UTP Semantics for Shared-State, Concurrent, Context-Sensitive Process Models Andrew Butterfield Lero @ TCD School of Computer Science and Statistics Trinity College, Dublin 2, Ireland Email: Andrew.Butterfield@lero.ie Anila Mjeda Lero @ TCD School of Computer Science and Statistics Trinity College, Dublin 2, Ireland Email: Anila.Mjeda@lero.ie John Noll Lero @ UL Tierney Building University of Limerick Email: John.Noll@lero.ie Abstract—Process Modelling Language (PML) is a notation for describing software development and business processes. It takes the form of a shared-state concurrent imperative language describing tasks as activities that require resources to start and provide resources when they complete. Its syntax covers sequential composition, parallelism, iteration and choice, but without explicit iteration and choice conditions. It is intended to support a range of context-sensitive interpretations, from a rough guide for intended behaviour, to being very prescriptive about the order in which tasks must occur. We are using Unifying Theories of Programming (UTP) to model this range of semantic interpretations, with formal links between them, typically of the nature of a refinement. We address a number of challenges that arise when trying to develop a compositional semantics for PML and its shared-state concurrent underpinnings, most notably in how UTP observations need to distinguish between dynamic state-changes and static context parameters. The formal semantics are intended as the basis for tool support for process analysis, with applications in the healthcare domain, covering such areas as healthcare pathways and software development and certification processes for medical device software. c  IEEE 2016 http://doi.ieeecomputersociety.org/10.1109/TASE.2016.22 I. I NTRODUCTION Programming-like notations have been used to describe business processes and workflows for many years [1]–[3]. There is considerable interest at present in healthcare systems in so-called clinical pathways, that describe processes for managing patient care. These too can be described using general business process notations [4]–[6]. Deploying process models in the medical domain in practise requires flexible interpretations of those models [2], [4], [6]–[9] . PML is such a language [10], developed originally for modelling software development processes, but applicable to a much wider range of activities, including clinical pathways [11]. It is designed to encourage a flexible approach to its interpretation and deployment. This is most obvious when one considers that the condition and iterative constructs of the language have no condition predicates, relying on the judgement of those enacting the process to determine which conditional branch should be taken, or when a loop should terminate. In this paper we present results obtained while developing a range of formal semantics for PML using the Unifying Theorems of Programming (UTP) framework [12] to sup- port reasoning about flexible deployment. We define a UTP semantics for shared global state concurrency, as a way to get a suitable semantics for strict and flexible PML, inspired by the work of Woodcock and Hughes on unifying parallel programming (UTPP, [13]). We present both a formal seman- tics for a “weak” interpretation of PML, as well as a unified theory of concurrent programs (UTCP) that will provide a baseline theory for modelling more “flexible” and “strong” interpretations of PML. Part of our contribution is extending the UTP methodology to use non-homogenous relations that mix dynamic state-change (observations with before- and after-values) along with static context parameters (observations whose value is unchanged during program execution). We also develop a notion of label generators to allow us to describe flow of control in a compositional manner. The structure of this paper is as follows: In §II we give a quick introduction to an abstract form of PML, while in §III we provide a quick overview of UTP. We then move on to present the weak semantics for PML in §IV, the baseline UTCP semantics in §V, and then to relate the two in §V-H, where we also discuss future work. We then describe related work (§VI) and conclude (§VII). II. PROCESS MODELLING LANGUAGE Process Modelling Language (PML) [10] is a shared-state concurrent imperative language describing named basic ac- tions (N ?rr!pr) as activities that require resources to start (rr) and provide resources when they complete (pr). Actions are non-destructive in that the required resources are not consumed but remain in place. Its concrete syntax is C-like, but we present a simpler abstract syntax here: N ∈ N ame A ∈ Action ::= N ?rr!pr P,Q ∈ PML ::= A | P ;; Q | P ⊳⊲ Q | P ‖ Q | P ω We use P ;; Q and P ‖ Q to denote respectively sequential and parallel composition. Both the conditional (P ⊳⊲ Q) and the loop construct P ω are unusual in that they have no explicit conditions. Instead the decision of which branch to take or whether or not to end the loop is left unspecified—this is one aspect of the flexible nature of the language. In its original intended use, it was left to the people enacting the business