, t) are "the current marking is M ", and "the current marking is M , and t has been selected to fire next." Intuitively, t is chosen in two steps: first, a conflict set enabled at M is chosen nondeterministically, and then a transition of this set is chosen at random, with probability proportional to its weight. Formally, let W = (N, w, τ ) be a TPWN where N = (P, T, F, i, o), let M be a reachable marking of W enabling at least one transition, and let C be a conflict set of M . Let w(C) be the sum of the weights of the transitions in C. The probability distribution P M,C over T is given by P M,C (t) = w(t) w(C) if t ∈ C and P M,C (t) = 0 otherwise. Now, let M be the set of 1-safe markings of W, and let E be the set of pairs (M, t) such that M ∈ M and M enables t. We define the Markov decision process if M enables at least one transition, then Steps(M ) contains a distribution λ for each conflict set C of M . The distribution is defined by: λ(M, t) = P M,C (t) for every t ∈ C, and λ(s) = 0 for every other state s.
For every (M, t) ∈ E, Steps(M, t) contains one single distribution that assigns probability 1 to the marking M ′ such that M t − → M ′ , and probability 0 to every other state.
Example 2. Fig. 1b shows a graphical representation of the MDP of the TPWN in Fig. 1a. Black nodes represent states, white nodes probability distributions. A black node q has a white successor for each probability distribution in Steps(q). A white node λ has a black successor for each node q such that λ(q) > 0; the arrow leading to this black successor is labeled with λ(q), unless λ(q) = 1, in which case there is no label. States (M, t) are abbreviated to t.
Schedulers. Given a TPWN W, a scheduler of MDP W is a function γ : T * → 2 T assigning to each firing sequence i σ − → M with C(M ) = ∅ a conflict set γ(σ) ∈ C(M ). A firing sequence i σ − → M is compatible with a scheduler γ if for all partitions σ = σ 1 tσ 2 for some transition t, we have t ∈ γ(σ 1 ).
Example 3. In the TPWN of Fig. 1a, after firing t 1 two conflict sets become concurrently enabled: {t 2 , t 3 } and {t 4 }. A scheduler picks one of the two. If the scheduler picks {t 2 , t 3 } then t 2 may occur, and in this case, since firing t 2 does not change the marking, the scheduler chooses again one of {t 2 , t 3 } and {t 4 }. So there are infinitely many possible schedulers, differing only in how many times they pick {t 2 , t 3 } before picking t 4 .
Definition 2 ((Expected) Time until a state is reached). Let π be an infinite path of MDP W , and let M be a reachable marking of W. Observe that M is a state of MDP W . The time needed to reach M along π, denoted tm(M, π), is defined as follows: If π does not visit M , then tm(M, π) def = ∞; otherwise, tm(M, π) def = tm(Σ(π ′ )), where Σ(π ′ ) is the transition sequence corresponding to the shortest prefix π ′ of π ending at M . Given a scheduler S, the expected time until reaching M is defined as

and the expected time
i.e., the expected time until reaching the final marking.
In [12] we proved a result for Probabilistic Workflow Nets (PWNs) with rewards, showing that the expected reward of a PWN is independent of the scheduler (intuitively, this is the case because in a confusion-free Petri net the scheduler only determines the logical order in which transitions occur, but not which transitions occur). Despite the fact that, contrary to rewards, the execution time of a firing sequence is not the sum of the execution times of its transitions, the proof carries over to the expected time with only minor modifications.
(1) There exists a value ET W such that for every scheduler S of W, the expected By this theorem, the expected time ET W can be computed by choosing a suitable scheduler S, and computing ET S W .

Computation of the expected time
We show how to compute the expected time of a TPWN. We fix an appropriate scheduler, show that it induces a finite-state Markov chain, define an appropriate reward function for the chain, and prove that the expected time is equal to the expected reward.

Earliest-First Scheduler
Consider a firing sequence i σ − → M . We define the starting time of C as the earliest time at which the transitions of C become enabled. This occurs after all tokens of • C arrive 3 , and so the starting time of C is the maximum of µ(σ) p for p ∈ • C (recall that µ(σ) p is the latest time at which a token arrives at p while firing σ).
Intuitively, the "earliest-first" scheduler always chooses the conflict set with the earliest starting time (if there are multiple such conflict sets, the scheduler chooses any one of them). Formally, recall that a scheduler is a mapping γ : T * → 2 T such that for every firing sequence i σ − → M , the set γ(σ) is a conflict set of M . We define the earliest-first scheduler γ by: Example 4. Fig. 2a shows the Markov chain induced by the "earliest-first" scheduler defined above in the MDP of Fig. 1b. Initially we have a token at i with arrival time 0. After firing t 1 , which takes time 1, we obtain tokens in p 1 and p 3 with arrival time 1. In particular, the conflict sets {t 2 , t 3 } and {t 4 } become enabled at time 1. The scheduler can choose any of them, because they have the same starting time. Assume it chooses {t 2 , t 3 }. The Markov chain now branches into two transitions, corresponding to firing t 2 and t 3 with probabilities 1 /5 and 4 /5, respectively. Consider the branch in which t 2 fires. Since t 2 starts at time 1 and takes 4 time units, it removes the token from p 1 at time 1, and adds a new token to p 1 with arrival time 5; the token at p 3 is not affected, and it keeps its arrival time of 1. So we have µ(t 1 t 2 ) = p1 5 , p3 1 (meaning µ(t 1 t 2 ) p1 = 5, µ(t 1 t 2 ) p3 = 1, and µ(t 1 t 2 ) p = ⊥ otherwise). Now the conflict sets {t 2 , t 3 } and {t 4 } are enabled again, but with a difference: while {t 4 } has been enabled since time 1, the set {t 2 , t 3 } is now enabled since time µ(t 1 t 2 ) p1 = 5. The scheduler must now choose {t 4 }, leading to the marking that puts tokens on p 1 and p 4 with arrival times µ(t 1 t 2 t 4 ) p1 = 5 and µ(t 1 t 2 t 4 ) p4 = 6. In the next steps the scheduler always chooses {t 2 , t 3 } until t 5 becomes enabled. The final marking o can be reached after time 9, through t 1 t 3 t 4 t 5 with probability 4 /5, or with times 10 + 4k for k ∈ N, through t 1 t 2 t 4 t k 2 t 3 t 5 with probability ( 1 /5) k+1 · 4 /5 (the times at which the final marking can be reached are written in blue inside the final states).
Theorem 2 below shows that the earliest-first scheduler only needs finite memory, which is not clear from the definition. The construction is similar to those of [17,16,6]. However, our proof crucially depends on TPWNs being confusionfree. P ⊥ → N such that for every σ = t 1 . . . t n ∈ T * compatible with γ and for every t ∈ T enabled by σ: Observe that, unlike µ, the range of ν is finite. We call it the finite abstraction of µ. Equation 1 states that γ can be computed directly from the finite abstraction ν. Equation 2 shows that ν(σt) can be computed from ν(σ) and t. So γ only needs to remember an element of [H] P ⊥ , which implies that it only requires finite memory. Finally, observe that the function r of Equation 3 has a finite domain, and so it allows us to use ν to compute the time needed by σ.
The formal definition of the functions ν, f , and r is given below, together with the definition of the auxiliary operator ⊖ : Example 5. Fig. 2b shows the finite-state Markov chain induced by the "earliestfirst" scheduler computed using the abstraction ν. Consider the firing sequence t 1 t 3 . We have µ(t 1 t 3 ) = p2 3 , p3 1 , i.e., the tokens in p 2 and p 3 arrive at times 3 and 1, respectively. Now we compute ν(t 1 t 3 ), which corresponds to the local arrival times of the tokens, i.e., the time elapsed since the last transition starts to fire until the token arrives. Transition t 3 starts to fire at time 1, and so the (a) Infinite MC for scheduler using µ(σ), with final states labeled by tm(σ).
local arrival times of the tokens in p 2 and p 3 are 2 and 0, respectively, i.e., we have ν(t 1 t 3 ) = p2 2 , p3 0 . Using these local times we compute the local starting time of the conflict sets enabled at {p 2 , p 3 }. The scheduler always chooses the conflict set with earliest local starting time. In Fig. 2b the earliest local starting time of the state reached by firing σ, which is denoted r(ν(σ)), is written in blue inside the state. The theorem above shows that this scheduler always chooses the same conflict sets as the one which uses the function µ, and that the time of a sequence can be obtained by adding the local starting times. This allows us to consider the earliest local starting time of a state as a reward associated to the state; then, the time taken by a sequence is equal to the sum of the rewards along the corresponding path of the chain. For example, we have tm(t 1 t 2 t 4 t 3 t 5 ) = 0 + 1 + 0 + 4 + 2 + 3 = 10.

Computation in the probabilistic case
Given a TPWN and its corresponding MDP, in the previous section we have defined a finite-state earliest-first scheduler and a reward function of its induced Markov chain. The reward function has the following property: the execution time of a firing sequence compatible with the scheduler is equal to the sum of the rewards of the states visited along it. From the theory of Markov chains with rewards, it follows that the expected accumulated reward until reaching a certain state, provided that this state is reached with probability 1, can be computed by solving a linear equation system. We use this result to compute the expected time ET W . Let W be a sound TPWN. For every firing sequence σ compatible with the earlier-first scheduler γ, the finite-state Markov chain induced by γ contains a state x = ν(σ) ∈ [H] P ⊥ . Let C x be the conflict set scheduled by γ at x. We define a system of linear equations with variables X x , one for each state x: The solution of the system is the expected reward of a path leading from i to o. By the theory of Markov chains with rewards/costs ([4], Chapter 10.5), we have: Lemma 2. Let W be a sound TPWN. Then the system of linear equations (4) has a unique solution X, and ET W = X ν(ǫ) .
Theorem 3. Let W be a TPWN. Then ET W is either ∞ or a rational number and can be computed in single exponential time.
Proof. We assume that the input has size n and all times and weights are given in binary notation. Testing whether W is sound can be done by exploration of the state space of reachable markings in time O(2 n ). If W is unsound, we have ET W = ∞. Now assume that W is sound. By Lemma 2, ET W is the solution to the linear equation system (4), which is finite and has rational coefficients, so it is a rational number. The number of variables |X| of (4) is bounded by the size of [H] P ⊥ , and as H = max t∈T τ (t) we have by |X| ≤ (1 + H) |P | ≤ (1 + 2 n ) n ≤ 2 n 2 +n . The linear equation system can be solved in time O n 2 · |X| 3 and therefore in time O(2 p(n) ) for some polynomial p. We prove that this is not the case unless P = NP, even if all times are 0 or 1, all weights are 1, the workflow net is sound, acyclic and free-choice, and the size of each conflict set is at most 2 (resulting only in probabilities 1 or 1 /2). Further, we show that even computing an ǫ-approximation is equally hard. These two results above are a consequence of the main theorem of this section: computing the expected time is #P-hard [24]. For example, counting the number of satisfying assignments for a boolean formula (#SAT) is a #P-complete problem. Therefore a polynomial-time algorithm for a #P-hard problem would imply P = NP. The problem used for the reduction is defined on PERT networks [9], in the specialized form of two-state stochastic PERT networks [18], described below.

Lower bounds for the expected time
is a directed acyclic graph with vertices V , representing events, and edges E, representing tasks, with a single source vertex s and sink vertex t, and where the vector p ∈ Q E assigns to each edge e ∈ E a rational probability p e ∈ [0, 1]. We assume that all p e are written in binary.
Each edge e ∈ E of PN defines a random variable X e with distribution Pr(X e = 1) = p e and Pr(X e = 0) = 1−p e . All X e are assumed to be independent. The project duration of PN is the length of the longest path in the network where Π is the set of paths from vertex s to vertex t. As this defines a random variable, the expected project duration of PN is then given by E(P D(PN)).
Example 6. Figure 3a shows a small PERT network (without p), where the project duration depends on the paths Π = {e 1 e 3 e 6 , e 1 e 4 e 7 , e 2 e 5 e 7 }.
The following problem is #P-hard (from [18], using the results from [21]): Given: A two-state stochastic PERT network PN. Compute: The expected project duration E(P D(PN)).
First reduction: 0/1 times, arbitrary weights. We reduce the problem above to computing the expected time of an acyclic TPWN with 0/1 times but arbitrary weights. Given a two-state stochastic PERT network PN, we construct a timed probabilistic workflow net W PN as follows: -For each edge e = (u, v) ∈ E, add the "gadget net" shown in Figure 3b. Assign w(t e,0 ) = 1 − p e , w(t e,1 ) = p e , τ (t e,0 ) = 0, and τ (t e,1 ) = 1.
-Add the place i with an arc to t s and the place o with an arc from t t .
The result of applying this construction to the PERT network from Figure 3a is shown in Figure 3d. It is easy to see that this workflow net is sound, as from any reachable marking, we can fire enabled transitions corresponding to the edges and vertices of the PERT network in the topological order of the graph, eventually firing t t and reaching o. The net is also acyclic and free-choice.   (c) Equivalent gadget for e with weights 1 for pe  Lemma 3. Let PN be a two-state stochastic PERT network and let W PN be its corresponding TPWN by the construction above. Then ET WPN = E(P D(PN)).
Second reduction: 0/1 times, 0/1 weights. The network constructed this way already uses times 0 and 1, however the weights still use arbitrary rational numbers. We now replace the gadget nets from Figure 3b by equivalent nets where all transitions have weight 1. The idea is to use the binary encoding of the probabilities p e , deciding if the time is 0 or 1 by a sequence of coin flips. We assume that p e = k i=0 2 −i p i for some k ∈ N and p i ∈ {0, 1} for 0 ≤ i ≤ k. The replacement is shown in Figure 3c for p e = 5 /8 = (0.101) 2 .
Approximating the expected time is #P-hard. We show that computing an ǫ-approximation for ET W is #P-hard [18,21].

Experimental evaluation
We have implemented our algorithm to compute the expected time of a TPWN as a package of the tool ProM 4 . It is available via the package manager of the latest nightly build under the package name WorkflowNetAnalyzer.
We evaluated the algorithm on two different benchmarks. All experiments in this section were run on the same machine equipped with an Intel Core i7-6700K CPU and 32 GB of RAM. We measure the actual runtime of the algorithm, split into construction of the Markov chain and solving the linear equation system, and exclude the time overhead due to starting ProM and loading the plugin.

IBM benchmark
We evaluated the tool on a set of 1386 workflow nets extracted from a collection of five libraries of industrial business processes modeled in the IBM WebSphere Business Modeler [13]. All of the 1386 nets in the benchmark libraries are freechoice and therefore confusion-free. We selected the sound and 1-safe nets among them, which are 642 nets. Out of these, 409 are marked graphs, i.e. the size of any conflict set is 1. Out of the remaining 233 nets, 193 are acyclic and 40 cyclic.
As these nets do not come with probabilistic or time information, we annotated transitions with integer weights and times chosen uniformely from different intervals: For all intervals, we computed the expected time for any net in less than 50 ms. The analysis time did not differ much for different intervals. The solving time for the linear equation system is on average 5% of the total analysis time, and at most 68%. The results for the nets with the longest analysis times are given in Table 1. They show that even for nets with a huge state space, thanks to the earliest-first scheduler, only a small number of reachable markings is explored.

Process Mining Case Study
As a second benchmark, we evaluated the algorithm on a model of a loan application process. We used the data from the BPI Challenge 2017 [8], an event log containing 31509 cases provided by a financial institute, and took as a model of the process the final net from the report of the winner of the academic category [22], a simple model with high fitness and precision w.r.t. the event log.
Using the ProM plugin "Multi-perspective Process Explorer" we annotated each transition with waiting times and each transition in a conflict set with a local percentage of traces choosing this transition when this conflict set is enabled. The net with mean times and weights as percentages is displayed in Fig. 4.   For a first analysis, we simply set the execution time of each transition deterministically to its mean waiting time. However, note that the two transitions "O Create Offer" and "W Complete application" are executed in parallel, and therefore the distribution of their execution times influences the total expected time. Therefore we also annotated these two transitions with a histogram of possible execution times from each case. Then we split them up into multiple transitions by grouping the times into buckets of a given interval size, where each bucket creates a transition with an execution time equal to the beginning of the interval, and a weight equal to the number of cases with a waiting time contained in the interval. The times for these transitions range from 6 milliseconds to 31 days. As bucket sizes we chose 12, 6, 4, 2 and 1 hour(s). The net always has 14 places and 15 reachable markings, but a varying number of transitions depending on the chosen bucket size. For the net with the mean as the deterministic   Fig. 4 for various distributions, where memout denotes reaching the memory limit.
time and for the nets with histograms for each bucket size, we then analyzed the expected execution time using our algorithm.
The results are given in Table 2. They show that using the complete distribution of times instead of only the mean can lead to much more precise results. When the linear equation system becomes very large, the solver time dominates the construction time of the system. This may be because we chose to use an exact solver for sparse linear equation systems. In the future, this could possibly be improved by using an approximative iterative solver.

Conclusion
We have shown that computing the expected time to termination of a probabilistic workflow net in which transition firings have deterministic durations is #P-hard. This is the case even if the net is free-choice, and both probabilities and times can be written down with a constant number of bits. So, surprisingly, computing the expected time is much harder than computing the expected cost, for which there is a polynomial algorithm [11].
We have also presented an exponential algorithm for computing the expected time based on earliest-first schedulers. Its performance depends crucially on the maximal size of conflict sets that can be concurrently enabled. In the most popular suite of industrial benchmarks this number turns out to be small. So, very satisfactorily, the expected time of any of these benchmarks, some of which have hundreds of transitions, can still be computed in milliseconds.     Adding an arc to N 4 from p 4 to t 6 makes it unsound, because after firing t 1 the final marking cannot be reached. Adding an arc from t 7 to p 1 preserves soundness but makes the workflow not 1-safe.
Independence, concurrency, conflict. The marking M = {p 1 , p 2 } of the workflow N 1 of Fig. 5a enables t 2 , t 3 , t 4 . At this marking, t 2 and t 4 are concurrent, t 2 and t 3 are in conflict, and t 3 and t 4 are in conflict. The runs t 1 t 2 t 4 t 6 and t 1 t 4 t 2 t 6 of N 1 are Mazurkiewicz equivalent, but they are not Mazurkiewicz equivalent to t 1 t 3 t 6 . Transitions t 3 and t 4 of the workflow N 2 are independent, and so all runs of t 1 (t 3 + t 4 ) * t 2 t 5 containing the same number of occurrences of t 3 and t 4 are Mazurkiewicz equivalent.
Confusion-freeness, free-choice workflows. The conflict sets at the marking M = {p 1 , p 2 } of the workflow N 1 of Fig. 5a are C(t 2 , M ) = {t 2 , t 3 }, C(t 4 , M ) = {t 3 , t 4 }, and C(t 3 , M ) = {t 2 , t 3 , t 4 }. The workflow nets N 1 and N 2 of Figure 5 are not confusion-free. For example, in N 1 , transitions t 2 and t 4 are concurrent at The workflows N 3 and N 4 are confusion-free. N 3 is not free-choice because

A.2 Markov Decision Processes
A Markov Decision Process (MDP) is a tuple M = (Q, q 0 , Steps) where Q is a finite set of states, q 0 ∈ Q is the initial state, and Steps : Q → 2 dist(Q) is the probability transition function. A transition from a state q corresponds to first nondeterministically choosing a probability distribution λ ∈ Steps(q) and then choosing the successor state q ′ probabilistically according to λ.
A path is a finite or infinite non-empty sequence π = q 0 where λ i ∈ Steps(q i ) for every i ≥ 0. We denote by π(i) the i-th state along π (i.e., the state q i ), and by π i the prefix of π ending at π(i) (if it exists). The last state of a finite path π is denoted last (π). A scheduler is a function that maps every finite path π to one of the distributions of Steps(last (π)).
Given a scheduler S, we let Paths S denote all infinite paths π = q 0 λ0 −→ q 1 λ1 −→ q 2 . . . starting in q 0 and satisfying λ i = S(π i ) for every i ≥ 0. We define a probability measure Prob S on Paths S in the usual way using cylinder sets [19].

A.3 Missing proofs of Section 3: TPWNs have the same expected time under all schedulers
We prove Theorem 1, showing that the expected time of a TPWN is independent of the scheduler. Intuitively, confusion-freeness guarantees that the schedulers of a PWN only decide the order in which concurrent transitions occur, but only from a formal point of view, without connection with physical reality. Indeed, consider the workflow N 2 of Figure 5. After firing t 1 , a scheduler can choose to fire t 4 arbitrarily often before choosing the conflict set {t 2 , t 3 }, and eventually {t 4 , t 5 }. If t 4 has a positive time, then the expected time is different for each scheduler. The first part of the section gives a useful characterization of the expected reward under a scheduler. The second part proves the theorem.
A characterization of the expected reward under a scheduler The probabilistic language of a scheduler assigns to each finite firing sequence σ the probability of the cylinder of all paths of MDP W with Π(σ), where Π(σ) is the path of MDP W corresponding to σ. Formally, the probabilistic language ν S of a scheduler S is the function ν S : T * → R ≥0 defined by ν S (σ) = Prob S (cyl S (Π(σ))), where cyl S (π) denotes the cylinder of the infinite paths of Paths S that extend π. A transition sequence σ is compatible with S if ν S (σ) > 0.
We have the following characterization of the expected time with respect to a scheduler S: Lemma 4. Let W = (N, w, τ ) be a TPWN and let S be a scheduler of W.
Proof. By definition, the time taken by an infinite path of MDP W until it reaches a state is finite iff the path eventually reaches the state. Therefore, the probability of the paths of Paths S that take finite time is equal to σ∈RunW ν S (σ). If σ∈RunW ν S (σ) < 1 then the paths taking infinite time have nonzero probability, and so ET S W = ∞. Otherwise they have zero probability, and ET S W = σ∈RunW tm(σ) · ν S (σ).
Proof. Since Mazurkiewicz equivalence is the reflexive and transitive closure of ≡ 1 , it suffices to prove the result for the special case σ 1 ≡ 1 σ 2 .
We have that ν S1 (σ 1 ) = ν S1 (σ 2 ) if and only if ν S1 (τ t 1 t 2 ) = ν S2 (τ t 1 t 2 ), as the sequences then both proceed with τ ′ . ν S1 (τ t 1 t 2 ) is the probability of executing first τ and then t 1 t 2 from M under scheduler S 1 , and ν S2 (τ t 2 t 1 ) is the probability of executing first τ and then t 2 t 1 from M under scheduler S 2 . As W is confusion free, the conflict set of each transition in τ during its execution is uniquely determined, so we have ν S1 (τ ) = ν S2 (τ ). Further we have .
In [12] we proved the following result: Lemma 6. Let W be a confusion-free PWN and let S be a scheduler of W. For every run σ of W there is exactly one run τ ≡ σ compatible with S.
We use it to prove that all schedulers have the same expected time. Further, we show that the expected time of a TPWN is infinite iff the TPWN is sound.
(1) There exists a value ET W such that for every scheduler S of W, the expected Proof. (1) Let S 1 , S 2 be any two schedulers of W. We prove ET S1 W = ET S2 W . Let R 1 and R 2 be the sets of runs of W compatible with S 1 and S 2 , respectively. By Lemma 6, there exists a map φ 12 : R 1 → R 2 that assigns to every σ ∈ R 1 the unique run of R 2 that is Mazurkiewicz equivalent to σ. We proceed in three steps.
We are now ready to show ET S1 W = ET S2 W . Consider two cases.
-σ∈RunW ν S1 (σ) = 1. By Lemma 4 and Claim II, we have (2) If W is unsound, then there is a firing sequence i σ − → M such that o is unreachable from M . So the reward of every path extending Π(σ) is infinite. Let S be any scheduler such that ν S (σ) > 0. Then the probability of the cylinder cyl S (Π(σ)) is nonzero. So ET S W = ∞, and by (1) we have ET W = ∞. Assume now that W is sound. Let S be a memoryless scheduler of W, and let MDP S W be the Markov chain obtained from MDP W by resolving nondeterministic choices according to S. Since S is memoryless, MDP S W has at most as many states as MDP W , and so, in particular, it is finite-state.
Let i σ − → M be a firing sequence such that Π(σ) is a path of MDP S W . Since W is sound, there is a firing sequence M τ − → o. Further, since W is 1-safe, it has at most 2 n reachable markings, where n is the number of places of W, and so τ can be chosen of length at most 2 n . Since

A.4 Missing proofs of Section 4: The abstraction of the earliest-first scheduler
We defined the earliest-first scheduler is defined in terms of the starting time of a conflict set C, defined as the earliest time at which all the transitions of C become enabled. We assumed without proof that all the transitions become enabled at the same time. We first prove this in Lemma 7, and then we prove Theorem 2.
Earliest-first sequences We defined the earliest-first scheduler is defined in terms of the starting time of a conflict set C, defined as the earliest time at which all the transitions of C become enabled. We assumed without proof that all the transitions become enabled at the same time. We first prove this in Lemma 7. Therefore, we first define the earliest starting time st(σ) of the last transition of a sequence σ as We show that for every transition of a conflict set, its starting time is equal to the starting time of the conflict set, and so, in particular, all transitions of a conflict set have the same starting time. Proof. All places p ∈ • C are marked at M , so we have µ(σ) p ≥ 0 for all p ∈ • C.
Let σ 2 = u 1 . . . u k . We now define the following sequence: Initially, set τ 0 = σ 1 and M 0 as the marking i We have that u is enabled at M 1 , and no transition of τ k removes tokens from • u, thus u is also enabled at M k .
If t 1 were not enabled at M k , then it would only become enabled at M by a sequence of transitions initially depending on u. However then st(σt 1 ) ≥ µ(σ) q , which contradicts our assumption. If t 1 and u were not concurrent at M k , then for some place p As u is the last transition of σ marking a place q ′ ∈ • t 2 \ • t 1 , it must enable t 2 at M ′ . This concludes the proof of the claim.
As u marks q and the net is 1-safe, we either have M k (q) = 0 or M k (q) = 1 and q ∈ • u. With the claim above, we then have that t 1 and u are concurrent at M k , and t 2 ∈ C(t 1 , M k \ • u) but t 2 ∈ C(t 1 , (M k \ • u) ∪ u • ), so the net is not confusion-free, which contradicts it being a TPWN. Therefore the assumption st(σt 1 ) < max q∈ • C µ(σ) q was false, which concludes the proof of the lemma.
Correctness of the finite abstraction Now we prove Theorem 2. First, we show that the earliest-first scheduler γ actually chooses transitions in increasing starting time. Proof. We proceed by induction on the length n of σ. If n ≤ 1, then σ = ǫ or σ = t for some transition t, and the claim holds trivially. Now assume n ≥ 2. Let σ = σ ′ ut for some sequence σ ′ and transitions u, t. By induction hypothesis, the claim holds for σ ′ u, so we only have to show We consider three cases: Then u and t are independent and firing u cannot enable t, so t is already enabled at M ′ . As σ is compatible with γ and u is also enabled at M ′ , we have u ∈ γ(σ ′ ) and with the definition of γ and Lemma 7 we get By the definition of µ, we have µ(σ ′ u) q = µ(σ ′ ) q for any q ∈ • u ∪ u • and thus also for any q ∈ • t. Therefore As t is enabled at M , we have M (p) ≥ 1. However as p ∈ u • , we have M ′ (p) = M (p) + 1 ≥ 2, which contradicts our assumption that the net is 1-safe. P ⊥ → N such that for every σ = t 1 . . . t n ∈ T * compatible with γ and for every t ∈ T enabled by σ: Proof. We first give the definitions of f , ν and r, and also define γ ′ : [H] P ⊥ → 2 T as the scheduler using the abstraction as used in (1).
From the definitions of ν and st it is easy to see that for any sequence σ, we have ν(σ) = µ(σ) ⊖ st(σ).
We prove the three propositions (1), (2), (3) and the additional following claims: Claim (8) shows that the range of ν is actually finite. The finite range of f directly follows from this and proposition (2).
Let s ∈ • u be a place such that µ(σ ′ ) s = max p∈ • u µ(σ ′ ) p . By Lemma 8 we have As σ is compatible with γ we have u ∈ γ(σ ′ ) ∈ C(M ′ ). We can derive Therefore which shows (7). We have tm(σ) = max p∈P µ(σ) p . For some p ∈ P , we must have which shows (3). By Lemma 7 and 8, we have that for any conflict set C enabled at M . We then have ≥0 for some q ∈ • C by (11) , 0) = arg min which shows (1). We now proceed to show (2). The transition t is enabled by σ, so we have M t − → M t for some marking M t . We claim: In the case that t was already enabled by σ ′ , then st (σ ′ t) ≥ st(σ ′ u), as otherwise the scheduler γ would have selected some conflict set starting at st(σ ′ t) instead of one containing u startig at st(σ ′ u). Therefore In the other case, t was enabled by u through some p ∈ u • ∩ • t, then by the definition of µ and st we get st (σ) ≤ st (σt). We use the following fact about ⊖. For any x ∈ N P ⊥ and a, b ∈ N, we have: Now let q be any place. We prove that ν(σt) q = f (ν(σ), t) q by case distinction.
-Case 1: q ∈ • u ∪ u • . We have: This concludes the induction and the proof of the theorem.
A.5 Missing proofs of Section 5: Computing the expected time is #P-hard Lemma 3. Let PN be a two-state stochastic PERT network and let W PN be its corresponding TPWN by the construction above. Then ET WPN = E(P D (PN)).
Proof. First, we fix a total topological order on V ∪ E of PN, i.e. for x, y ∈ V ∪ E, if x ≺ y then there is no path from y to x. Then fix a scheduler S for MDP W that always chooses an enabled transitions that is minimal w.r.t when comparing the corresponding vertices or edges, i.e. for t v the v ∈ V and for t e,0 or t e,1 the e ∈ E. From now on consider the Markov chain MDP S W . Let E = {e 1 , . . . , e n } be the set of edges of the PERT network. A valuation of the random variables X = (X e1 , . . . , X en ) is given by a vector x = (x e1 , . . . , x en ) ∈ {0, 1} n and the probability of x is given by Pr( Proof of the claim. Let π be an infinite path in MDP S W starting at i. As the workflow net is sound, with probability 1 π eventually visits o and then loops. In PN, since every vertex or node x ∈ V ∪ E is on a path from s to t, we have s x t. So for every v ∈ V , π contains t v exactly once, and for every e ∈ E, π contains either t e,0 or t e,1 , but not both. Denote the transition in π by t e . By our choice of scheduler, we then have that for any x, y ∈ V ∪ E, t x appears before t y in π if and only if x ≺ y. So the order and positions of t x , t y is the same for all paths reaching o, the paths only differ in the choice of t e , i.e., in whether t e = t e,0 or t e = t e,1 holds. Further, for any combination of choices for each t e , there is a path containing these transitions. Define f such that f (x) = π iff π is the path such that for every edge e ∈ E, if x e = 0, then π contains t e,0 , and if x e = 1, then π contains t e,1 . By the argument above, f is bijective. We prove (a) and (b). (b) We have P D(PN, x) = max π∈Π e∈π x e , where Π is the set of paths from s to t. This value is defined by the longest path from s to t. For a directed acylic graph with source s and sink t, where each edge e has distance x e , it is well known that the longest path from s to t is the value of y t in the unique set {y v | v ∈ V } satisfying the equations: So we have P D(PN, x) = y t . Let σ be the transition sequence corresponding to f (x) in W. We have i σ − → o, and σ contains the transition t v for each vertex v ∈ V and one of t e,0 or t e,1 for each edge e ∈ E. As before, for every e ∈ E, denote by t e the t e,0 or t e,1 occurring in σ.
Note that every place of W becomes marked exactly once during the occurrence of σ. For any place p ∈ P , denote by tm(p) the time at which p becomes marked, as given by µ(σ ′ ) p for the timestamp function µ and the prefix σ ′ of σ after which p becomes marked. Additionally, for any vertex v ∈ V , all places of the form [v, e] become marked at the same time. Denote this time by tm (v). For the expected time, as the net is sound and acyclic, we have: With the help of the function f of the claim, we get ET WPN = E(P D (PN, X)).
Replacing rational weights by weights 1 We now formally describe how to replace all rational weights p e , p e in W PN by weights 1. For each edge e = (u, v) ∈ E, apply the following construction: -Remove the transitions t e,0 and t e,1 .
-For each 1 ≤ i ≤ k, add a place q e,i . We show that that above construction preserves the expected time.
Lemma 9. Let W = W PN be a workflow net corresponding to a two-state stochastic PERT network PN. Let W ′ be the result of replacing every gadget of W of the form described in Figure 3b by a gadget of the form described in Figure 3c, following the construction rules above. Then ET W ′ = ET W .
Proof. Let N be the subnet of W from Figure 3b and N ′ be the corresponding subnet of W ′ of the form from Figure 3c. We fix schedulers S, S ′ for MDP W and MDP W ′ that for each edge e ∈ E choose transitions of e (i.e. t e,0 , t e,1 , a e,i , b e,i ) consecutively before choosing any transition for a vertex v or another edge e ′ . It is easy to to see that in any path of MDP S W and MDP S ′ W ′ , for each edge e = (u, v), whenever the first transition for e occurs, it moves the token from [u, e], then all transitions of e occur, and a token is placed into [e, v] without any other transitions in between.
We regard the subnets N, N ′ as workflow nets themselves with initial place i = [u, e] and final place o = [e, v]. It suffices to show that the time distributions for both nets are the same. In each net, we can choose a transition with time 1 at most once, therefore we only need to show that the probability of choosing a transition with time 1 is equal in N and N ′ .
In N, the probability of choosing t e,1 is p e . We assumed that p e = k i=0 2 −i p i for p i ∈ {0, 1}. In N ′ , the probability of choosing a e,0 is 1 = 2 0 , and for 1 ≤ i ≤ k, the probabilty of choosing a e,i is equal to 2 −i , as we need to choose all b e,j with j < i before, and then choose a e,i instead of b e,i . For all i, we have τ (a e,i ) = 1 iff p i = 1. Therefore the total probability of choosing a transition with time 1 in Computing the expected time is #P-hard Theorem 4. The following problem is #P-hard: Given: A sound, acyclic and free-choice TPWN W where all transitions t satisfy w(t) = 1, τ (t) ∈ {0, 1} and |( • t) • | ≤ 2, and an ǫ > 0. Compute: A rational r such that r − ǫ < ET W < r + ǫ.